49 results about "ID-based encryption" patented technology

The inventive system for providing strong security for UDP communications in networks comprises a server, a client, and a secure communication protocol wherein authentication of client and server, either unilaterally or mutually, is performed using identity based encryption, the secure communication protocol preserves privacy of the client, achieves significant bandwidth savings, and eliminates overheads associated with certificate management. VDTLS also enables session mobility across multiple IP domains through its session resumption capability.

A server is operable to receive a media device identifying number (ID) and establish an association between a media device and a payment account and, in one embodiment, supports at least one of payment authorization and payment clearing based at least in part on the media device ID and the payment account. A network and system includes a payment card processor server that is operable to receive a payment authorization request and to determine if an authorized media device generated a purchase selection message and to determine to approve a received payment authorization request based, in part, if the media device was authorized for the purchase selection based upon a received media device ID. The system is further operable to perform a key rotation to protect payment account information.

Disclosed are a data transmission/reception apparatus and method. A secret key generation unit uses a user ID as a public key to generate a secret key corresponding to the user ID. An encryption/decryption unit sets a user ID intended to receive data as an input value to encrypt the data using a certain method and decrypt the encrypted data using a certain method on the basis of a secret key corresponding to a user ID of a receiver generated by the secret key generation unit. The transmission apparatus and method according to the present invention allow for secure communication between terminals without server intervention by encrypting data using an ID-based encryption technique for safe data communication and then communicating the encrypted data.

Provided are identifier (ID)-based encryption and decryption methods and apparatuses for the methods. The ID-based encryption method includes having, at a transmitting terminal, a transmitting-side private key corresponding to a transmitting-side ID issued by a key issuing server, generating, at the transmitting terminal, a session key using the transmitting-side ID, a receiving-side ID, and the transmitting-side private key, extracting, at the transmitting terminal, a secret key from at least a part of the session key, and encrypting, at the transmitting terminal, a message using a previously set encryption algorithm and the secret key.

A system is provided that uses identity-based encryption to support secure communications between senders and recipients over a communications network. Private key generators are used to provide public parameter information. Senders encrypt messages for recipients using public keys based on recipient identities and using the public parameter information as inputs to an identity-based encryption algorithm. Recipients use private keys to decrypt the messages. There may be multiple private key generators in the system and a given recipient may have multiple private keys. Senders can include private key identifying information in the messages they send to recipients. The private key identifying information may be used by the recipients to determine which of their private keys to use in decrypting a message. Recipients may obtain the correct private key to use to decrypt a message from a local database of private keys or from an appropriate private key server.

A method of verifying public parameters from a trusted center in an identity-based encryption system prior to encrypting a plaintext message by a sender having a sender identity string may include: identifying the trusted center by a TC identity string, the trusted center having an identity-based public encryption key of the trusted center based on the TC identity string; determining if the sender has a sender private key and the public parameters for the trusted center including the public encryption key of the trusted center and a bilinear map; and verifying the public parameters using the TC identity string prior to encrypting the plaintext message into a ciphertext by comparing values of the bilinear map calculated with variables from the trusted center. The ciphertext may include a component to authenticate the sender once the ciphertext is received and decrypted by the recipient using the private key of the recipient.

Methods and systems for keeping information related to the sender of a mail piece private, while still allowing authorized parties to easily obtain the sender information if desired, is provided. Sender information for a mail piece is encrypted utilizing an identity-based encryption (IBE) scheme. The encryption key used to encrypt the sender information can be computed using recipient information. The corresponding decryption key can only be obtained from a trusted third party acting as a Private Key Generator (PKG). Only those parties authorized to have access to the sender information will be provided with the corresponding decryption key. The corresponding decryption key can then be used to decrypt the sender information into human readable form.

Methods and systems for providing confidentiality of communications sent via a network that is efficient, easy to implement, and does not require significant key management. The identity of each node of the routing path of a communication is encrypted utilizing an identity-based encryption scheme. This allows each node of the routing path to decrypt only those portions of the routing path necessary to send the communication to the next node. Thus, each node will only know the immediate previous node from which the communication came, and the next node to which the communication is to be sent. The remainder of the routing path of the communication, along with the original sender and intended recipient, remain confidential from any intermediate nodes in the routing path. Use of the identity-based encryption scheme removes the need for significant key management to maintain the encryption/decryption keys.

An Authentication Of Things (AOT) system includes a cloud server configured to control a cloud domain connected with a plurality of devices, a home server configured to control a home server connected with a plurality of devices, a first device corresponding to a new device, and a second device of a root user connected with the home domain while authentication is completed in the home server. In this case, the first device loads cryptographic material of the cloud server from the cloud server in a pre-deployment stage, the cryptographic material includes at least one selected from the group consisting of an identifier of the first device in the cloud server, a first private key of an ID-based cryptography system of the first device in the cloud server, a first pairwise key of the first device in the cloud server, and a counter of the first device, and if the first device is shipped to a trader, the cloud server deletes the first private key from the cloud server.

