Certificate-Less Authenticated Encryption
Certificate-Less Authenticated Encryption (CLAE) adds authentication to ID-based encryption. It is an asymmetric encryption algorithm that can exchange secrets between any two entities without the need to (centrally) administer keys.
A user is to register itself with the trusted center (TC) by first authenticating itself with the trusted center. The TC generates the private key of the user and then distributes it to the user.
The trust of the user in the (trusted third party) TC includes:
The user (sender/recipient) joins by acquiring a private key from a trusted third party 'trust center' (TC). The recipient registers itself with the trusted center by first authenticating itself with the TC. Authentication can be anything like password-based, challenge-response (Kerberos, email, phone number, etc.), biometric authentication, etc. The TC generates a private key using his own public key and the identity of the joining user. The private key is then securely transmitted to the joining user.
The sender uses the identity of the recipient and the public key of the TC to locally generate the public key of the recipient. The sender can choose any TC, thus forcing the recipient to acquire his (other) private key from that TC.
After the recipient has joined, he can decrypt the (already) received message.
Upon response to a message the sender becomes the recipient and vice versa.
'Normally' a public/private key pair has to be generated and the public key distributed, before any messages can be securely sent or received. In the case of CLAE messages can already be sent with the public key, before the private key has been generated. The public key of any recipient can already be acquired from a TC, before the recipient has registered.
...
Wikipedia