Celltrust Targets Banks With Encrypted SMS App

Celltrust developed its SecureSMS application so banks could deliver secure text messages to their customers’ mobile phones — but the company’s chief technology officer wonders whether French president Nicolas Sarkozy might like a copy of the software.

Sarkozy sued a French magazine on Thursday for publishing a message it alleged he had sent by SMS (Short Message Service) to his ex-wife just days before his marriage to singer Carla Bruni earlier this month. The president accused the magazine of falsification, use of false documents and possession of stolen goods.

If a text message is sent using SecureSMS then even if the phone is stolen, the secured messages on it cannot be read, Celltrust CTO Houman Shafiezadeh said at a press event in Barcelona, on the eve of the Mobile World Congress.

That’s because SecureSMS encrypts messages before transmission using a key unique to the sender, decodes them at a secure gateway and reencrypts using another key for delivery. A special application on the sender’s and the recipient’s phones stores the encrypted message, and will only decrypt and display it if the appropriate password is provided.

SecureSMS can encrypt messages sent between two cell phones as long as both subscribers have set up accounts with Celltrust, Shafiezadeh said.

Celltrust’s target market, though, is big business: it hopes that banks will use its gateway and application software to secure the messages they send out to customers. The software has other advantages for banks: it provides confirmation of the reception and opening of secured messages, showing that whoever holds the phone also has the password.

These confirmations, however, are sent by SMS and paid for by the phone subscriber. That makes the application more suitable for customers on tariffs allowing unlimited text messages.

“If you’re paying 10 cents a message, I wouldn’t recommend it,” Shafiezadeh said.

Celltrust is in talks with a number of U.S. banks to roll out the software in trials, he said. Finding enough customers with the right kinds of account, phone and SMS tariff is slowing things down, he said. Once the banks have identified the customers, the company will invite them to download the application, so that it can fine-tune the delivery process. The trials should begin in March, with a commercial service up and running by September, he said.

The SecureSMS software is initially available as a J2EE applet for phones capable of running Java applications. Other versions, for Microsoft’s Windows Mobile and for Qualcomm’s Brew platform, will soon be ready.

After that, Shafiezadeh said, it will be a race between Celltrust coders producing versions for Google’s Android platform — for which there is an SDK (software development kit) but no phones — and for Apple’s iPhone, on the market for almost eight months but with no official SDK available yet. That’s frustrating for Shafiezadeh because Celltrust has issued its employees with iPhones.

Other companies offer secure SMS tools, but for more limited ranges of handsets. Kryptext, in Brighton, England, offers an application by the same name that works only on phones running Symbian OS, while Finnish handset maker Benefon (now GeoSentric) offered handsets that could send encrypted text messages back in 2003.

The Mobile World Congress, at the Fira de Barcelona, runs through Thursday.

By Peter Sayer, IDG News Service (Paris Bureau)