Identity-based-encryption messaging system

US 20040179684A1
Filed: 03/14/2003
Published: 09/16/2004
Est. Priority Date: 03/14/2003
Status: Active Grant

First Claim

Patent Images

1. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of identity-based-encryption private key generators each of which generates private keys for the users and each of which generates respective public parameter information for use in the identity-based encryption of messages to be sent to those users that are associated with that private key generator, wherein senders of messages in the system encrypt each of the messages using an identity-based-encryption algorithm that has as inputs (1) the public parameter information associated with the private key generator associated with an intended message recipient and (2) an identity-based-encryption public key that is based on the identity of that intended recipient, wherein users may have relationships with more than one of the private key generators so that when a given recipient receives a given encrypted message from a given sender, the given recipient may not know in advance which private key generator and which associated public parameter information was used by the given sender to encrypt the given message and may not know in advance which of that given recipient'"'"'s corresponding private keys to use to decrypt the given encrypted message, the method comprising:

receiving private key identification information at the recipient that was sent from the given sender to the given recipient with the given encrypted message; and

using the private key identification information at the given recipient to obtain the appropriate one of the given recipient'"'"'s private keys to decrypt the encrypted message.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided that uses identity-based encryption to support secure communications between senders and recipients over a communications network. Private key generators are used to provide public parameter information. Senders encrypt messages for recipients using public keys based on recipient identities and using the public parameter information as inputs to an identity-based encryption algorithm. Recipients use private keys to decrypt the messages. There may be multiple private key generators in the system and a given recipient may have multiple private keys. Senders can include private key identifying information in the messages they send to recipients. The private key identifying information may be used by the recipients to determine which of their private keys to use in decrypting a message. Recipients may obtain the correct private key to use to decrypt a message from a local database of private keys or from an appropriate private key server.

Citations

20 Claims

1. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of identity-based-encryption private key generators each of which generates private keys for the users and each of which generates respective public parameter information for use in the identity-based encryption of messages to be sent to those users that are associated with that private key generator, wherein senders of messages in the system encrypt each of the messages using an identity-based-encryption algorithm that has as inputs (1) the public parameter information associated with the private key generator associated with an intended message recipient and (2) an identity-based-encryption public key that is based on the identity of that intended recipient, wherein users may have relationships with more than one of the private key generators so that when a given recipient receives a given encrypted message from a given sender, the given recipient may not know in advance which private key generator and which associated public parameter information was used by the given sender to encrypt the given message and may not know in advance which of that given recipient'"'"'s corresponding private keys to use to decrypt the given encrypted message, the method comprising:
- receiving private key identification information at the recipient that was sent from the given sender to the given recipient with the given encrypted message; and
  
