SecretAgent Mobile
Product History
One of my first embedded programming tasks was to port my companies client
side file encryption software to the Windows CE devices. Originally a different
programmer was attempting to do this with Java but that didn't work out to
well. The goal was to stick with C++ in as any places as we could since
that was the primary language our products are developed in. Enter the
free Embedded C++ compiler by Microsoft and I'm ready to go.
The first version of the product was released as SecretAgent 5.6 for Pocket PC. In this application you would pick a file and if it was one of our archives it would be decrypted, if not it would be encrypted. Since it was a minimal functionality port of our desktop client application this software contained many configuration steps and required a bunch of screen taps to complete the task. The one thing about our software I never really cared for was the lack of automation in doing something. You either want to encrypt a file for safe keeping or you want to decrypt it to work on it. Add to the mix that once you were done modifying the file you would need to go re-encrypt it again.
I drafted a proposal to management for a new "paradigm" of how to treat the data. It was a bold proposal in the aspect that, being the distributed systems person that I am, I wanted to shift our thinking away from a file utility to a data security system. In this approach, once you put data in the system it would stay secured in the system until you specifically remove it. If you need to edit a file the system will allow you to do that and take the steps needed to keep the data secured when you were done. The idea was interesting but the higher ups didn't want to commit until there was a working proof of concept. The new task was to overhaul the Pocket PC software (since it was originally lacking features) and present this new concept with a working app. The rest of this article describes the decisions I made as the lead software engineer and the reasons behind them.
Transistion of Development Thinking
In the beginning when I started with the company the file encryption software was the flag ship product. Naturally when creating the application the first thought was toward the encryption and decryption process. However this is public key cryptography so all the encryption steps require knowledge of users keys. Now along the way several things happened. The first was more of an evolutionary step, the standardization of X.509 certificates for the public keys. The second was a nightmare when I was on the SecretAgent 5 product and that was to add security officer controls that specify what encryption options users must conform to and showhorn that into the application.
Knowing what I have experienced I knew it was time to change how developers approached the software. At the same time what I wanted to do was create a framework that I can take back with me to the desktop environment if this proof of concept was successful. So the new approach I took was to save file encryption for later and first worry about the two basic elements of the system: the certificates for all the possible recipients in a user's address book and the policy when the system is used in an organization that has set security standards.
For SecretAgent 5 I was the developer of the "key management utility" which later was rebranded as Certificate Explorer (because Microsoft started sticking the word explorer after everything; Windows, Internet, Ford, Jungle, etc... ) I was also the developer of a revamped product for creating the policy files that set company wide security options, that product is available as PolicyAgent. Having both these experiences I found it easy to come up with a group of classes to handle the certificate management and a group of classes to handle the policy settings.
Once those were in place the next items that needed to be addressed were the user configurable settings and finally the encryption/decryption routines. One of the tricks to the user settings is that they would have to be set according to the policy document and that document can change at any time. Naturally this meant that the user configurable settings was going to be a class that inherited much of the policy specifications. This allows for easy synchronization. With user setting in place and easy access now to certificates it was easy to create the classes to handle the actual data security routines.
 |
 SecretAgent Mobile (SAM) User Interface
|
|
|
