Out-Law News 1 min. read

Your identity is the key to user-friendly encryption


A new information security company yesterday declared a breakthrough in cryptography: using identities such as a well-known e-mail address or phone number to encrypt business communications instead of bothering with the usual public and private keys and digital certificates.

Most businesses are aware of the value in using encryption to protect communications, but relatively few are using it because it is perceived as expensive and cumbersome to use and manage.

So Voltage Security's announcement that its Identity-Based Encryption, or IBE, "raises public key cryptography to a new level for the first time in two decades," is likely to attract interest.

The Palo Alto-based company adds that its products carry "a significantly lower cost of ownership than existing solutions such as PKI."

Traditionally, encryption uses a secret key which both the sender and receiver use. However, transmitting the secret key to the recipient is not secure. Instead, public key cryptography is the norm for secure internet communication.

Each recipient has a secret private key, and a public key that is published. The sender looks up the recipient's public key and uses it to encrypt the message, and the recipient uses the private key to decrypt the message.

With Public Key Infrastructure, or PKI, there are various parties to manage. There is a certificate authority to issue and verify a digital certificate that includes the public key; a registration authority that acts as verifier for the certificate authority before a digital certificate is issued; and a directory holding the certificates and their public keys.

Voltage claims to remove the need for this infrastructure.

"When we created our IBE algorithm, we knew we had a solution that greatly simplifies public key management," said Dr. Dan Boneh, co-inventor of the IBE technology, Stanford University professor and co-founder of Voltage Security.

"By enabling identities, such as email addresses and phone numbers, to be used as public keys, we eliminated the need for certificates, certificate revocation lists and other infrastructure thus dramatically reducing overall system complexity."

Sathvik Krishnamurthy, president and CEO of Voltage, says his company's platform now enables secure e-mail and files, and down the road will enable secure instant messaging, voice over IP and web services.

Krishnamurthy's company hopes to target financial services firms and healthcare organisations which Voltage reckons will both "benefit greatly from an easy-to-administer, easy-to-use secure communication solution."

A 17-page paper that explains how the system works can be downloaded from the Voltage web site. The company asks that you first register and it will send you a link to a PDF.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.