(51) Int Cl.: H04L 9/08 ( )

Transcription

1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION (4) Date of publication and mention of the grant of the patent: Bulletin 07/42 (1) Int Cl.: H04L 9/08 (06.01) (21) Application number: (22) Date of filing: (4) Method and apparatus for encrypting/decrypting data Verfahren und Vorrichtung zur Verschlüsselung/Entschlüsselung von Daten Procédé et dispositif de chiffrage/déchiffrage de données (84) Designated Contracting States: DE FR GB () Priority: GB 0888 (43) Date of publication of application: Bulletin 03/43 (73) Proprietor: Hewlett-Packard Development Company, L.P. Houston, TX (US) (72) Inventors: Casassa Mont, Marco Stoke Gifford, Bristol BS34 8BF (GB) Harrison, Keith Alexander Chepstow, Monmouthshire NP16 7PX (GB) Sadler, Martin Fishponds, Bristol BS16 3SQ (GB) (6) References cited: WO-A-01/46782 US-A PATENT ABSTRACTS OF JAPAN vol. 1999, no. 04, April 1999 ( ) -& JP A (HITACHI LTD), 29 January 1999 ( ) COCKS: "An identity based encryption scheme based on quadratic residues" COMMUNICATIONS-ELECTRONICS SECURITY GROUP, [Online] 01, pages 1-4, XP Retrieved from the Internet: <URL:HTTP: // /MEDIA/ CIREN.PDF > [retrieved on ] BONEH D ET AL: "Identity based Encryption from the weil pairing", ADVANCES IN CRYPTOLOGY. CRYPTO ST ANNUAL INTERNATIONAL CRYPTOLOGY CONFERENCE, SANTA BARBARA, CA, AUG , 01. PROCEEDINGS, LECTURE NOTES IN COMPUTER SCIENCE;VOL. 2139, BERLIN: SPRINGER, DE, PAGE(S) XP ISBN: * the whole document * (74) Representative: Squibbs, Robert Francis Hewlett-Packard Limited IP Section, Building 3 Filton Road Stoke Gifford Bristol BS34 8QZ (GB) EP B1 Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention). Printed by Jouve, 7001 PARIS (FR)

2 Description 1 2 [0001] The present invention relates to a method and apparatus for encrypting/decrypting data. [0002] When dealing with private and confidential information there is frequently a need to ensure that the information is kept private and confidential until a specific time, for example for seal bids the originator of a bid needs to be confident that their bid is not disclosed until a specific date. [0003] It is an object of the present invention to facilitate the release of confidential information at (or possibly after) a specific time. [0004] One known approach for maintaining the confidentiality of data is the use of encryption. However, traditional encryption techniques, such as the use of symmetric keys or PKI encryption, require that an appropriate decryption key is known at the time of encryption. Therefore, to ensure confidentiality the decryption key must be securely stored until required. Should, however, someone obtain unauthorised access to the decryption key this could allow unauthorised access to the confidential data. Further, the setting up and use of symmetric keys and PKI encryption can be complex. [000] A more recent cryptographic schema is Identifier-Based Encryption (IBE). In this schema, a data provider encrypts payload data using an encryption key string and public data provided by a trusted authority; the data provider then provides the encrypted payload data to a recipient who decrypts it using a decryption key provided by the trust authority together with the latter s public data. The trusted authority s public data is derived by the authority using private data using a one-way function. Features of the IBE schema are that any kind of string (including a name, a role, etc.) can be used as an encryption key string, and that the generation of the decryption key is effected by the trust authority using the encryption key string and its private data, enabling the generation of the decryption key to be postponed until needed for decryption. [0006] A number of IBE algorithms are known, including the "Quadratic Residuosity" (QR) method described in the paper: "An Identity Based Encryption Scheme based on Quadratic Residues". C. Cocks Communications-Electronics Security Group (CESG), UK Other IBE algorithms are known such as the use of Weil or Tate pairings - see, for example: D. Boneh, M. Franklin - Identity-based Encryption from the Weil Pairing. Crypto [0007] Japanese patent application JP describes key management equipment that is arranged to generate public / private key pairs (such as RSA key pairs), allocate key pairs to particular release times, provide a requesting party with the public key allocated to the release time indicated by the requesting party, and publish each private key at its associated release time. Summary of the Invention [0008] In accordance with a first aspect of the present invention there is provided a security method, comprising: first operations, effected by a discloser of data, comprising encrypting the data and providing the encrypted data to a recipient, the encryption process using both an encryption key, and public data provided by a trusted party and derived thereby using private data; and second operations, effected by the trusted party, comprising using both said private data and further data, in order to determine a decryption key which is then output; characterised in that the encryption key used by the data discloser comprises a time value, and in that the decryption key is determined by the trusted party at intervals with said further data comprising, at each determination, a new current time value derived independently of said encryption key, the decryption key being so determined that, for a said current time value equalling the time value used by the data discloser for its encryption key, the decryption key is apt to decrypt the discloser s encrypted data. [0009] This provides the advantage of ensuring that a decryption key required to decrypt encrypted data is only generated when access to confidential information is authorised. [00] According to a second aspect of the present invention, there is provided a computer system comprising a first computing entity arranged to encrypt, for output, first data according to an encryption process involving both an encryption key and second, public, data provided by a trusted party; a second computing entity associated with the trusted party and arranged to determine, for output, a decryption key using both third data and fourth, private, data from which said second data has been derived; and a third computing entity arranged to receive both the encrypted first data and the decryption key, and to decrypt the received encrypted first data using the received decryption key; characterised in that the first computing entity is arranged to use a time value as said encryption key, and in that the second computing entity is arranged to determine said decryption key at intervals using as said third data, at each determination, a new current time value derived independently of said encryption key, the decryption key being so determined by the second computing entity that, for a said current time value equalling the time value used by the first computing entity for its encryption key, 2

