Maintaining the privacy and confidentiality of data shared via mobile networks is a priority for developers, service providers and end-users, yet IBM security researchers found that insufficient security protocols in mobile applications can risk exposing details of data notifications pushed across mobile networks, potentially exposing personal or sensitive information to service providers.
This mobile security exposure is problematic and limiting to organizations that wish to use mobile notifications to communicate sensitive information with their customers, such as a credit card company wanting to notify a customer of suspicious charges or a bank may need to alert customers to suspicious account activity.
To address this mobile security challenge, a team of IBMers invented a cloud-based service that enables developers to create applications that can encrypt data notifications, assign them a unique message identifier (ID) in the cloud that is securely transmitted to a mobile device via a third-party service provider. Once the end-user’s device authorizes the message, the recipient can pull down and access the encrypted message content from the cloud.
“This patented invention will enable developers and service providers to design and build applications that ensure sensitive or personal information is not inadvertently exposed across mobile networks,” said Benjamin Fletcher, inventor and software engineering researcher for IBM. “Regardless of the nature of data being pushed to or from a mobile device, it should never be exposed to third-parties since they cannot always guarantee the security and confidentiality to customers.”
IBM received U.S. Patent #8,634,810, “Pushing secure notifications to mobile computing devices,” for the invention.
IBM’s security portfolio provides the security intelligence to help organizations holistically protect their people, data, applications and infrastructure. IBM monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents.