MCI to offer secure two-way messaging with strong encryption

MCI Inc. will offer secure two-way messaging through its SkyTel Communications subsidiary next month, encrypting wireless text with the Advanced Encryption Algorithm.

"It was initially designed to meet the security needs of our government customers," SkyTel Marketing Director Michael Barnes said.

The company plans to get the device for its Secure 2Way service certified for Federal Information Processing Standard 140-2, which applies to cryptological devices used by the government.

The company also is promoting the service as compliant with the Health Insurance Portability and Accountability Act and expects the health care and financial service industries to be early users.

Text messaging and paging has emerged as a reliable ? and sometimes the only ? means of communication during emergencies that disrupt other media, such as wired and cellular telephone systems and the Internet.

The Secure 2Way service uses the handheld ST900 2Way messaging device from Sun Telecom Inc. of Norcross, Ga. Messages are encrypted between the device and an encryption server at SkyTel's secure network operations center.

Two levels of service are offered. Device-level security provides device-to-device encryption when both users have the ST900. When messages are received from nonsecure devices, traffic is encrypted only between the operations center server and the ST900. With end-to-end security, all traffic is blocked except that from other secure ST900 devices, so there is no unencrypted link on any message.

The service uses 128-bit encryption keys with AES and the ANSI X9.63 key management standard for symmetrical keys. The National Security Agency has approved AES with 128-bit keys for use up to secret classification. The key on each device is changed automatically every 30 days or after 5,000 messages. The initial key generation and exchange takes about eight minutes. Subsequent key changes take two to three minutes.

Each device is password protected with an eight-character alphanumeric password.

"It was tough to build the AES encryption into the device," Barnes said. "It is not done through add-on hardware."

After buying the ST900, there's no extra charge for the device-level service. End-to-end service incurs an additional fee.