| 摘要 |
A trusted authority (40) delegates authority to a device (25). This delegation of authority is effected by providing a yet-to-be completed chain of public/private cryptographic key pairs linked in a subversion-resistant manner. The chain terminates with a penultimate key pair formed by public/private data (N; p,q), and a link towards an end key pair to be formed by an encryption/decryption key pair of an Identifier-Based Encryption, IBE, scheme. The private data (p,q) is securely stored (27) in the device (25) for access only by authorised processes, one such process (28) forming the link to the end key pair and being arranged to provide the IBE decryption key generated using the private data and encryption key. This key generation/provision is normally only effected if at least one condition, for example specified in the encryption key, is satisfied. Such a condition may be one tested against data provided by the trusted authority and stored in the device in a subversion-resistant manner.
|
