A number of different techniques have been developed to minimise unauthorised access to data held on a computer apparatus or to data transmitted between computer apparatuses.
However, should a user print confidential information to a remote printer this can result in the confidential information being accessible to anyone who has access to the printer, which for mobile users can be particularly undesirable.
One solution to this problem has been to use a printer spooler, within a printer server, which will only deliver a job to a printer, for printing, if the recipients of the job authenticate themselves to the printer spooler. However, this requires specific configuration of a printer spooler, which as a result can limit the conditions under which a document can be printed.
It is desirable to improve this situation.
Embodiments of the present invention to be described hereinafter make use of a cryptographic technology known as identifier-based encryption. Accordingly, a brief description will now be given of this type of encryption.
Identifier-Based Encryption (IBE) is an emerging cryptographic schema. In this schema (see FIG. 1 of the accompanying drawings), a data provider 10 encrypts payload data 13 using both an encryption key string 14, and public data 15 provided by a trusted authority12. This public data 15 is derived by the trusted authority 12 using private data 17 and a one-way function 18. The data provider 10 then provides the encrypted payload data <13> to a recipient 11 who decrypts it, or has it decrypted, using a decryption key computed by the trusted authority 12 in dependence on the encryption key string and its own private data.
A feature of identifier-based encryption is that because the decryption key is generated from the encryption key string, its generation can be postponed until needed for decryption.
Another feature of identifier-based encryption is that the encryption key string is cryptographically unconstrained and can be any kind of string, that is, any ordered series of bits whether derived from a character string, a serialized image bit map, a digitized sound signal, or any other data source. The string may be made up of more than one component and may be formed by data already subject to upstream processing. In order to avoid cryptographic attacks based on judicious selection of a key string to reveal information about the encryption process, as part of the encryption process the encryption key string is passed through a one-way function (typically some sort of hash function) thereby making it impossible to choose a cryptographically-prejudicial encryption key string. In applications where defence against such attacks is not important, it would be possible to omit this processing of the string.
Frequently, the encryption key string serves to “identify” the intended message recipient and the trusted authority is arranged to provide the decryption key only to this identified intended recipient. This has given rise to the use of the label “identifier-based” or “identity-based” generally for cryptographic methods of the type under discussion. However, depending on the application to which such a cryptographic method is put, the string may serve a different purpose to that of identifying the intended recipient. Accordingly, the use of the term “identifier-based” or “IBE” herein in relation to cryptographic methods and systems is to be understood simply as implying that the methods and systems are based on the use of a cryptographically unconstrained string whether or not the string serves to identify the intended recipient. Generally, in the present specification, the term “encryption key string” or “EKS” is used rather than “identity string” or “identifier string”; the term “encryption key string” is also used in the shortened form “encryption key” for reasons of brevity.
A number of IBE algorithms are known and FIG. 2 indicates, for three such algorithms, the following features, namely:                the form of the encryption parameters 5 used, that is, the encryption key string and the public data of the trusted authority (TA);        the conversion process 6 applied to the encryption key string to prevent attacks based on judicious selection of this string;        the primary encryption computation 7 effected;        the form of the encrypted output 8.        
The three prior art IBE algorithms to which FIG. 2 relates are:                Quadratic Residuosity (QR) method as described in the paper: C. Cocks, “An identity based encryption scheme based on quadratic residues”, Proceedings of the 8th IMA International Conference on Cryptography and Coding, LNCS 2260, pp 360-363, Springer-Verlag, 2001. A brief description of this form of IBE is given hereinafter.        Bilinear Mappings p using, for example, a Tate pairing t or modified Weil pairing ê. Thus, for the modified Weil pairing:ê: G1×G1→G2          where G1 and G2 denote two algebraic groups of prime order q and G2 is a subgroup of a multiplicative group of a finite field. The Tate pairing (to which the example given in FIG. 2 specifically relates) can be similarly expressed though it is possible for it to be of asymmetric form:t: G1×G0→G2          where G0 is a further algebraic group the elements of which are not restricted to being of order q. Generally, the elements of the groups G0 and G1 are points on an elliptic curve though this is not necessarily the case. A description of this form of IBE method, using modified Weil pairings is given in the paper: D. Boneh, M. Franklin—“Identity-based Encryption from the Weil Pairing” in Advances in Cryptology—CRYPTO 2001, LNCS 2139, pp. 213-229, Springer-Verlag, 2001.        RSA-Based methods The RSA public key cryptographic method is well known and in its basic form is a two-party method in which a first party generates a public/private key pair and a second party uses the first party's public key to encrypt messages for sending to the first party, the latter then using its private key to decrypt the messages. A variant of the basic RSA method, known as “mediated RSA”, requires the involvement of a security mediator in order for a message recipient to be able to decrypt an encrypted message. An IBE method based on mediated RSA is described in the paper “Identity based encryption using mediated RSA”, D. Boneh, X. Ding and G. Tsudik, 3rd Workshop on Information Security Application, Jeju Island, Korea, August 2002.        