Q. How the Secret Mind keep the data in “Secret”?

A.

  • Secret Mind does not use the default plaintext sqlite in IOS, but use a encrypted sqlite to store your data.
  • Secret Mind intercept the snapshort when switch to background. In IOS7 you will see a black screen when you double click the Home button. So that we can keep the data in secret and never leak even a piece information.
  • We don’t keep the passcode in storage. When you open Secret Mind, input the passcode, Secret Mind just use it to try to open the encrypted sqlite .If it open succefully, that means the passcode is correct, otherwise ,the passcode is wrong. we do not use a “compare” function to test the passcode ,because we don’t konw, don’t have the “correct” passcode , because we don’t store it. So the passcode will never leak, except you leak it yourself. Please keep the passcode in safe place ,only in your mind.
Q. Since Secret Mind do not store passcode, why I can enter the software when I input the correct passcode, without having to click “OK” button?

A.

  • For better user experience, we saved a parameter “passcode length”, so that when the length of the input string in the “Passcode field” to reach the length, Secret Mind will automatically attempt to decrypt the sqlite database, allowing users to enter the software without click “OK”. Of course, If the password is incorrect, it will not enter.
  • Still remember, we do not save passcode, but the length of the passcode.
Q. How to ensure the safety data synchronization ?

A.
This is what we are most proud, a very spectial synchronous process design, to ensure your data is safe. Here is the technical details:

  • Register Process:
  1. When you create a synchronization account, you set up an account and password, we call them A1,P1;
  2. At the same time, Secret Mind generate a string in your device, which will be used to encrypt the data when synchronize, we call it K1.
  3. Then perform a computation on P1 with MD5 algorithm, and get a new string, we call it PM1.
  4. Continue perform a computation on PM1 with MD5 algorithm again, and get a new string, we call it PM2.

    (A little about MD5 algorithm: MD5 is a one-way hash algorithm. Which means reverse operation can not be performed. Even you know PM2, PM1 can not be calculated out. And also ,Even you know PM1, P1can not be calculated out.)`

  5. Then use the PM1 as the key to encrypte K1 once with the AES algorithm, the results recorded as K2.

    ( A little about AES algorithm: AES is a two-way encryption algorithm. Which means you can use PM1 to ecnrypt K1 to get K2, and use PM1 to decrypt the K2 to get K1)

  6. At last, Secret Mind send the A1, PM2 and K2 to the synchronization server to register.

    remember:
    A1, P1, K1 are stored in your device (K1 is option, When you use Secret Mind in a new device, you only know A1,P1.). And the server just store the A1, PM2, K2.
    Use P1 can get PM1 (use MD5 algorithm), and then get PM2 (use MD5 again). But use PM2, no way to calculate to get the PM1, and P1. And, without PM1, even anybody konw K2, he can’t calculate to get K1.
    It means, you know what the server know (A1,PM2,K2), but the server don’t konw what you konw (P1, K1).

  • Login Process:
  1. Secret Mind send the A1 and PM2 (use MD5 algorithm twice on P1) to the synchronization server.
  2. The Server compare the A1 and PM2 stored in it database , to identify the client.
  • Upload Data Process:
  1. Secret Mind use K1 encrypt the data with AES algorithm, and then send the encrypted data to server.
  2. The server save the encrypted the data in its database.

Note: The server do not have K1, so the server can not decrypt the data you sent.

  • Download Data Process:
  1. Login, and get the K2 sent by the Server.
  2. Secret Mind use P1 with MD5 algorithm to get PM1, and then use PM1 with AES algorithm decrypt the K2 to get K1.
  3. Download the encrypted data from Server.
  4. Secret Mind Use K1 decrypt the data and got the plaintext data, and then store it in local sqlite database with another encryption.

These are the whole synchronize processes. As you see, the encrypted data in synchronization server can not decrypt by anyone except you. Not only the administrator ,but also the hacker even if the server been hacked.

Q.How I can do if I forgot the synchronization account or password?

A.
Nothing you can do if you want find out the account or password from server, because the server don’t save it. In fact, what you can do is never mind about it. Just “forget” it and create a new one. We only provide the Synchronize Service, but not Storage Service. We will delete the data 7 days ago automatically. So you should use the synchronization account as temporary. The most important thing is keep the account and password safe (A1,P1),don’t LEAK it ,but never mind FORGET it.

Q.I want to get more information about Secret Mind. How can I contact you?

A.
Please feel free to send email to us: gm16.2010@gmail.com