CertiVox is claiming "a revolutionary breakthrough in information security" with a two-factor authentication system that works with a web browser and cloud-based data. PrivateSky "is a one-click solution where both encryption and decryption are securely completed with no disruption to a user’s workflow," says the US-based company.
CloudOne Services, which is based in London, is one of several cloud companies that has signed up as a distributor "to the reseller channel and enterprise segments."
There is a free version of PrivateSky that allows users to send and receive encrypted messages and files. The Professional also allows the sender to encrypt attachments up to 10MB in size.
PrivateSky uses HTML5 and works on both Windows PCs and Macs, but only with the Google Chrome and Firefox browsers.
Two-factor authentication typically involves something you own and something you know. In this case, the "something you own" is an authenticated token stored by the browser, while the "something you know" is a four-digit PIN.
Messages and files are sent and collected from the PrivateSky portal. Recipients have to go to PrivateSky and enter their name and email address. The portal then emails them a link back to the portal. Following the link enables each user to set up a four-digit SkyPin, which is used to create a token in the browser. After that, users can retrieve messages by entering the PIN that matches the token.
The sender of the file can track who accessed the data, when, and for how long.
All the data remains secure. PrivateSky cannot read your email or files because these are encrypted in the browser before they are uploaded to the portal.
PrivateSky uses elliptic curve cryptography, which is based on the idea that it's infeasible to calculate the logarithm of a random elliptic curve. This contrasts with the original idea behind public key cryptography, which was based on the factorisation of very large prime numbers.
A white paper (PDF) explains how the system works.
There are lots of systems for encrypting email and data, and PGP (Pretty Good Privacy) was launched more than 20 years ago. None of them has ever become popular, which suggests that users just can't be bothered to use them. Most are too cumbersome to use, and users don't feel most emails are so important they need to be protected.
Whether CertiVox can buck the trend remains to be seen: the odds are against it. However, with fears of corporate espionage growing and cyberwars being fought behind the scenes, a growing number of companies will probably insist on it.