12-Jul-2007 19:46:52
by Tom Godber

Masabi Launches NIST-Certified Mobile Security World First and Announces YourRail as Inaugral Customer

– Masabi, the secure mobile applications company, today announced that BT has completed validation of the cryptographic algorithms used in EncryptME, the world's first mobile Java security application that provides web commerce level security on the vast majority of existing handsets. EncryptME is to be used by train ticketing technology specialists YourRail to enable tickets to be securely bought and used from almost all mobile phones using credit and debit cards.

Implementing internet-level security in mobile handsets raises major technical challenges as many phones have no built in security and insufficient on-board memory to store a security application which meets the latest standards. EncryptME requires just 3Kb of memory and provides superior security to the dominant PC web browsers yet operates at speeds that make the encryption transparent to the users of even legacy mass market handsets such as the black and white Nokia 6310i.

In a single SMS message, or a few bytes of GPRS data, EncryptME can set up a secure session and sign up a new user, a new credit card and make a transaction thereby bringing fast, secure and convenient m-commerce to mobile users across virtually all handsets in current use.

“The main reason internet commerce has not been extended into the mobile world has been that most handsets cannot support the security available on PCs which is necessary to safely authenticate users and perform transactions. EncryptME symbolises the turning of the tide,” said Ben Whitaker, Co-Founder and head of Security Development at Masabi. “For the first time EncryptME brings internet security to mobile phones thereby enabling the likes of Amazon, eBay and any other internet retailer to extend their offerings to users on the move”

EncryptME allows old and new phones to establish encrypted connections over cellular systems such as GPRS, 3G and SMS as well as short-range wireless technologies such as Wi-Fi and NFC. The software is built to public standards in order to ensure all server-side cryptography can be handled by existing security systems, for example from Sun or Microsoft.

Julian Straw, head of BT's cryptographic module testing lab, BT Global Services, said: “Independent testing is an essential part of providing secure services and we're happy to work with innovative UK businesses to verify security standards and thereby provide reassurance to end users. Masabi's EncryptME delivers security using the latest industry standards, and to our knowledge is the only mobile Java cryptography system in the world to use officially validated implementations of RSA and AES encryption.”

YourRail has contracted Masabi to build a mobile application incorporating EncryptME to enable train tickets to be securely bought and displayed on mobiles and will begin a pilot rollout of the system in August. YourRail already provides a successful mobile ticketing system for Chiltern Railways that allows ticket purchases to be made on a PC, then the user is sent a bar code via SMS which is scanned by automatic barriers and on-train inspectors. By extending their system with EncryptME new customers can sign up and purchase a ticket straight away from their mobile without the need for pre-registration or any use of a computer.

BT has verified that EncryptME provides FIPS 186-2 RSA with PKCS Padding for keys up to 4096 bits, FIPS 197 AES with keys up to 256 bits, and an ANSI X9.31 secure Random Number Generator which match the state of the art in PC cryptography. The BT Cryptographic Module Testing Laboratory performed the validation tests according to the US Government NIST Cryptographic Algorithm Validation Program for FIPS approved and NIST recommended cryptographic algorithms, and the certificate details are all made publicly available by the US Government on the NIST website.

Masabi has rolled out secure mobile applications around the world in multiple currencies and languages and is currently in discussions with banks, transport and financial services companies, and will be announcing rollouts of more secure mobile applications in Q3 2007.


about Masabi

Masabi is a secure mobile applications developer based in London. Masabi's expertise in secure, usable mobile applications which run on even the lowest specification phone handsets was demonstrated in January when the company announced the rollout of international multi-language, multi-currency, multi-branded casino software for Playtech (AIM: PTEC), the world's largest publicly traded online gaming software supplier. Masabi proved that even on the oldest Java handsets it can provide secure sign-up for new users on the mobile, with credit card, bank transfer and 3rd party payments, and still be able to include games with industry leading graphics and sounds. The company is owned by its directors and in 2007 was selected as a finalist for the Red Herring 100 Europe.

About BT

BT is one of the world’s leading providers of communications solutions and services operating in 170 countries. Its principal activities include networked IT services; local, national and international telecommunications services; higher-value broadband and internet products and services and converged fixed/mobile products and services. BT consists principally of four lines of business: BT Global Services, Openreach, BT Retail and BT Wholesale.

In the year ended 31 March 2007, BT Group plc’s revenue was £20,223 million with profit before taxation of £2,484 million. British Telecommunications plc (BT) is a wholly-owned subsidiary of BT Group and encompasses virtually all businesses and assets of the BT Group. BT Group plc is listed on stock exchanges in London and New York. For more information, visit www.bt.com/aboutbt

Written by Tom Godber

Masabi Blog Sign Up

Recent Posts:

Fare Payments Knowledge Hub:

Knowledge Hub