Strengthening Skype User Authentication for Improved IT Security Measures

Skype plans to address the concerns of some IT managers by improving its identity authentication process. Part of Skype's "wish list" for further expansion into the business market is to enhance username authentication for business customers, the voice over Internet Protocol company said Wednesday. "There's a lot of leverage space in the identity segment," Kurt Sauer, chief security officer for Skype, told ZDNet UK.

One security concern for IT managers is that while Skype uses an encrypted public key infrastructure, it automatically authenticates users itself. This means that users cannot authenticate the identity of the people they are communicating with. Skype is a public key infrastructure, which means nothing if you don't know who you are identifying at the other end," Sauer said. The company is researching ways users can authenticate each other, including looking at so-called "ring of trust" models, where a certification authority (CA) establishes the identity of users. Once user identity has been established, the person is added to the ring of trust by being issued a certificate from the CA.