Method and system for generating implicit certificates and applications to identity-based encryption (IBE)
First Claim
1. In a communication system comprising at least a certification authority computer of a certification authority, a sender computer of a sender and a recipient computer of a recipient, the certification authority computer, the sender computer and the recipient computer communicating with each other over communication network, a computer-implemented method of transmitting messages encrypted with identity-based public keys derived from information provided by the certification authority, said certification authority having a pair of public and private keys, said method comprising:
- the recipient computer providing a recipient'"'"'s registration request to the certification authority computer over the communication network, said registration request correlating to a first secret value selected by the recipient computer;
upon receiving a request from the sender computer, said request from the sender computer including an identity information of the recipient selected by the sender, the certification authority computer generating a public key reconstruction data from said registration request, said identity information selected by the sender, a second secret value selected by the certification authority computer and a certificate information selected by the certification authority computer;
the certification authority computer transmitting an implicit certificate to the sender computer over the communication network, said implicit certificate including said public key reconstruction data and said certificate information;
the sender computer reconstructing a public key of the recipient from said implicit certificate, said certificate information and the certification authority'"'"'s public key;
the sender computer transmitting to the recipient computer over the communication network a message encrypted with said public key of the recipient together with an indication that said public key is reconstructed from said implicit certificate, said indication including said sender selected identity information.
4 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a method of generating an implicit certificate and a method of generating a private key from a public key. The method involves a method generating an implicit certificate in three phases. The public key may be an entity'"'"'s identity or derived from an entity'"'"'s identify. Only the owner of the public key possesses complete information to generate the corresponding private key. No authority is required to nor able to generate an entity'"'"'s private key.
-
Citations
12 Claims
-
1. In a communication system comprising at least a certification authority computer of a certification authority, a sender computer of a sender and a recipient computer of a recipient, the certification authority computer, the sender computer and the recipient computer communicating with each other over communication network, a computer-implemented method of transmitting messages encrypted with identity-based public keys derived from information provided by the certification authority, said certification authority having a pair of public and private keys, said method comprising:
-
the recipient computer providing a recipient'"'"'s registration request to the certification authority computer over the communication network, said registration request correlating to a first secret value selected by the recipient computer; upon receiving a request from the sender computer, said request from the sender computer including an identity information of the recipient selected by the sender, the certification authority computer generating a public key reconstruction data from said registration request, said identity information selected by the sender, a second secret value selected by the certification authority computer and a certificate information selected by the certification authority computer; the certification authority computer transmitting an implicit certificate to the sender computer over the communication network, said implicit certificate including said public key reconstruction data and said certificate information; the sender computer reconstructing a public key of the recipient from said implicit certificate, said certificate information and the certification authority'"'"'s public key; the sender computer transmitting to the recipient computer over the communication network a message encrypted with said public key of the recipient together with an indication that said public key is reconstructed from said implicit certificate, said indication including said sender selected identity information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method of providing a recipient'"'"'s public key to a sender computer of a sender and a private key corresponding to said public key to a recipient computer of the recipient, the sender computer, the recipient computer and a certification authority computer of a certification authority communicating with each other over communication network, said method comprising the steps of:
-
said recipient computer selecting a secret contribution to said public key and generating a registration request information from said secret contribution, said recipient computer providing said registration request information and a first identify information associated with the recipient to the certification authority computer over the communication network; said sender computer transmitting to the certification authority computer over the communication network a request for an implicit certificate of the public key, said implicit certificate request including said first identity information and a second identity information of the recipient selected by the sender computer; the certificate authority computer generating a public key reconstruction data from the registration request information, the first and second identity information, a certificate information selected by the certification authority computer and a private contribution selected by the certification authority computer; the certification authority computer transmitting said implicit certificate to the sender computer over the communication network, the implicit certificate including said public key reconstruction data and said certificate information; the sender computer computing the public key from the implicit certificate and the certification authority'"'"'s public key; upon receiving a private key request from the recipient computer, the certification authority computer providing a privatization information and the implicit certificate to the recipient computer over the communication network; and the recipient computer computing the private key from the implicit certificate and the privatization information. - View Dependent Claims (11)
-
-
12. In a communication system comprising at least a certification authority computer, a sender computer of a sender and a recipient computer of a recipient, the certification authority computer, the sender computer and the recipient computer communicating with each other over communication network, a computer-implemented method of providing the recipient'"'"'s public key to the sender computer, said public key being based on identity information of the recipient, said method comprising:
-
the recipient computer providing the recipient'"'"'s registration request to the certification authority computer the communication network, said registration request including the recipient'"'"'s first identity information and registration information correlating to a first secret value selected by the recipient computer; the recipient computer providing said first identity information to the sender computer over the communication network; the sender computer transmitting to the certification authority computer over the communication network a request for an implicit certificate, said request including said first identity information and a second identity information of the recipient selected by the sender computer; the certification authority computer generating a public key reconstruction data from said registration request, said first and second identity information, a third identity information of the recipient selected by the certification authority computer and a second secret value selected by the certification authority computer; the certification authority computer transmitting an implicit certificate to the sender computer over the communication network, said implicit certificate including said public key reconstruction data and said third identity information; and the sender computer reconstructing a public key of the recipient from said public key reconstruction data, said first, second and third identity information and the certification authority'"'"'s public key.
-
Specification