Technology Review (03/02/09) ; Naone, Erica
A new protocol designed to allow organizations to share important information without compromising privacy through the use of smart cards was recently unveiled by Bar-Ilan University professor Andrew Yehuda Lindell. The protocol's usage involves the first party's creation of a key with which both parties could encrypt their data. The key would be stored on a secure smart card to be given to the second party. Both parties would employ the key to encrypt their respective databases, and then the first party would send his or her encrypted database to the second party, who can see what information both parties have in common. In addition, the second party would only have a restricted window of time to use the secret key on the smart card because the first party deletes it remotely using a special messaging protocol. University of Haifa professor Benny Pinkas says that Lindell's system demands far fewer computing resources to shield private information. However, RSA Laboratories chief scientist Ari Juels says that because the smart card serves as a trusted third party, finding a manufacturer that both organizations trust completely could be problematic. "Assuming that a smart card is secure against an individual or modestly funded organization may be reasonable, but not that it's secure against a highly resourced one, like a national-intelligence agency," he notes. Lindell says that in the event the chip is compromised, high-end smart cards can be designed to self destruct.
