摘要 |
Devices and methods are provided for managing identity-based decryption of digital content. A message sender (Alice) uses a random key (Krand) to encrypt message content for a message recipient (Bob). Then Alice uses the public key of a message decryption service provider (Carmen) to generate a wrapped key ciphertext comprising the Krand and authentication information associated with Bob. Alice then sends a message text containing the encrypted message content and the wrapped key ciphertext to Bob, who in turn sends the wrapped key ciphertext to Carmen along with his authentication information. Carmen then uses her private key to process the wrapped key ciphertext to decrypt the Krand and Bob's authentication information. If the authentication information provided by Bob matches the decrypted authentication information, then Carmen sends the decrypted Krand to Bob, who uses it to decrypt the encrypted message content. |