IBM has come up with a technology for reducing the risk of data being exposed in mobile push notifications to mobile devices by coming up with a way to encrypt that information so service providers and others can't actually see any data related to the user's mobile device.
IBM has just received the patent for its technology, U.S. Patent #8,634,810, “Pushing secure notifications to mobile computing devices,” which was invented at IBM Labs by Benjamin Fletcher, software engineering researcher. Caleb Barlow, IBM director of application data and mobile security, says the patented technology is based on the idea of a cloud-based service that lets developers create applications that can encrypt data notifications via unique message identifiers in the cloud that is then securely transmitted to a mobile device via a third-party service provider.
When the end user’s device authorizes the message, the encrypted message content is pushed down from the cloud.
“With this patent, we’re bypassing the push notification and pass a token to the app,” explains Barlow. “You give permission to get notifications.” These notifications could be any kind of update for the apps on the user’s device.
+ ALSO ON NETWORK WORLD: IBM acquires Fiberlink as mobile security strategy keystone +
The purpose of the push-notification bypass with encrypted transport is to prevent personal data from being exposed on carrier networks. As an example, IBM points out it could be used by a credit-card company notifying a customer of suspicious account activity.
Barlow didn’t say exactly how and when this new patented technology might roll out as a commercial service or toolkits in the future, but he said it’s part of a larger mobile security strategy at IBM that also includes the acquisitions of Fiberlink and Trusteer. “It’s one of many things we’re working on now,” he added.
Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org