3 1 the decryption key is apt to decrypt the encrypted first data. [0011] According to a third aspect of the present invention, there is provided apparatus for generating a decryption key, comprising a memory for holding private data, a source time signals, a processor for using private data to generate, at intervals, decryption keys each adapted to decrypt data encrypted with a respective corresponding encryption key, and a distribution arrangement for distributing each decryption key at a respective release time; characterised in that the processor is arranged to generate each decryption key using both said private data and a current time value indicated by the source of time signals, each decryption key generated being apt to decrypt data encrypted using both public data derived using said private data and an encryption key comprising a time value corresponding to the current time value used in generating the decryption key. Brief Description of the Drawings [0012] For a better understanding of the present invention and to understand how the same may be brought into effect reference will now be made, by way of example only, to the accompanying drawings, in which:- Figure 1 illustrates a computer system according to an embodiment of the present invention; Figure 2 illustrates a computer apparatus according to an embodiment of the present invention Best Mode of Carrying Out the Invention [0013] The present invention addresses the issue of controlling access to data, where the owner/originator of the relevant data wishes to restrict access to the data until a specific time (which could include year, month, day as well as hours and minutes). This is achieved by using an encryption key to encrypt the data where the encryption key is derived using data that equates to the specific time the owner/originator of the data wishes to allow access to the data, and where the corresponding decryption key is only generated at that specific time (i.e. at the time owner/originator wishes to allow access to the data). [0014] Figure 1 illustrates a computer system according to an embodiment of the present invention. Computer system includes a first computer entity 11, a second computer entity 12, a third computer entity 13 and a fourth computer entity 14. The three computer entities 11, 12, 13 are coupled via a network 1, for example the Internet, while the fourth computer entity 14 is coupled directly to the third computer entity 13, via a secure link. [001] Associated with the first computer entity 11 is a document generation software application 16, for example Acrobat writer, that includes a software plug-in 161 for allowing encryption of documents generated by the application using an identity based encryption IBE mechanism, as described below. Associated with the second computer entity 12 is a document reader software application 17, for example Acrobat reader, that includes a software plug-in 171 for allowing decryption of documents generated by the document generation software application 16 of the first computer entity 11 using an identity based encryption IBE mechanism, as described below. The third computer entity 13 acts as a distribution service 131 for the fourth computer entity 14, where the fourth computer entity 14 acts as a trust authority 141 that makes available, via the distribution service 131 of the third computer entity 13, trust authority encryption data 142 and decryption key data 143, as described below. As would be appreciated by a person skilled in the art the distribution service 131 can make available the trust authorities encryption data 142 and decryption key data 143 in a variety of ways, for example via a web site. [0016] As the fourth computer entity 14 is acting as a trust authority 141 the fourth computer entity 14 would ideally operate in a secure environment, for example within a secure building, or secure room and/or be constructed as a tamper-resistant box. [0017] As shown in figure 2, incorporated within the fourth computer entity 14 is a clock, a processor 21, memory 22 for storing the trust authority s encryption data 142 and algorithms for the generation of decryption keys based upon IBE, and an application program interface 23 API to allow the fourth computer entity 14 to interface with the third computer entity 13. In this embodiment, using a QR IBE encryption/decryption mechanism, the trust authority s encryption data 142 comprises: - a hash function # which when applied to a string returns a value in the range 0 to N-1, and - a value N that is a product of two random prime numbers p and q, where the values of p and q are only known to the trust authority 141; the values of p and q should ideally be in the range of 2 11 and 2 12 and should both satisfy the equation: p, q 3 mod 4 (however, p and q must not have the same value). [0018] A process for allowing encryption of data using an encryption key generated with a data set representing a time and decryption of the data using a decryption key generated at substantially the same time as the time represented 3

