Online privacy and security calls for implementation of strong encryption algorithms and while many developers have already incorporated encryption technologies in their products, there are quite a few developers who still refrain from doing this owing to the sheer complexity of security and privacy measures.
Google is tackling this problem head on by creating a public data framework that simplifies the developers’ job in building secure products and services moving forward. Through a new initiative, Google has announced the open source release of its Key Transparency prototype that aims to simplify public key scanning.
Google claims that this framework can be used by regular people as well, to verify a person’s online information through a public key. Key Transparency is a general-use, transparent directory that makes it easy for developers to create systems of all kinds with independently auditable account data explain Google’s Ryan Hurst and Gary Belvin.
Developers can use this in a variety of scenarios where data needs to be encrypted or authenticated. It can be used to make security features that are easy for people to understand while supporting important user needs like account recovery, they add.
This framework looks to tackle the issues that complex systems like PGP face, due to which many developers avoid even using it. This public database will be created and managed by Google, and all the log changes to any user profile will also be public – and apparently cannot be tampered with. Thankfully, a user’s information can only be searched via their particular ID, and nothing else.
Key Transparency looks to give developers all the data at hand to build simpler security features easily. Google claims it’s just a prototype, and the framework will be improved based on the security community’s feedback in the future.
“Key Transparency dramatically improves the situation by providing a public audit record for all changes to data. When used with account data, Key Transparency provides a public audit record of all the actual recipients (in the form of public keys) associated with an account, all the times an account was updated, and who it was updated by-all in a privacy preserving way,” the announcement reads further.