A public key encryption system and an ID-based encryption system are provided, each exhibiting high security and having a tight security reduction, in which a BDH problem is a cryptographic assumption. A recipient-side device (110) serving as a recipient of a cryptogram selects random numbers s₁ and s₂, generates P, QεG₁ and a bilinear mapping e: G₁×G₁→G₂ as part of public key information, and further generates P₁=s₁P and P₂=s₂P as part of the public key information. A sender-side device (120) serving as a sender of the cryptogram calculates e(Q, P₁) and e(Q, P₂) by use of the public key information Q of the recipient-side device (110) and the bilinear mapping e, and further generates a cryptogram to be transmitted to the recipient-side device (110) by use of those pieces of information e(Q, P₁) and e(Q, P₂).

A virtual power plant security scheduling and transaction method based on a dual blockchain technology comprises a scheduling private chain for scheduling and a transaction alliance chain for transaction, adopts a hybrid proxy re-encryption algorithm based on a ciphertext strategy, and is formed by combining an identity-based encryption algorithm and an attribute proxy re-encryption algorithm based on the ciphertext strategy. The agent converts the ciphertext based on attribute encryption into the ciphertext based on identity encryption, so that the decryption cost of the data accessor is reduced, and the non-repudiation and reliability of production information are ensured. In the transaction process, a continuous bilateral auction mechanism based on reputation is adopted, participants can continuously adjust their own quotation according to the current electric quantity transaction price, benefit maximization is achieved, transaction information and a reputation value are recorded inan alliance chain, and tamper resistance and transparency of the information are guaranteed. A low-cost, open and transparent information and transaction platform is provided for a virtual power plant, and the safety, tamper resistance, non-repudiation, integrity and the like of data are guaranteed.

The invention discloses an identity-based encryption method allowing revocation at the lattice, and specifically includes the steps of: 1. establishing an algorithm; 2. establishing a private key generation algorithm; 3. updating a secret key generation algorithm; 4. decrypting the secret key generation algorithm; 5. encrypting an algorithm; 6. decrypting the algorithm; and 7. revoking the algorithm. The identity-based encryption method allowing revocation at the lattice adds a user identity revocation mechanism, and thus identity management of user can be effectively realized; and the method is based on the problem of LWE difficulty at the lattice, can resist quantum attack, has relatively high computational efficiency, proves that the scheme is adaptively safe, security of the scheme is stipulated to the problem of LWE difficulty, and the problem existing in the prior art that an encryption method causes disclosure of a user private key and difficulty in resisting quantum attack.

A system is provided for secure data transmission. The system stores a public master key, private decryption key and secure messaging module for securely transmitting and receiving a digital model data file for transmission via a work order message. For transmitting and receiving the work order message, the system generate public encryption keys using a key generation algorithm in which each of the public encryption keys are unique to a designated message recipient and generated using an input including the public master key, a validity period, and an identifier of the designated message recipient. The system may also store a revocation list that includes identifiers of message recipients that have revoked access to the public master key or private decryption key, and based thereon determine whether or not to encrypt and transmit the work order message, or receive and decrypt the work order message.

There may be provided a computer-implemented method. It may be implemented at least in part using a blockchain network such as, for example, the Bitcoin network. The computer-implemented method includes: i) encrypting a plaintext message to a cryptographic public key in accordance with an identity-based encryption scheme using at least a congress public key to generate an encrypted message, wherein the congress public key is associated with members of a congress, respective members of the congress having access to private key shares usable in a threshold decryption scheme in which at least a threshold of private key shares are sufficient to derive a decryption key through the combination of partial contributions to the decryption key on behalf of the congress; ii) generating, using at least a cryptographic private key corresponding to the cryptographic public key, a digital signature over a first set of instructions to perform cryptographic operations upon an occurrence of an event; and iii) broadcasting one or more transactions to a proof-of-work blockchain network, the one or more transactions comprising the encrypted message, the cryptographic public key, at least the first setof instructions, and a second set of instructions to the members of the congress to cooperate to: in response to reaching a consensus on the event occurring and contingent upon the digital signature being authentic, deploy a ghost chain to perform the first set of instructions, wherein performing the first set of instructions includes at least deriving the decryption key from the cryptographic keyand a plurality of private key shares that satisfies the threshold, the decryption key being sufficient cryptographic material to obtain the plaintext message from the encrypted message.