  using the private key identification information at the given recipient to obtain the appropriate one of the given recipient'"'"'s private keys to decrypt the encrypted message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method defined in claim 1 wherein receiving the private key identification information at the recipient that was sent from the given sender comprises receiving private key identification information that has been placed in a recipient info field in the given message.
  - 3. The method defined in claim 1 wherein receiving the private key identification information at the recipient that was sent from the given sender comprises receiving private key identification information that has been placed in a key info field in the given message.
  - 4. The method defined in claim 3 further comprising using the appropriate private key to decrypt the given message by decrypting an encrypted message key that was sent from the given sender in an encrypted message key field in the encrypted message and then using the message key to decrypt a message payload that was encrypted by the given sender using the message key.
  - 5. The method defined in claim 1 wherein receiving the private key identification information at the recipient that was sent from the given sender comprises receiving private key identification information that has been placed in a key info field in the given message, wherein the key info field comprises a recipient identifier based on an email address of the recipient.
  - 6. The method defined in claim 1 wherein receiving the private key identification information at the recipient that was sent from the given sender comprises receiving private key identification information that has been placed in a key info field in the given message, wherein the key info field comprises a recipient identifier based on an email address of the recipient concatenated with a validity period.
  - 7. The method defined in claim 1 wherein receiving the private key identification information at the recipient that was sent from the given sender comprises receiving private key identification information that has been placed in a key info field in the given message, wherein the key info field comprises a recipient identifier for the given recipient and a private key generator identifier.
  - 8. The method defined in claim 1 wherein receiving the private key identification information at the recipient that was sent from the given sender comprises receiving private key identification information that has been placed in a key info field in the given message, wherein the key info field includes a recipient identifier for the given recipient and a private key generator identifier based on a server name.
  - 9. The method defined in claim 1 wherein receiving the private key identification information at the recipient that was sent from the given sender comprises receiving a private key generator identifier from the sender that identifies the private key generator associated with the appropriate one of the given recipient'"'"'s private keys.
  - 10. The method defined in claim 1 wherein receiving the private key identification information at the recipient that was sent from the given sender comprises receiving a private key generator identifier from the sender that identifies the private key generator associated with the appropriate one of the given recipient'"'"'s private keys, and wherein using the private key identification information at the given recipient to obtain the appropriate one of the given recipient'"'"'s private keys to decrypt the encrypted message comprises using the private key generator identifier to formulate a local database query to locate the appropriate one of the given recipient'"'"'s private keys in a local database at the recipient.
  - 11. The method defined in claim 1 wherein receiving the private key identification information at the recipient that was sent from the given sender comprises receiving private key identification information that includes information on the version of the public parameter information used to encrypt the given message by the given sender.
  - 12. The method defined in claim 1 wherein receiving the private key identification information comprises receiving the public parameter information that was used by the given sender in encrypting the given message.
  - 13. The method defined in claim 1 wherein receiving the private key identification information comprises receiving information that has been processed by a hash function.
  - 14. The method defined in claim 1 wherein receiving the private key identification information comprises receiving private key generator identification information that has been processed by a hash function.
  - 15. The method defined in claim 1 wherein using the private key identification information at the given recipient to obtain the appropriate one of the given recipient'"'"'s private keys further comprises using the private key identification information at the given recipient to retrieve the appropriate private key from local storage.
  - 16. The method defined in claim 1 wherein using the private key identification information at the given recipient to obtain the appropriate one of the given recipient'"'"'s private keys further comprises using the private key identification information at the given recipient to retrieve the appropriate private key from an appropriate private key generator over the communications network.
  - 17. The method defined in claim 1 wherein the sender provides algorithm identifier information with the message that identifies which identity-based-encryption algorithm is to be used in decrypting the message at the recipient, the method further comprising using the algorithm identifier information when decrypting the message at the recipient.

18. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of private key generators each of which generates private keys for the users, the method comprising:
- at a sender, encrypting a message for a recipient that has multiple associated private keys, each generated by a respective one of the private key generators, wherein the sender encrypts the message by using a message key to encrypt a message payload and by using an identity-based-encryption algorithm to encrypt the message key, using as inputs for the identity-based-encryption algorithm public parameter information generated by a given one of the respective private key generators and an identity-based-encryption public key based on the identity of the recipient; and
  
  sending the message from the sender to the recipient with the encrypted message key, encrypted message payload, and private key identification information that identifies for the recipient which of the recipient'"'"'s private keys is appropriate for decrypting the encrypted message key.
- View Dependent Claims (19, 20)
- - 19. The method defined in claim 18 further comprising:
    - using the private key identification information at the recipient to obtain the appropriate private key;
      
      decrypting the encrypted message key using the appropriate private key; and
      
      using the decrypted message key to decrypt the encrypted message payload.
  - 20. The method defined in claim 18 wherein encrypting the message comprises encrypting the message for a plurality of recipients and wherein sending the message comprises sending the message from the sender to each of the plurality of recipients with private key identification information that identifies for that recipient which of that recipient'"'"'s private keys is appropriate for decrypting the encrypted message key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Identicrypt, Inc. (Hewlett-Packard Enterprise Company)
Inventors
Kacker, Rishi R., Appenzeller, Guido, Pauker, Matthew J., Spies, Terence

Granted Patent

US 7,571,321 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0861   Generation of secret inform...

H04L 9/3073   involving pairings, e.g. id...

Identity-based-encryption messaging system

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identity-based-encryption messaging system

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links