I'm currently working on an application similar to this, but with a small physical device you plug into the bottom of your phone where all the encryption is done, so there is no central software you can break into, it's all done physically, disconnected. You communicate the decryption keys to the parties in person. We want to make this a little device you can attach to a key chain and plug into the bottom of your phone whenever you need encryption. Our app interfaces with the dongle and you can use it to encrypt/decrypt any files really.
Is this a retarded idea or is there a use for this?
I don't know how it will do as a niche thing in enterprise, but I think it's very unlikely it will ever catch-on with with mainstream users. It just seems too much of a hassle. Now turn that into an NFC ring of sorts that does the encryption for you, and you may be on to something, but even then it still seems something only geeks would use. Heck, it's hard enough to get people to use software-based encryption solutions.
Someone can always hack the display driver - you have to display the messages to the user at some point, after all. Take a screenshot on whatever user event, encryption bypassed.
I've been thinking about encryption all the way up to the display module, though, meaning interception would have to be very close to the display hardware itself.
That's what I was thinking. We are going to ship two versions. One being a simple dongle where the application used to interface with it is the users phone.
We're also selling a premium package, where the device is much bigger but includes a physical display and keyboard, with a transfer mechanism of the final encrypted message.
We're marking up the higher end model so we can fund the lower end model, being 2 replacements of the dongle for 1 purchase, as the dongle will have a one time authentication and will be locked to the device.
We're also trying to figure out how to have the device self destruct if not used by any approved devices, meaning whipe itself clean and POSSIBLY break the hardware that does the processing/houses any data.
Print an overlay that acts as a visual password. You put it on the phone screen. So you can read what's written, but an attacker who captures only phone data sees only gibberish.
There are various practical issues. Maybe they can be overcome. If the overlay was generated on demand on the dongle, rather than printed, that could improve usability.
Can anyone see this as viable? My co founder and I are very very passionate about this project, and the last thing we want to do is poor in years into something that won't see the light of day!
Is this a retarded idea or is there a use for this?