<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 14/06/2018 19:22, Tom Mitchell
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAAMy4URp3raJnBsuHgnXiVuQeD-y52-dzQEja=7cYBW8Jfrwtg@mail.gmail.com">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">In the patent I am confused by: "<span
style="color:rgb(51,51,51);font-family:Roboto,sans-serif;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">The
second mechanism is for a sender to generate the public
key locally for every recipient."</span><br>
<span
style="color:rgb(51,51,51);font-family:Roboto,sans-serif;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"></span>
<div><span
style="color:rgb(51,51,51);font-family:Roboto,sans-serif;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">I
do not understand how a public key be generated for me
if I do not already know the private key will work. Is
this where the world </span></div>
<div><span
style="color:rgb(51,51,51);font-family:Roboto,sans-serif;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">has
to trust a third party?</span></div>
</div>
</div>
</div>
</blockquote>
<br>
The description seems to be wildly inaccurate, but as it is in the
preamble ("Background to the invention") section, is probably not
material to the validity of the patent itself. For traditional PKC,
the two routes as I understand them are central generation and
issue, or local generation by the (intended) recipient (not sender)
as a consequence of generation of the private key. The text then
doubles down on this error, asserting that public CAs routinely
generate public keys (rather than signing supplied PKs) and that
Certificates need to be
protected from tampering in transit and after receipt, when in fact
the
digital signature is intended to perform this function. <br>
<br>
The important bits of the patent appear to be an identity based
crypto scheme with an identity component to the key oracle's public
key which is asserted to protect against substitution of an attacker
public key (although how this is achieved I haven't looked into)<br>
</body>
</html>