|
|
Le 2014-10-03 19:57, Doctor John a écrit :
> I've been using gpg for some years now. It works.
>
> Now Scentrics come up with,what they say is a more secure new method to
> prevent MITM attacks:
>
It's actually the opposite. Their patent is to specifially allow MITM
attacks (from Law Enforcement).
From the patent application:
BACKGROUND OF THE INVENTION
[0002] 1. Technical Field
[0003] This invention relates to a system and method for allowing an
authorized third party to access encrypted electronic messages sent to
or from a mobile device.
[0004] 2. Background Information
[0005] Portable devices for sending and receiving messages, e.g. by
email, are very popular. The Blackberry® range of devices, produced by
the company Research In Motion, is one example.
[0006] Typically, when an email addressed to the user of such a portable
device is received at a suitably-configured mail server, such as a mail
server inside a corporate firewall at the user's place of employment,
the email is encrypted and then forwarded over the wired Internet to a
network operation center (NOC) operated by the email service provider.
The NOC is in contact with the user's mobile device, and pushes the
email to the device via a wireless telecoms network local to the user.
The message is decrypted at the mobile device and displayed to the user.
[0007] When the user sends an email from the mobile device, it travels
to the NOC and then on to the relevant mail server, which delivers it to
the intended recipient.
[0008] Usually the messages are cryptographically encrypted at least
while in transit between the NOC and the mobile device, thereby
preventing any third party from being able to access the message content
by intercepting or eavesdropping on the communication. In this way the
privacy of the sender and recipient of the message can be protected. In
a corporate setting, encryption is usually established between the
corporate mail server and the mobile device.
[0009] However, there are circumstances in which it is desirable for an
authorized third party, other than the sender, the recipient or the
messaging service provider, to be able to decrypt the message. For
example, a national law-enforcement or security body may, on occasion,
wish to access messages in order to carry out its duties effectively;
e.g. to intercept messages being sent or received by a known or
suspected criminal in the country.
[0010] Such interception is not possible when the messages are sent or
received strongly encrypted between a portable device, and an NOC or
mail server which is located outside the jurisdiction of the relevant
authority.
[0011] Although governments may request messaging service providers to
provide access to encryption keys or decrypted messages, the service
providers are typically either reluctant or unable to do so. For
example, where end-to-end encryption is used between a corporate mail
server and a portable device, a messaging service provider may not
itself have access to the necessary decryption keys for accessing a
decrypted message.
[0012] The present invention seeks to provide a mechanism that addresses
these difficulties.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|