Voltage Identity-Based Encryption

Information encryption for email, files, documents and databases

HPE Identity-Based Encryption

HPE Identity-Based Encryption (IBE) takes a breakthrough approach to the problem of encryption key management. HPE IBE can use any arbitrary string as a public key, enabling data to be protected without the need for certificates. Protection is provided by a key server that controls the dynamic generation of private decryption keys that correspond to public identities and the key servers base root key material. By separating authentication and authorization from private key generation through the key server, permissions to generate keys can be controlled dynamically on a granular policy driven basis, facilitating granular control over access to information in real time.

The stateless nature of HPE IBE also dramatically simplifies operation and scaling. Key Servers can be distributed independently and geographically and key requests load balanced across them without the need to synchronize data, thus enabling high scale without growing complexity and to enable distributed and federated key management across the world easily and quickly.

By eliminating the need for certificates, HPE IBE removes the hurdles of PKI: certificate lookup, lifecycle management, certificate revocation lists, and cross-certification issues. HPE IBE’s simplicity enables it to be used in ways PKI could not; HPE IBE can be used to build security systems that are more dynamic, lightweight
and scalable.

“We selected HPE IBE technology to provide us with the easiest-to-use
encryption available.”
NTT Communications

Kazuhiro Kitamura

NTT Communications

Understanding HPE IBE's Advantages

HPE IBE technology protects the data for over 100 million users worldwide. It secures billions of transactions and permits more than 1,000 enterprises to embrace data-centric security easily and efficiently to enable the secure movement, use, and sharing of sensitive data at unprecedented scale.

Understanding HPE IBE

HPE IBE Simplified

HPE Identity-Based Encryption dramatically simplifies the process of securing sensitive communications. For example, the diagram above illustrates how Alice would send a secure email to Bob using HPE IBE:

  1. Alice encrypts the email using Bob’s e-mail address, “bob@b.com”, as the public key.
  2. When Bob receives the message, he contacts the key server. The key server contacts a directory or other external authentication source to authenticate Bob’s identity and establish any other policy elements.
  3. After authenticating Bob, the key server then returns his private key, with which Bob can decrypt the message. This private key can be used to decrypt all future messages received by Bob.

Note that private keys need to be generated only once, upon initial receipt of an encrypted message. All subsequent communications corresponding to the same public key can be decrypted using the same private key, even if the user is offline. Also, because the public key is generated using only Bob’s email address, Bob does not need to have downloaded any software before Alice can send him a secure message.

More Information

The Identity-Based Encryption Advantage – A Proven Standard for Protecting Information

Read Technical Brief

Independent Technical Assessment of HPE Format-Preserving Encryption

Read White Paper

Major Provider of Insurance, Banking and Travel Products and Services

Read Case Study

Related HPE Security - Data Security Technologies

HPE Format-Preserving Encryption

HPE Format-Preserving Encryption (FPE) integrates data-level encryption into business application frameworks without costly schema changes.

HPE Page-Integrated Encryption

HPE Page-Integrated Encryption™ (PIE) is designed to provide users with end-to-end encryption for e-commerce
web transactions.

HPE Secure Stateless Tokenization

HPE Secure Stateless Tokenization (SST) provides advanced data security without token databases.

HPE Stateless Key Management

HPE Stateless Key Management ensures secure, adaptable and extensible enterprise key management.