4 1 by a data set will now be described. In the present context, "time" can be a time-of-day value and/or a calendar date or any other measure of time. [0019] A user of the first computer entity 11 creates a document using the document generation software application 16. When the user wishes to restrict the intended recipients access to the document until a specified time (for example until a specific hour of a given day, month and year) the user inputs into the document generation software application 16 this specific time, this could be achieved, for example, by the application 16 being arranged to prompt the user with a request as to when the information should be made available to the recipient. [00] Using the time information input by the user the software plug-in encrypts, using the IBE mechanism, the document using the time information, or typically a digital representation of the time information, as the encryption key. [0021] For example, using the QR IBE encryption/decryption technique to encrypt each bit m of the user s document the software plug-in 161 generates random numbers t + (where t + is an integer in the range [0, 2 N )) until the software plug-in 161 finds a value of t + that satisfies the equation jacobi(t +,N)=m, where m has a value of -1 or 1 depending on whether the corresponding bit of the user s document is 0 or 1 respectively. (As is well known, the jacobi function is such that where x 2 #modn the jacobi (#, N) = -1 if x does not exist, and = 1 if x does exist). The software plug-in 161 then computes the value: 2 for each bit m, where s+ corresponds to the encrypted bit of m. [0022] Since #(encryptionkeystring) may be non-square the software plug-in 161 additionally generates additional random numbers t - (integers in the range [0, 2 N )) until the software plug-in 161 finds one that satisfies the equation jacobi(t -,N)=m. The software plug-in 161 then computes the value: for each bit m. [0023] The document generation application 16 obtains the trust authorities encryption data 142 by any suitable means, for example the encryption data could be pre-loaded within the software plug-in 161 or could be downloaded from the distribution service 131, via the network 1. [0024] The time information format used to generate the encryption key will typically be determined by the trust authority 141 that provides the associated decryption key and, typically, will be standardised, for example Greenwich Mean Time GMT or Universal Time Co-ordinates UTC. [002] Once encrypted the encrypted data (that is, the values s + and s - for each bit m of the user s data) is made available to the intended recipient via the second computer entity 17, by any suitable means, for example via or by being placed in an electronic public area. The identity of the trust authority 141 and encryption key (i.e. the designated time period from when the intended recipient can access the document) can also be provided to the recipient if the intended recipient does not already have access to this information. [0026] To decrypt the data the document reader software application plug-in 171 needs to obtain, from the distribution service 131, a decryption key that corresponds to the encryption key, as described below, where the decryption key is only generated at the appropriate time (i.e. at substantially the same time as the time represented by the data set used to generate the encryption key). [0027] The fourth computer entity 14, using clock information, generates decryption keys at specific (preferably regular) time intervals. Any suitable time intervals for the generation of associated decryption keys can be used, therefore depending on the circumstance this could be, for example, seconds, minutes or day. Accordingly, the clock time ideally would include years, months, days, hours and minutes. The first computer entity 11 will have chosen the time value used for its encryption key to be a value corresponding to a time for which the computer entity will generate a decryption key. [0028] For example, if the trust authority 141 is arranged to provide a decryption key on the hour every hour, when the clock indicates to the processor 21 that an hour has elapsed since the last decryption key was generated the processor 21 calculates a decryption key using an "encryptionkeystring" that corresponds to the current hour time. The resultant decryption key will be apt to decrypt data that has been encrypted using the same "encryptionkeystring" value. Thus the decryption key corresponding to the encryption key used by the first computer entity is not generated until the 4

