Identity-based-encryption messaging system with public parameter host servers

US 20050010801A1
Filed: 06/25/2003
Published: 01/13/2005
Est. Priority Date: 06/25/2003
Status: Active Grant

First Claim

Patent Images

1. A method for using identity-based encryption (IBE) to securely convey messages over a communications network from a sender to a recipient, wherein the recipient has an associated IBE public key and an associated IBE private key for use in IBE encryption and decryption, wherein the sender uses the IBE public key of the recipient and IBE public parameter information associated with the recipient to encrypt messages for the recipient, wherein the IBE public parameter information is maintained on an IBE public parameter information host that provides the IBE public parameter information over the communications network, and wherein the host has a service name that is used to communicate with the host over the network, the method comprising:

at the sender, using a service name generation rule to generate the service name of the host based on the IBE public key of the recipient;

using the service name to obtain the IBE public parameter information associated with the recipient for the sender from the IBE public parameter host over the network; and

at the sender, using the IBE public parameter information obtained from the IBE public parameter host and the IBE public key of the recipient to encrypt a message for the recipient.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided that uses identity-based encryption (IBE) to support secure communications. Messages from a sender may be encrypted using an IBE public key and IBE public parameter information associated with a recipient. The recipient may decrypt IBE-encrypted messages from the sender using an IBE private key. A host having a service name may be used to store the IBE public parameter information. The sender may use a service name generation rule to generate the service name based on the IBE public key of the recipient. The sender may use the service name to obtain the IBE public parameter information from the host.

91 Citations

View as Search Results

24 Claims

1. A method for using identity-based encryption (IBE) to securely convey messages over a communications network from a sender to a recipient, wherein the recipient has an associated IBE public key and an associated IBE private key for use in IBE encryption and decryption, wherein the sender uses the IBE public key of the recipient and IBE public parameter information associated with the recipient to encrypt messages for the recipient, wherein the IBE public parameter information is maintained on an IBE public parameter information host that provides the IBE public parameter information over the communications network, and wherein the host has a service name that is used to communicate with the host over the network, the method comprising:
- at the sender, using a service name generation rule to generate the service name of the host based on the IBE public key of the recipient;
  
  using the service name to obtain the IBE public parameter information associated with the recipient for the sender from the IBE public parameter host over the network; and
  
  at the sender, using the IBE public parameter information obtained from the IBE public parameter host and the IBE public key of the recipient to encrypt a message for the recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method defined in claim 1 further comprising:
    - at the sender, using the service name generated with the service generation rule and the IBE public key to provide the host with a request that the host provide the IBE public parameter information to the sender; and
      
