Identity-Based Decryption
First Claim
1. A client node, comprising:
- processing logic operable to;
generate a random key;
use said random key to process message content data to generate encrypted message content data; and
use a public key associated with a server node to process said random key and a first set of authentication data associated with a user of a second client node to generate a wrapped key ciphertext;
wherein said processing logic is further operable to;
process said encrypted message content data and said wrapped key ciphertext to generate a message text; and
provide said message text to said second client lode for decryption.
4 Assignments
0 Petitions
Accused Products
Abstract
Devices and methods are provided for managing identity-based decryption of digital content. A message sender (“Alice”) uses a random key (Krand) to encrypt message content for a message recipient (“Bob”). Then Alice uses the public key of a message decryption service provider (“Carmen”) to generate a wrapped key ciphertext comprising the Krand and authentication information associated with Bob. Alice then sends a message text containing the encrypted message content and the wrapped key ciphertext to Bob, who in turn sends the wrapped key ciphertext to Carmen along with his authentication information. Carmen then uses her private key to process the wrapped key ciphertext to decrypt the Krand and Bob'"'"'s authentication information. If the authentication information provided by Bob matches the decrypted authentication information, then Carmen sends the decrypted Krand to Bob, who uses it to decrypt the encrypted message content.
38 Citations
30 Claims
-
1. A client node, comprising:
-
processing logic operable to; generate a random key; use said random key to process message content data to generate encrypted message content data; and use a public key associated with a server node to process said random key and a first set of authentication data associated with a user of a second client node to generate a wrapped key ciphertext; wherein said processing logic is further operable to; process said encrypted message content data and said wrapped key ciphertext to generate a message text; and provide said message text to said second client lode for decryption. - View Dependent Claims (5)
-
-
2. The client node of claim wherein:
-
said second client node receives said message text and processes said message text to provide said wrapped key ciphertext and a second set of authentication data associated with said user of said second client node to said client server; said server node uses a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first set of authentication data; and provide said random key to said second client node if said first set of authentication data matches said second set of authentication data. - View Dependent Claims (3, 4)
-
-
6. A method for managing identity-based decryption, comprising:
-
using a client node comprising processing logic to; generate a random key; use said random key to process message content data to generate encrypted message content data; and use a public key associated with a server node to process said random key and a first set of authentication data associated with a user of a second client node to generate a wrapped key ciphertext; wherein said processing logic is further operable to; process said encrypted message content data and said wrapped key ciphertext to generate a message text; and provide said message text to said second client node for decryption. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A server node, comprising:
-
processing logic operable to; provide a public key associated with said server node to a first client node, said public key used by said first client node to generate a wrapped key ciphertext comprising a random key and a first set of authentication data associated with a user of a second client node, said random key generated by said first client node; receive said wrapped key ciphertext and a second set of authentication data associated with said user of said second node from said second client node; use a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first set of authentication data; and provide said random key to said second client node if said first set of authentication data matches said second set of authentication data. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method for managing identity-based decryption, comprising:
-
using a server node to; provide a public key associated with said server node to a first client node, said public key used by said first client node to generate a wrapped key ciphertext comprising a random key and a first set of authentication data associated with a user of a second client node, said random key generated by said first client node; receive said wrapped key ciphertext and a second set of authentication data associated with said user of said second node from said second client node; use a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first set of authentication data; and provide said random key to said second client node if said first set of authentication data matches said second set of authentication data. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A client node, comprising:
processing logic operable to; receive a message text from a second client node, said message text comprising a wrapped key ciphertext and encrypted message content data; provide said wrapped key ciphertext and a first set of authentication data associated with a user of said client node to a server node for processing, said wrapped key ciphertext comprising a random key generated by said second client node and a second set of authentication data associated with said client node encrypted with a public key associated with said server node; receive said random key in decrypted form from said server node if said first set of authentication data matches said second set of authentication data. - View Dependent Claims (22, 23, 24, 25)
-
26. A method for managing identity-based decryption, comprising:
using a client node to; receive a message text from a second client node, said message text comprising a wrapped key ciphertext and encrypted message content data; provide said wrapped key ciphertext and a first set of authentication data associated with a user of said client node to a server node for processing, said wrapped key ciphertext comprising a random key generated by said second client node and a second set of authentication data associated with said client node encrypted with a public key associated with said server node; receive said random key in decrypted form from said server node if said first set of authentication data matches said second set of authentication data. - View Dependent Claims (27, 28, 29, 30)
Specification