1. Identity-Based Privacy
(IBP)
07/2013

2. Privacy
• associated with Western culture, English and North
American in particular
• strong ties with freedom and liberty
• unknown in some cultures
• the word Privacy is missing in some languages
My attempt to define Privacy
Ability of an individual or group to govern level
of information disclosure about themselves.

3. Types of Privacy
• Individual privacy: Individuals
• Organizational privacy: Corp, Government, Family, …
• Shared privacy: Among all of the above-mentioned

4. Cloud Computing, Data Security and
Information Privacy
• Cloud Computing & Security – meet very well
• Cloud Computing & Privacy – contradictory
Privacy is the issue!
• Business information
• Personal information

5. Privacy preserving
Encryption is one of the most effective
information protection techniques.
• Security - Data at Rest Encryption, Data in
Transit Encryption
• Privacy - Data in Use Encryption

6. Privacy preserving - existing solutions
• PKI – Public-Key Infrastructure
• PGP – Pretty Good Privacy
• IBE – Identity-Based Encryption
• PKI, PGI – it’s more about key management
then encryption
• IBE – heavy mathematics

7. Privacy preserving - existing solutions
(cont.)
Drawbacks:
• PKI – very expensive, usability
• PGP – usability
• IBE – strong patents

8. Identity-Based Privacy (IBP)
A lightweight alternative to PKI/PGP/IBE systems
• Internet of Things – a Personal Key Ring
separated from cloud application and data
storage
• User Agent – only there meet your encryption
key, application and data
• Identity Management – the gateway to your
privacy

9. IBP - Technical background
• Identity Provider – email address as identifier
• Authentication – OpenID Connect/OAuth2
• One-Time Identity-Based Key Generator
• Identity encryption key generated from identity
• Identity-Based Encryption[1]
• Data encryption key encrypted by identity encryption
key
1. a simple HMAC-SHA/AES(GCM) symmetric encryption, not the
type of public-key encryption as stated on Wikipedia

10. IBP - Technical background (cont.)
Client-side zero-knowledge encryption:
• All users' data are encrypted on the client side
and never touch servers in a plain form.
• Cloud data storage provider has zero
knowledge of the encryption keys.
• Key generator server has zero knowledge of
users' data.

11. Business model
Customer
User Agent
(Browser)
Data/App Provider
Google, Microsoft, Oracle, AWS
Identity Provider +
Encryption Key Generator
home or corp.
computer, tablet, smartph
one

12. IBP - Pros
• usability (no passwords, no certificates)
• no certificates management
(creation, storage, distribution, revocation)
• lost key prevention
• IBE like features, key escrow/fair
encryption, no need for receiver’s public key
before encryption
• no IBE revocation problem (online service)

13. IBP - Cons
• online solution
• master key security

14. Business Opportunities
•
•
•
•
•
•
•
•
•
•
•
Data Storage / Sharing
Health Records / Medical Data Sharing
Big Data
Data Boxes
Databases
Reporting / Business Intelligence
Management Information System
e-mail
eForms / Workflow
Document Management / Workflow
Internet of Things

15. Featured links
• www.leadict.com
• igi64.github.io