In today's society, individuals and businesses conduct an ever-increasing amount of activities on and over computer systems. These computer systems, including proprietary and non-proprietary computer networks, are often storing, archiving, and transmitting all types of sensitive information. Thus, an ever-increasing need exists for ensuring data stored and transmitted over these systems cannot be read or otherwise compromised.
One common solution for securing computer systems is to provide login and password functionality. However, password management has proven to be quite costly with a large percentage of help desk calls relating to password issues. Moreover, passwords provide little security in that they are generally stored in a file susceptible to inappropriate access, through, for example, brute-force attacks.
Another solution for securing computer systems is to provide cryptographic infrastructures. Cryptography, in general, refers to protecting data by transforming, or encrypting, it into an unreadable format. Only those who possess the key(s) to the encryption can decrypt the data into a useable format. Cryptography may be used to identify users, e.g., authentication, to allow access privileges, e.g., authorization, to create digital certificates and signatures, and the like. One popular cryptography system is a public key system that uses two keys, a public key known to everyone and a private key known only to the individual or business owner thereof. Generally, the data encrypted with one key is decrypted with the other and neither key is recreatable from the other.
Unfortunately, even the foregoing typical public-key cryptographic systems are still highly reliant on the user for security. For example, cryptographic systems issue the private key to the user, for example, through the user's browser. Unsophisticated users then generally store the private key on a hard drive accessible to others through an open computer system, such as, for example, the Internet. On the other hand, users may choose poor names for files containing their private key, such as, for example, “key.” The result of the foregoing and other acts is to allow the key or keys to be susceptible to compromise.
Traditional solutions for securing data in motion also fail to provide robust and secure workgroup support. For example, the members of a workgroup may wish to communicate securely (e.g., in a private and authenticated manner) with other workgroup members over one or more secure channels. Typical secure workgroup communication protocols based on pre-shared workgroup encryption keys, public key broadcast encryption, and the like often become unstable and insecure because of insecure and inefficient management and distribution of the shared workgroup key. In addition, these secure workgroup communication protocols generally include only limited workgroup client revocation support. For example, the communication privileges of any one workgroup member generally cannot be efficiently revoked, for example, after compromise of the member's identity or shared workgroup key, or after the workgroup member leaves a workgroup. Moreover, with traditional approaches, there is generally no way to quickly and efficiently renew a workgroup security mechanism either on-demand, periodically, or automatically after the communication privileges of any one workgroup member has been revoked (or the workgroup member leaves the workgroup).