Identity-based-encryption messaging system
First Claim
1. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of identity-based-encryption private key generators each of which generates private keys for the users and each of which generates respective public parameter information for use in the identity-based encryption of messages to be sent to those users that are associated with that private key generator, wherein senders of messages in the system encrypt each of the messages using an identity-based-encryption algorithm that has as inputs (1) the public parameter information associated with the private key generator associated with an intended message recipient and (2) an identity-based-encryption public key that is based on the identity of that intended recipient, wherein users may have relationships with more than one of the private key generators so that when a given recipient receives a given encrypted message from a given sender, the given recipient may not know in advance which private key generator and which associated public parameter information was used by the given sender to encrypt the given message and may not know in advance which of that given recipient'"'"'s corresponding private keys to use to decrypt the given encrypted message, the method comprising:
- receiving private key identification information at the recipient that was sent from the given sender to the given recipient with the given encrypted message; and
using the private key identification information at the given recipient to obtain the appropriate one of the given recipient'"'"'s private keys to decrypt the encrypted message.
13 Assignments
0 Petitions
Accused Products
Abstract
A system is provided that uses identity-based encryption to support secure communications between senders and recipients over a communications network. Private key generators are used to provide public parameter information. Senders encrypt messages for recipients using public keys based on recipient identities and using the public parameter information as inputs to an identity-based encryption algorithm. Recipients use private keys to decrypt the messages. There may be multiple private key generators in the system and a given recipient may have multiple private keys. Senders can include private key identifying information in the messages they send to recipients. The private key identifying information may be used by the recipients to determine which of their private keys to use in decrypting a message. Recipients may obtain the correct private key to use to decrypt a message from a local database of private keys or from an appropriate private key server.
-
Citations
20 Claims
-
1. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of identity-based-encryption private key generators each of which generates private keys for the users and each of which generates respective public parameter information for use in the identity-based encryption of messages to be sent to those users that are associated with that private key generator, wherein senders of messages in the system encrypt each of the messages using an identity-based-encryption algorithm that has as inputs (1) the public parameter information associated with the private key generator associated with an intended message recipient and (2) an identity-based-encryption public key that is based on the identity of that intended recipient, wherein users may have relationships with more than one of the private key generators so that when a given recipient receives a given encrypted message from a given sender, the given recipient may not know in advance which private key generator and which associated public parameter information was used by the given sender to encrypt the given message and may not know in advance which of that given recipient'"'"'s corresponding private keys to use to decrypt the given encrypted message, the method comprising:
-
receiving private key identification information at the recipient that was sent from the given sender to the given recipient with the given encrypted message; and
using the private key identification information at the given recipient to obtain the appropriate one of the given recipient'"'"'s private keys to decrypt the encrypted message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of private key generators each of which generates private keys for the users, the method comprising:
-
at a sender, encrypting a message for a recipient that has multiple associated private keys, each generated by a respective one of the private key generators, wherein the sender encrypts the message by using a message key to encrypt a message payload and by using an identity-based-encryption algorithm to encrypt the message key, using as inputs for the identity-based-encryption algorithm public parameter information generated by a given one of the respective private key generators and an identity-based-encryption public key based on the identity of the recipient; and
sending the message from the sender to the recipient with the encrypted message key, encrypted message payload, and private key identification information that identifies for the recipient which of the recipient'"'"'s private keys is appropriate for decrypting the encrypted message key. - View Dependent Claims (19, 20)
-
Specification