5 specific time selected by the first computer entity for when access to the encrypted data is authorised. Therefore, if data has been encrypted using an encryption key that corresponds, for example, to GMT on a given day, month and year at GMT on that specific day, month and year, on indication of this from the clock, the processor 21 calculates a decryption key that is associated with the encryption key. [0029] The associated decryption key B is determined by the trust authority 141 as follows : If a value of B does not exist, then there is a value of B that is satisfied by the equation: [00] As N is a product of two prime numbers p, q it would be extremely difficult for any one to calculate the decryption key B with only knowledge of the encryption key string and N. However, as the trust authority 141 has knowledge of p and q (i.e. two prime numbers) it is relatively straightforward for the trust authority 141 to calculate B. [0031] On calculation of the decryption key the fourth computer entity 14 provides the decryption key to the distribution service 131 (together, preferably, with an indication of whether this is the "positive" or "negative" solution for B), thereby making the decryption key available to the recipient of the encrypted data and allowing the recipient to decrypt the encrypted data. [0032] The distribution service 131 can make the decryption key available by any suitable means, for example, via a web site or distributed in conjunction with transmitted time information over a national or global time distribution system. The distribution service 131 is arranged to make available (i.e. publish) the encryption key for use by the recipient, where the recipient may, for example, correspond to a group of people within a company or globally to everyone. [0033] If the distribution service 131 makes the decryption keys available via a web site the distribution service 131 could include load-balancing machines (not shown) to spread the web site access load. [0034] Additionally, the distribution service 131 could also maintain a database of previously available decryption keys, thereby allowing a recipient of encrypted data to obtain an appropriate decryption key for some time after the represented time used to generate the encryption key. [003] If the square root of the encryption key returns a positive value, the users data M can be recovered using: [0036] If the square root of the encryption key returns a negative value, the users data M can be recovered using: 4 0 [0037] The recipient may choose to cache the decryption key to decrypt the document at a later date. [0038] As stated above, the above embodiment uses the QR IBE encryption/decryption mechanism, however, other forms of IBE could be used such as those based on Weil or Tate pairings. [0039] Although the above embodiment describes the control of access to a document, the above embodiment could equally apply to other forms of data. [00] Additionally, the fourth computer entity 14 could be configured to allow an authorised individual to reconfigure the fourth computer entity 14 to allow the generation of previously created decryption keys, for example if the distribution service database was destroyed. [0041] The source of time used by the trust authority need not be a clock of the computer entity 14 but could be time signals received from another source though in this case, appropriate measures are preferably applied to ensure that the time signals are secure.

6 Claims 1. A security method, comprising: 1 first operations, effected by a discloser (11) of data, comprising encrypting the data and providing the encrypted data to a recipient (12), the encryption process using both an encryption key and public data (142) provided by a trusted party (141) and derived thereby using private data (143); and second operations, effected by the trusted party (141), comprising using both said private data and further data, in order to determine a decryption key which is then output; characterised in that the encryption key used by the data discloser (11) comprises a time value, and in that the decryption key is determined by the trusted party (141) at intervals with said further data comprising, at each determination, a new current time value derived independently of said encryption key, the decryption key being so determined that, for a said current time value equalling the time value used by the data discloser for its encryption key, the decryption key is apt to decrypt the discloser s encrypted data. 2. A method according to claim 1, wherein the trusted party (141) derives said current time value from a real-time clock () associated with the trusted party. 3. A method according to claim 1 or 2, wherein the decryption key is determined at regular time intervals. 4. A method according to any one of the preceding claims, wherein said current time value corresponds to a date. 2. A method according to any one of the preceding claims, wherein the time value used as the encryption key is chosen from amongst time values known to be ones that will be used as current time values in determining the decryption key. 6. A method according to any one of the preceding claims, wherein the first and second operations are identifier-based cryptographic processes utilising quadratic residuosity A method according to any one of claims 1 to, wherein the first and second operations are identifier-based cryptographic processes utilising Weil or Tate pairings. 8. A computer system comprising a first computing entity (11) arranged to encrypt, for output, first data according to an encryption process involving both an encryption key and second, public, data (142) provided by a trusted party (141); a second computing entity (14) associated with the trusted party (141) and arranged to determine, for output, a decryption key using both third data and fourth, private, data from which said second data has been derived; and a third computing entity (12) arranged to receive both the encrypted first data and the decryption key, and to decrypt the received encrypted first data using the received decryption key; characterised in that the first computing entity (11) is arranged to use a time value as said encryption key, and in that the second computing entity is arranged to determine said decryption key at intervals using as said third data, at each determination, a new current time value derived independently of said encryption key, the decryption key being so determined by the second computing entity (14) that, for a said current time value equalling the time value used by the first computing entity (11) for its encryption key, the decryption key is apt to decrypt the encrypted first data. 9. A computer system according to claim 8, wherein the second computing entity (14) is tamper resistant.. A computer system according to claim 8 or claim 9, wherein the second computing entity (14) includes a real-time clock () from which said current time values are generated A computer system according to any one of claims 8 to, wherein said current time value corresponds to a date. 12. A computer system according to any one of claims 8 to 11, further comprising a distribution sub-system for distributing the decryption key. 13. A computer system according to any one of claims 8 to 12, wherein the second computing entity (14) is arranged to determine the decryption key at regular time intervals. 14. A computer system according to any one of claims 8 to 13, wherein the first computing entity (11) is arranged to 6

