Encryption and Smart Card Technology Leaders Develop Identifier-Based Encryption for Portable Format

Smart cards are not only powerful and convenient; they are proven as outstanding carriers for confidential information such as private keys. By implementing IBE on a smart card, developers can create more practical and cost-effective online and offline secure business communication applications. Applications for the technology are in the areas of e-government, e- and m-commerce, wireless management of secure documents, access control, and personal-authorization tokens. IBE has certain advantages over public-key infrastructure (PKI) security schemes. In classical PKI schemes, the public key is a randomly calculated number that has to be linked to the identity of the user by a certificate. With IBE the public key can be chosen freely and can be linked directly to the users identity or role without the need to exchange certificates and the costly infrastructure that comes with it. The three partners have implemented IBE on a smart card by using elliptic- curve pairing functions, which are important cryptographic primitives. IBE uses bilinear mapping on elliptic curves to obtain an algorithm that can be used to turn a simple, well recognized identity or role into a public/private key pair. This role-based encryption allows for one party in the communication (e.g. the receiver) to dynamically change the link between the identity and the role of the user without impacting the other party (e.g. the sender). HP Labs Bristol has one of the worlds leading research groups in IBE, which has the advantage of being more easily scalable than other PKI technologies. As a result it has numerous possible applications, including smart card security. The algorithmic calculations were developed by HP Labs and ST and implemented by Incard R&D on JsEC, an Incard smart card JavaCard 2.2.1 platform, based on STs ST22L128 chip. JsEC decrypts an IBE message in a few seconds. Incard has already integrated a JsEC smart card into a software application to show how IBE can complement the security offering of PKI schemes in business applications and environments.