Skype to address identification concerns

Skype plans to address the concerns of some IT managers by improving its identity authentication process.

Part of Skype's "wish list" for further expansion into the business market is to enhance username authentication for business customers, the voice over Internet Protocol company said Wednesday.

"There's a lot of leverage space in the identity segment," Kurt Sauer, chief security officer for Skype, told ZDNet UK.

One security concern for IT managers is that while Skype uses an encrypted public key infrastructure, it automatically authenticates users itself. This means that users cannot authenticate the identity of the people they are communicating with.

"Skype is a public key infrastructure, which means nothing if you don't know who you are identifying at the other end," Sauer said.

The company is researching ways users can authenticate each other, including looking at so-called "ring of trust" models, where a certification authority (CA) establishes the identity of users. Once user identity has been established, the person is added to the ring of trust by being issued a certificate from the CA.

The company on Wednesday admitted that identity authentication was a problem for Skype, but denied it was a security issue.

"Identity authentication is more of a usability problem," Michael Jackson, director of operations for Skype, told ZDNet UK. Skype "is not usable for a 10,000-user deployment at the moment. This is something we can build in."

Skype will attempt to address these concerns by boosting companies' ability to add and delete usernames for employees joining and leaving departments.

"If you have 200 people per department, managers want them to be automatically added on when they join, and taken off when they leave. It's these kinds of features that will appeal to larger businesses," Jackson said.

"We want functionality to be enabled or disabled on a policy basis, so Skype users can use (Skype) without invalidating business policy," Sauer added.

Skype is setting its sights on larger businesses, while continuing to focus on the consumer market. At the moment, Skype is not suitable for use in big businesses, according to Jackson.

"As we move up the quality ladder, appealing to 500-plus employee enterprises is essential. We want a tool you can use at home, take to work and not violate policy," Jackson said. "Our product is not suitable for a trading environment at the moment, but then there are rather few companies listening to their employees' conversations every day."

"One instant messaging company wanted to put Skype on a trading floor, and we said to them, 'This is probably not the right product for you,'" Sauer said.

Tom Espiner of ZDNet UK reported from London.

[fabie2t]

My name is Fabienne.

I have being with Skype for some 3 years and as far as I am concerned they are incompetent and have stolen money from me.
I started by buying a new phone number from Skype via bank transfer, this occurred on the 4 October 2008 and the transfer went ahead on the 6 October 2008. Skype was unable to locate it. I sent all the evidence necessary for them to find it and they informed me that they had found it. They then proceeded to sent me a voucher for the phone number, which I used and to my horror it was deducted from my Skype credit, so the voucher simply did not work. I explained this to a lot of people from Skype and I mainly dealt with some guy named Ieva.

Skype also sent me some vouchers, all of which I was unable to redeem. I explained this to Ieva from Skype but to no avail, I doubt he understands English. Ieva sent me I am not sure how many times vouchers to redeem for a new phone number which I already had and had been deducted from my Skype credit and refused to reimburse me the money. I therefore payed twice for the skype number for one year and none of the vouchers that they gave me worked as they all had been redeemed by God knows who. I explained all this to Ieva but to no avail.

At present Skype owes me approximately 40 Euros, stolen by them from my account. They refuse to answer my emails and refuse to reimburse me. This has gone on for numerous weeks. I would advise people not to use Skype as they will rip you off and they simply don´t understand English.

Fabienne T.