7 select as said second data, a time value that it knows is one for which the second computing entity will use as a said current time value for determining the decryption key. 1. A computer system according to any one of claims 8 to 14, wherein the encryption process effected by the first computing entity (11), the decryption-key determination process effected by the second computing entity (14), and the process of decrypting the encrypted first data effected by the third computing entity (12) are identifier-based cryptographic processes utilising quadratic residuosity. 16. A computer system according to any one of claims 8 to 14, wherein the encryption process effected by the first computing entity (11), the decryption-key determination process effected by the second computing entity (14), and the process of decrypting the encrypted first data effected by the third computing entity (12) are identifier-based cryptographic processes utilising Weil or Tate pairings Apparatus (13, 14) for generating a decryption key, comprising a memory (22) for holding private data (143), a source of time signals (), a processor (21) for using private data to generate, at intervals, decryption keys each adapted to decrypt data encrypted with a respective corresponding encryption key, and a distribution arrangement (131) for distributing each decryption key at a respective release time; characterised in that the processor (21) is arranged to generate each decryption key using both said private data and a current time value indicated by the source of time signals (), each decryption key generated being apt to decrypt data encrypted using both public data derived using said private data and an encryption key comprising a time value corresponding to the current time value used in generating the decryption key. 18. Apparatus according to claim 17, wherein said current time value corresponds to a date Apparatus according to claim 17 or claim 18, wherein the decryption key is generated by an identifier-based cryptographic process utilising quadratic residuosity.. Apparatus according to claim 17 or claim 18, wherein the decryption key is generated by an identifier-based cryptographic process utilising Weil or Tate pairings. Patentansprüche Ein Sicherheitsverfahren, das folgende Schritte aufweist: erste Operationen, ausgeführt durch eine Offenbarungseinrichtung (11) von Daten, die ein Verschlüsseln der Daten und ein Liefern der verschlüsselten Daten an einen Empfänger (12) aufweisen, wobei der Verschlüsselungsprozess sowohl einen Verschlüsselungsschlüssel als auch öffentliche Daten (142), die durch eine vertrauenswürdige Partei (141) geliefert und unter Verwendung von privaten Daten (143) von derselben abgeleitet werden, verwendet; und zweite Operationen, ausgeführt durch die vertrauenswürdige Partei (141), die ein Verwenden sowohl der privaten Daten als auch weiterer Daten, um einen Entschlüsselungsschlüssel, der anschließend ausgegeben wird, zu bestimmen, aufweisen; gekennzeichnet dadurch, dass der durch die Datenoffenbarungseinrichtung (11) verwendete Verschlüsselungsschlüssel einen Zeitwert aufweist, und dass der Entschlüsselungsschlüssel durch die vertrauenswürdige Partei (141) periodisch mit den weiteren Daten, die, bei jeder Bestimmung, einen neuen aktuellen Zeitwert, der unabhängig von dem Verschlüsselungsschlüssel abgeleitet wird, aufweisen, bestimmt wird, wobei der Entschlüsselungsschlüssel so bestimmt wird, dass, für den aktuellen Zeitwert, der dem durch die Datenoffenbarungseinrichtung für ihren Verschlüsselungsschlüssel verwendeten Zeitwert gleicht, der Entschlüsselungsschlüssel geeignet ist, die verschlüsselten Daten der Offenbarungseinrichtung zu entschlüsseln. 2. Ein Verfahren gemäß Anspruch 1, bei dem die vertrauenswürdige Partei (141) den aktuellen Zeitwert von einer der vertrauenswürdigen Partei zugeordneten Echtzeituhr () ableitet. 3. Ein Verfahren gemäß Anspruch 1 oder 2, bei dem der Entschlüsselungsschlüssel in regelmäßigen Zeitabständen bestimmt wird. 4. Ein Verfahren gemäß einem der vorhergehenden Ansprüche, bei dem der aktuelle Zeitwert einem Datum entspricht. 7

