back to article Voltage secures patents on identity-based encryption

Voltage Security has been granted five patents covering the core functionality of their "identity-based" encryption products, though they're keen to share the technology with everyone on a reasonable and non-discriminatory basis. Most public-key encryption systems require an exchange of keys before data can be encrypted, but …

COMMENTS

This topic is closed for new posts.
  1. Matt

    a bit pedantic maybe...but

    "a system where knowing someone's email address.....gives access to their public key and thus enables encrypted messages to be sent to that person"

    surely you kind of need to know there email address simply to send them the mail whatever the encryption ;) quite possibly a bad example :)

  2. Anonymous Coward
    Anonymous Coward

    Patenting the obvious yet again

    A key is a key, no matter whether its a key or some other sort of key. It is still only a key.

    Once again, America has abused the patent system by allowing somebody to patent what is patently obvious.

  3. Doug

    patented a mathematical function ..

    Doe this mean that no one can use Pair( a • X, b • Y ) = Pair( b • X, a • Y ) in an encryption device without violating Voltages' patent.

  4. ake

    Epileptic Curve Cryptography....

    I love it! Ths must be the next thing after Elliptic Curve Cryptography, right? Is it what the London Olympic Committee is using for their new logo?

  5. Ian Michael Gumby

    Maybe I'm a little slow....

    First,

    A comment to Matt.

    The idea is that you don't need to know their public encryption keys, but just their e-mail address so that you can get the encryption keys from Voltage.

    They can't patent the ECC, but they can patent the concept of using a known identifying element to query a 'public' site to get the keys as a form of key management.

    Obvious maybe. Prior Art? Again maybe.

  6. Dillon Pyron

    ECC is compute intensive

    ECC uses a lot of computer cycles. Of course, with the horsepower available these days, that may not be an issue.

    OTOH, someone storing my private key is a disaster waiting to happen. To say nothing of the NSA.

  7. Anonymous Coward
    Anonymous Coward

    How long before...

    ... they get a subpoena to give up someone's private key?

    That's assuming anyone would be so stupid as to store it on a web server in the first place.

  8. Steve Browne

    Have they patented a foreign key ?

    Hmm, let me see, they use a key to access some data stored in a database.

    Just because the key is an email address is surely irrelevant, isnt it ? Or is this the reason I am not a patent lawyer ?

    This is just getting too weird.

    I knew this was the wrong day to give up LSD

  9. David Eddleman

    Whuh?

    "but Voltage reckons the advantage of not requiring the recipient to sign up first will drive greater use of encrypted communications and as long as you trust Voltage then there's no problem."

    So what happens when the Voltage server is broken into by cyber-crooks or some kiddie (refer to the security person's adage: "the only completely secure system is one disconnected and buried in concrete")? Does Voltage have to suddenly generate new keys for everyone and inform their entire clientèle that they've been breached?

    These guys aren't very keen on security methods, so why should we trust them with crypto (one of the first lines of defense)?

  10. Nigee

    What did you say your name was?

    Er, am I missing something - the recipient obtains the private key from the repository? How does the repository now that it's the legit recipient asking for it? Because they've pre-registered and been given an authentication credential? And how did they prove that they really were the owner of the identity? Etc, etc.

    Are keys static or do they change with every message or are they actually formed from sender/recipient id pairs? If the former, whoppee, I persuade the originator to send me an encrypted message, a simple bit of social engineering, I then get the private key and read all other messages they sent and I've got my hands on. Even better if recipents own computer security is a bit flakey, someone else can get at their collection of private keys. There's a whole new entreprenurial opportunity for the criminally inclined here.

This topic is closed for new posts.