In some circumstances the secure delivery of private information over mobile networks is desirable. An example of such private information is implied health information such as the doctor's name, time, and the specialty that may indicate a condition being treated which information forms part of appointment reminders or other information exchange with health professionals sent to patients. Banks may also wish to send private information to their customers. The ubiquity of mobile handsets has provided an effective means for the delivery of information using short message service (SMS) and other data channels.
Existing solutions that support secure messaging encrypt messages at an intermediate messaging server before forwarding the encrypted message to a smart phone. An application is typically downloaded to the smart phone (or is natively resident on the smart phone), and is used to decrypt messages that have been encrypted prior to transmission. The encryption typically uses a symmetric key encryption, for example Advanced Encryption Standard (AES) with 256 bit encryption. When this type of solution is used, the same key is used for both encryption and decryption, and is stored on both the handset and the messaging server that is used in transferring the message. This represents a risk to security should the key be compromised at either the messaging server or handset. If the messaging server or handset is hacked then the key used for some or all the handsets receiving messages from this server may be compromised and all handsets would need to be issued a new key which, considering the large number of handsets that may be supported by such a system, would represent a complicated implementation process to many handsets.
There remains a need for a solution to provide encrypted or secured messaging to handsets to securely receive messages that does not suffer from the disadvantages of existing solutions. Alternatively, or in addition, it would be desirable to provide the public with a useful choice.
Reference to any prior art in the specification is not, and should not be taken as, an acknowledgment or any form of suggestion that this prior art forms part of the common general knowledge in Australia or any other jurisdiction or that this prior art could reasonably be expected to be ascertained, understood and regarded as relevant by a person skilled in the art.