Downloads and FAQs

How Babelnet works

How Babelnet works

Babelnet is an instant messaging platform for secure communication. It enables encrypted messages and documents to be sent and stored on both mobile (iOS, Android, BlackBerry) and desktop devices (Windows, MacOS). Babelnet combines the best cryptographic algorithms and protocols to protect your communication and information against both active and passive cyber-attacks.

Scheme How Babelnet works

How does encryption work?

Every message is encrypted using a standard AES symmetric-key algorithm with a unique Message Key that is randomly generated by the Babelnet application on the sender's device. The recipient needs to obtain the Message key to decrypt the actual message, therefore the Message Key has to be kept encrypted while not used – that is done by use of another encryption key – a Contact Key which the sender shares with the recipient. Contact keys are attached to messages. Contact Keys are not saved anywhere, they are calculated during the transmission using a standard Diffie-Hellman algorithm. For this calculation to happen, each party needs to possess a verified value of the other party's public key. Public keys are securely distributed to all registered mobile devices via thea Babelnet Messaging Server.

Scheme How does encryption work?

How are messages sent?

Messages, once encrypted, are sent to the Babelnet Messaging Server (BMS) for delivery. BMS notifies the recipient that have a new message waiting to be delivered and enables the recipient to download the message. Should the message contain an attachment, a preview is sent along with message as well as a link for asynchronous download of the original attachment. The Babelnet server administrator can set the maximum time period for which it is possible to access and download attachments. Should the attachment expires, it is automatically deleted from the server.

Communication across multiple Babelnet servers is described below:

Scheme How are messages sent?

How are messages stored?

Sent and received messages are stored on mobile devices are kept encrypted using randomly generated Message Keys. Message Keys need to be protected, therefore they are encrypted using Device Keys. Device Keys are randomly generated on mobile devices during installation of the application. Device Keys are then encrypted and protected by additional keys derived from passwords that users set during application installation.

In order to display messages, users are prompted to enter their password from which the above mentioned key is derived. Such a key is then used to temporarily decrypt the Device Key. Once the Device key is available, it is possible to decrypt the Message key and view messages.

How do we prevent active attacks?

Babelnet’s security is not based on encryption only, but also on authentication and integrity control to ensure that messages have not been changed, altered, or viewed by someone else and that all messages come from authenticated – verified users. Therefore all messages sent via Babelnet are not only encrypted but also digitally signed using an HMAC algorithm with authentication keys (Encrypt-then-Authenticate). Messages are also numbered / sequenced and the Babelnet application detects and deletes messages with non-valid sequence numbers. A warning is subsequently displayed to affected users.

What are all the components of the Babelnet platform?

Babelnet Messaging Server

Babelnet Messaging Servers (BMS) are the central aspect of the platform. Each BMS maintains a database of registered user accounts, their devices and associated public keys. BMS are equipped with SSL certificates and provide the end users with client application licenses.

BMS do not store any private or secret keys and cannot decrypt the actual messages. BMS mediate data communication among Babelent users and allow for notification distribution but do not take part in the actual encryption process.

All devices must be registered with the server using a One Time Password (OTP) which users typically receive along with initial instructions from their administrators. During the registration process BMS obtains and verifies user’s public key and synchronizes it across the user base defined in the server group setting.

Address Book

Babelnet maintains a central contact and group directory. Groups allow for better contact organization. A „Contact“ is a recipient and his / her public key. Every Contact can be part of multiple groups.

Babelnet Attachment Server

A BMS can be integrated with a Babelnet Attachment Servers (BAS), which take care of temporary storage and asynchronous delivery of encrypted attachments. Babelnet messages only contain an attachment’s metadata and a link for attachment download. BAS allow their administrators to set the maximum possible attachment size.

Babelnet Messaging Gateway

A Babelnet Messaging Gateway (BMG) is an unique proxy client providing automated software-controlled distribution of encrypted messages and documents. BMG can be integrated with BMS and can be connected with third party applications via a simple REST API. Third party applications authenticate and connect to BMG using a secure channel for secure data transfer. Data is then encrypted by BMG and distributed to Babelnet users as desired. BMG is an ideal solution for automated and secure distribution of messages, notifications, documents, pay slips, one time passwords, banking transactions etc.

Babelnet Push Proxy

Mobile devices with iOS and Android operating systems can receive push notifications that are used to let Babelnet mobile users know that they have messages on the server waiting for delivery. Push notifications can be used even when the Babelnet application is not active.

