Certificate-based encryption and public key infrastructure
First Claim
1. A method for operating a public-key encryption scheme which provides for sending a digital message M between a sender and a recipient with participation of an authorizer, wherein the digital message is encrypted by the sender and decrypted by the recipient, the method comprising encrypting, by at least one machine in a set of one or more machines, the digital message M using at least a recipient public key RPUB and a recipient encryption key RENC to create an encrypted digital message for decryption with a recipient private key RPRIV and a recipient decryption key RDEC, wherein:
- the recipient public key RPUB and the recipient private key RPRIV form a public key/private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient;
the recipient decryption key RDEC is generated using at least a key generation secret of the authorizer and the recipient encryption key RENC, wherein a key formed from the recipient encryption key RENC and a key formed from the recipient decryption key RDEC are a public key/private key pair 2;
wherein the recipient decryption key RDEC is generated by the authorizer to have a value S=scPB, wherein;
sc is the key generation secret of the authorizer; and
PB is the recipient encryption key RENC and is equal to H1(InfB), wherein InfB is an element of a first cyclic group G1 of elements, wherein PB is an element of a second cyclic group G2 of elements, and H1 is a predefined function (“
first function H1”
), wherein the first and second cyclic groups G1 and G2 and the function H1 are system parameters made available to the sender, and also available to the sender are system parameters comprising;
a generator P of the first cyclic group G1;
a key generation parameter Q=scP;
a second function H2 capable of generating a second string of binary digits from an element of the second cyclic group G2,wherein InfB comprises the identity of the recipient, IDrec, the recipient public key RPUB, and a parameter defining a validity period for the recipient decryption key RDEC.
2 Assignments
0 Petitions
Accused Products
Abstract
A digital message is sent from a sender to a recipient in a public-key based cryptosystem comprising an authorizer. The authorizer can be a single entity or comprise a hierarchical or distributed entity. In some embodiments, no key status queries or key escrow are needed. The recipient can decrypt the message only if the recipient possesses up-to-date authority from the authorizer. Other features are also provided.
-
Citations
100 Claims
-
1. A method for operating a public-key encryption scheme which provides for sending a digital message M between a sender and a recipient with participation of an authorizer, wherein the digital message is encrypted by the sender and decrypted by the recipient, the method comprising encrypting, by at least one machine in a set of one or more machines, the digital message M using at least a recipient public key RPUB and a recipient encryption key RENC to create an encrypted digital message for decryption with a recipient private key RPRIV and a recipient decryption key RDEC, wherein:
-
the recipient public key RPUB and the recipient private key RPRIV form a public key/private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient; the recipient decryption key RDEC is generated using at least a key generation secret of the authorizer and the recipient encryption key RENC, wherein a key formed from the recipient encryption key RENC and a key formed from the recipient decryption key RDEC are a public key/private key pair 2; wherein the recipient decryption key RDEC is generated by the authorizer to have a value S=scPB, wherein; sc is the key generation secret of the authorizer; and PB is the recipient encryption key RENC and is equal to H1(InfB), wherein InfB is an element of a first cyclic group G1 of elements, wherein PB is an element of a second cyclic group G2 of elements, and H1 is a predefined function (“
first function H1”
), wherein the first and second cyclic groups G1 and G2 and the function H1 are system parameters made available to the sender, and also available to the sender are system parameters comprising;a generator P of the first cyclic group G1; a key generation parameter Q=scP; a second function H2 capable of generating a second string of binary digits from an element of the second cyclic group G2, wherein InfB comprises the identity of the recipient, IDrec, the recipient public key RPUB, and a parameter defining a validity period for the recipient decryption key RDEC. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 28, 29, 30, 32, 33, 37, 39, 40, 41, 42, 43, 44, 46, 51, 52, 53, 54, 55, 56, 58, 61, 62)
-
-
