The traditional infrastructure to protect data and communication based on certificates, commonly called Public Key Infrastructure (PKI), was not designed to deal with inter-enterprise communication, let alone the massive volume of data from an ever-growing variety of connected devices in the internet-enabled era. Using a PKI approach, because the sender only knows the recipient's e-mail address, he must determine the recipient's certificate either by consulting a directory or by contacting the recipient directly. While directories do exist, they are not widespread, so consulting them is generally futile. If the sender must contact the recipient, this can create delays. Moreover, the request for the certificate is unprotected.
Implementations in Fortune 1000 organizations have shown that PKI systems have a high barrier to use, leading users to shun them. Additionally, they are difficult for administrators to manage. PKI solutions have a high cost, often making them difficult for a CIO to justify for purchase and deployment.
What is needed is a platform that enables enterprises to reap the full benefits of moving business processes to the internet while simultaneously meeting compliance regulations, using a single, universal, easy-to-use encryption technique to secure all business communication in a simple and scalable manner. Approaches to secure e-mail must enable users to send secure e-mail directly to any recipient – instantly. If this is the first encrypted message received by the recipient, he should be able to simply contact the enterprise key server to acquire the private key. Otherwise, he can merely decrypt the message without any additional steps or effort.
One approach being delivered is a revolutionary new form of public-key cryptography called Identity-Based Encryption (IBE) that utilizes commonly used identities as the user's public key. The approach eliminates the need for individual per-user certificates, providing a highly scalable, universally inter-connectible method for secure communication that overcomes the flaws for existing approaches.
For example, Alice at Company A wants to send a sensitive e-mail to her customer, Bob at Company B. For compliance reasons, the e-mail must be secure. Using an IBE-based system, Alice can click a 'send secure' button in her e-mail client and the action automatically secures the message, along with any attachments. The system does not require pre-enrollment of users to receive secure e-mail. Even if Bob has never previously communicated with Alice, he is still able to receive secure messages from Alice. Bob receives the message and the clicks a link in the message header to download a secure e-mail plug-in or if no response is required, he can simply read the message without any installation whatsoever. He then proceeds to enroll and authenticate to the secure e-mail service. The method used to authenticate Bob is completely flexible to the requirements of the enterprise. Upon completion of proper authentication, Bob is presented with a private key to read the secure message. Now, Bob and Alice can communicate securely. Further, with the private key now on his laptop, Bob can decrypt and view his received messages even when he is offline. He can even view the message at a business center using IB-based transparent roaming capabilities.
The IBE-based approach to secure e-mail overcomes the roadblocks to secure messaging and enables transparent encryption. Enterprises gain better, finer-grained control over external communication. With fewer impediments to use, e-mail encryption becomes second nature and more ubiquitous amongst and enterprise's e-mail users, thus allowing the enterprise to audit e-mail traffic and comply with government regulations.
Dan Nadir is vice president of product management at FrontBridge Technologies