The present disclosure is related to secure electronic communication between two or more stations, and more specifically to a method and system for transmitting/receiving a secure communication together with a generated benign, context-aware cover message.
Electronic mail (email), short message service (SMS, or text), micro-web blogging (e.g., tweets) and so forth (collectively, “electronic communication”) are now common and perhaps indispensable methods of communication. These tools are used for both personal communication and business communication. It is commonly believed that the content of such communications are relatively secure and private. However, in many circumstances, an expectation of security and privacy is not well founded. Common channels for such communications are relatively easy to intercept. Service providers often provide archiving of messages that may be accessed, easily or with varying degrees of effort and authority. Communications are often retained, at least temporarily, on a user's hardware device, such as a cellular telephone, laptop computer, tablet computer, and so on. Therefore, a misplaced (or stolen) device may give others access to communications retained thereon.
Many techniques exist for improving the level of security and privacy in electronic communication. One basic method is to provide control over the access to email accounts, text accounts, and so on, such as through use of passwords. That is, a password is required to enter an account, and once within the account sending and receiving communications are enabled. However, password-protected accounts provide only a superficial level of security for electronic communications via such accounts. Passwords are generally fairly easy to break. They may be lost or forgotten, and so are often written down, leading to their discovery. The communications are readily accessible and archived at the service provided level (i.e., behind the user-level password protection). A computer or cell phone may be left with the mail or text application open and running, permitting access to communications. Communications may be intercepted in transit, thereby obviating the need to access the sending or receiving account. And in extreme cases, a user may be forced to provide a password under duress.
In another approach, the sender encrypts a message using a key. The receiver has a corresponding key, which is used to decrypt the message when received. There are many variations of this encryption-decryption scheme, such as private keys, public key exchange, and so on. Problems with the encryption-decryption approach include the need for processing resources to perform the encryption-decryption on the sending and receiving devices, and the risk of loss of security of the key or the device that performs the encryption-decryption. Furthermore, encryption usually converts a human-readable message into a jumble of numbers and letters that is not readable other than after decoding. However, the jumble of letters and numbers then appears to be just what it is—an encrypted message. An unauthorized user can therefore quickly identify the message as being encrypted, and hence a target for efforts at decryption, coerced or otherwise.
Another technique for lending security to electronic communication is to permit communication only between pre-authorized devices. In certain versions of such schemes, a message contains code that prevents it from being delivered to, opened by or read on a machine other than one identified in that code. In other versions, limiting access to a network carrying the electronic communications only to approved devices ensures security. There are many other access-limiting schemes for enabling secure communication. However, problems with these approaches in general include the potential inability or difficulty to include new users in a communication, the need to expose a user's device id when sending or receiving a message, and since the message may in fact be encoded until the authenticity of the receiving device is confirmed, the presence of an encoded message may be apparent (again, identifying it as a target for decryption efforts).
Legal efforts to provide at least a sense of security in electronic communication also exist. For example, it is a violation of federal law to intercept an email message without proper authority. It is also a violation of federal law for a third party to access the content of another's email communication during the process of storing or transmitting the communication. Many other laws seek to discourage and redress improper accessing of another's electronic communication. However, there are many who will not be dissuaded by such laws. Often, by the time the law is enforced, the damage from publication of the secret message is done. And, with proper legal authority, such as with subpoena or other form of approval, certain agencies may nonetheless intercept and access electronic communication.