Wannabe code-crackers have a fresh challenge to rise to, if DeTron has its way. The encryption company ran a full page ad in the New York Times late last week challenging code breakers, hackers and cryptographers to crack a message encrypted by Quantum Direct Key (QDK) – a personal identification encryption technology aimed at eliminating multiple passwords for cloud services and web apps.
DeTron calls the code “virtually unbreakable,” hence the challenge to code crackers. The challenge lasts for seven days and is a preface to the Oct. 18 launch of the first QDK-enabled device, for e-commerce use and for replacing Digital Rights Management (DRM) protection for copyrighted material or other forms of digitized intellectual property. The company also will reveal the decoded answer to the message at the launch.
Corresponding to the rise of cloud services in the business world, consumers are using the web for just about everything, including shopping, reviewing medical records, social media, receiving financial statements, filing insurance claims, applying for loans, online banking, and storing photos and other personal content, to name just a few common uses. Obviously this makes the population as a whole more vulnerable in its cyberlife than it ever has been before.
A contributing factor to that vulnerability is the unmanageable number of passwords people have to remember to access their online accounts. Many people don’t even try; they just re-use the same ones for all of their accounts, or, they choose very simple credentials, making it that much easier to crack for identity thieves. In fact, cybercrime costs individuals and businesses billions of dollars every year, the US Federal government estimates. It said that an estimated 11.7 million Americans were victims of identity theft of some kind, including online identity theft, over a two-year period.
Aiming to do something about it, in April 2011, the Obama administration unveiled its National Strategy for Trusted Identities in Cyberspace, tasked with creating a framework for online denizens to have a single, federated online identity to eliminate the need to remember multiple passwords.
It envisions a “vibrant marketplace” that allows people to choose among multiple identity providers – both private and public – that would issue trusted credentials that prove identity. Private-sector companies and organizations have joined the initiative to create, test, verify and distribute a voluntary single credential solution for Americans. The credential would be suitable for deployment on a smartphone, smart card or token.
QDK is one of the entries to the mix.
Unlike Public Key Infrastructure (PKI) which requires a third-party to process and issue a security certificate from an independent database, QDK establishes an Encryption Public Key directly between the sender and recipient, certifying the individual’s unique identity. Because the system requires only the sender and recipient, it simplifies and strengthens the exchange of information, DeTron said.
QDK functions by generating a pair of public and private keys from two public and secret seed matrices Mp (public) and Ms (secret). The Key Management Center (KMC) is the only owner of Ms and it is always offline. The private key is generated by the KMC from the user’s ID, while the public key is generated by any user using known ID. Mp and the key generation mapping are distributed to the user after encryption.
“QDK is the first technology capable of solving the secured cloud identity problem,” said Steve Chao, chief extraction architect of DeTron. “As the White House announced last year, the potential for fraud and the weakness of privacy protections found in current online solutions involving user names and passwords preclude better alternatives. If we are going to reach the next level of trust as a society in cyberspace, we must establish a reliable trusted identity solution. QDK is that answer.”