HP Identity-Based Encryption
HP Identity-Based Encryption (IBE) takes a breakthrough approach to the problem of encryption key management. HP IBE can use any arbitrary string as a public key, enabling data to be protected without the need for certificates. Protection is provided by a key server that controls the dynamic generation of private decryption keys that correspond to public identities and the key servers base root key material. By separating authentication and authorization from private key generation through the key server, permissions to generate keys can be controlled dynamically on a granular policy driven basis, facilitating granular control over access to information in real time.
The stateless nature of HP IBE also dramatically simplifies operation and scaling. Key Servers can be distributed independently and geographically and key requests load balanced across them without the need to synchronize data, thus enabling high scale without growing complexity and to enable distributed and federated key management across the world easily and quickly.
By eliminating the need for certificates, HP IBE removes the hurdles of PKI: certificate lookup, lifecycle management, certificate revocation lists, and cross-certification issues. HP IBE’s simplicity enables it to be used in ways PKI could not; HP IBE can be used to build security systems that are more dynamic, lightweight
“We selected HP’s IBE technology to provide us with the easiest-to-use
￼Understanding HP IBE's Advantages
HP IBE technology protects the data for over 100 million users worldwide. It secures billions of transactions and permits more than 1,000 enterprises to embrace data-centric security easily and efficiently to enable the secure movement, use, and sharing of sensitive data at unprecedented scale.
HP IBE Simplified
HP Identity-Based Encryption dramatically simplifies the process of securing sensitive communications. For example, the diagram above illustrates how Alice would send a secure email to Bob using HP IBE:
- Alice encrypts the email using Bob’s e-mail address, “email@example.com”, as the public key.
- When Bob receives the message, he contacts the key server. The key server contacts a directory or other external authentication source to authenticate Bob’s identity and establish any other policy elements.
- After authenticating Bob, the key server then returns his private key, with which Bob can decrypt the message. This private key can be used to decrypt all future messages received by Bob.
Note that private keys need to be generated only once, upon initial receipt of an encrypted message. All subsequent communications corresponding to the same public key can be decrypted using the same private key, even if the user is offline. Also, because the public key is generated using only Bob’s email address, Bob does not need to have downloaded any software before Alice can send him a secure message.
Related HP Security Voltage Technologies
HP Format-Preserving Encryption
HP Format-Preserving Encryption (FPE) integrates data-level encryption into business application frameworks without costly schema changes.
HP Page-Integrated Encryption
HP Page-Integrated Encryption™ (PIE) is designed to provide users with end-to-end encryption for e-commerce
HP Secure Stateless Tokenization
HP Secure Stateless Tokenization (SST) provides advanced data security without token databases.