ING Canada is rolling out a secure e-mail system that uses identity-based encryption to send secure e-mail to independent insurance brokers and other business partners.
The advantage of identity-based encryption is that partners don’t need special software installed on their computers to read e-mail from ING, explained Minaz Sarangi, vice-president of architecture at ING Canada in Toronto. That’s because the product ING chose, Voltage SecureMail from Voltage Security Inc., of Palo Alto, Calif., has a zero-download mechanism that lets users decrypt their mail by connecting to a remote server.
Identity-based encryption is supplanting the traditional approach to public-key encryption, said Wasim Ahmad, vice-president of marketing at Voltage Security, because it’s less cumbersome.
Public-key encryption uses both a public and a private key. Before two people can exchange messages encrypted this way, both must have created public keys and made them available to the other party. Each party also has a private key, known to nobody else, that is used to decrypt encrypted using the public key.
With identity-based encryption, the public key can be generated from a known string of text such as the recipient’s e-mail address, so no keys need to be exchanged before two people can communicate securely.
When someone at ING sends e-mail to a business partner using SecureMail, Sarangi said, the partner will open the e-mail and be connected to a server that will require the partner to identify and authenticate him- or herself. It will then generate the private key and open the encrypted message in a browser window. The recipient will have the option then of storing the decrypted message.
The encrypted e-mail arrives along with other e-mail and works with any e-mail client software, Ahmad said.
Partners will also be able to send encrypted e-mail to contacts within ING using SecureMail.
Voltage also offers a plug-in for Microsoft Outlook that SecureMail users can install to avoid communicating with a remote server and having their decrypted e-mail displayed in a Web browser.
Sarangi said ING’s Canadian IT team, which is taking the lead on e-mail encryption for all of ING Americas, looked at several options and narrowed them down to three leading secure e-mail products. ING chose SecureMail because of the convenience for end users and ease of support, he said.
“The technology is the easiest to maintain,” he said. “The total cost of ownership in our case over five years was the lowest.”
ING Canada started implementing SecureMail in December and hopes to finish by April. The company has about 6,600 employees coast to coast, and while it will start by equipping only a couple of thousand of those with SecureMail, the installation will be configured to support up to 7,000 people eventually, he said.
The Canadian implementation will be a pilot for other ING operations in North and South America, he added.
ING deals with about 16,000 people who work outside the company in independent insurance brokerages. SecureMail will be used for encrypted communication with those outside partners, Sarangi says. Internal e-mail is already encrypted.
Voltage grew out of the work of co-founder Dan Boneh, a computer science professor at Stanford University, and Matt Franklin of the University of California, who together invented the identity-based encryption technology Voltage uses. Boneh and three of his students co-founded Voltage in 2002. Adi Shamir, one of the inventors of the original RSA public-key cryptography system, first proposed the idea in 1984.