Herein, related art is described for expository purposes. Related art labeled “prior art”, if any, is admitted prior art; related art not labeled “prior art” is not admitted prior art.
While not quite an oxymoron, “secure sharing” of electronic documents among members of a group over a network to which non-members have access is a challenge. Of course, a document to be shared can be encrypted, but if the key required for decryption must be distributed to group members, there may be too many opportunities for the key to end up in the wrong hands.
When sending a document to an individual, the document can be encrypted with that individual's public key; decryption involves using a private key already in the individual's possession. This approach does not scale very well to large groups as each member of the group must receive a different encrypted version of each document to be shared. In a variation of this approach, the document is encrypted using a symmetric key; the symmetric key is encrypted with the individual's public key and included in the document header. In this case, only one version of the document is involved, but multiple encrypted versions of the document-encryption key are included in the document header.
A more scaleable and manageable approach is to use a group public key to encrypt a group document or its encryption key and encrypt the corresponding group private key using respective member public keys; in this case, only one version of the encrypted document with at most a single version of a symmetric encryption key in the header is involved. Different member private keys are used by the different members to decrypt the document or its symmetric encryption key; however, since the private key does not change on a document-by-document basis, a change in membership of a group does not require any change in the document header; also, the different private keys do not have to be distributed every time a new document is shared.