Identity-based-encryption messaging system with public parameter host servers

US 20070177731A1
Filed: 12/20/2005
Published: 08/02/2007
Est. Priority Date: 06/25/2003
Status: Active Grant

First Claim

Patent Images

1. A method for using identity-based encryption (IBE) to securely convey messages in a system in which individuals who are senders communicate with individuals who are recipients over a communications network, wherein the recipients each have an associated message address and each have an IBE public key that is based on the message address and an associated IBE private key, wherein the system includes a plurality of IBE private key generators each of which generates a plurality of associated IBE private keys for a plurality of associated recipients to use in decrypting messages encrypted with their respective IBE public keys, wherein each IBE private key generator generates different IBE public parameter information to be used in encrypting messages for its associated recipients, wherein the different IBE public parameter information generated by each IBE private key generator is maintained by a different respective IBE public parameter hosting service, and wherein each IBE public parameter hosting service has a different service name that is used to communicate with that hosting service over the network, the method comprising:

at a sender who desires to send an encrypted message to a given recipient who is associated with a given one of the IBE private key generators, generating the service name of the IBE public parameter hosting service that maintains the IBE public parameter information for the given IBE private key generator using the IBE public key of the given recipient;

sending a request for the IBE public parameter information to the IBE public parameter hosting service that maintains the IBE public parameter information for the given IBE private key generator by providing servers in the communications network with information on the service name;

at the sender, obtaining the requested IBE public parameter information over the communications network from the IBE public parameter hosting service; and

at the sender, encrypting a message for the given recipient using the obtained IBE public parameter information and the IBE public key of the given recipient.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided that uses identity-based encryption (IBE) to support secure communications. Messages from a sender may be encrypted using an IBE public key and IBE public parameter information associated with a recipient. The recipient may decrypt IBE-encrypted messages from the sender using an IBE private key. A host having a service name may be used to store the IBE public parameter information. The sender may use a service name generation rule to generate the service name based on the IBE public key of the recipient. The sender may use the service name to obtain the IBE public parameter information from the host.

60 Citations

View as Search Results

11 Claims

1. A method for using identity-based encryption (IBE) to securely convey messages in a system in which individuals who are senders communicate with individuals who are recipients over a communications network, wherein the recipients each have an associated message address and each have an IBE public key that is based on the message address and an associated IBE private key, wherein the system includes a plurality of IBE private key generators each of which generates a plurality of associated IBE private keys for a plurality of associated recipients to use in decrypting messages encrypted with their respective IBE public keys, wherein each IBE private key generator generates different IBE public parameter information to be used in encrypting messages for its associated recipients, wherein the different IBE public parameter information generated by each IBE private key generator is maintained by a different respective IBE public parameter hosting service, and wherein each IBE public parameter hosting service has a different service name that is used to communicate with that hosting service over the network, the method comprising:
- at a sender who desires to send an encrypted message to a given recipient who is associated with a given one of the IBE private key generators, generating the service name of the IBE public parameter hosting service that maintains the IBE public parameter information for the given IBE private key generator using the IBE public key of the given recipient;
  
  sending a request for the IBE public parameter information to the IBE public parameter hosting service that maintains the IBE public parameter information for the given IBE private key generator by providing servers in the communications network with information on the service name;
  
  at the sender, obtaining the requested IBE public parameter information over the communications network from the IBE public parameter hosting service; and
  
  at the sender, encrypting a message for the given recipient using the obtained IBE public parameter information and the IBE public key of the given recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method defined in claim 1 wherein the IBE public key of the given recipient is formed by concatenating a validity period with the message address of the given recipient and wherein encrypting the message for the given recipient comprises encrypting a message for the given recipient using the IBE public key formed by concatenating the validity period with the message address of the given recipient.
  - 3. The method defined in claim 1 wherein the IBE public key of the given recipient is based at least partly on a date stamp and wherein encrypting the message for the given recipient comprises encrypting a message for the given recipient using the IBE public key that is based at least partly on the date stamp.
  - 4. The method defined in claim 1 wherein the IBE public key of the given recipient is based at least partly on a date range and wherein encrypting the message for the given recipient comprises encrypting a message for the given recipient using the IBE public key that is based at least partly on the date range.
  - 5. The method defined in claim 1 wherein the message address of the given recipient comprises an email address, wherein the IBE public key of the given recipient is formed by concatenating a validity period with the email address of the given recipient, and wherein encrypting the message for the given recipient comprises encrypting a message for the given recipient using the IBE public key formed by concatenating the validity period with the email message address of the given recipient.
  - 6. The method defined in claim 1 wherein the IBE public key of the given recipient is formed by adding security clearance level information to the message address of the given recipient and wherein encrypting the message for the given recipient comprises encrypting a message for the given recipient using the IBE public key of the given recipient that is formed by adding the security clearance level information to the message address of the given recipient.
  - 7. The method defined in claim 1 wherein the message address of the given recipient comprises an email address, wherein the IBE public key of the given recipient is formed by adding security clearance level information to the email message address of the given recipient, and wherein encrypting the message for the given recipient comprises encrypting an email message for the given recipient using the IBE public key of the given recipient that is formed by adding the security clearance level information to the email message address of the given recipient.
  - 8. The method defined in claim 1 wherein the message address of the given recipient comprises an email address, wherein the IBE public key of the given recipient is formed by adding security clearance level information and a validity period to the email message address of the given recipient, and wherein encrypting the message for the given recipient comprises encrypting an email message for the given recipient using the IBE public key of the given recipient that is formed by adding the security clearance level information and the validity period to the email message address of the given recipient.

