project featured at Royal Society science show
A form of 'cryptography for the people' developed by HP Labs will give small companies and even individuals the same high levels of Internet security that banks and other big businesses use.
The project, known as Identifier-Based Encryption (IBE) is designed to test the authenticity of information in both leisure and business activities and help to raise the confidence of the public and companies in the security of the Internet for online business and e-commerce.
IBE is the only industrial research to be featured at the the Royal Society of London's prestigious Summer Science Exhibition (July 2-4, 2002). The Royal Sociey, Britain's national academy of science, annually features what it considers to be to the best of the UK's science and technology research.
Today, much of our online security comes from a system called public key infrastructure (PKI). PKI requires a special trusted authority to issue a secure key - a certificate. These certificates are easy for large enterprises to acquire, but are less practical for individuals and smaller companies.
The key then enables information to be protected. The software-based process is simple and is a significant advance over existing schemes that require information about the individual to be known already or exchanged.
"We want to make the Internet a safer, more secure place for people and companies to use business and leisure services," said Keith Harrison, one of the developers of IBE at HP Labs, Bristol, UK. "IBE is a step on the road to making this happen."
IBE at work
Here is one example of IBE at work, helping a small engineering company to select a shortlist of accredited subcontractors with minimal effort to itself.
Imagine that the engineering company is building a pedestrian bridge. It is subcontracting the street lighting over the bridge, and it only wants established and reputable firms to bid for the work.
The engineering company publishes a tender on the Internet, which is seen by a number of specialist lighting firms. The tender tells the firms that bidders for the contract must be known and accredited by, in this example, three trusted professional organizations: the chamber of commerce, the official surveyor and the street lighting association.
checking and proving credentials
The bidding firms have to e-mail particular messages -- these are the engineering company's encryption keys -- to the three trusted organizations and they will only receive an answer if they are already accredited.
Only the firms that receive all three replies can combine them to read the full details of the tender. Not even the individual trusted professional organizations, which have just sent each reply, can see those details. And no one can tamper with the results.
As a result, the engineering company does not have to spend time checking the credentials of subcontractors... the subcontractors automatically check and prove their own credentials.
society champions science and technology
The Royal Society was founded in 1660, during the reign of King Charles II. It plays a central role as the champion of high-quality science and technology in the UK.
Harrison says it is a great honor to be chosen to exhibit at the society's Summer Science event. "The Royal Society is the most prestigious scientific body in the world. We share the same desire to show the public -- especially young people -- that science is an exciting, vibrant and valuable profession."
The presentations are aimed particularly at school groups but they are also seen by leading scientists and government officials. HP Labs will jointly present IBE with its research partner, the Communications Electronics Security Group (CESG), the UK's national technical authority for information assurance.
"My hope is that some of the school students who see our IBE exhibit will be fascinated enough by science to take it up as a career," Harrison said.
by Julian Richards