Voltage SecureMail uses identity-based encryption to enable enterprises to send and receive secure communications without downloading any software. Messages can even be sent when the receiver is offline with unique private keys.
Identity-based encryption, or IBE, takes a breakthrough approach to the problem of encryption key management. IBE can use any arbitrary string as a public key, enabling data to be protected without certificates. Protection is provided by a key server that controls the dynamic generation of private decryption keys that correspond to public identities and the key servers' base root key material. By separating authentication and authorization from private key generation through the key server, permissions to generate keys can be controlled dynamically on a granular policy-driven basis, facilitating granular control over access to information in real time.
Stateless nature: IBE dramatically simplifies operation and scaling. Key servers can be distributed independently and geographically, and key requests load balanced across them without the need to synchronize data, enabling high scale without growing complexity and enabling distributed and federated key management across the world easily and quickly.
No more hurdles: By eliminating the need for certificates, IBE removes the hurdles of PKI, like certificate lookup, lifecycle management, certificate revocation lists, and cross-certification issues. IBE’s simplicity enables it to be used in ways PKI could not. IBE can be used to build security systems that are more dynamic, lightweight, and scalable.
This diagram above illustrates how Alice would send a secure email to Bob using IBE:
Alice encrypts the email using Bob’s e-mail address, “email@example.com”, as the public key.
When Bob receives the message, he contacts the key server. The key server contacts a directory or other external authentication source to authenticate Bob’s identity and establish any other policy elements.
After authenticating Bob, the key server then returns his private key, with which Bob can decrypt the message. This private key can be used to decrypt all future messages received by Bob.
Private keys need to be generated only once, upon initial receipt of an encrypted message. All subsequent communications corresponding to the same public key can be decrypted using the same private key, even if the user is offline.