Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and
ABSTRACT (Maximum 200 Words)Invented by Dr. Dan Boneh and Dr. Matt Franklin in 2001, Identity-Based Encryption, or IBE, is a breakthrough in cryptography that, for the first time, enables users to simply use an identity, such as an email address, to secure business communications. This replaces the digital certificates that a traditional X.509 based public key infrastructure (PKI) relies on. Moreover, unlike existing security solutions, secure communication based on IBE technology can be conducted online as wall as offline, from anywhere in the world, without the complexity of certificates, Certificate Revocation Lists (CRLs) and other costly infrastructure. IBE is transparent to end users, easy to deploy and manage, and can scale to millions of users on the internet.Contract FA8750-04-C-0217 was awarded to Voltage Security, Inc., to demonstrate the effectiveness of the technology developed to implement the Boneh-Franklin IBE. This contract provided for the necessary hardware and software needed to demonstrate the Voltage technology, as well as necessary supporting services needed to implement the technology.14. SUBJECT TERMS
NUMBER OF PAGES 36Cryptography, certificate, identity, secure communications, JWID
Identity-Based Encryption (IBE)IBE involves the encryption of data using an IBE public key. The encrypted data can later be decrypted using an appropriate private key. The IBE public key does not need to be known or established prior to the encryption process, and can be any arbitrary string, such as an email address. This significantly reduces the requirements for infrastructure in an IBE system and allows the public key itself to specify policy. A person can receive a secure signed and encrypted email without being enrolled in the system; the first secure 1 email walks the receiver through the process of registration and acquiring decryption keys. Thus secure communities of interest can be established for communication on the fly.An IBE public key can specify user identification, expiration period, group membership and many other policy attributes. These attributes can all be verified during private key generation so that security policy may be centrally controlled. When set to a short time period, the expiration date facilitates removing a person from the system quickly. Rather than using a Certificate Revocation List (CRL) where a list of expired or revoked certificates is transmitted to everyone in the system, I...
