Identity-based-encryption system with hidden public key attributes

US 7,580,521 B1
Filed: 06/25/2003
Issued: 08/25/2009
Est. Priority Date: 06/25/2003
Status: Active Grant

First Claim

Patent Images

1. A method for using multi-layer identity-based encryption (IBE) to securely convey a message containing message data over a communications network from a sender to a recipient, comprising:

at the sender, encrypting the message using at least two layers of IBE encryption by using an inner layer of message encryption having an associated inner-layer IBE public key to encrypt the message data and by using an outer layer of message encryption having an associated outer-layer IBE public key to encrypt the inner-layer IBE public key;

sending the encrypted message to the recipient; and

at the recipient, decrypting the encrypted message using an outer-layer IBE private key corresponding to the outer-layer IBE public key and using an inner-layer IBE private key corresponding to the inner layer IBE public key.

View all claims

17 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided that uses identity-based encryption (IBE) to allow a sender to securely convey information in a message to a recipient over a communications network. IBE public key information may be used to encrypt messages and corresponding IBE private key information may be used to decrypt messages. Information on which IBE public key information was used in encrypting a given message may be provided to the message recipient with the message. Multiple IBE public keys may be used to encrypt a single message. A less sensitive IBE public key may be used to encrypt a more sensitive public key, so that the more sensitive public key can remain hidden as it is sent to the recipient.

Citations

28 Claims

1. A method for using multi-layer identity-based encryption (IBE) to securely convey a message containing message data over a communications network from a sender to a recipient, comprising:
- at the sender, encrypting the message using at least two layers of IBE encryption by using an inner layer of message encryption having an associated inner-layer IBE public key to encrypt the message data and by using an outer layer of message encryption having an associated outer-layer IBE public key to encrypt the inner-layer IBE public key;
  
  sending the encrypted message to the recipient; and
  
  at the recipient, decrypting the encrypted message using an outer-layer IBE private key corresponding to the outer-layer IBE public key and using an inner-layer IBE private key corresponding to the inner layer IBE public key.
- View Dependent Claims (2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method defined in claim 1 wherein using the outer layer of message encryption to encrypt the inner-layer IBE public key comprises encrypting the inner-layer IBE public key with the outer-layer IBE public key without using a symmetric key.
  - 5. The method defined in claim 1 wherein encrypting the message comprises encrypting the message using at least three layers of IBE encryption and wherein the outer layer is not an outermost layer.
  - 6. The method defined in claim 1 wherein encrypting the message comprises encrypting the message using a symmetric key.
  - 7. The method defined in claim 6 wherein encrypting the message comprises encrypting the message data using the symmetric key and encrypting the symmetric key using the inner-layer IBE public key.
  - 8. The method defined in claim 7 wherein encrypting the message further comprises encrypting the inner-layer IBE public key using the outer-layer IBE public key.
  - 9. The method defined in claim 8 wherein the message data that has been encrypted using the symmetric key and the inner layer IBE public key that has been encrypted using the outer-layer IBE public key are sent to the recipient with the message and wherein decrypting the message at the recipient comprises:
    - using the outer-layer IBE private key to decrypt the inner-layer IBE public key that has been encrypted using the outer-layer IBE public key;
      
      using inner-layer IBE private key to decrypt the symmetric key that has been encrypted using the inner-layer IBE public key; and
      
      using the symmetric key that has been decrypted using the inner-layer IBE private key to decrypt the message data that was encrypted using the symmetric key.
  - 10. The method defined in claim 1 wherein the outer-layer IBE public key is less sensitive than the inner-layer IBE public key and wherein encrypting the message comprises using the outer-layer IBE public key to encrypt the inner-layer IBE public key to conceal the inner-layer IBE public key during transmission from the sender to the recipient.
  - 11. The method defined in claim 10 wherein encrypting the message comprises encrypting the message using at least three layers of IBE encryption and wherein the outer layer is not an outermost layer.
  - 12. The method defined in claim 1 wherein the message data is provided in an XML data structure containing data attributes of the message data, the method further comprising using at least some of the data attributes in forming the inner-layer IBE public key and the outer-layer IBE public key.
  - 13. The method defined in claim 12 wherein at least one of the data attributes has an associated sensitivity level and wherein encrypting the message data comprises using the sensitivity level in determining how to encrypt the message.
  - 14. The method defined in claim 13 further comprising:
    - at the sender, obtaining information on the associated sensitivity level in the form of an XML record.
  - 15. The method defined in claim 1 wherein the message comprises content having an age-based access policy criteria and wherein encrypting the message comprises using the age-based access criteria as at least part of the inner-layer IBE public key.
  - 16. The method defined in claim 1 wherein encrypting the message comprises encrypting an email message.
  - 17. The method defined in claim 1 wherein encrypting the message comprises encrypting an instant message.
  - 18. The method defined in claim 1 wherein the inner-layer IBE public key and the outer-layer IBE public key have overlapping components and wherein encrypting the message comprises performing the inner layer of the message encryption using the inner-layer IBE public key that has overlapping components.
  - 19. The method defined in claim 1 wherein encrypting the message further comprises using an additional-layer IBE public key to perform an additional layer of IBE encryption on the message, wherein the additional-layer IBE public key is less sensitive than the outer-layer IBE public key and is used to encrypt the outer-layer IBE public key.
  - 20. The method defined in claim 19 wherein the inner-layer IBE public key, the outer-layer IBE public key, and the additional-layer IBE public key each have corresponding IBE public key components and wherein each IBE public key component in the additional-layer IBE public key is contained in the outer-layer IBE public key and wherein each IBE public key component in the outer-layer IBE public key is contained in the inner-layer IBE public key.

