HP Identity-Based Encryption

Information encryption for email, files, documents and databases

HP Identity-Based Encryption

HP Identity-Based Encryption (IBE) takes a breakthrough approach to the problem of encryption key management. HP IBE can use any arbitrary string as a public key, enabling data to be protected without the need for certificates. Protection is provided by a key server that controls the dynamic generation of private decryption keys that correspond to public identities and the key servers base root key material. By separating authentication and authorization from private key generation through the key server, permissions to generate keys can be controlled dynamically on a granular policy driven basis, facilitating granular control over access to information in real time.

The stateless nature of HP IBE also dramatically simplifies operation and scaling. Key Servers can be distributed independently and geographically and key requests load balanced across them without the need to synchronize data, thus enabling high scale without growing complexity and to enable distributed and federated key management across the world easily and quickly.

By eliminating the need for certificates, HP IBE removes the hurdles of PKI: certificate lookup, lifecycle management, certificate revocation lists, and cross-certification issues. HP IBE’s simplicity enables it to be used in ways PKI could not; HP IBE can be used to build security systems that are more dynamic, lightweight
and scalable.

“We selected HP’s IBE technology to provide us with the easiest-to-use
encryption available.”
NTT Communications

Kazuhiro Kitamura

NTT Communications

Understanding HP IBE's Advantages

HP IBE technology protects the data for over 100 million users worldwide. It secures billions of transactions and permits more than 1,000 enterprises to embrace data-centric security easily and efficiently to enable the secure movement, use, and sharing of sensitive data at unprecedented scale.

Understanding HP IBE

HP IBE Simplified


HP Identity-Based Encryption dramatically simplifies the process of securing sensitive communications. For example, the diagram above illustrates how Alice would send a secure email to Bob using HP IBE:

  1. Alice encrypts the email using Bob’s e-mail address, “bob@b.com”, as the public key.
  2. When Bob receives the message, he contacts the key server. The key server contacts a directory or other external authentication source to authenticate Bob’s identity and establish any other policy elements.
  3. After authenticating Bob, the key server then returns his private key, with which Bob can decrypt the message. This private key can be used to decrypt all future messages received by Bob.

Note that private keys need to be generated only once, upon initial receipt of an encrypted message. All subsequent communications corresponding to the same public key can be decrypted using the same private key, even if the user is offline. Also, because the public key is generated using only Bob’s email address, Bob does not need to have downloaded any software before Alice can send him a secure message.

More Information

The Identity-Based Encryption Advantage – A Proven Standard for Protecting Information 

Read Technical Brief

Independent Technical Assessment of HP Format-Preserving Encryption

Read White Paper

Major Provider of Insurance, Banking and Travel Products and Services

Read Case Study

Related HP Security Voltage Technologies