Imprimir Republish

Software

The key to keeping secrets

Laboratory from Santa Catarina masters technique of cryptography that protects information on the virtual web

Making a purchase with a credit card or paying bills over the Internet are two situations that call for a good dose of security. Both on the side of the person who is accessing, and of the seller of the service or product. It is always possible to imagine that there is a hacker at every corner of the world-wide web, waiting for the opportunity to steal one’s trust and money. This is the reason why consumers and companies who want to have a guarantee of the authenticity of those who access their site rely more and more on cryptography. This technique makes it possible to shuffle the data in such a way as to make it illegible for anyone who does not have the decoding key.

Mastery of this technology was recently conquered by the Computer Security Laboratory (LabSec), of the Information Technology and Statistics Department of the Federal University of Santa Catarina. “We concluded the capture of knowledge about algorithms (methods for solving rules and mathematical operations) that exist in the American systems, the ones most used in the world”, says Ricardo Felipe Custódio, LabSec’s supervisor. “With this, we have now concluded some solutions for the use of cryptography on the Internet and in the internal network in companies and governments”.

Some of the most important fields for its application are digital certification, digital signatures and secure e-mail. The certificate is a computer file with information – name, address and a cryptographic key of the holder, besides an indication of the certification authority – which confirms the identity of persons and machines. It is, for example, fundamental in the on-line access to a bank account statement or in the reception of financial information in the secure areas of virtual stores, for the payment of purchases.

The signature, which is based on the certificate, can be used when sending documents by e-mail, ensuring the authenticity of the origin and the integrity of the content, which will reach the addressee without any alteration. Finally, secure e-mail adds an additional guarantee: that nobody will be able to open the message, except its original addresses.

Conceived to protect confidential information in the days of the Roman Empire, cryptography has acquired such importance with communication between computers that the American government treats it as a matter of national security. For decades, it prohibited the export of products with so-called strong encryption, a concept that varies in accordance with the evolution of technology. The United States only relaxed their legislation a bit in 1999, under strong pressure from the software industry, which started to lose market share to countries with their own cryptographic systems, like Switzerland and Israel.

Transfer of technology
LabSec was set up in 1999, on the initiative of six professors formerly linked to the Algebraic and Symbolic Computing Laboratory; by the end of this year, it will have formed 20 masters. It has innovative projects in all the areas where cryptography is intensively used, and some of them have now been adapted to the needs of the market. To handle these adaptations, which are always aimed at simplifying implementation and use, at the end of last year, UFSC signed a contract for the transfer of technology with Bry, a technology-based company from Florianópolis. Since then, Bry has been paying a fixed monthly amount to the university, as an advance on royalties, which will correspond to 5% of the gross income from sales. “Our objective is not to market solutions for the end users, but to integrate them, as components, in packages of products and services of our potential customers”, announces Carlos Roberto De Rolt, Bry’s director-president.

Part of the company’s work is what De Rolt calls “productization”: marketing functions that involve not only publicizing LabSec’s technologies, but also the adaptation of technical documents, like manuals and help files, the development of graphic interfaces and, in hardware solutions, the prototypes as well. Founded in mid-2000, with the help of an investor who finances the first steps of an enterprise, also known as an angel investor”, Bry is concluding negotiations for a significant injection of venture capital, which, if De Rolt’s expectations are confirmed, will arrive in August. His market studies forecast over R$ 30 million within three years, and more than R$ 100 million at the end of this decade.

One of the highlights amongst the technologies developed at LabSec is a time stamp of electronic documents that makes it possible to attach a temporal anchor to the document, which guarantees that it has not been altered after a given date and time, one of the major problems in the transmission of official documents over networks. “This technology, which we have named “the synchronized tree method”, is attracting the attention of the Massachusetts Institute of Technology (MIT)”, observes Custódio, from UFSC. Instead of requiring the clocks of the machines, both of the issuer of the document and of the receiver, to work in unison – a very improbable objective -, the method establishes the concept of relative dating, that is, the documents are connected to each other, as in a chain, and they are given a common reference: the temporal anchor. Without this differential, the time stamps available today – made by Datum of America and Time-Proof of Germany – have a price of around US$ 35,000, not counting importduty, freight and insurance.

Under the name of Bry PDDE, the time stamp has incorporated some improvements and has had new versions since its conclusion in 1999. It already has a user in the private sector, and has been undergoing testing at the Higher Labor Court of Santa Catarina since August. “It is a product with a high potential in the legal and tax areas, for the reliability that it adds to the activities of accountants, when they send official documents electronically”, explains De Rolt.

The equipment is not limited to recording the date and time that the message goes into the user’s network – it also prevents alterations to its content, and self-destructs when faced by any attempt at physical violation. Besides what Bry is doing, LabSec has been holding talks with the federal government, for a time stamp system to be adopted for the electronic services provided by the government.

Other LabSec technologies that have now been transformed into commercial products are Bry AC, a system for certification authorities – a role that in the ambit of private enterprise can be carried out by, let us say, a company that is in communication with customers, suppliers and partners, and, in the public sphere, depends on a concession by the government and it at the stage of regulation -, and BrySigner. The latter is digital signature software that carries out the basic operations of authenticating the authorship and the content of the documents.

“In its intranet, UFSC is already acting as a certification authority and is using digital signatures”, says Custódio. By definition, an intranet uses both the user’s internal network and the Internet to give access to authorized users, on the user’s premises or outside. Anther product now available is BryDeal, which controls voting in elections organized by trade associations and in surveys sponsored by companies, among other applications, to avoid double voting.

Virtual notary
LabSec has many projects that are ready to bear fruit. The one with the largest scope is the virtual notary system, which would take to the digital world all the services provided by notaries in the world of bricks and mortar. “A team of 30 persons is identifying all the processes of a notary’s office”, Custódio comments. One of the first applications should be to ensure the issue of birth certificates in the hospital, contributing towards a reduction in the shameful number of Brazilians born without being registered.

Among the other promises of innovation, there also features the application of the time stamp to voice communication in call centers, the use of cryptography in fixed and mobile telephony to avoid “eavesdropping” and a system for credit queries that requires the identification of the person who is being analyzed and ensures the right to privacy.

Republish