MobileDecrypt is a special DecryptNaBox client that allows users to read encrypted email messages on mobile devices without direct access to smart card credentials or user private keys. The use of smart card PKI credentialing with encrypted electronic mail poses significant challenges for the mobile device users. Encrypted messages remain encrypted on the mobile device until smart card credentials are made available to the device, or unless the user’s private key is stored on the mobile device. For smart card credentials to be available to the mobile device a smart card reader is required. The storage of private keys on mobile devices poses a serious security risk, and is a violation of most organizations’ encryption key policies. Zeva MobileDecrypt solves this challenge by allowing the mobile device user to decrypt email messages without the need to use smart card credentials.
How does MobileDecrypt allow mobile device users to read encrypted email messages?
MobileDecrypt allows users to read encrypted email messages on mobile devices without direct access to smart card credentials or user private keys. MobileDecrypt can be implemented either as an email proxy or as extension to email servers. MobileDecrypt uses the Zeva Header Modification Library to provide the required message header modification needed to allow the mobile device to read encrypted messages.
How does MobileDecrypt modify the email header so that an encrypted message can be read?
MobileDecrypt extends the derived credential on the mobile device for encryption. MobileDecrypt uses the Zeva Header Modification Library to add the recipient's S/MIME derived credential to the email message S/MIME header. This allows the message to be natively read on the mobile device without the need for smart card credentials or user private keys on the mobile device. At no point is the content of email message decrypted or exposed.
Click on the image to enlarge
For which mobile device technologies will MobileDecrypt work?
MobileDecrypt offers flexibility to operate with different technologies. MobileDecrypt works by modifying the email message header and no software is installed on the mobile device. Therefore, MobileDecrypt is not specific to any mobile device technology and works with Android, iOS, BlackBerry, and Windows devices using the device’s native email application. MobileDecrypt can be integrated with any of the popular industry Mobile Device Management (MDM) solutions.
Does MobileDecrypt meet Federal PKI requirements for protection of cryptographic keys?
MobileDecrypt enables users to read messages encrypted with a Medium-Hardware protection policy on mobile devices. All operations performed are designed to meet Federal PKI security requirements and FIPS 140-2 Level 2/3 requirements. MobileDecrypt use of derived credentials is consistent with NIST SP 800-157 technical specifications.