Secure messaging gateway released by Threema

2014 was a watershed for many companies. The realisation of how much data intercept was going on by numerous countries around the world along with the weaknesses and vulnerabilities of many security products has forced companies to review their data and messaging security. Security researchers and professionals have argued for end-to-end encryption of data, both at rest and in flight, but the problem is implementation by vendors.

German messaging company Threema is now claiming that it is the first company to be able to deliver this taking on the likes of Blackberry in the process with the release of Threema Gateway. This new solution adds the ability for companies to integrate Threema Gateway with their existing applications. The product ships with its own APIs and the code libraries area available for PHP, Java and Python and shipped under an Open Source licence.

What this means is that companies with a highly mobile workforce are now able to protect all communications between devices and ensure that the data stays encrypted even on company servers. With many companies locating their servers in the cloud, this adds an additional level of protection that will help them ensure that they are meeting data privacy and protection targets as part of their compliance obligations.

There is support for Android, iOS and Windows Phone 8 which covers the bulk of the market. Surprisingly, there is no Blackberry app and no indication that there will be one in the near future.

One thing that will interest a lot of companies is that this is not just about replacing SMS with a secure SMS solution. Each Threema encrypted message can be as much as 3,500 characters in length making it attractive to developers writing mobile collaboration products. One use case that Threema is keen to highlight is that the level of encryption allows for secure one-time passwords to be transmitted over their service.

Threema already enjoys a large market of users in Germany both with individual users and corporations. Its servers and all of its software development are based in Switzerland and it uses an asymmetric ECC based encryption with a strength of 255 bits. Threema claims on its website that the US National Institute of Standards and Technology (NIST) says that this is the equivalent of using a 2048-bit RSA key.

For those interested in more technical information, there is a 12 page cryptography whitepaper available from the Threema website.

In an unrelated press release, Ma href="https://threema.ch/en/blog/posts/threema-for-android-auto">Threema has announced that it has been selected as an exclusive launch partner of Android Auto. Incoming Threema messages will appear on the cars dashboard head unit and users can listen to messages via text-to-speech and reply through speech technology. With 28 auto manufacturers already supporting Android Auto, this looks like a very good win for Threema.