Identity-based-encryption system with district policy information
First Claim
1. A method for controlling communications in an identity-based encryption (IBE) system in which senders communicate with recipients over a communications network and in which recipients and IBE private key generators are organized in a plurality of districts, each district including a respective one of the IBE private key generators, wherein the IBE private key generator in each district generates IBE private keys for recipients that are associated with that district, wherein each district has IBE public parameter information that is used by senders in encrypting messages for recipients in that district, wherein each district has district policy information that includes IBE encryption protocol information, and wherein the recipients in each district use their IBE private keys in decrypting messages that are encrypted using respective IBE public keys, comprising:
- when a sender desires to send a message to a recipient in a given district, obtaining the district policy information for the given district for the sender over the communications network, wherein the district policy information that is obtained for the given district includes IBE encryption protocol information for the given district that specifies an IBE public key format that is to be used in creating IBE public keys for the recipients in the given district;
at the sender, using the IBE public key format specified by the IBE encryption protocol information to construct an IBE public key for the recipient in the given district; and
at the sender, encrypting the message for the recipient using the IBE public parameter information associated with the given district and the IBE public key that has been constructed for the recipient according to the IBE public key format.
11 Assignments
0 Petitions
Accused Products
Abstract
A system is provided that uses identity-based encryption (IBE) to allow a sender to securely convey information in a message to a recipient over a communications network. IBE public key information may be used to encrypt messages and corresponding IBE private key information may be used to decrypt messages. The IBE private keys may be provided to message recipients by an IBE private key generator. The IBE private key generator and the recipients who obtain their IBE private keys from that generator form a district. District policy information may be provided by the IBE private key generator that specifies which encryption and communications protocols are used by the district. The district policy information may also specify which authentication protocols are used by the district and may set forth how content-based protocols are implemented. This information may be used by senders in sending messages to recipients.
99 Citations
21 Claims
-
1. A method for controlling communications in an identity-based encryption (IBE) system in which senders communicate with recipients over a communications network and in which recipients and IBE private key generators are organized in a plurality of districts, each district including a respective one of the IBE private key generators, wherein the IBE private key generator in each district generates IBE private keys for recipients that are associated with that district, wherein each district has IBE public parameter information that is used by senders in encrypting messages for recipients in that district, wherein each district has district policy information that includes IBE encryption protocol information, and wherein the recipients in each district use their IBE private keys in decrypting messages that are encrypted using respective IBE public keys, comprising:
-
when a sender desires to send a message to a recipient in a given district, obtaining the district policy information for the given district for the sender over the communications network, wherein the district policy information that is obtained for the given district includes IBE encryption protocol information for the given district that specifies an IBE public key format that is to be used in creating IBE public keys for the recipients in the given district; at the sender, using the IBE public key format specified by the IBE encryption protocol information to construct an IBE public key for the recipient in the given district; and at the sender, encrypting the message for the recipient using the IBE public parameter information associated with the given district and the IBE public key that has been constructed for the recipient according to the IBE public key format. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for controlling communications in an identity-based encryption (IBE) system in which senders communicate with recipients over a communications network and in which recipients and IBE private key generators are organized in a plurality of districts, each district including a respective one of the IBE private key generators, wherein the IBE private key generator in each district generates IBE private keys for recipients that are associated with that district, wherein each district has IBE public parameter information that is used by senders in encrypting messages for recipients in that district, wherein each district has district policy information that includes IBE encryption protocol information, and wherein the recipients in each district use their IBE private keys in decrypting messages that are encrypted using respective IBE public keys, comprising:
-
when a sender desires to send a message to a recipient in a given district, obtaining the district policy information for the given district for the sender over the communications network, wherein the district policy information that is obtained for the given district includes authentication protocol information for the given district that specifies what type of authentication is required before the IBE private key generator for the district provides IBE private keys to recipients in the district; at the sender, using the authentication protocol information for the given district to determine whether to send the message to the recipient in the given district; and at the sender, if it is determined that the message is to be sent to the recipient in the given district, encrypting the message for the recipient using the IBE public parameter information associated with the given district and an IBE public key of the recipient and sending the message to the recipient.
-
-
20. A method for controlling communications in an identity-based encryption (IBE) system in which senders communicate with recipients over a communications network and in which recipients and IBE private key generators are organized in a plurality of districts, each district including a respective one of the IBE private key generators, wherein the IBE private key generator in each district generates IBE private keys for recipients that are associated with that district, wherein each district has IBE public parameter information that is used by senders in encrypting messages for recipients in that district, wherein each district has district policy information that includes IBE encryption protocol information, and wherein the recipients in each district use their IBE private keys in decrypting messages that are encrypted using respective IBE public keys, comprising:
-
when a sender desires to send a message to a recipient in a given district, obtaining the district policy information for the given district for the sender over the communications network, wherein the district policy information that is obtained for the given district includes IBE message format information that specifies at least one IBE message format that is supported by the given district; at the sender, using the IBE message format specified by the IBE message format information to construct the message for the recipient in the given district; and at the sender, encrypting the message for the recipient using the IBE public parameter information associated with the given district and an IBE public key for the recipient and sending the message to the recipient.
-
-
21. A method for controlling communications in an identity-based encryption (IBE) system in which senders communicate with recipients over a communications network and in which recipients and IBE private key generators are organized in a plurality of districts, each district including a respective one of the IBE private key generators, wherein the IBE private key generator in each district generates IBE private keys for recipients that are associated with that district, wherein each district has IBE public parameter information that is used by senders in encrypting messages for recipients in that district, wherein each district has district policy information that includes IBE encryption protocol information, and wherein the recipients in each district use their IBE private keys in decrypting messages that are encrypted using respective IBE public keys, comprising:
-
when a sender desires to send a message to a recipient in a given district, obtaining the district policy information for the given district for the sender over the communications network, wherein the district policy information that is obtained for the given district includes content-based protocol information for the given district that specifies how the given district handles messages depending on their content; at the sender, using the content-based protocol information for the given district to determine whether to send the message to the recipient in the given district; and at the sender, if it is determined that the message is to be sent to the recipient in the given district, encrypting the message for the recipient using the IBE public parameter information associated with the given district and an IBE public key of the recipient and sending the message to the recipient.
-
Specification