IDENTITY-BASED ENCRYPTION SYSTEM
First Claim
1. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of private key generators and a plurality of respective associated sets of public parameters, wherein each private key generator generates private keys for a group of associated users and wherein each user'"'"'s private key may be used by that user to decrypt messages for the user that have been encrypted using the user'"'"'s identity and the set of public parameters associated with the private key generator that generates that user'"'"'s private key, comprising:
- using computers coupled to the communications network to store the plurality of sets of public parameters; and
at a sender having user equipment coupled to the communications network, downloading an appropriate one of the stored plurality of sets of the public parameters to use to encrypt a message for a receiver at user equipment coupled to the communications network, wherein the sender is associated with a different private key generator than the receiver.
11 Assignments
0 Petitions
Accused Products
Abstract
A system is provided that uses identity-based encryption to support secure communications. Messages from a sender to a receiver may be encrypted using the receiver'"'"'s identity and public parameters that have been generated by a private key generator associated with the receiver. The private key generator associated with the receiver generates a private key for the receiver. The encrypted message may be decrypted by the receiver using the receiver'"'"'s private key. The system may have multiple private key generators, each with a separate set of public parameters. Directory services may be used to provide a sender that is associated with one private key generator with appropriate public parameters to use when encrypting messages for a receiver that is associated with a different private key generator. A certification authority may be used to sign directory entries for the directory service. A clearinghouse may be used to avoid duplicative directory entries.
-
Citations
8 Claims
-
1. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of private key generators and a plurality of respective associated sets of public parameters, wherein each private key generator generates private keys for a group of associated users and wherein each user'"'"'s private key may be used by that user to decrypt messages for the user that have been encrypted using the user'"'"'s identity and the set of public parameters associated with the private key generator that generates that user'"'"'s private key, comprising:
-
using computers coupled to the communications network to store the plurality of sets of public parameters; and at a sender having user equipment coupled to the communications network, downloading an appropriate one of the stored plurality of sets of the public parameters to use to encrypt a message for a receiver at user equipment coupled to the communications network, wherein the sender is associated with a different private key generator than the receiver. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification