Identity-based-encryption messaging system
First Claim
1. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of identity-based-encryption private key generators each of which generates private keys for the users and each of which generates respective public parameter information for use in the identity-based encryption of messages to be sent to those users that are associated with that private key generator, wherein senders of messages in the system encrypt each of the messages using an identity-based-encryption algorithm that has as inputs (1) the public parameter information associated with the private key generator associated with an intended message recipient and (2) an identity-based-encryption public key that is based on the identity of that intended recipient, wherein users may have relationships with more than one of the private key generators so that when a given recipient receives a given encrypted message from a given sender, the given recipient may not know in advance which private key generator and which associated public parameter information was used by the given sender to encrypt the given message and may not know in advance which of that given recipient'"'"'s corresponding private keys to use to decrypt the given encrypted message, the method comprising:
- receiving private key identification information at the recipient that was sent from the given sender to the given recipient with the given encrypted message, wherein the private key identification information identifies for the recipient which of the plurality of identity-based-encryption private key generators to contact to obtain an appropriate private key to decrypt the given encrypted message;
with the private key identification information received at the given recipient, identifying which of the plurality of identity-based-encryption private key generators to contact to obtain the appropriate private key to decrypt the given encrypted message; and
at the given recipient, retrieving the appropriate private key from the identified private key generator over the communications network.
13 Assignments
0 Petitions
Accused Products
Abstract
A system is provided that uses identity-based encryption to support secure communications between senders and recipients over a communications network. Private key generators are used to provide public parameter information. Senders encrypt messages for recipients using public keys based on recipient identities and using the public parameter information as inputs to an identity-based encryption algorithm. Recipients use private keys to decrypt the messages. There may be multiple private key generators in the system and a given recipient may have multiple private keys. Senders can include private key identifying information in the messages they send to recipients. The private key identifying information may be used by the recipients to determine which of their private keys to use in decrypting a message. Recipients may obtain the correct private key to use to decrypt a message from a local database of private keys or from an appropriate private key server.
58 Citations
16 Claims
-
1. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of identity-based-encryption private key generators each of which generates private keys for the users and each of which generates respective public parameter information for use in the identity-based encryption of messages to be sent to those users that are associated with that private key generator, wherein senders of messages in the system encrypt each of the messages using an identity-based-encryption algorithm that has as inputs (1) the public parameter information associated with the private key generator associated with an intended message recipient and (2) an identity-based-encryption public key that is based on the identity of that intended recipient, wherein users may have relationships with more than one of the private key generators so that when a given recipient receives a given encrypted message from a given sender, the given recipient may not know in advance which private key generator and which associated public parameter information was used by the given sender to encrypt the given message and may not know in advance which of that given recipient'"'"'s corresponding private keys to use to decrypt the given encrypted message, the method comprising:
-
receiving private key identification information at the recipient that was sent from the given sender to the given recipient with the given encrypted message, wherein the private key identification information identifies for the recipient which of the plurality of identity-based-encryption private key generators to contact to obtain an appropriate private key to decrypt the given encrypted message; with the private key identification information received at the given recipient, identifying which of the plurality of identity-based-encryption private key generators to contact to obtain the appropriate private key to decrypt the given encrypted message; and at the given recipient, retrieving the appropriate private key from the identified private key generator over the communications network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for using identity-based encryption to support encrypted communications in a system in which users at user equipment communicate over a communications network, wherein the system has a plurality of private key generators each of which generates private keys for the users, the method comprising:
-
at a sender, encrypting a message for a recipient that has multiple associated private keys, each generated by a respective one of the private key generators, wherein the sender encrypts the message by using a message key to encrypt a message payload and by using an identity-based-encryption algorithm to encrypt the message key, using as inputs for the identity-based-encryption algorithm public parameter information generated by a given one of the respective private key generators and an identity-based-encryption public key based on the identity of the recipient; sending the message from the sender to the recipient with the encrypted message key, encrypted message payload, and private key identification information that identifies for the recipient which of the plurality of identity-based-encryption private key generators to contact to obtain an appropriate private key to decrypt the encrypted message; receiving the private key identification information from the sender at the recipient; with the private key identification information at the recipient, identifying which of the plurality of identity-based-encryption private key generators to contact to obtain the appropriate private key to decrypt the encrypted message; and at the given recipient, retrieving the appropriate private key from the identified private key generator over the communications network. - View Dependent Claims (15, 16)
-
Specification