EN CZ HR
MENU

Resources

Discover how BabelApp works in detail.

Find all you need to know about blockchain secure messenger app, our technical solutions and components.

Technology

Overview

BabelApp is an instant messaging platform for secure communication. It enables encrypted messages and documents to be sent and stored on both mobile (iOS, Android, BlackBerry) and desktop devices (Windows, MacOS). BabelApp combines the best cryptographic algorithms and protocols to protect your communication and information against both active and passive cyber-attacks.

Scheme How BabelApp works

Encryption technology

Every message is encrypted using a standard AES symmetric-key algorithm with a unique Message Key that is randomly generated by the BabelApp application on the sender's device. The recipient needs to obtain the Message key to decrypt the actual message, therefore the Message Key has to be kept encrypted while not used – that is done by use of another encryption key – a Contact Key which the sender shares with the recipient. Contact keys are attached to messages. Contact Keys are not saved anywhere, they are calculated during the transmission using a standard Diffie-Hellman algorithm. For this calculation to happen, each party needs to possess a verified value of the other party's public key. Public keys are securely distributed to all registered mobile devices via thea BabelApp Messaging Server.

Scheme How does encryption work?

Blockchain technology

Our application uses a unique mechanism for key authentication, which works with modern secure storage, where it is excluded that anyone would be able to modify once entered data in any aspect. This storage is called Blockchain database.

Public Blockchain DB are currently used exclusively for cryptocurrency. The largest and the safest one is used by Bitcoin. Except of using this DB for recording of particular Bitcoin transactions, it is also possible to record other data. In our case, endpoint device with BabelApp application records to this database information needed for public key verification, which can be read anytime by other participants in this communication. If BabelApp server has active Bitcoin network, protection, anyone can communicate with you without having fear of being attacked by MITM, with no necessity of calling and verifying public keys before commencement of the communication.

Encrypted calls

BabelApp provides encrypted calls between mobile devices within the data network through VoIP. The voice is transmitted directly between end-users using an internet connection or through a TURN server (Traversal Using Relays around NAT) when the connection is relayed.

BabelApp provides a secure voice transmission using a SRTP (Secure Real Time Protocol) encryption. "Perfect Forward Secrecy" searches for encryption keys. This means that if the DH keys or relay session keys are compromised, no other keys will be compromised.

Sending messages

Messages, once encrypted, are sent to the BabelApp Messaging Server (BMS) for delivery. BMS notifies the recipient that have a new message waiting to be delivered and enables the recipient to download the message. Should the message contain an attachment, a preview is sent along with message as well as a link for asynchronous download of the original attachment. The BabelApp server administrator can set the maximum time period for which it is possible to access and download attachments. Should the attachment expires, it is automatically deleted from the server.

Communication across multiple BabelApp servers is described below:

Scheme How are messages sent?

Data storage

Sent and received messages are stored on mobile devices are kept encrypted using randomly generated Message Keys. Message Keys need to be protected, therefore they are encrypted using Device Keys. Device Keys are randomly generated on mobile devices during installation of the application. Device Keys are then encrypted and protected by additional keys derived from passwords that users set during application installation.

In order to display messages, users are prompted to enter their password from which the above mentioned key is derived. Such a key is then used to temporarily decrypt the Device Key. Once the Device key is available, it is possible to decrypt the Message key and view messages.

Active attacks security

BabelApp’s security is not based on encryption only, but also on authentication and integrity control to ensure that messages have not been changed, altered, or viewed by someone else and that all messages come from authenticated – verified users. Therefore all messages sent via BabelApp are not only encrypted but also digitally signed using an HMAC algorithm with authentication keys (Encrypt-then-Authenticate). Messages are also numbered / sequenced and the BabelApp application detects and deletes messages with non-valid sequence numbers. A warning is subsequently displayed to affected users.

Components

Messaging Server

BabelApp Messaging Servers (BMS) are the central aspect of the platform. Each BMS maintains a database of registered user accounts, their devices and associated public keys. BMS are equipped with SSL certificates and provide the end users with client application licenses.

BMS do not store any private or secret keys and cannot decrypt the actual messages. BMS mediate data communication among Babelent users and allow for notification distribution but do not take part in the actual encryption process.

All devices must be registered with the server using a One Time Password (OTP) which users typically receive along with initial instructions from their administrators. During the registration process BMS obtains and verifies user’s public key and synchronizes it across the user base defined in the server group setting.

Address Book

BabelApp maintains a central contact and group directory. Groups allow for better contact organization. A „Contact“ is a recipient and his / her public key. Every Contact can be part of multiple groups.

Attachment Server

A BMS can be integrated with a BabelApp Attachment Servers (BAS), which take care of temporary storage and asynchronous delivery of encrypted attachments. BabelApp messages only contain an attachment’s metadata and a link for attachment download. BAS allow their administrators to set the maximum possible attachment size.

Messaging Gateway

A BabelApp Messaging Gateway (BMG) is an unique proxy client providing automated software-controlled distribution of encrypted messages and documents. BMG can be integrated with BMS and can be connected with third party applications via a simple REST API. Third party applications authenticate and connect to BMG using a secure channel for secure data transfer. Data is then encrypted by BMG and distributed to BabelApp users as desired. BMG is an ideal solution for automated and secure distribution of messages, notifications, documents, pay slips, one time passwords, banking transactions etc.

Push Proxy

Mobile devices with iOS and Android operating systems can receive push notifications that are used to let BabelApp mobile users know that they have messages on the server waiting for delivery. Push notifications can be used even when the BabelApp application is not active.

The BabelApp Push Notification Gateway was developed to send requests for push notification distribution within the Apple/Google server notification infrastructure. Each request is electronically signed using the Push Notification Gateway’s private key and a certificate, which is registered with Apple’s/Google’s notification center. This process is not mandatory and can be activated or disabled by BabelApp administrators. If disabled, distribution of messages can be delayed.

No information about the content of messages is sent along with notification requests. The only purpose of such requests is to let users know that there are messages waiting to be delivered.

BabelApp application clients

BabelApp clients can encrypt, decrypt, send and receive messages and documents via BMS/BAS, create and display supported file formats directly in the application (documents, photos, videos, audio messages, ..), store messages and attachments in an encrypted form, set up group chats or search for contacts in the application and device directories.

Non-commercial BabelApp Lite clients are available on all major mobile and desktop platforms:

Every user can have multiple devices registered under his / her account.

Each device can be connected to multiple BabelApp servers.

Web administration console

A company IT administrator uses the BabelApp web admin console to manage the server, users’ accounts, groups etc. Connectivity to LDAP / AD directories can be also configured to import and synchronize users’ accounts. An administrator can also delete users and / or revoke their keys as well as monitor overall server usage and connectivity.

Personalized web pages for device management

Personalized web pages have been developed to further simplify user’s device management. Once logged in, users can add or remove their devices to / from their account.

Whitepaper

Check all the cool features in our Whitepaper.

Download whitepaper.pdf

Do you have any questions?

Privacy Policy