HPE Identity-Based Encryption
HPE Identity-Based Encryption (IBE) takes a breakthrough approach to the problem of encryption key management. HPE IBE can use any arbitrary string as a public key, enabling data to be protected without the need for certificates. Protection is provided by a key server that controls the dynamic generation of private decryption keys that correspond to public identities and the key servers base root key material. By separating authentication and authorization from private key generation through the key server, permissions to generate keys can be controlled dynamically on a granular policy driven basis, facilitating granular control over access to information in real time.
The stateless nature of HPE IBE also dramatically simplifies operation and scaling. Key Servers can be distributed independently and geographically and key requests load balanced across them without the need to synchronize data, thus enabling high scale without growing complexity and to enable distributed and federated key management across the world easily and quickly.
By eliminating the need for certificates, HPE IBE removes the hurdles of PKI: certificate lookup, lifecycle management, certificate revocation lists, and cross-certification issues. HPE IBE’s simplicity enables it to be used in ways PKI could not; HPE IBE can be used to build security systems that are more dynamic, lightweight
“We selected HPE IBE technology to provide us with the easiest-to-use
Understanding HPE IBE's Advantages
HPE IBE technology protects the data for over 100 million users worldwide. It secures billions of transactions and permits more than 1,000 enterprises to embrace data-centric security easily and efficiently to enable the secure movement, use, and sharing of sensitive data at unprecedented scale.
HPE IBE Simplified
HPE Identity-Based Encryption dramatically simplifies the process of securing sensitive communications. For example, the diagram above illustrates how Alice would send a secure email to Bob using HPE IBE:
- Alice encrypts the email using Bob’s e-mail address, “firstname.lastname@example.org”, as the public key.
- When Bob receives the message, he contacts the key server. The key server contacts a directory or other external authentication source to authenticate Bob’s identity and establish any other policy elements.
- After authenticating Bob, the key server then returns his private key, with which Bob can decrypt the message. This private key can be used to decrypt all future messages received by Bob.
Note that private keys need to be generated only once, upon initial receipt of an encrypted message. All subsequent communications corresponding to the same public key can be decrypted using the same private key, even if the user is offline. Also, because the public key is generated using only Bob’s email address, Bob does not need to have downloaded any software before Alice can send him a secure message.
Related HPE Security - Data Security Technologies
HPE Format-Preserving Encryption
HPE Format-Preserving Encryption (FPE) integrates data-level encryption into business application frameworks without costly schema changes.
HPE Page-Integrated Encryption
HPE Page-Integrated Encryption™ (PIE) is designed to provide users with end-to-end encryption for e-commerce
HPE Secure Stateless Tokenization
HPE Secure Stateless Tokenization (SST) provides advanced data security without token databases.