The Babelnet Push Notification Gateway was developed to send requests for push notification distribution within the Apple/Google server notification infrastructure. Each request is electronically signed using the Push Notification Gateway’s private key and a certificate, which is registered with Apple’s/Google’s notification center. This process is not mandatory and can be activated or disabled by Babelnet administrators. If disabled, distribution of messages can be delayed.

No information about the content of messages is sent along with notification requests. The only purpose of such requests is to let users know that there are messages waiting to be delivered.

Babelnet application clients

Babelnet clients can encrypt, decrypt, send and receive messages and documents via BMS/BAS, create and display supported file formats directly in the application (documents, photos, videos, audio messages, ..), store messages and attachments in an encrypted form, set up group chats or search for contacts in the application and device directories.

Non-commercial Babelnet Lite clients are available for free on all major mobile and desktop platforms:

Every user can have multiple devices registered under his / her account.

Each device can be connected to multiple Babelnet servers.

Web administration console

A company IT administrator uses the Babelnet web admin console to manage the server, users’ accounts, groups etc. Connectivity to LDAP / AD directories can be also configured to import and synchronize users’ accounts. An administrator can also delete users and / or revoke their keys as well as monitor overall server usage and connectivity.

Personalized web pages for device management

Personalized web pages have been developed to further simplify user’s device management. Once logged in, users can add or remove their devices to / from their account.

Technology and vocabulary


Encryption is one of the most effective methods used to protect and secure data. Encryption is always based on some form of a cryptographic algorithm which is used to transform plaintext data into an encrypted text (ciphertext). For every encryption, a back transformation (decryption) method is necessary. All modern cryptography algorithms use parameters (cryptographic keys) for encryption and decryption.

Cryptography algorithms, which use an identical key for both encryption and decryption are called symmetric.

Cryptography, which uses different keys for encryption and decryption is called asymmetric. One of the keys from every key pair can be publicly known (public key), the second one remains private (private key).


SHA-2 is a family of cryptographic hash functions with a variable output length which are widely used in many cryptography schemes and protocols. Hash function is a one-way function, which transforms the entry data of any length into an output value of a given length while meeting the requirements of collision discovery resistance. Hash standards are described into a great detail in the following publication FIPS PUB 180-4.


Standard symmetric encryption algorithm AES uses keys of 128, 192 or 256 bit length and is described in the following document FIPS PUB 197. For message and document encryption, Babelnet uses AES algorithm in the CBC mode according to NIST publication NIST SP 800-38A.


Diffie Hellman is an algorithm used to establish a shared secret between two parties. It is primarily used as a method of exchanging cryptography keys for use in symmetric encryption algorithms like AES. Diffie-Hellman is described in RFC 2631 and NIST SP 800-56A. Diffie-Hellman in itself is not resistant against a man in the middle attack and has to be supplemented with other cryptographic mechanisms.


RSA is one of the first practical public-key cryptosystems and is widely used for secure data transmission. The standard used in RSA is PKCS #1 v2.1, described in RFC 3447. Babelnet uses RSA in connection with the public key server certificate.


HMAC is a specific type of message authentication code (MAC) involving a cryptographic hash function (hence the 'H') in combination with a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and message authentication.

HMAC is described in RFC 2104 and its use along with a hash algorithm SHA2 is described in RFC 4868.

Public key certificate

Certificates allow the use public keys of other individuals for purposes for which they were issued by a certification authority within the PKI infrastructure.

Certificates consist of a binary data structure containing a holder’s identity, the value of their public key and other information. Certificates are supplied with a publisher’s digital signature. The digital certificates standard is X.509v3, the interoperability profile is described in RFC 3280.

Babelnet only uses server certificates for the purpose of establishing an SLL/TLS communication, server authentication and signing of the notification distribution requests.

Encryption between endpoints

Data is encrypted by the sender and can be decrypted by the recipient only. No node (server, router), through which the data passes, can decrypt the data. Babelnet uses end to end encryption between the communication endpoints as a fundamental security solution.


Standard cryptographic protocols for secure communication SSL / TLS include three phases:

  • agreement between participants on supported cryptographic algorithms
  • key exchange based on public key encryption and certificate-based authentication
  • symmetric cipher encryption

SSL / TLS ensures encryption only between two adjacent points of communication. The TLS v2.1 protocol is described in RFC 5246.

