Gemplus, the world’s largest smartcard provider, is developing an identity-based form of security that could revolutionise payments made via mobile or e-mail systems.
The technology could boost the use of public key infrastructure to secure electronic transactions. PKI uses certificates to verify the identity of the sender of a message and works as an e-signature.
PKI has for long been seen as the technology that could the secure authentication of identity that is essential for e-government and e-commerce transactions. However, adoption has been slowed by the complexity of managing digital certificates.
At the Cartes 2004 smartcard show in Paris today (2 November), Gemplus will unveil the first smartcard implementation of identity-based encryption.
This is designed to make the secure encryption of messages user-friendly and more manageable for businesses, Gemplus said.
Identity-based encryption derives the public key from the user’s identity, for example, by using a mobile phone number.
David Naccache, head of R&D at Gemplus, said, "To book a theatre ticket I could secure my credit card number and details using my password [telephone number] to encrypt the message." The theatre would use its private key to unscramble the message.
Graham Titterington, principal analyst at Ovum, said Gemplus technology would overcome the complexity of managing public keys but it might be less secure than traditional PKIs.
David Lacey, director of information security at Royal Mail and a member of security group the Jericho Forum, said the technology would be useful if a user kept a single ID. But he warned of the threat posed by identity theft.