1. Field of the Invention
The present invention is directed in general to communications systems and methods for operating same. In one aspect, the present invention relates to devices and methods for managing identity-based decryption of digital content.
2. Description of the Related Art
The use of cryptography to protect digital assets and to authenticate a person's online identity has become increasingly popular in recent years. One such approach is public key cryptography, which is based on the concept of asymmetric key pairs. In this approach, a public key and a private key are generated for each user. The public key of a recipient is then used by a sender to encrypt a message, which is then sent to a recipient. In turn, the recipient uses their private key to decrypt the message.
One issue with public key cryptography is verifying, or authenticating, the identities of two parties. One approach to this issue is the creation of a public key infrastructure (PKI), which uses a certificate authority (CA) to bind a public key to the identity of a user. The binding is typically accomplished by using the CA's private key, and a user's public key, to generate a digital certificate that certifies authenticity of the user. In turn, the digital certificate is used by a web browser to authenticate one user (e.g., a sender) to another user (e.g., a recipient).
However, the practical use of public key cryptography for authentication presumes that both parties to a transaction already possess their respective unique key pairs, or alternatively, have access to the means to have them generated when they are needed. Furthermore, users likewise need ubiquitous access to a PKI for authenticating themselves to one another. Yet this is not always the case. As a result, alternative approaches to authentication have been implemented, including identity-based encryption, which allows a user to use their name, network address, or other unique, yet easily provided identifying information, as their public key. The user's corresponding private key is generated by a key generation center and provided to the user in the form of a smart card or token. However, this approach still requires the generation and distribution of the private key to the user, which can be expensive, time consuming, and error-prone. Another approach to authentication is the traditional use of user names, passwords, and other factors to verify the identity of a user. However, these approaches typically do not encrypt content prior to its delivery.