13. A method for operating a public-key encryption scheme which provides for sending a digital message M between a sender and a recipient with participation of an authorizer, wherein the digital message is encrypted by the sender and decrypted by the recipient, the method comprising encrypting, by at least one machine in a set of one or more machines, the digital message M using at least a recipient public key RPUB and a recipient encryption key RENC to create an encrypted digital message for decryption with a recipient private key RPRIV and a recipient decryption key RDEC, wherein:
-
the recipient public key RPUB and the recipient private key RPRIV form a public key/private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient; the recipient decryption key RDEC is generated using at least a key generation secret of the authorizer and the recipient encryption key RENC, wherein a key formed from the recipient encryption key RENC and a key formed from the recipient decryption key RDEC are a public key/private key pair 2; wherein the recipient decryption key RDEC is generated by the authorizer to have a value S=scPB, wherein; sc is the key generation secret of the authorizer; and PB is the recipient encryption key RENC and is equal to H1(InfB), wherein InfB is an element of a first cyclic group G1 of elements, wherein PB is an element of a second cyclic group G2 of elements, and H1 is a predefined function (“
first function H1”
), wherein the first and second cyclic groups G1 and G2 and the function H1 are system parameters made available to the sender, and also available to the sender are system parameters comprising;a generator P of the first cyclic group G1; a key generation parameter Q=scP; a second function H2 capable of generating a second string of binary digits from an element of the second cyclic group G2; wherein encrypting the digital message M comprises; generating an element P′
B=H1′
(IDrec), wherein IDrec comprises the identity of the recipient and wherein H1′
is a function capable of generating an element of the first cyclic group G1 from a string of binary digits;selecting a random key generation secret r; and encrypting the digital message M to form a ciphertext C, wherein C is set to be; C=[rP, M⊕
H2(gr)], where g=ê
(Q, PB)ê
(PKB, P′
B)∈
G2, where PKB is the recipient public key RPUB and wherein ê
is a bilinear non-degenerate pairing which maps G1×
G1 into G2. - View Dependent Claims (27, 34, 36, 45, 48, 50, 59, 60)
-
-
15. A method for operating a public-key encryption scheme which provides for sending a digital message M between a sender and a recipient with participation of an authorizer, wherein the digital message is encrypted by the sender and decrypted by the recipient, the method comprising encrypting, by at least one machine in a set of one or more machines, the digital message M using at least a recipient public key RPUB and a recipient encryption key RENC to create an encrypted digital message for decryption with a recipient private key RPRIV and a recipient decryption key RDEC, wherein:
-
the recipient public key RPUB and the recipient private key RPRIV form a public key/private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient; the recipient decryption key RDEC is generated using at least a key generation secret of the authorizer and the recipient encryption key RENC, wherein a key formed from the recipient encryption key RENC and a key formed from the recipient decryption key RDEC are a public key/private key pair 2; wherein the recipient decryption key RDEC is generated by the authorizer to have a value S=scPB, wherein; sc is the key generation secret of the authorizer; and PB is the recipient encryption key RENC and is equal to H1(InfB), wherein InfB is an element of a first cyclic group G1 of elements, wherein PB is an element of a second cyclic group G2 of elements, and H1 is a predefined function (“
first function H1”
), wherein the first and second cyclic groups G1 and G2 and the function H1 are system parameters made available to the sender, and also available to the sender are system parameters comprising;a generator P of the first cyclic group G1; a key generation parameter Q=scP; a second function H2 capable of generating a second string of binary digits from an element of the second cyclic group G2; wherein both the first group G1 and the second group G2 are of the same prime order q; wherein encrypting the digital message M comprises; generating an element P′
B=H1′
(IDrec), wherein H1′
is a function capable of generating an element of the first cyclic group G1 from a string of binary digits;choosing a random parameter σ
∈
{0,1}n;set a random key generation secret r=H3(σ
, M); andencrypting the digital message M to form a ciphertext C, wherein C is set to be; C=[rP, M⊕
H2(gr), EH4 (σ
)(M)], where g=ê
(Q, PB)ê
(PKB, P′
B)∈
G2, wherein PKB is the recipient public key RPUB, wherein H3 is a function capable of generating an integer of the cyclic group Z/qZ from two strings of binary digits, H4 is a function capable of generating one binary string from another binary string, E is a symmetric encryption scheme, ê
