I first came across the PKI technology in March 2008 when I was working on a large Document Management project. We needed to create and manage digital certificates for thousands of users in municipal organizations. The budget requirements have risen so much that finally the project was stopped, revisited and finished without digital certificates. It was very difficult to build and manage PKI in one organization and practically impossible to build a multi-CA trust model PKI across many organizations.
The last couple of years I have been thinking about how to make things better. One promising technology is Identity-based cryptography. I have left behind Document Management Systems and have been focusing on an email communication. Since 2009 I have designed and constructed a few prototypes of email encryption systems built on top of BF , DMCPK  and BLMQ  schemes.
But in the new mobile era there is arising another problem – multiplatform. There are many variations of email clients running on many operating systems and it is not trivial to integrate Identity-Based Encryption in all these applications. If we embrace the idea of non-mandatory email encryption (not every email must be really secured) we can accept encryption in an external application. After testing a few cross-platform application frameworks, I have realized that the whole user’s data encryption process must be done in a Web Application hosted in a browser. The drawback of this approach is the lack of automation – the users are engaged in copying data between browser and email client. It may not be the best solution for every situation, but it certainly is universal.
- Boneh, Franklin encryption scheme
- Double-Matrix Combined Public Key scheme
- Barreto, Libert, McCullagh, Quisquater signcryption