Method and system for generating implicit certificates and applications to identity-based encryption (IBE)
First Claim
1. In a communication system comprising at least a certification authority computer of a certification authority, a sender computer of a sender and a recipient computer of a recipient, the certification authority computer, the sender computer and the recipient computer communicating with each other over a communication network, a computer-implemented method of transmitting messages encrypted with identity-based public keys derived from information provided by the certification authority, said certification authority having a pair of public and private keys, said method comprising:
- the recipient computer providing a recipient'"'"'s registration request to the certification authority computer over the communication network, said registration request correlating to a first secret value selected by the recipient computer;
upon receiving a request from the sender computer, said request from the sender computer including an identity information of the recipient selected by the sender, the certification authority computer generating a public key reconstruction data from said registration request, said identity information selected by the sender, a second secret value selected by the certification authority computer and a certificate information selected by the certification authority computer;
the certification authority computer transmitting an implicit certificate to the sender computer over the communication network, said implicit certificate including said public key reconstruction data and said certificate information;
wherein said implicit certificate, said certificate information and the certification authority'"'"'s public key is configured for subsequent use by the sender computer for allowing the sender computer in reconstructing a public key of the recipient; and
,wherein said public key of the recipient is configured for subsequent use by the sender computer for allowing the sender computer to encrypt a message with said public key of the recipient and a private key of the sender for transmission of the message to the recipient computer over the communication network.
4 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a method of generating an implicit certificate and a method of generating a private key from a public key. The method involves a method generating an implicit certificate in three phases. The public key may be an entity'"'"'s identity or derived from an entity'"'"'s identify. Only the owner of the public key possesses complete information to generate the corresponding private key. No authority is required to nor able to generate an entity'"'"'s private key.
64 Citations
19 Claims
-
1. In a communication system comprising at least a certification authority computer of a certification authority, a sender computer of a sender and a recipient computer of a recipient, the certification authority computer, the sender computer and the recipient computer communicating with each other over a communication network, a computer-implemented method of transmitting messages encrypted with identity-based public keys derived from information provided by the certification authority, said certification authority having a pair of public and private keys, said method comprising:
-
the recipient computer providing a recipient'"'"'s registration request to the certification authority computer over the communication network, said registration request correlating to a first secret value selected by the recipient computer; upon receiving a request from the sender computer, said request from the sender computer including an identity information of the recipient selected by the sender, the certification authority computer generating a public key reconstruction data from said registration request, said identity information selected by the sender, a second secret value selected by the certification authority computer and a certificate information selected by the certification authority computer; the certification authority computer transmitting an implicit certificate to the sender computer over the communication network, said implicit certificate including said public key reconstruction data and said certificate information; wherein said implicit certificate, said certificate information and the certification authority'"'"'s public key is configured for subsequent use by the sender computer for allowing the sender computer in reconstructing a public key of the recipient; and
,wherein said public key of the recipient is configured for subsequent use by the sender computer for allowing the sender computer to encrypt a message with said public key of the recipient and a private key of the sender for transmission of the message to the recipient computer over the communication network. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of issuing certificates at a certificate authority in an identity based encryption system (IBE) to a sender computer and a recipient computer configured for communicating messages encrypted with identity-based public keys derived from information provided by the certification authority, the method comprising:
-
receiving, during a registration phase, a first value comprising;
a registration request R and registration information I1 from the recipient computer which is configured to receive an encrypted message from a sender computer, the registration request derived from a secret value known by the recipient;receiving, during a publication phase, a request for an implicit certificate P and receiving a second value comprising a second information I2, the second information associated with the recipient and provided by the sender computer; generating the implicit certificate at the certificate authority in dependence upon the first value and the second value, the implicit certificate for use by the sender computer in generating the recipient'"'"'s public key B and wherein the recipient'"'"'s public key is for subsequent use by the sender computer in encrypting the message for transmission to the recipient; receiving, during a privatization phase, a request from the recipient comprising the registration information and the second information to verify the registration request; and
,providing to the recipient, in response to the request, a private key reconstruction data, for permitting the recipient to decrypt the message provided by the sender. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium in a communication system comprising at least a certification authority computer of a certification authority, a sender computer of a sender and a recipient computer of a recipient, the certification authority computer, the sender computer and the recipient computer communicating with each other over a communication network, the computer readable medium for transmitting messages encrypted with identity-based public keys derived from information provided by the certification authority, said certification authority having a pair of public and private keys, the computer readable medium comprising instructions for:
-
providing a recipient'"'"'s registration request from the recipient computer to the certification authority computer over the communication network, said registration request correlating to a first secret value selected by the recipient computer; upon receiving a request from the sender computer including an identity information of the recipient selected by the sender, generating at the certification authority computer a public key reconstruction data from said registration request, said identity information selected by the sender, a second secret value selected by the certification authority computer and a certificate information selected by the certification authority computer; transmitting from the certification authority computer an implicit certificate to the sender computer over the communication network, said implicit certificate including said public key reconstruction data and said certificate information; wherein said implicit certificate, said certificate information and the certification authority'"'"'s public key is configured for subsequent use by the sender computer for allowing the sender computer in reconstructing a public key of the recipient; and
,wherein said public key of the recipient is configured for subsequent use by the sender computer for allowing the sender computer to encrypt a message with said public key of the recipient and a private key of the sender for transmission of the message to the recipient computer over the communication network. - View Dependent Claims (16, 17, 18, 19)
-
Specification