is a bilinear non-degenerate pairing which maps G1×
G1 into G2, and H4(σ
) is the key used with E. - View Dependent Claims (31, 35, 38, 47, 49, 57)
-
-
63. A method for operating a public-key encryption scheme which provides for sending a digital message M between a sender and a recipient with participation of an authorizer, wherein the digital message M is encrypted by the sender using at least a recipient public key RPUB and a recipient encryption key RENC to create an encrypted digital message and is decrypted by the recipient, the method comprising decrypting, by at least one machine in a set of one or more machines, the encrypted digital message using at least a recipient private key RPRIV and a recipient decryption key RDEC, wherein:
-
the recipient public key RPUB and the recipient private key RPRIV form a public key/private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient; the recipient decryption key RDEC is generated using at least a key generation secret of the authorizer and the recipient encryption key RENC, wherein a key formed from the recipient encryption key RENC and a key formed from the recipient decryption key RDEC are a public key/private key pair 2; wherein the recipient decryption key RDEC is generated by the authorizer to have a value S=scPB, wherein; sc is the key generation secret of the authorizer; and PB is the recipient encryption key RENC and is equal to H1(InfB), wherein InfB is an element of a first cyclic group G1 of elements, wherein PB is an element of a second cyclic group G2 of elements, and H1 is a predefined function (“
first function H1”
), wherein the first and second cyclic groups G1 and G2 and the function H1 are system parameters made available to the sender, and also available to the sender are system parameters comprising;a generator P of the first cyclic group G1; a key generation parameter Q=scP; a second function H2 capable of generating a second string of binary digits from an element of the second cyclic group G2, wherein InfB comprises the identity of the recipient, IDrec, the recipient public key RPUB, and a parameter defining a validity period for the recipient decryption key RDEC. - View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 76, 78, 79, 97)
-
-
75. A method for operating a public-key encryption scheme which provides for sending a digital message M between a sender and a recipient with participation of an authorizer, wherein the digital message M is encrypted by the sender using at least a recipient public key RPUB and a recipient encryption key RENC to create an encrypted digital message and is decrypted by the recipient, the method comprising decrypting, by at least one machine in a set of one or more machines, the encrypted digital message using at least a recipient private key RPRIV and a recipient decryption key RDEC, wherein:
-
the recipient public key RPUB and the recipient private key RPRIV form a public key/private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient; the recipient decryption key RDEC is generated using at least a key generation secret of the authorizer and the recipient encryption key RENC, wherein a key formed from the recipient encryption key RENC and a key formed from the recipient decryption key RDEC are a public key/private key pair 2; wherein the recipient decryption key RDEC is generated by the authorizer to have a value S=scPB, wherein; sc is the key generation secret of the authorizer; and PB is the recipient encryption key RENC and is equal to H1(InfB), wherein InfB is an element of a first cyclic group G1 of elements, wherein PB is an element of a second cyclic group G2 of elements, and H1 is a predefined function (“
first function H1”
), wherein the first and second cyclic groups G1 and G2 and the function H1 are system parameters made available to the sender, and also available to the sender are system parameters comprising;a generator P of the first cyclic group G1; a key generation parameter Q=scP; a second function H2 capable of generating a second string of binary digits from an element of the second cyclic group G2; wherein encrypting the digital message M comprises; generating an element P′
B=H1′
(IDrec), wherein IDrec comprises the identity of the recipient and wherein H1′
is a function capable of generating an element of the first cyclic group G1 from a string of binary digits;selecting a random key generation secret r; and encrypting the digital message M to form a ciphertext C, wherein C is set to be; C=[rP, M⊕
H2(gr)], where g=ê
(Q, PB)ê
(PKB, P′
B)∈
G2, where PKB is the recipient public key RPUB and wherein ê
is a bilinear non-degenerate pairing which maps G1×
G1into G2. - View Dependent Claims (95)
-
-