MitM attack

Man-in-the-middle is a known type of attack, where the attacker acts between the sender and recipient and is redirecting and changing messages to make both the sender and the recipient believe that they communicate with each other. In reality they both communicate with the attacker. To protect our users against MitM attack, Babelnet implements several protective measures: sender & recipient authentication, message authentication, message integrity control and doubled control of the encryption keys via alternative channels. For more information about MitM visit



Who is behind Babelnet?

Babelnet was created by OKsystem a.s., a private and independent software company headquartered in Prague, Czech Republic. OKsystem is constantly refining Babelnet to ensure it remains at the forefront of secure data and communication transmission technology.

How does Babelnet differ from its competitors?

  • Babelnet was primarily developed for businesses and enterprises to secure their business communication using strong cryptography protocols and end to end encryption.
  • Babelnet has a very clear, transparent and understandable license- based business model.
  • Babelnet supports enterprise level features such as LDAP / AD synchronization, API integrations, server on-premise, etc.
  • A Babelnet server can be on-premise or in the cloud to meet the various needs of our clients.
  • Babelnet is developed and produced by OKsystem, a bona-fide IT company that has been on the market for over 25 years with close to 300 employees and international partners.

What mobile devices are supported?

iPhone with iOS 7.0 and higher, Android 2.2 a vyšší a BlackBerry 10.0 a vyšší.

Is Babelnet available on Windows desktop and Mac?

Yes. Babelnet is available on Windows 7 and higher and MacOS 10.11 and higher.

What types of Babelnet are available?

Babelnet is available in 3 versions:

  • Babelnet Pro on-premise - Designed for those needing to have company communication on-site and fully under control. Can be connected to Active Directory, integrated with company applications and managed via web interface to ensure the highest level of secure and encrypted communication and data transfer.
  • Babelnet Pro cloud - Delivers Babelnet as a service. Protects communication against wiretapping and inteception whilst enabling complex and secure management in the cloud via web interface. Preserves the integrity and protection of transfered data as well as facilitating creation and management of client, partner and external collaborator accounts with ease.
  • Babelnet Lite - Free non-commercial version of Babelnet. Can be downloaded and used immediately for instant private and secure communication with friends and partners. Available on Apple (iOS, Mac), Android with Windows desktop coming soon.

Babelnet Pro on-premise and cloud are commercial products, where clients pay for licenses and support in a form of a one-time installation charge and monthly (or yearly) license payment. There are no hidden fees, advertising or spam.


How strong is the encryption?

Babelnet uses end to end encryption among all the end-points, always verifying message integrity and correct sequencing. Babelnet server does not possess any of the private keys that could decrypt the messages. No data is stored on the server longer than necessary for the platform to function properly. Babelnet’s security is being continuously tested by independent 3rd party companies to ensure there are no weak spots.

Can a Babelnet server read my messages?

No. Messages are encrypted end to end, meaning that the server does not take part in the encryption process.

Are messages encrypted while stored on my device?

Yes. All messages are kept in an encrypted form in the Babelnet application.

How are my messages protected in case of a device loss or theft?

Messages are kept encrypted in the application and the device’s main encryption key is protected by your password. On the iOS platform, the application uses additional system support of data and database encryption. The mobile device must not be jailbroken or rooted. IT IS NECESSARY to use a strong password and it is RECOMMENDED to activate the remote wipe- out option.

Can anyone track my activity?

Babelnet encrypts and protects the content of your messages. The server is not hiding the fact that communication as such took place.

Is there a backdoor?

No. This is not even possible since all of the communication is end to end encrypted and not even the servers or administrators have access to the private keys used for encryption and decryption. Such keys (private keys) are generated and stored in an encrypted form on your devices only.

How is Babelnet integrated with a company’s directory services?

Babelnet servers can (if configured) import users’ accounts and phone numbers from the company’s LDAP directory (e.g., an Active Directory). This significantly simplifies Babelnet administration. Babelnet can be also configured to synchronize any changes in LDAP (creation, changes, deletion).

Using Babelnet

Why do I need to create a Babelnet Password at the very beginning?

All messages and attachments in the Babelnet application are encrypted using an encryption key, which is protected by your password. Therefore it is important to choose a strong password - as a rule of thumb we recommend using passwords that have at least 12 alphanumeric characters resistant to “dictionary attacks”.

You can enable the use of a numeric PIN or fingerprint access on your mobile devices for easier application access. Since these are weaker mechanisms, the application will ask for a strong password should the PIN or fingerprint be repeatedly unrecognized.

Verification codes do not match – what should I do?

