| 发明名称 | Identity-based decryption | ||
| 摘要 | Devices and methods are provided for managing identity-based decryption of digital content. A message sender (“Alice”) uses a random key (Krand) to encrypt message content for a message recipient (“Bob”). Then Alice uses the public key of a message decryption service provider (“Carmen”) to generate a wrapped key ciphertext comprising the Krand and authentication information associated with Bob. Alice then sends a message text containing the encrypted message content and the wrapped key ciphertext to Bob, who in turn sends the wrapped key ciphertext to Carmen along with his authentication information. Carmen then uses her private key to process the wrapped key ciphertext to decrypt the Krand and Bob's authentication information. If the authentication information provided by Bob matches the decrypted authentication information, then Carmen sends the decrypted Krand to Bob, who uses it to decrypt the encrypted message content. | ||
| 申请公布号 | US9490974(B2) | 申请公布日期 | 2016.11.08 |
| 申请号 | US201213433747 | 申请日期 | 2012.03.29 |
| 申请人 | Certicom Corp. | 发明人 | Brown Daniel R. L. |
| 分类号 | H04L9/32;H04L9/08;H04L29/06;H04L9/30 | 主分类号 | H04L9/32 |
| 代理机构 | Fleit Gibbons Gutman Bongini & Bianco P.L. | 代理人 | Gibbons Jon;Fleit Gibbons Gutman Bongini & Bianco P.L. |
| 主权项 | 1. A client node, comprising: identity-based encryption processing circuitry configured to: receive input from a message sender, the input including: message content data for a message to be sent to a message recipient at a second client node; andfirst authentication data associated with the message recipient at the second client node, said first authentication data comprising a password;generate a random key;use said random key to process the message content data to generate encrypted message content data; anduse a public key associated with a server node to process said random key and the first authentication data associated with the message recipient at the second client node to generate a wrapped key ciphertext;process said encrypted message content data and said wrapped key ciphertext to generate a message text;provide the password to the message recipient at the second client node; andtransmit said message text to said second client node for decryption, wherein the encrypted message is transmitted to the message recipient in a transaction separate from provision of the password; andwherein said message recipient at the second client node obtains permitted access to said random key from the server node for decryption of said encrypted message content data based on provision of the password matching said first authentication data after decryption of the wrapped key ciphertext at the server node. | ||
| 地址 | Mississauga, Ontario CA | ||