3. A method for using multi-layer identity-based encryption (IBE) to securely convey a message containing message data over a communications network from a sender to a recipient, comprising:
- at the sender, encrypting the message using at least two layers of IBE encryption by using an inner layer of message encryption having an associated inner-layer IBE public key to encrypt the message data and by using an outer layer of message encryption having an associated outer-layer IBE public key to encrypt the inner-layer IBE public key;
  
  sending the encrypted message to the recipient; and
  
  at the recipient, decrypting the encrypted message using an outer-layer IBE private key corresponding to the outer-layer IBE public key and using an inner-layer IBE private key corresponding to the inner layer IBE public key, wherein using the outer layer of message encryption to encrypt the inner-layer IBE public key comprises encrypting the inner-layer IBE public key with a symmetric key and encrypting the symmetric key with the outer-layer IBE public key.
- View Dependent Claims (4)
- - 4. The method defined in claim 3 wherein sending the encrypted message to the recipient comprises sending the encrypted inner-layer IBE public key to the recipient with the encrypted message, and wherein decrypting the encrypted message at the recipient further comprises using the outer-layer IBE private key in decrypting the encrypted inner-layer IBE public key to produce an unencrypted version of the inner-layer IBE public key at the recipient.

21. A method for using identity-based-encryption (IBE) to securely convey a message having message data M from a sender to a recipient over a communications network, comprising:
- encrypting the message by performing at least an inner layer of IBE encryption and an outer layer of IBE encryption at the sender, wherein;
  
  performing the inner layer of IBE encryption includes encrypting the message data M using a symmetric key S to produce encrypted message data Ms and encrypting the symmetric key S using an IBE public key QG associated with the inner layer of IBE encryption to produce an IBE-encrypted symmetric message key S_QG, andperforming the outer layer of IBE encryption includes using a layer of message encryption having an associated IBE public key QL to encrypt the IBE public key QG, wherein the IBE public key QL is less sensitive than the IBE public key QG; and
  
  sending at least the encrypted message data M_S, the IBE-encrypted symmetric message key S_QG, and an encrypted version of the IBE public key QG to the recipient.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The method defined in claim 21 further comprising sending the IBE public key QL to the recipient.
  - 23. The method defined in claim 21 wherein:
    - performing the outer layer of IBE encryption comprises encrypting the IBE public key QG using the IBE public key QL to produce an IBE-encrypted public key QG_QL; and
      
      sending the encrypted version of the IBE public key QG to the recipient comprises sending QG_QLto the recipient.
  - 24. The method defined in claim 21 wherein a symmetric key S′
    - is used in performing the outer layer of IBE encryption by encrypting the IBE public key QG using the symmetric key S′
      
      to produce QG_S′.
  - 25. The method defined in claim 24 wherein performing the outer layer of IBE encryption comprises encrypting the symmetric key S′
    - with the IBE public key QL to produce an IBE-encrypted symmetric key S′
      
      _QL.
  - 26. The method defined in claim 25 wherein sending the encrypted version of the IBE public key QG to the recipient comprises sending QG_S′
    - and S′
      
      _QLto the recipient.
  - 27. The method defined in claim 21 wherein the recipient has an identity and wherein the IBE public key QL is based on the recipient'"'"'s identity, the method further comprising performing the outer layer of IBE encryption using the IBE public key QL that is based on the recipient'"'"'s identity.
  - 28. The method defined in claim 21 wherein the recipient has an email address and wherein the IBE public key QL is based on the recipient'"'"'s email address, the method further comprising performing the outer layer of IBE encryption using the IBE public key QL that is based on the recipient'"'"'s email address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Kacker, Rishi R., Appenzeller, Guido, Pauker, Matthew J., Spies, Terence
Primary Examiner(s)
Lanier; Benjamin E

Application Number

US10/606,432
Time in Patent Office

2,253 Days
Field of Search

380/281, 380/284, 380/44, 380/282
US Class Current

380/44
CPC Class Codes

H04L 2209/60 Digital content management,...

H04L 9/3073 involving pairings, e.g. id...

Identity-based-encryption system with hidden public key attributes

First Claim

17 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Identity-based-encryption system with hidden public key attributes

First Claim

17 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links