Identity-based encryption system
First Claim
1. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of private key generators each of which generates private keys for a group of associated users, wherein each user'"'"'s private key may be used by that user to decrypt messages for the user that have been encrypted using the user'"'"'s identity and public parameters, comprising:
- using a directory service coupled to the communications network to provide a sender having user equipment coupled to the communications network with an opportunity to determine which public parameters to use to encrypt a message for a receiver at user equipment coupled to the communications network, wherein the sender is associated with a different private key generator than the receiver.
15 Assignments
0 Petitions
Accused Products
Abstract
A system is provided that uses identity-based encryption to support secure communications. Messages from a sender to a receiver may be encrypted using the receiver'"'"'s identity and public parameters that have been generated by a private key generator associated with the receiver. The private key generator associated with the receiver generates a private key for the receiver. The encrypted message may be decrypted by the receiver using the receiver'"'"'s private key. The system may have multiple private key generators, each with a separate set of public parameters. Directory services may be used to provide a sender that is associated with one private key generator with appropriate public parameters to use when encrypting messages for a receiver that is associated with a different private key generator. A certification authority may be used to sign directory entries for the directory service. A clearinghouse may be used to avoid duplicative directory entries.
-
Citations
21 Claims
-
1. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of private key generators each of which generates private keys for a group of associated users, wherein each user'"'"'s private key may be used by that user to decrypt messages for the user that have been encrypted using the user'"'"'s identity and public parameters, comprising:
using a directory service coupled to the communications network to provide a sender having user equipment coupled to the communications network with an opportunity to determine which public parameters to use to encrypt a message for a receiver at user equipment coupled to the communications network, wherein the sender is associated with a different private key generator than the receiver. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A method for providing a sender with appropriate public parameters to use to send an identity-based encrypted message to a given receiver over a communications network in a system in which there are multiple private key generators each of which has a unique master secret, unique public parameters, and a different group of associated users, wherein the sender has obtained the given receiver'"'"'s identity to use in encrypting the message, the method comprising:
using the receiver'"'"'s identity that has been obtained by the sender to determine which of the unique public parameters that are associated with the multiple private key generators are appropriate to provide to the sender so that the sender may use identity-based encryption to encrypt the message for the given receiver based on the receiver'"'"'s identity and the appropriate public parameters. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
17. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of private key generators each of which generates private keys for a group of associated users, wherein each user'"'"'s private key may be used by that user to decrypt messages for the user that have been encrypted using the user'"'"'s identity and public parameters, comprising:
sending a peer-to-peer message from a first of the users to a second of the users, wherein the first user is associated with a private key generator with which the second user is not associated, and wherein the message includes the public parameters of the private key generator with which the first user is associated.
-
18. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of private key generators each of which generates private keys for a group of associated users, wherein each user'"'"'s private key may be used by that user to decrypt messages for the user that have been encrypted using the user'"'"'s identity and public parameters, and wherein the system includes a global private key generator having associated global public parameters, comprising:
allowing a sender associated with at least one of the private key generators to use user equipment to encrypt a message for a receiver associated with at least one different one of the private key generators using the global public parameters and the receiver'"'"'s identity. - View Dependent Claims (19, 20, 21)
Specification