Le 2014-10-03 19:57, Doctor John a écrit :
> I've been using gpg for some years now. It works.
>
> Now Scentrics come up with,what they say is a more secure new method to
> prevent MITM attacks:
>

It's actually the opposite.  Their patent is to specifially allow MITM 
attacks (from Law Enforcement).

 From the patent application:

BACKGROUND OF THE INVENTION

[0002] 1. Technical Field

[0003] This invention relates to a system and method for allowing an 
authorized third party to access encrypted electronic messages sent to 
or from a mobile device.

[0004] 2. Background Information

[0005] Portable devices for sending and receiving messages, e.g. by 
email, are very popular. The Blackberry® range of devices, produced by 
the company Research In Motion, is one example.

[0006] Typically, when an email addressed to the user of such a portable 
device is received at a suitably-configured mail server, such as a mail 
server inside a corporate firewall at the user's place of employment, 
the email is encrypted and then forwarded over the wired Internet to a 
network operation center (NOC) operated by the email service provider. 
The NOC is in contact with the user's mobile device, and pushes the 
email to the device via a wireless telecoms network local to the user. 
The message is decrypted at the mobile device and displayed to the user.

[0007] When the user sends an email from the mobile device, it travels 
to the NOC and then on to the relevant mail server, which delivers it to 
the intended recipient.

[0008] Usually the messages are cryptographically encrypted at least 
while in transit between the NOC and the mobile device, thereby 
preventing any third party from being able to access the message content 
by intercepting or eavesdropping on the communication. In this way the 
privacy of the sender and recipient of the message can be protected. In 
a corporate setting, encryption is usually established between the 
corporate mail server and the mobile device.

[0009] However, there are circumstances in which it is desirable for an 
authorized third party, other than the sender, the recipient or the 
messaging service provider, to be able to decrypt the message. For 
example, a national law-enforcement or security body may, on occasion, 
wish to access messages in order to carry out its duties effectively; 
e.g. to intercept messages being sent or received by a known or 
suspected criminal in the country.

[0010] Such interception is not possible when the messages are sent or 
received strongly encrypted between a portable device, and an NOC or 
mail server which is located outside the jurisdiction of the relevant 
authority.

[0011] Although governments may request messaging service providers to 
provide access to encryption keys or decrypted messages, the service 
providers are typically either reluctant or unable to do so. For 
example, where end-to-end encryption is used between a corporate mail 
server and a portable device, a messaging service provider may not 
itself have access to the necessary decryption keys for accessing a 
decrypted message.

[0012] The present invention seeks to provide a mechanism that addresses 
these difficulties.



-- 
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/*    flabreque    */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/*        @        */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/*   gmail.com     */}camera{orthographic location<6,1.25,-6>look_at a }

Post a reply to this message