Marco Casassa Mont - Web Page - HP Labs

This R&D project focuses on how to exploit Identifier-Based Encryption (IBE) to underpin security, access control and privacy within Services.

Identifier-Based Encryption is an emerging cryptographic schema, with the same "strength" of the "classic" public-key crypto schema (public-private key). Its main feature consists of being able to encrypt information (e.g. some personal data, a picture, a document, etc)  by: (1) using any type of "strings" (sequence of bits) as an encryption (public) key, for example a a set of policies, a role, an e-mail address, etc; (2) relying on a Trust Authority. The entity receiving an encrypted message has to interact with the Trust Authority to get a decryption key - by presenting the string used as an encryption key. In this context, the "encryption key" describes to the Trust Authority a set of guidelines and constraints that the message receiver has to comply with (in order to decrypt the message). Tampering this encryption key will prevent from accessing the original content.

My R&D work and focus has been on leveraging the IBE schema within applications and services. In particular I contributed to define and implement two key related services and generating IPs:

•  The HP Time Vault Service: The HP Time Vault Service is an innovative service to deal with privacy and confidentiality issues of documents and digital information. It  enables the disclosure of their content only at a predefined time;

• Role-based email Service and related UK Healthcare Trial: this e-mail service leverages current, state-of-the-art email infrastructures and enhance them with role-based encryption/decryption capabilities based on IBE. A full trial of this service has been run jointly with NHS, the UK Healthcare Service.

Further information and details about this project can be found in the following HPL Technical Reports:

• HPL-2003-101 Marco Casassa Mont,  Pete Bramhall -  IBE Applied to Privacy and Identity Management - HPL-2003-101, 2003
• HPL-2003-49 Marco Casassa Mont,  Siani Pearson, Pete Bramhall - Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services - HPL-2003-49, 2003
• HPL-2003-21 Marco Casassa Mont,  Pete Bramhall, Chris R. Dalton, Keith Harrison - A Flexible Role-based Secure Messaging Service: Exploiting IBE in an Health Care Trial - HPL-2003-21, 2003
• HPL-2002-243 Marco Casassa Mont,  Keith Harrison, Martin Sadler - The HP Time Vault Service: Innovating the Way Confidential Information is Disclosed, at the Right Time - HPL-2002-243, 2002