So the two hottest trends in computing right now, mobile computing and cloud computing are struggling with a common problem. The issue, how do you protect sensitive information in public spaces. In both technologies, the same problem is brewing, how do we secure, authorize, and authenticate users without compromising keys and sensitive data.

The information week article today titled "Encryption is Cloud Computing Security Savior" brings an acute lens on the issues with cloud and encryption. If a company or personal user is going to be able to trust the "cloud" to protect their data, they need to have faith in the fact that the information and activities they utilize the cloud for are secure and have intellectual privacy protections. This issue is a key area of growth development over the next 6-24 months and a very hot space to be in for the foreseeable future. Companies that excel here could very well be the leaders of this hot new technical space.

When it comes to key security on mobile, most practitioners agree that 3-legged OAUTH solutions provide the best security for authorization because of the ability to keep authorization tokens private until a user re-authenticates. This is all part of life in a "hostile environment." The challenge is getting people to understand that once the authorization token is retrieved, it needs to be protected. Well guess what, we are back to crypto. Encrypting, obfuscating, and eliminating the storage of authorization tokens and private keys on a mobile device is a key strategy in protecting "off-host" resources from compromise.

As a secondary issue in mobile computing, sensitive information that would be utilized in mobile banking, and mobile health, and mobile corporate IP systems needs to be protected. There's an interesting challenge here though, symmetric mechanisms are more friendly to mobile environments, they are self contained(reduced network volatility exposure), lightweight(symmetric mechanisms require a lighter processing footprint), and memory friendly. But in order to keep the information secure, we are back to cryptographic techniques for protecting encryption keys.

With the explosive growth in both both of these spaces combined with the great expertise we have in the valley on cryptology, this could be a growth area possibility for Boise. What does this have to do with Boise.... BSU's math department offers a semiannual conference called BOISECRYPT put on by Dr Scheepers and Dr Babinkostova. The upcoming event is December 16-18. Details can be found at

http://diamond.boisestate.edu/~liljanab/BOISECRYPTFall09/index.htm.

If you are a cryptologist/techie with crypto background, you can submit abstracts until December 1. If you are interested in seeing what is going on in this space, feel free to attend. Also, keep an eye on the spring conference, there could be a very pleasant surprise in store.

Hope all is well,
Jason