      with the IBE public parameter host, providing the IBE public parameter information to the sender in response to the request for the IBE public parameter information from the sender.
  - 3. The method defined in claim 2 further comprising:
    - at the sender, sending the request to the host server as an email message.
  - 4. The method defined in claim 1 wherein an IBE private key generator is connected to the network, the method further comprising electronically conveying the IBE public parameter information from the IBE private key generator to the host.
  - 5. The method defined in claim 1 wherein the recipient has a message address, the method further comprising:
    - at the sender, using the service name generation rule to generate the service name of the IBE public parameter information host by prepending a string to at least a portion of the message address.
  - 6. The method defined in claim 1 wherein the recipient has an email address having a domain name portion, the method further comprising:
    - at the sender, using the service name generation rule to generate the service name of the IBE public parameter information host by prepending a string to the domain name portion of the email address.
  - 7. The method defined in claim 1 wherein the IBE public parameter information host has an identity, the method further comprising:
    - at the sender, verifying the identity of the IBE public parameter information host from which the IBE public parameter information is obtained.
  - 8. The method defined in claim 7 wherein verifying the identity of the IBE public parameter information host comprises:
    - at the sender, comparing service name information received from the IBE public parameter information host by the sender to the service name generated with the service name generation rule to determine whether there is a match.
  - 9. The method defined in claim 7 wherein the IBE public key of the recipient includes a message address having a domain name portion and wherein verifying the identity of the IBE public parameter information host comprises:
    - at the sender, comparing identity information received from the IBE public parameter information host by the sender to the domain name portion of the message address to determine whether the identity information matches the domain name portion.
  - 10. The method defined in claim 7 wherein a certificate authority provides a certificate that contains the service name of the IBE public parameter information host and wherein verifying the identity of the IBE public parameter information host comprises:
    - providing the certificate that contains the service name of the IBE public parameter information host to the sender so that the sender can compare signed service name information in the certificate to the service name of the host that was generated by the service name generation rule to determine whether there is a match.
  - 11. The method defined in claim 1 further comprising, with the IBE public parameter information host, providing the sender with identity information signed by a certificate authority.
  - 12. The method defined in claim 1 further comprising, with the IBE public parameter information host, providing the sender with the IBE public parameter information signed by a certificate authority.
  - 13. The method defined in claim 1 wherein providing the IBE public parameter information to the sender comprises providing the IBE public parameter information to the sender over a secure communications link.
  - 14. The method defined in claim 1 wherein providing the IBE public parameter information to the sender comprises providing the IBE public parameter information to the sender over an insecure communications link.
  - 15. The method defined in claim 14 wherein providing the IBE public parameter information to the sender over the insecure link comprises using the IBE public parameter information host to encrypt the IBE public parameter information in a message format prior to sending the IBE public parameter information to the sender in the message format over the insecure link.
  - 16. The method defined in claim 1 wherein the message is an email message and wherein the IBE public key of the recipient comprises an email address, the method further comprising:
    - at the sender, using the email address of the recipient to send the email message to the recipient over the communications network.
  - 17. The method defined in claim 1 wherein the message is an instant message and wherein the IBE public key of the recipient comprises an instant message address, the method further comprising:
    - at the sender, using the instant message address of the recipient to send the instant message to the recipient over the communications network.
  - 18. The method defined in claim 1 further comprising providing the sender with the service name generation rule in a plug-in module.
  - 19. The method defined in claim 1 further comprising providing the sender with the service name generation rule as part of an email program.
  - 20. The method defined in claim 1 wherein the service name comprises a domain name, the method further comprising:
    - at the sender, using the domain name to establish a secure sockets layer communications link with the IBE public parameter information host over the Internet.
  - 21. The method defined in claim 1 wherein there are a plurality of IBE public parameter information hosts, each of which maintains different IBE public parameter information and each of which has a different associated service name, the method further comprising:
    - at the sender, using the service name generation rule to generate the service name that is associated with a particular one of the plurality of IBE public parameter information hosts and using that service name to obtain the IBE public parameter information from that particular one of the plurality of IBE public parameter information hosts over the communications network.
  - 22. The method defined in claim 1 wherein the recipient comprises a router having an associated IP addresses and wherein the host has an associated IP address, the method further comprising:
    - at the sender, using the service name generation rule to generate the service name from the recipient'"'"'s IP address by changing at least one variable byte in the recipient'"'"'s IP address to create the IP address of the host.
  - 23. The method defined in claim 1 wherein the IBE public key contains at least one geographical region attribute, the method further comprising using the service name generation rule to generate the service name by basing the service name at least partially on the geographical region attribute.
  - 24. The method defined in claim 1 wherein there are a plurality of IBE public parameter information hosts, each of which maintains different IBE public parameter information and each of which has a different associated service name, and wherein the recipient has an email address having a domain name portion, the method further comprising:
    - at the sender, using the service name generation rule to generate the service name that is associated with a particular one of the plurality of IBE public parameter information hosts by prepending a string to the domain name portion of the recipient'"'"'s email address and using that service name to obtain the IBE public parameter information from that particular one of the plurality of IBE public parameter information hosts over the communications network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Identicrypt, Inc.
Inventors
Kacker, Rishi R., Appenzeller, Guido, Pauker, Matthew J., Spies, Terence, Rescorla, Eric

Granted Patent

US 7,017,181 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/0442 wherein the sending and rec...

H04L 9/3073 involving pairings, e.g. id...

Identity-based-encryption messaging system with public parameter host servers

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Identity-based-encryption messaging system with public parameter host servers

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links