8 . Ein Verfahren gemäß einem der vorhergehenden Ansprüche, bei dem der als der Verschlüsselungsschlüssel verwendete Zeitwert aus Zeitwerten, von denen bekannt ist, dass sie als aktuelle Zeitwerte bei einem Bestimmen des Entschlüsselungsschlüssels verwendet werden, ausgewählt wird Ein Verfahren gemäß einem der vorhergehenden Ansprüche, bei dem die ersten und zweiten Operationen kennungsbasierte kryptographische Prozesse sind, die quadratische Residuosität nutzen. 7. Ein Verfahren gemäß einem der Ansprüche 1 bis, bei dem die ersten und zweiten Operationen kennungsbasierte kryptographische Prozesse sind, die Weil- oder Tate-Paarungen nutzen. 8. Ein Computersystem, das eine erste Recheneinheit (11) aufweist, die angeordnet ist, um, zur Ausgabe, erste Daten gemäß einem Verschlüsselungsprozess, in den sowohl ein Verschlüsselungsschlüssel als auch zweite, öffentliche Daten (142), bereitgestellt durch eine vertrauenswürdige Partei (141), eingebunden sind, zu verschlüsseln; eine zweite Recheneinheit (14), die der vertrauenswürdigen Partei (141) zugeordnet ist und angeordnet ist, um, zur Ausgabe, unter Verwendung sowohl von dritten Daten als auch vierten, privaten, Daten, von denen die zweiten Daten abgeleitet wurden, einen Entschlüsselungsschlüssel zu bestimmen; und eine dritte Recheneinheit (12), die angeordnet ist, um sowohl die verschlüsselten ersten Daten als auch den Entschlüsselungsschlüssel zu empfangen und die empfangenen verschlüsselten ersten Daten unter Verwendung des empfangenen Entschlüsselungsschlüssels zu entschlüsseln; gekennzeichnet dadurch, dass die erste Recheneinheit (11) angeordnet ist, um einen Zeitwert als den Verschlüsselungsschlüssel zu verwenden, und dass die zweite Recheneinheit angeordnet ist, um den Entschlüsselungsschlüssel periodisch zu bestimmen, wobei als die dritten Daten, bei jeder Bestimmung, ein neuer aktueller Zeitwert, der unabhängig von dem Verschlüsselungsschlüssel abgeleitet wird, verwendet wird, wobei der Entschlüsselungsschlüssel so durch die zweite Recheneinheit (14) bestimmt wird, dass, für den aktuellen Zeitwert, der dem durch die erste Recheneinheit (11) für ihren Verschlüsselungsschlüssel verwendeten Zeitwert gleicht, der Entschlüsselungsschlüssel geeignet ist, die verschlüsselten ersten Daten zu entschlüsseln. 9. Ein Computersystem gemäß Anspruch 8, bei dem die zweite Recheneinheit (14) verfälschungssicher ist.. Ein Computersystem gemäß Anspruch 8 oder Anspruch 9, bei dem die zweite Recheneinheit (14) eine Echtzeituhr () umfasst, aus der die aktuellen Zeitwerte erzeugt werden. 11. Ein Computersystem gemäß einem der Ansprüche 8 bis, bei dem der aktuelle Zeitwert einem Datum entspricht Ein Computersystem gemäß einem der Ansprüche 8 bis 11, das ferner ein Verteilungsteilsystem zum Verteilen des Entschlüsselungsschlüssels aufweist. 13. Ein Computersystem gemäß einem der Ansprüche 8 bis 12, bei dem die zweite Recheneinheit (14) angeordnet ist, um den Entschlüsselungsschlüssel in regelmäßigen Zeitabständen zu bestimmen Ein Computersystem gemäß einem der Ansprüche 8 bis 13, bei dem die erste Recheneinheit (11) angeordnet ist, um, als die zweiten Daten, einen Zeitwert auszuwählen, von dem sie weiß, dass er einer ist, den die zweite Recheneinheit als den aktuellen Zeitwert zum Bestimmen des Entschlüsselungsschlüssels verwenden wird. 1. Ein Computersystem gemäß einem der Ansprüche 8 bis 14, bei dem der Verschlüsselungsprozess, der durch die erste Recheneinheit (11) ausgeführt wird, der Bestimmungsprozess für den Entschlüsselungsschlüssel, der durch die zweite Recheneinheit (14) ausgeführt wird, und der Prozess zum Entschlüsseln der verschlüsselten Daten, der durch die dritte Recheneinheit (12) ausgeführt wird, kennungsbasierte kryptographische Prozesse, die eine quadratische Residuosität nützen, sind. 16. Ein Computersystem gemäß einem der Ansprüche 8 bis 14, bei dem der Verschlüsselungsprozess, der durch die erste Recheneinheit (11) ausgeführt wird, der Bestimmungsprozess für den Entschlüsselungsschlüssel, der durch die zweite Recheneinheit (14) ausgeführt wird, und der Prozess zum Entschlüsseln der verschlüsselten Daten, der durch die dritte Recheneinheit (12) ausgeführt wird, kennungsbasierte kryptographische Prozesse, die Weil- oder Tate-Paarungen nutzen, sind. 17. Eine Vorrichtung (13, 14) zum Erzeugen eines Entschlüsselungsschlüssels, die einen Speicher (22) zum Halten von privaten Daten (143), eine Quelle von Zeitsignalen (), einen Prozessor (21) zum Verwenden der privaten Daten, um, periodisch, Entschlüsselungsschlüssel zu erzeugen, die jeweils angepasst sind, um Daten, die mit einem 8

