Voltage Simplifies Encryption

By Jim Louderback  |  Posted 2004-07-30 Print this article Print

In a world where secure communications is becoming more and more essential, a group of whiz kids from Stanford has found a way to make public keys more simple.

Quick, where are your house keys? In your pocket, probably, or your purse (or if youre like me, lost in the couch). Quick, wheres your private key? Public key? Do you even have one? If youre like most people, probably not. But these two keys can go a long way toward helping to secure the internet, reduce fraud and identity theft, and even control spam and other nefarious behavior.
But the whole private/public-key infrastructure is broken. Born through a nifty application of abstract mathematics, the promise of secure and encrypted communications for everyone just hasnt happened. And thats mostly because the keys themselves are unwieldy, difficult to transmit and hard to manage.
A public/private-key system works in an almost magical way. Two numbers, paired together, create an almost perfect way to encrypt information in a way thats truly for your eyes only. One part of the pair, your public key, is made available to anyone who wants to send you a message. The private key sits in a secured place on your computer, in a smart card, or tied to your thumb- or retina-print. The sender encrypts the message using the public key, which turns it into gobbledygook. The only way to decrypt it and turn it back into the message is by applying the private key to the message. And since only you have that private key, only you can bring it back. Click here to read eWEEK Labs primer on public-key infrastructure. In practice, however, the whole public/private thing is broken. Its hard to get a public key, and harder still to let the world know what it is. Public keys are typically long, long strings of numbers, which makes it even more difficult to send them to other people. But what if the public key could be something simple, unique to you, but easy to remember? What if all someone needed was your e-mail address or your phone number? Its a problem mathematicians have been toying with for years, and a few whiz kids from Stanford finally solved it in 2001. Once they worked out the math, all that was left was to turn it into a real product. The mathematicians teamed up with some of the same folks who worked on Googles business plan, secured funding and launched a company called Voltage Security, with the goal of bringing simplicity—and thus increased usage—to the private/public-key morass. Heres how Voltages solution works. Your bank, or some other organization that knows you, encrypts an e-mail using a public key, based on your e-mail address. You receive that e-mail, which connects you back to that organizations authentication server. The server verifies that you are you (by asking for your mothers birthday, for example, or the street you grew up on), and generates your private key. That key gets sent to you, and typically gets stored on your computers hard drive. Now you can decrypt the message—and encrypt a response—automatically. From then on, anyone can encrypt a message using Voltages free tools. And if you have a Voltage-based private key, all you need to do is apply their software to return a message to English, or encrypt a response to someone else. But Voltage has added a unique twist to public/private key encryption—the concept of time. Your public key is not, in fact, your e-mail, but instead your e-mail address concatenated with the week and year, along with a special code for that particular encryption server. That makes it easy to create secure groups for a short period of time, and to expire users if they are no longer deemed secure. It also lets Voltage make money by ensuring that someone has to pay for the authentication server each week. Why expire keys? For a whole host of reasons. Imagine that you rent a digital copy of a movie, or subscribe to a music library. Stop paying your bills, and the private keys stop coming—and the music and movies youve downloaded suddenly turn into mush. The U.S. government is interested in Voltages system. DARPA has already put it to work building temporary coalitions to solve specific regional problems. Its a nifty way to ensure secure communications, over a week or more, with folks you might not trust much. Its also a great way to improve productivity between consumers and business—especially where regulations require signed documents. Did you refinance your home recently? How many papers did you have to physically sign? My hand cramped before I was done! Waterfield Mortgage deployed the Voltage system, and the company now handles most transactions entirely by e-mail. By going entirely electronic, the company estimates that it can handle about 10 percent more volume with the same staff. Now thats productivity! General Electrics insurance arm uses the Voltage technology to process its insurance paperwork. Advantage Bank in Colorado conducts cash-management transactions with corporate clients using e-mail. For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog. During my test of the system, it worked great. All a provider needed to do was send me an e-mail encrypted based on my e-mail address. When I received the e-mail, I was instructed to verify my identity online, which allowed them to send me my private key. A 3MB helper application installed into Outlook, which then let me decrypt and read the e-mail. It was simple and easy to operate. However, its not foolproof. I purposely used one of my Exchange e-mail aliases (jlouderb@ziffdavis.com) instead of my real e-mail address (jim_louderback@ziffdavis.com) for my public key. That caused problems when I tried to encrypt a response using Outlook. Its also expensive. Youll have to spend $62,500 to get started with 250 internal users. There is a less expensive version for smaller businesses, at $22,500 for three years. The companys also working with third-party software developers to fight spam and viruses. Brightmail, CipherTrust, FrontBridge and others have all signed up to incorporate Voltages technology into their products. In a world where secure communications is becoming more and more essential, its nice to see advanced mathematics applied to making our lives easier. The company expects its technology to be incorporated into instant messaging applications, BlackBerry-like portable e-mail systems and more. Itll even work at Internet kiosks. Now if only theyd figure out a way to hang my private key on my keychain. On second thought, Id probably lose that in the couch, too. Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

With more than 20 years experience in consulting, technology, computers and media, Jim Louderback has pioneered many significant new innovations.

While building computer systems for Fortune 100 companies in the '80s, Jim developed innovative client-server computing models, implementing some of the first successful LAN-based client-server systems. He also created a highly successful iterative development methodology uniquely suited to this new systems architecture.

As Lab Director at PC Week, Jim developed and refined the product review as an essential news story. He expanded the lab to California, and created significant competitive advantage for the leading IT weekly.

When he became editor-in-chief of Windows Sources in 1995, he inherited a magazine teetering on the brink of failure. In six short months, he turned the publication into a money-maker, by refocusing it entirely on the new Windows 95. Newsstand sales tripled, and his magazine won industry awards for excellence of design and content.

In 1997, Jim launched TechTV's content, creating and nurturing a highly successful mix of help, product information, news and entertainment. He appeared in numerous segments on the network, and hosted the enormously popular Fresh Gear show for three years.

In 1999, he developed the 'Best of CES' awards program in partnership with CEA, the parent company of the CES trade show. This innovative program, where new products were judged directly on the trade show floor, was a resounding success, and continues today.

In 2000, Jim began developing, a daily, live, 8 hour TechTV news program called TechLive. Called 'the CNBC of Technology,' TechLive delivered a daily day-long dose of market news, product information, technology reporting and CEO interviews. After its highly successful launch in April of 2001, Jim managed the entire organization, along with setting editorial direction for the balance of TechTV.

In the summer or 2002, Jim joined Ziff Davis Media to be Editor-In-Chief and Vice President of Media Properties, including ExtremeTech.com, Microsoft Watch, and the websites for PC Magazine, eWeek and ZDM's gaming publications.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel