This invention relates to messaging systems such as email messaging systems, and more particularly, to messaging systems that use identity-based encryption.
Cryptographic systems are used to provide secure communications services such as secure email services and secure web browsing.
With symmetric key cryptographic systems, the sender of a message uses the same key to encrypt the message that the recipient of the message uses to decrypt the message. Symmetric-key systems require that each sender and recipient exchange a shared key in a secure manner.
With public-key cryptographic systems, two types of keys are used—public keys and private keys. Senders may encrypt messages using the public keys of the recipients. Each recipient has a private key that is used to decrypt the messages for that recipient.
One public-key cryptographic system that is in use is the RSA cryptographic system. Each user in this system has a unique public key and a unique private key. A sender may obtain the public key of a given recipient from a key server over the Internet. To ensure the authenticity of the public key and thereby defeat possible man-in-the-middle attacks, the public key may be provided to the sender with a certificate signed by a trusted certificate authority. The certificate may be used to verify that the public key belongs to the intended recipient of the sender's message. Public key encryption systems such as the RSA system that use this type of traditional approach are referred to herein as PKE cryptographic systems.
Identity-based-encryption (IBE) systems have also been proposed. With IBE encryption systems, a message recipient's email address or other identity-based information may be used as the recipient's public key. With IBE encryption schemes, it is generally not necessary to look up a given recipient's public key as with PKE systems such as the RSA system. Rather, a sender in an IBE system may generate the given recipient's IBE public key based on known rules. For example, a sender may create the IBE public key of a recipient by simply determining the recipient's email address. Recipients of IBE-encrypted messages may use their IBE private keys to decrypt the messages.
Although a sender of a message in an IBE system generally need not look up a recipient's public key before sending an encrypted message to a recipient, the sender must obtain certain “public parameter information” that is associated with the recipient prior to encrypting the message.
Each recipient generally has their own IBE private key, but the IBE public parameter information associated with a given recipient is generally shared with many other recipients. Although the IBE public parameter information associated with a recipient may be provided to the sender of a message by the recipient if needed, requiring recipients to provide the appropriate IBE public parameter information to senders before any IBE-encrypted messages are sent would tend to obviate many of the advantages provided by IBE schemes.
Improved techniques for making IBE public parameter information available to IBE system users are therefore desired.