9 jeweiligen entsprechenden Verschlüsselungsschlüssel verschlüsselt wurden, zu entschlüsseln, und eine Verteilungsanordnung (131) zum Verteilen jedes Entschlüsselungsschlüssels zu einem jeweiligen Freigabezeitpunkt aufweist; gekennzeichnet dadurch, dass der Prozessor (21) angeordnet ist, um jeden Entschlüsselungsschlüssel unter Verwendung sowohl der privaten Daten als auch eines aktuellen Zeitwerts, angezeigt durch die Quelle von Zeitsignalen (), zu erzeugen, wobei jeder erzeugte Entschlüsselungsschlüssel geeignet ist, verschlüsselte Daten unter Verwendung sowohl von öffentlichen Daten, die unter Verwendung der privaten Daten abgeleitet wurden, als auch eines Verschlüsselungsschlüssels, der einen Zeitwert aufweist, der dem aktuellen Zeitwert, der bei dem Erzeugen des Entschlüsselungsschlüssels verwendet wurde, entspricht, zu entschlüsseln. 18. Eine Vorrichtung gemäß Anspruch 17, bei der der aktuelle Zeitwert einem Datum entspricht. 19. Vorrichtung gemäß Anspruch 17 oder Anspruch 18, bei der der Entschlüsselungsschlüssel durch einen kennungsbasierten kryptographischen Prozess, der eine quadratische Residuosität nutzt, erzeugt wird. 1. Vorrichtung gemäß Anspruch 17 oder Anspruch 18, bei der der Entschlüsselungsschlüssel durch einen kennungsbasierten kryptographischen Prozess, der Weil- oder Tate-Paarungen nutzt, erzeugt wird Revendications 1. Un procédé de sécurisation, comprenant : des premières opérations, effectuées par un divulgateur (11) de données, comprenant le chiffrement des données et la fourniture des données chiffrées à un destinataire (12), le processus de chiffrement utilisant à la fois une clé de chiffrement, et des données publiques (142), fournies par une partie de confiance (141) et qui en sont dérivées en utilisant des données privées (143) ; et des deuxièmes opérations, effectuées par la partie de confiance (141), comprenant l utilisation à la fois desdites données privées et d autres données, afin de déterminer une clé de déchiffrement qui est ensuite fournie en sortie ; caractérisé en ce que la clé de chiffrement utilisé par le divulgateur (11) de données comprend une valeur temporelle, et en ce que la clé de déchiffrement est déterminée par la partie de confiance (141) à des intervalles, lesdites autres données comprenant, à chaque détermination, une nouvelle valeur de temps actuelle, dérivée indépendamment de ladite clé de chiffrement, la clé de déchiffrement étant déterminée de manière que, pour une dite valeur temporelle actuelle, égale à la valeur temporelle utilisée par le divulgateur de données pour sa clé de chiffrement, la clé de déchiffrement soit en mesure de déchiffrer les données chiffrées du divulgateur. 2. Un procédé selon la revendication 1, dans lequel la partie de confiance (141) dérive ladite valeur temporelle actuelle à partir d une horloge temps réel () associée à la partie de confiance. 3. Un procédé selon la revendication 1 ou 2, dans lequel la clé de déchiffrement est déterminée à des intervalles de temps réguliers. 4. Un procédé selon l une quelconque des revendications précédentes, dans lequel ladite valeur de temps actuelle correspond à une date. 0. Un procédé selon l une quelconque des revendications précédentes, dans lequel la valeur temporelle utilisée comme clé de chiffrement est choisie parmi des valeurs temporelles connues pour être celles allant être utilisées comme valeurs temporelles actuelles dans la détermination de la clé de déchiffrement. 6. Un procédé selon l une quelconque des revendications précédentes, dans lequel les premières et deuxièmes opérations sont des processus cryptographiques à base d identificateur, utilisant une résiduosité quadratique. 7. Un procédé selon l une quelconque des revendications 1 à, dans lequel les premières et deuxièmes opérations sont des processus cryptographiques à base d identificateur, utilisant des appariements Weil ou Tate. 8. Un système d ordinateur, comprenant une première entité de calcul (11), agencée pour chiffrer, pour fourniture en sortie, des premières données selon un processus de chiffrement impliquant à la fois une clé de chiffrement et des 9

