Identity-based decryption
First Claim
1. A client node, comprising:
- identity-based encryption processing circuitry configured to;
receive input from a message sender, the input including;
message content data for a message to be sent to a message recipient at a second client node; and
first authentication data associated with the message recipient at the second client node, said first authentication data comprising a password;
generate a random key;
use said random key to process the message content data to generate encrypted message content data; and
use a public key associated with a server node to process said random key and the first authentication data associated with the message recipient at the second client node to generate a wrapped key ciphertext;
process said encrypted message content data and said wrapped key ciphertext to generate a message text;
provide the password to the message recipient at the second client node; and
transmit said message text to said second client node for decryption, wherein the encrypted message is transmitted to the message recipient in a transaction separate from provision of the password; and
wherein said message recipient at the second client node obtains permitted access to said random key from the server node for decryption of said encrypted message content data based on provision of the password matching said first authentication data after decryption of the wrapped key ciphertext at the server node.
4 Assignments
0 Petitions
Accused Products
Abstract
Devices and methods are provided for managing identity-based decryption of digital content. A message sender (“Alice”) uses a random key (Krand) to encrypt message content for a message recipient (“Bob”). Then Alice uses the public key of a message decryption service provider (“Carmen”) to generate a wrapped key ciphertext comprising the Krand and authentication information associated with Bob. Alice then sends a message text containing the encrypted message content and the wrapped key ciphertext to Bob, who in turn sends the wrapped key ciphertext to Carmen along with his authentication information. Carmen then uses her private key to process the wrapped key ciphertext to decrypt the Krand and Bob'"'"'s authentication information. If the authentication information provided by Bob matches the decrypted authentication information, then Carmen sends the decrypted Krand to Bob, who uses it to decrypt the encrypted message content.
-
Citations
32 Claims
-
1. A client node, comprising:
identity-based encryption processing circuitry configured to; receive input from a message sender, the input including; message content data for a message to be sent to a message recipient at a second client node; and first authentication data associated with the message recipient at the second client node, said first authentication data comprising a password; generate a random key; use said random key to process the message content data to generate encrypted message content data; and use a public key associated with a server node to process said random key and the first authentication data associated with the message recipient at the second client node to generate a wrapped key ciphertext; process said encrypted message content data and said wrapped key ciphertext to generate a message text; provide the password to the message recipient at the second client node; and transmit said message text to said second client node for decryption, wherein the encrypted message is transmitted to the message recipient in a transaction separate from provision of the password; and wherein said message recipient at the second client node obtains permitted access to said random key from the server node for decryption of said encrypted message content data based on provision of the password matching said first authentication data after decryption of the wrapped key ciphertext at the server node. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A method for managing identity-based decryption, at a client node comprising identity-based encryption processing circuitry the method comprising:
-
receiving input from a message sender, the input including; message content data for a message to be sent to a message recipient at a second client node; and first authentication data associated with the message recipient at the second client node, said first authentication data comprising a password; generate a random key; use said random key to process the message content data to generate encrypted message content data; and using a public key associated with a server node to process said random key and the first authentication data associated with the message recipient at the second client node to generate a wrapped key ciphertext; processing said encrypted message content data and said wrapped key ciphertext to generate a message text; providing a password to the message recipient at the second client node; and transmitting said message text to said second client node for decryption, wherein the encrypted message is transmitted to the message recipient in a transaction separate from provision of the password; and wherein said message recipient at the second client node obtains permitted access to said random key from the server node for decryption of the encrypted message content based on provision of the password matching said first authentication data after decryption of the wrapped key ciphertext at the server node. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A server node, comprising:
processing logic circuitry configured to; provide a public key associated with said server node to a message sender at a first client node, said public key used by said first client node to generate a wrapped key ciphertext comprising; a random key generated by said first client node to encrypt message content data; and a first authentication data associated with a message recipient at a second client node, said first authentication data comprising a password; wherein the password is provided by the message sender to the message recipient; wherein the encrypted message content data and the wrapped key ciphertext are transmitted in a message text by the first client node to the second client node in a transaction separate from provision of the password; receive said wrapped key ciphertext and the password from said second client node; use a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first authentication data; and provide said random key to said second client node if said decrypted first authentication data matches the password, and wherein said message recipient at the second client node obtains permitted access to said random key from the server node based on provision of the password matching said decrypted first authentication data, said second client node decrypting the encrypted message content data using the random key, said message text being generated by said first client node based on the encrypted message content data and the wrapped key ciphertext. - View Dependent Claims (13, 14)