There are 2 possibilities why this has happened.

The first and more probable reason is that you or your recipient has a new Diffie-Hellman key pair, probably due to reinstallation of the application. The new key pair will be automatically synchronized but you can always speed up the synchronization by tapping on the “synchronize” button in the server settings in your application.

A second reason could be, that somebody may be trying to perform a man-in-the-middle attack to hack into your conversation. In that case please contact your Babelnet administrator immediately.

“Next part of message has been added” - what does this mean?

In some cases long text messages (SMS) may be divided into two or more parts. If this happens, just tap the link in each message (SMS) – after you do this for all messages (regardless in which order), the divided message will be decrypted in Babelnet application.

I deleted a message but would like to read it again, is it possible?

Deleted messages are permanently deleted from one device. If you have multiple devices registered under your account, the messages are still there.

What do the Add and Block buttons mean?

Add and Block buttons were implemented to protect Babelnet users from receiving messages from unwanted contacts and appear in conversations with other users who are not currently in your Babelnet contact list.

By tapping “Add” you confirm that you wish to add the contact into your contact list and thus allow the person to send you encrypted messages via Babelnet. By tapping “Block” you place the contact into your blocklist and they will not be able to send you messages until you unblock the contact again.

How to block contacts?

Find the contact which you wish to block in your contact list and display the details. Then you can block the user. It is always possible to unblock contacts later if you go to settings – blocked users.

Why can’t I write into a conversation?

It is not possible to write into a conversation when there is one or more blocked contacts in the conversation thread. It is necessary to either unblock the contact or remove them from recipients.

Why are there exclamation marks next to some of the messages?

Should a message not be delivered to one or more of the recipients, a warning is displayed next to the message. More information can be found in the message details.

I forgot my Babelnet password - can I still see my messages?

Unfortunately no, for security reasons we do not allow password recovery as it often creates a security weak spot. Your Babelnet messages are encrypted on your device and in order to decrypt and display the messages you need to type in your password. In order to start using the application again it is necessary to reinstall the application and start over. This is part of Babelnet’s security approach.

What happens when I delete a server?

The server and all associated contacts will be deleted from your device. Conversations will remain but will be marked to let you know that the associated contact has been DELETED. If you register to the server again, the newly downloaded contacts will not synchronize with the DELETED ones (even thought it might be the same person). This is part of Babelnet’s security approach.

Why are some of my contacts displayed with their Babelnet address only and not a full name?

These contacts are unavailable or have been deleted from the server. If they become restored or available again, associated contact information will be displayed again.

What should I do if the SSL certificate in my administration console appears to be invalid?

Download a root certificate HERE and install it as a trusted certificate.

Certificate SHA-1: 6068AF9D C73F9683 5CF18618 71128521 8CBBD612


Warning: Contact X has a new key

This is a warning displayed in a conversation when one of the recipients has changed his / her key. In most cases this is because the user has reinstalled or changed his / her device and did not transfer the old key from another device. It is advised to call that person over the phone and verify that this is the case. If not, please contact your administrator.

Warning: User has probably re-installed his / her device

This warning is displayed in conversations when a message with an invalid sequence number was sent by one of the users. This typically happens after the user has started using Babelnet on another (new) device and has transferred their old key to this device or after the user has reinstalled the Babelnet application on their device. It is recommended to call that person and verify that this is the case. If not, please contact your Babelnet server administrator immediately.

Warning: Data transfer has failed

When this error is displayed, please contact your administrator immediately, it could be due to an attack on your Babelnet server.


There are no notifications when the application is stopped.


This problem is present on Android devices from several manufacturers (e.g. Huawei and Xiaomi). It is caused by the manufacturers design to prolong battery life. You need to add Babelnet to the list of protected applications on Android devices from these manufacturers.

  • Huawei

    Settings -> Advanced Settings -> Battery Manager -> Protected Apps. You have to enable Babelnet as a protected application.

  • Xiaomi

    1) Settings -> Manage Apps' Battery Usage -> Choose Apps.
    2) Settings -> App Notifications

A problem with contacts or writing messagess

All platforms

In the Babelnet application go to Settings -> Servers -> click on the server which is causing the issue and click on "reset data" at the bottom of the screen. The application will restore all contact data from the server.


User guides

Android Windows iOS OSX


Mobile devices

iOS Android

Desktops and laptops

Mac Windows desktop


White Paper
We use cookies to optimize site functionality and deliver best results based on your interests.