10 deuxièmes données (142) publiques fournies par une partie de confiance (141) ; une deuxième entité de calcul (14), associée à la partie de confiance (141) et agencée pour déterminer, pour fourniture en sortie, une clé de déchiffrement utilisant à la fois des troisièmes données et des quatrièmes données privées, d où lesdites deuxièmes données ont été dérivées ; et une troisième entité de calcul (12) agencée pour recevoir à la fois les premières données chiffrées et la clé de déchiffrement, et pour déchiffrer les premières données chiffrées reçues en utilisant la clé de déchiffrement reçue ; caractérisé en ce que la première entité de calcul (11) est agencée pour utiliser une valeur temporelle en tant que dite clé de chiffrement, et en ce que la deuxième entité de calcul est agencée pour déterminer ladite clé de déchiffrement à des intervalles, en utilisant en tant que dite troisième données, à chaque détermination, une nouvelle valeur temporelle actuelle dérivée indépendamment de ladite clé de chiffrement, la clé de déchiffrement étant déterminée par la deuxième entité de calcul (14), de telle façon que, pour une dite valeur temporelle actuelle égale à la valeur temporelle utilisée par la première entité de calcul (11) pour sa clé de chiffrement, la clé de déchiffrement soit apte à déchiffrer les premières données chiffrées Un système d ordinateur selon la revendication 8, dans lequel la deuxième entité de calcul (14) est résistante aux falsifications.. Un système d ordinateur selon la revendication 8 ou la revendication 9, dans lequel la deuxième entité de calcul (14) inclut une horloge temps réel (), d où sont générées lesdites valeurs temporelles actuelles Un système d ordinateur selon l une quelconque des revendications 8 à, dans lequel ladite valeur temporelle actuelle correspond à une date. 12. Un système d ordinateur selon l une quelconque des revendications 8 à 11, comprenant en outre un sous-système de distribution pour distribuer la clé de déchiffrement. 13. Un système d ordinateur selon l une quelconque des revendications 8 à 12, dans lequel la deuxième entité de calcul (14) est agencée pour déterminer la clé de déchiffrement à des intervalles de temps réguliers. 14. Un système d ordinateur selon l une quelconque des revendications 8 à 13, dans lequel la première entité de calcul (11) est agencée pour sélectionner, en tant que dite deuxième donnée, une valeur temporelle qu il sait être une valeur que la deuxième entité de calcul va utiliser comme une dite valeur temporelle actuelle pour déterminer la clé de déchiffrement Un système d ordinateur selon l une quelconque des revendications 8 à 14, dans lequel le processus de chiffrement accompli par la première entité de calcul (11), le processus de détermination de clé de déchiffrement accompli par la deuxième entité de calcul (14), et le processus de déchiffrement des premières données chiffrées accompli par la troisième entité de calcul (12) sont des processus cryptographiques à base d identificateur, utilisant une résiduosité quadratique. 16. Un système d ordinateur selon l une quelconque des revendications 8 à 14, dans lequel le processus de chiffrement accompli par la première entité de calcul (11), le processus de détermination de clé de déchiffrement accompli par la deuxième entité de calcul (14), et le processus de déchiffrement des premières données chiffrées accompli par la troisième entité de calcul (12) sont des processus cryptographiques à base d identificateur, utilisant des appariements de Weil ou Tate. 17. Dispositif (13, 14) pour générer une clé de déchiffrement, comprenant une mémoire (22) pour détenir des données privées (143), une source de signaux temporels (), un processeur (21) pour utiliser des données privées pour générer, suivant des intervalles, des clés de déchiffrement, chacune adaptée pour déchiffrer des données chiffrées avec une clé de chiffrement correspondante respective, et un agencement de distribution (131) pour distribuer chaque clé de déchiffrement à un temps d édition respectif; caractérisé en ce que le processeur (21) est agencé pour générer chaque clé de déchiffrement en utilisant à la fois lesdites données privées et une valeur temporelle actuelle, indiquée par la source des signaux temporels (), chaque clé de déchiffrement générée étant apte à déchiffrer des données ayant été chiffrées en utilisant à la fois des données publiques, dérivées en utilisant lesdites données privées, et une clé de chiffrement, comprenant une valeur temporelle correspondant à la valeur temporelle actuelle utilisée dans la génération de la clé de déchiffrement. 18. Dispositif selon la revendication 17, dans lequel ladite valeur temporelle actuelle correspond à une date.

11 19. Dispositif selon la revendication 17 ou la revendication 18, dans lequel la clé de déchiffrement est générée par un processus cryptographique basé sur un identificateur, utilisant la résiduosité quadratique.. Dispositif selon la revendication 17 ou la revendication 18, dans lequel la clé de déchiffrement est générée par un processus cryptographique à base d identificateur, utilisant des appariements Weil ou Tate

12 12

13 13

14 REFERENCES CITED IN THE DESCRIPTION This list of references cited by the applicant is for the reader s convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard. Patent documents cited in the description JP A [0007] Non-patent literature cited in the description C. COCKS. An Identity Based Encryption Scheme based on Quadratic Residues. Communications-Electronics Security Group (CESG, 01, [0006] D. BONEH ; M. FRANKLIN. Identity-based Encryption from the Weil Pairing. Crypto, 01 [0006] 14