77. A method for operating a public-key encryption scheme which provides for sending a digital message M between a sender and a recipient with participation of an authorizer, wherein the digital message M is encrypted by the sender using at least a recipient public key RPUB and a recipient encryption key RENC to create an encrypted digital message and is decrypted by the recipient, the method comprising decrypting, by at least one machine in a set of one or more machines, the encrypted digital message using at least a recipient private key RPRIV and a recipient decryption key RDEC, wherein:
-
the recipient public key RPUB and the recipient private key RPRIV form a public key/private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient; the recipient decryption key RDEC is generated using at least a key generation secret of the authorizer and the recipient encryption key RENC, wherein a key formed from the recipient encryption key RENC and a key formed from the recipient decryption key RDEC are a public key/private key pair 2; wherein the recipient decryption key RDEC is generated by the authorizer to have a value S=scPB, wherein; sc is the key generation secret of the authorizer; and PB is the recipient encryption key RENC and is equal to H1(InfB), wherein InfB is an element of a first cyclic group G1 of elements, wherein PB is an element of a second cyclic group G2 of elements, and H1 is a predefined function (“
first function H1”
), wherein the first and second cyclic groups G1 and G2 and the function H1 are system parameters made available to the sender, and also available to the sender are system parameters comprising;a generator P of the first cyclic group G1; a key generation parameter Q=scP; a second function H2 capable of generating a second string of binary digits from an element of the second cyclic group G2; wherein both the first group G1 and the second group G2, are of the same prime order q; wherein encrypting the digital message M comprises; generating an element P′
B=H1′
(IDrec) wherein H1′
is a function capable of generating an element of the first cyclic group G1 from a string of binary digits;choosing a random parameter σ
∈
{0,1}n;set a random key generation secret r=H3(σ
, M); andencrypting the digital message M to form a ciphertext C, wherein C is set to be; C=[rP, M⊕
H2(gr), EH4 (σ
)(M)], where g=ê
(Q, PB)ê
(PKB, P′
B)∈
G2, wherein PKB is the recipient public key RPUB, wherein H3 is a function capable of generating an integer of the cyclic group Z/qZ from two strings of binary digits, H4 is a function capable of generating one binary string from another binary string, E is a symmetric encryption scheme, ê
is a bilinear non-degenerate pairing which maps G1×
G1 into G2, and H4(σ
) is the key used with E. - View Dependent Claims (96)
-
-
80. A method for operating a public-key encryption scheme which provides for sending a digital message M between a sender and a recipient with participation of an authorizer, wherein the digital message is encrypted by the sender using at least a recipient public key RPUB and a recipient encryption key RENC, wherein the recipient public key RPUB and a recipient private key RPRIV form a recipient public key!recipient private key pair, wherein the recipient private key RPRIV is a secret of the recipient, and the digital message is decrypted by the recipient using at least the recipient private key RPRIV and a recipient decryption key RDEC, the method comprising the authorizer performing, by at least one machine in a set of one or more machines, operations of:
-
selecting a key generation secret that is a secret of the authorizer; generating the recipient decryption key RDEC using at least the key generation secret of the authorizer and the recipient encryption key RENC, wherein a key formed from the recipient encryption key RENC and a key formed from the recipient decryption key RDEC are a public key!private key pair; sending the recipient decryption key RDEC to the recipient; wherein the recipient decryption key RDEC is generated by the authorizer to have a value S=scPB, wherein; sc is the key generation secret of the authorizer; and PB is the recipient encryption key RENC and is equal to H1(InfB), wherein InfB is an element of a first cyclic group G1 of elements, wherein PB is an element of a second cyclic group G2 of elements, and H1 is a predefined function (“
first function H1”
), wherein the first and second cyclic groups G1 and G2 and the function H1 are system parameters made available to the sender, and also available to the sender are system parameters comprising;a generator P of the first cyclic group G1; a key generation parameter Q=scP; a second function H2 capable of generating a second string of binary digits from an element of the second cyclic group G2; wherein InfB comprises the identity of the recipient, IDrec, the recipient public key RPUB, and a parameter defining a validity period for the recipient decryption key RDEC. - View Dependent Claims (81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 98, 99, 100)
-
Specification