-
15. A method for managing identity-based decryption, comprising:
-
using a server node comprising processing circuitry to; provide a public key associated with said server node to a first client node, said public key used by said first client node to generate a wrapped key ciphertext comprising; a random key generated by the first client node to encrypt message content data for a message sender; and a first authentication data associated with a message recipient at a second client node, said first authentication data comprising a password; wherein the password is provided by the message sender to the message recipient; wherein the encrypted message content data and the wrapped key ciphertext are transmitted in a message text by the first client node to the second client node in a transaction separate from provision of the password; receive said wrapped key ciphertext and the password from said second client node; use a private key corresponding to said public key to process said wrapped key ciphertext to decrypt said random key and said first authentication data; and provide said random key from said server node to said second client node if said decrypted first authentication data matches the password; and wherein said message recipient at the second client node obtains permitted access to said random key based on provision of the password matching said decrypted first authentication data, said second client node decrypting the encrypted message content data using the random key, said message text being generated by said first client node based on encrypted message content data and the wrapped key ciphertext. - View Dependent Claims (16, 17)
-
-
18. A client node, comprising:
identity-based decryption processing circuitry configured to; receive a message text from a message sender at a second client node, said message text comprising a wrapped key ciphertext and encrypted message content data; receive a first authentication data from the message sender at the second client node in a separate transaction, the first authentication data comprising a password; provide said wrapped key ciphertext and the password to a server node for processing, said wrapped key ciphertext comprising; a random key generated by said second client node; and the first authentication data associated with said message recipient at the client node encrypted with a public key associated with said server node for decrypting the wrapped key ciphertext; and receive said random key in decrypted form from said server node if said first authentication data from the decrypted wrapped key ciphertext matches the password, and wherein said message recipient at the client node obtains permitted access to said random key for decryption of said encrypted message content data based on provision of said password matching said first authentication data. - View Dependent Claims (19, 20, 21, 22)
-
23. A method for managing identity-based decryption, comprising:
using a client node including identity-based decryption processing circuitry to; receive a message text from a message sender at a second client node, said message text comprising a wrapped key ciphertext and encrypted message content data; receive a first authentication data from the message sender at the second client node in a separate transaction, the first authentication data comprising a password; provide said wrapped key ciphertext and the password associated with a user of said client node to a server node for processing, said wrapped key ciphertext comprising a random key generated by said second client node; and a second authentication data associated with said client node encrypted with a public key associated with said server node; and receive said random key in decrypted form from said server node if the password matches said second authentication data, and wherein the message recipient at said client node obtains permitted access to said random key for decryption of said encrypted message content data based on provision of the second authentication data matching the password. - View Dependent Claims (24, 25, 26, 27)
-
28. A computer program product comprising a non-transitory computer readable medium comprising computer executable instructions for a client node, said computer executable instructions comprising instructions for:
-
receiving from a message sender at a second client node; message content data for a message to be sent to a message recipient at a second client node; and first authentication data associated with the message recipient at the second client node, said first authentication data comprising a password provided to said message recipient at said second client node; generating a random key; using said random key to process the message content data to generate encrypted message content data; and using a public key associated with a server node to process said random key and the first authentication data associated with the message recipient at the second client node to generate a wrapped key ciphertext; wherein said processing circuitry is further configured to; process said encrypted message content data and said wrapped key ciphertext to generate a message text; and provide said message text to said second client node for decryption, wherein the message text is transmitted in a separate transaction from the password; and wherein said message recipient at the second client node obtains permitted access to said random key from the server node for decryption of said encrypted message content data based on provision of the password matching said first authentication data. - View Dependent Claims (29, 30, 31, 32)
-
Specification