9. A method for using identity-based encryption (IBE) to securely convey messages in a system in which individuals who are senders communicate with individuals who are recipients over a communications network, wherein the recipients each have an associated message address and each have an IBE public key that is based on the message address and an associated IBE private key, wherein the system includes a plurality of IBE private key generators each of which generates IBE private keys for associated recipients to use in decrypting messages, wherein each IBE private key generator generates different IBE public parameter information to be used in encrypting messages for its associated recipients, wherein the different IBE public parameter information generated by each IBE private key generator is maintained by a different respective IBE public parameter host, and wherein each IBE public parameter host has a different service name that is used to communicate with that host over the network, the method comprising:
- at a sender who desires to use a policy-based IBE public key to send an encrypted message to a plurality of recipients in parallel, wherein the plurality of recipients are associated with a given one of the IBE private key generators, applying a service name generation rule to the policy-based IBE public key to generate the service name of the IBE public parameter host that maintains the IBE public parameter information for the given IBE private key generator;
  
  using the generated service name to obtain IBE public parameter information associated with the plurality of recipients from the IBE public parameter host that maintains the IBE public parameter information for the given IBE private key generator; and
  
  at the sender, encrypting the message for the plurality of recipients using the obtained IBE public parameter information and the policy-based IBE public key.

10. A method for using identity-based encryption (IBE) to securely convey email messages in a system in which parties communicate over a communications network, wherein email recipients each have an associated email address, each have an IBE public key that is based on the email address for use in IBE encryption, and each have an associated IBE private key for use in IBE decryption, wherein the system includes a plurality of IBE private key generators each of which generates a plurality of associated IBE private keys for a plurality of associated recipients to use in decrypting messages encrypted with their respective IBE public keys, wherein each IBE private key generator generates different IBE public parameter information to be used in encrypting messages for its associated recipients, wherein the different IBE public parameter information generated by each IBE private key generator is maintained by a different respective IBE public parameter host, and wherein each IBE public parameter host has a different service name that is used to communicate with that host over the network, the method comprising:
- in preparation for encrypting a message for a given recipient who is associated with a given one of the IBE private key generators, generating the service name of the IBE public parameter host that maintains the IBE public parameter information for the given IBE private key generator by applying a service name generation rule to the IBE public key of the recipient;
  
  using the service name to obtain the IBE public parameter information associated with the given recipient from the IBE public parameter host that maintains the IBE public parameter information for the given IBE private key generator over the network; and
  
  using the IBE public parameter information obtained from the IBE public parameter host and the IBE public key of the recipient to encrypt the message for the recipient.
- View Dependent Claims (11)
- - 11. The method defined in claim 10 wherein the given recipient has an email address having a domain name portion, the method further comprising:
    - using the service name generation rule to generate the service name of the IBE public parameter information host associated with the given recipient by prepending a string to the domain name portion of the email address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
entIT Software LLC (Open Text Corporation)
Original Assignee
Eric Rescorla, Guido Appenzeller, Matthew Pauker, Rishi Kacker, Terence Spies
Inventors
Appenzeller, Guido, Spies, Terence, Rescorla, Eric, Kacker, Rishi, Pauker, Matthew

Granted Patent

US 7,765,582 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/47
CPC Class Codes

H04L 63/0442 wherein the sending and rec...

H04L 9/3073 involving pairings, e.g. id...

Identity-based-encryption messaging system with public parameter host servers

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

11 Claims

Specification

Use Cases

Quick Links

Others

Identity-based-encryption messaging system with public parameter host servers

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

11 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others