Because e-mail 
and IM (instant messaging) are not encrypted, just about anyone with any interest can easily access the data.
That's why Terry Heath, founder and director of Navoty, created a solution that prevents any security lapse from happening in the first place. He rolled out his LockedEnvelope solution in mid-March this year.
Answer Is the Key
Heath developed a system of secure encryption algorithms based on a simple, share-key method between two parties. The communication between both parties is linked through a Q&A format that's safe and secure. The result, LockedEnvelope, was built on the site with Ruby on Rails, MySQL and Linux.
"For many companies, the encryption process is done on the back end, which leaves unencrypted e-mail or IM sites vulnerable," says Heath. LockedEnvelope changes the process and provides secure communications all the way around. "The LockedEnvelope system involves shared key principles between two people where the payload is encrypted."
The encryption solution also involves a series of security layers. Messages must have a Q&A protocol to work, and the messages are encrypted securely and quickly.
No Master Key
A user's answer is hashed in the LockedEnvelope database, which means that if you lose it, the company can't recover it either. However, this also means that no one else can look at the database and retrieve your messages or answers. The actual message is then encrypted using the sender's answer. When the recipient decrypts the message, it is sent via SSL, an industry standard HTTP encryption and authentication protocol, to protect its contents.
This subscription-based system keeps the messages away from prying eyes, says Heath. "Offshore engineering is often the weakest link," he says. "If you know your message is coming from LockedEnvelope, you know nobody else is reading your message."
© 2008 Information Today. All rights reserved.
© 2008 ECT News Network. All rights reserved.
Talkback: 