HOME

TheInfoList



Click Here for Items Related To - Certificate-based Encryption
OR:
Certificate-based Encryption on:   [Wikipedia]   [Google]   [Amazon]

Certificate-based encryption is a system in which a
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Th ...
uses
ID-based cryptography Identity-based cryptography is a type of public-key cryptography in which a publicly known string representing an individual or organization is used as a public key. The public string could include an email address, domain name, or a physical IP add ...
to produce a
certificate Certificate may refer to: * Birth certificate * Marriage certificate * Death certificate * Gift certificate * Certificate of authenticity, a document or seal certifying the authenticity of something * Certificate of deposit, or CD, a financial pr ...
. This system gives the users both implicit and explicit certification, the certificate can be used as a conventional certificate (for signatures, etc.), but also implicitly for the purpose of encryption.


Example

A user ''Alice'' can doubly encrypt a message using another user's (''Bob'') public key and his (''Bob's'') identity. This means that the user (''Bob'') cannot decrypt it without a currently valid certificate and also that the certificate authority cannot decrypt the message as they don't have the user's private key (i.e., there is no implicit
escrow An escrow is a contractual arrangement in which a third party (the stakeholder or escrow agent) receives and disburses money or property for the primary transacting parties, with the disbursement dependent on conditions agreed to by the transacti ...
as with ID-based cryptography, as the double encryption means they cannot decrypt it solely with the information they have).Certificate is the trust between two parties.


Key revocation

Key revocation can be added to the system by requiring a new certificate to be issued as frequently as the level of security requires. Because the certificate is "public information", it does not need to be transmitted over a secret channel. The downside of this is the requirement for regular communication between users and the certificate authority, which means the certificate authority is more vulnerable to electronic attacks (such as
denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...
s) and also that such attacks could effectively stop the system from working. This risk can be partially but not completely reduced by having a hierarchy of multiple certificate authorities.


Practical applications

The best example of practical use of certificate-based encryption is
Content Scrambling System The Content Scramble System (CSS) is a digital rights management (DRM) and encryption system employed on many commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced around 19 ...
(CSS), which is used to encode
DVD The DVD (common abbreviation for Digital Video Disc or Digital Versatile Disc) is a digital optical disc data storage format. It was invented and developed in 1995 and first released on November 1, 1996, in Japan. The medium can store any kin ...
movies in such a way as to make them playable only in a part of the world where they are sold. However, the fact that the region decryption key is stored on the hardware level in the DVD players substantially weakens this form of protection.


See also

* X.509 * Certificate server


References

* Craig Gentry, Certificate-Based Encryption and the Certificate Revocation Problem, ''Lecture Notes in Computer Science'', pp. 272 – 293, 200


WhatsApp end-to-end data encryption
{{DEFAULTSORT:Certificate-Based Encryption Public-key cryptography Identity-based cryptography Digital rights management systems