Does the world need secure Instant Messaging? The evidence points to "yes". As Dr. Andre Maisonneuve, President and CEO of Validian, explains, "We created our product in reaction to the changes we are seeing in the IM environment. At this point and time everyone is mobile, and therefore the IM system needs to reach people wherever they happen to be. Corporate networks are growing in complexity and security is increasingly important. To add to this, IT has realized that their efforts to block the use of IM isn’t materializing. In the same sense, IT needs to gain control over the IM technology, preventing open IM systems from allowing viruses and worms into the corporate network. A major change in the IM environment is the requirement for end-user authentication. People want to talk securely and they need to exchange images, documents and files securely. These are the requirements that corporate security professionals are asking of the IM world."

Public IM systems are notorious for leaving the door open to malevolent actions. Instant Messaging, though well-loved by many for its ease of use, has had a hard time finding favor with those in charge of network security.

"IT wants to be able to implement their own corporate namespace within the IM system. Anyone can call themselves ‘Blackcrow555’ and it’s not very conducive to a professional namespace. There is a need to have some control over who can send and receive messages via IM, but an even bigger need to encrypt the files that are being sent. File transfers often involve corporate intellectual property, so these files must be encrypted on the interchange."

There is a need to have an IM system that is easy to implement, as it’s apparent that IT does not have time to oversee all the keys and authorizations as well as authentication. Validian’s SIM system is entirely self-managed with automatic key exchange; the keys are self-contained so that there is no need for a third party authentication authority, even if the system is certificate-based.


"All of the requirements put together make for a very complex IM system that can be installed by a single user in a matter of minutes and in an entire organization in less than half a day," says Maisonneuve.

Users are authenticated either through Validian’s Domain Controller or a Private Corporate Domain Controller depending on the situation. Through the linkage of the Domain Controller with corporate user databases, IT administrators can oversee the approved user lists and file transfer privileges. However, there is no central server that messages travel through, communication takes place only via peer-to-peer transactions. Before two parties can communicate, the user must be an accepted sender of the message recipient. This is done through the use of an "Allow or Deny" pop-up window. Once users have authenticated themselves and agreed to communicate with one another, their status will be stored on each other’s contact lists for future use.

The SIM client can be download from Validian’s website. Should colleagues at different organizations need to Instant Message one another, they can do so if IT has authorized both Domain Controllers to converse with one another. It can be further drilled down to individual people at different organizations having the permissions to send secure IM. For example, two CFO’s may communicate with one another if both parties use the Validian environment.