ID-based encryption boost for e-payments

Gemplus, the world’s largest smartcard provider, is developing an identity-based form of security that could revolutionise...

Gemplus, the world’s largest smartcard provider, is developing an identity-based form of security that could revolutionise payments made via mobile or e-mail systems.

The technology could boost the use of public key infrastructure to secure electronic transactions. PKI uses certificates to verify the identity of the sender of a message and works as an e-signature.

PKI has for long been seen as the technology that could the secure authentication of identity that is essential for e-government and e-commerce transactions. However, adoption has been slowed by the complexity of managing digital certificates.

At the Cartes 2004 smartcard show in Paris today (2 November), Gemplus will unveil the first smartcard implementation of identity-based encryption.

This is designed to make the secure encryption of messages user-friendly and more manageable for businesses, Gemplus said.

Identity-based encryption derives the public key from the user’s identity, for example, by using a mobile phone number.

David Naccache, head of R&D at Gemplus, said, "To book a theatre ticket I could secure my credit card number and details using my password [telephone number] to encrypt the message." The theatre would use its private key to unscramble the message.

Graham Titterington, principal analyst at Ovum, said Gemplus technology would overcome the complexity of managing public keys but it might be less secure than traditional PKIs.

David Lacey, director of information security at Royal Mail and a member of security group the Jericho Forum, said the technology would be useful if a user kept a single ID. But he warned of the threat posed by identity theft.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...