Conventional messaging such as person-to-person (P2P) messaging is generally defined as a two-way messaging conversation between two users. Examples of the P2P messaging include text communications between a customer and a support agent and conversations between two users. Evolving from purely consumer communication such as P2P messaging, the text communications are becoming more common between enterprises and users, such as Application-to-Person (A2P) messaging and Person-to-Application (P2A) messaging and is becoming preferred mode of commercial communication. Application-to-Person (A2P) messaging is one-way message in which recipients are not expected to reply. Enterprise applications use an Application Program Interface (API) to send and receive text messages. A few examples of the A2P messaging includes, but are not limited to, mobile marketing messages, appoint reminders, alerts & notifications, voting & survey, and authentication messages such as one-time passwords (OTPs) and many more.
The current eco system of A2P and P2A messaging includes a variety of middlemen such as third party (s), gateway providers, and resellers before message sent from an enterprise application reaches the end users. In the present A2P and P2A messaging scenario, clear content of the message is transmitted from an enterprise to the end users, wherein the one or more middlemen are able to view the clear content of the message, which results in compromising privacy and security of the end user's sensitive information such OTPs, bank balance details, shopping transactions, medical reports, etc. resulting into user profiling and data leakage, in turn leading to fraud and/or theft and cross marketing. The availability of the clear content of end user's data (such as OTP) related to the end user during any financial transactions with the middlemen poses a great threat to user privacy.
In one exemplary A2P scenario, when any financial institution or e-commence platforms provide any gift coupons or price discount to only to a particular set of users. The availability of clear content of gift coupons or price discount with the middlemen may result in sending the promotional offer's to other users through grey route which result in breach of privacy of the financial institutions or e-commence platforms.
In another exemplary A2P scenario, visibility of clear content of the message transmitted from social media such as password reset link may pose a great risk to user privacy and may also result to hacking of social media accounts of the end user.
In one exemplary P2A scenario, when the messages are transmitted from the end user to the application, the middlemen will be able to make profile of the end user, by reading the clear content of the message transmitted, which is a leakage of personal sensitive information, thereby knowing end user's profile such as food type preferences, shopping interests, user bank details, and other personal information of the end user. This results into breach of the end user's data privacy, thereby making the end user susceptible to endless promotional messages, calls, and security attacks on other personal information such as password of the bank related to the end user.
In another exemplary P2A scenario, if there is a message related to declining of a credit card of the end user during a payment attempt at any point of sale. The visibility of clear content of this message with the middlemen may lead to fraud call/SMS through black route providing a fraud payment link for completing the incomplete payment.
In yet another exemplary P2A scenario, during DTH activation, channel subscription, and voting for various reality TV shows, the end user typically send messages from his/her mobile to the enterprise application, in which clear content of the message is visible to the middlemen, thereby resulting in risk of user profiling and also manipulation of the voting.
As mentioned in some of the above scenarios, there exist a need for secure delivery of messages transmitted from enterprise to end user and vice versa. However, the present existing solutions support secure messaging by encrypting messages at a messaging server before forwarding the encrypted message to a smart phone. The smart phone uses an application to decrypt messages that have been encrypted prior to transmission. The encryption and decryption are performed generally by a single symmetric key which is visible to both the messaging server and the smart phone. This also pose a risk to entire data included in the messages if the single symmetric key that is used to encrypt and decrypt the messages is compromised.
Therefore, there arises a need for a secured communication platform for enabling secure transmission of messages using multiple keys, which the multiple keys and message content is not visible to any entity in the communication chain.