Identity-based-encryption messaging system with public parameter host servers
First Claim
1. A method for using identity-based encryption (IBE) to securely convey messages in a system in which individuals who are senders communicate with individuals who are recipients over a communications network, wherein the recipients each have an associated message address and each have an IBE public key that is based on the message address and an associated IBE private key, wherein the system includes a plurality of IBE private key generators each of which generates a plurality of associated IBE private keys for a plurality of associated recipients to use in decrypting messages encrypted with their respective IBE public keys, wherein each IBE private key generator generates different IBE public parameter information to be used in encrypting messages for its associated recipients, wherein the different IBE public parameter information generated by each IBE private key generator is maintained by a different respective IBE public parameter hosting service, and wherein each IBE public parameter hosting service has a different service name that is used to communicate with that hosting service over the network, the method comprising:
- at a sender who desires to send an encrypted message to a given recipient who is associated with a given one of the IBE private key generators, generating the service name of the IBE public parameter hosting service that maintains the IBE public parameter information for the given IBE private key generator using the IBE public key of the given recipient;
sending a request for the IBE public parameter information to the IBE public parameter hosting service that maintains the IBE public parameter information for the given IBE private key generator by providing servers in the communications network with information on the service name;
at the sender, obtaining the requested IBE public parameter information over the communications network from the IBE public parameter hosting service; and
at the sender, encrypting a message for the given recipient using the obtained IBE public parameter information and the IBE public key of the given recipient.
8 Assignments
0 Petitions
Accused Products
Abstract
A system is provided that uses identity-based encryption (IBE) to support secure communications. Messages from a sender may be encrypted using an IBE public key and IBE public parameter information associated with a recipient. The recipient may decrypt IBE-encrypted messages from the sender using an IBE private key. A host having a service name may be used to store the IBE public parameter information. The sender may use a service name generation rule to generate the service name based on the IBE public key of the recipient. The sender may use the service name to obtain the IBE public parameter information from the host.
60 Citations
11 Claims
-
1. A method for using identity-based encryption (IBE) to securely convey messages in a system in which individuals who are senders communicate with individuals who are recipients over a communications network, wherein the recipients each have an associated message address and each have an IBE public key that is based on the message address and an associated IBE private key, wherein the system includes a plurality of IBE private key generators each of which generates a plurality of associated IBE private keys for a plurality of associated recipients to use in decrypting messages encrypted with their respective IBE public keys, wherein each IBE private key generator generates different IBE public parameter information to be used in encrypting messages for its associated recipients, wherein the different IBE public parameter information generated by each IBE private key generator is maintained by a different respective IBE public parameter hosting service, and wherein each IBE public parameter hosting service has a different service name that is used to communicate with that hosting service over the network, the method comprising:
-
at a sender who desires to send an encrypted message to a given recipient who is associated with a given one of the IBE private key generators, generating the service name of the IBE public parameter hosting service that maintains the IBE public parameter information for the given IBE private key generator using the IBE public key of the given recipient;
sending a request for the IBE public parameter information to the IBE public parameter hosting service that maintains the IBE public parameter information for the given IBE private key generator by providing servers in the communications network with information on the service name;
at the sender, obtaining the requested IBE public parameter information over the communications network from the IBE public parameter hosting service; and
at the sender, encrypting a message for the given recipient using the obtained IBE public parameter information and the IBE public key of the given recipient. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for using identity-based encryption (IBE) to securely convey messages in a system in which individuals who are senders communicate with individuals who are recipients over a communications network, wherein the recipients each have an associated message address and each have an IBE public key that is based on the message address and an associated IBE private key, wherein the system includes a plurality of IBE private key generators each of which generates IBE private keys for associated recipients to use in decrypting messages, wherein each IBE private key generator generates different IBE public parameter information to be used in encrypting messages for its associated recipients, wherein the different IBE public parameter information generated by each IBE private key generator is maintained by a different respective IBE public parameter host, and wherein each IBE public parameter host has a different service name that is used to communicate with that host over the network, the method comprising:
-
at a sender who desires to use a policy-based IBE public key to send an encrypted message to a plurality of recipients in parallel, wherein the plurality of recipients are associated with a given one of the IBE private key generators, applying a service name generation rule to the policy-based IBE public key to generate the service name of the IBE public parameter host that maintains the IBE public parameter information for the given IBE private key generator;
using the generated service name to obtain IBE public parameter information associated with the plurality of recipients from the IBE public parameter host that maintains the IBE public parameter information for the given IBE private key generator; and
at the sender, encrypting the message for the plurality of recipients using the obtained IBE public parameter information and the policy-based IBE public key.
-
-
10. A method for using identity-based encryption (IBE) to securely convey email messages in a system in which parties communicate over a communications network, wherein email recipients each have an associated email address, each have an IBE public key that is based on the email address for use in IBE encryption, and each have an associated IBE private key for use in IBE decryption, wherein the system includes a plurality of IBE private key generators each of which generates a plurality of associated IBE private keys for a plurality of associated recipients to use in decrypting messages encrypted with their respective IBE public keys, wherein each IBE private key generator generates different IBE public parameter information to be used in encrypting messages for its associated recipients, wherein the different IBE public parameter information generated by each IBE private key generator is maintained by a different respective IBE public parameter host, and wherein each IBE public parameter host has a different service name that is used to communicate with that host over the network, the method comprising:
-
in preparation for encrypting a message for a given recipient who is associated with a given one of the IBE private key generators, generating the service name of the IBE public parameter host that maintains the IBE public parameter information for the given IBE private key generator by applying a service name generation rule to the IBE public key of the recipient;
using the service name to obtain the IBE public parameter information associated with the given recipient from the IBE public parameter host that maintains the IBE public parameter information for the given IBE private key generator over the network; and
using the IBE public parameter information obtained from the IBE public parameter host and the IBE public key of the recipient to encrypt the message for the recipient. - View Dependent Claims (11)
-
Specification