Within sensitive computing environments it is often necessary to control the access of individuals to sensitive documents or to computer systems. If strict role based hierarchies can be observed then such access may be defined by access control lists. However if organisations are more dynamic in their internal structure or individuals may be involved with privileged information for some projects but should not be involved at all for other projects then the use of encryption to control access to documents may be preferred. Encryption is particularly useful where documents may need to be shared with individuals who are outside a particular group within an organisation or do not belong to that organisation at all.
The use of encryption allows encrypted documents to be sent to a remote user and stored locally on their computing device. However from time to time it may be necessary to revoke an individual's rights to decrypt encrypted documents. Decryption keys may need to be revoked at the end of a project when people who had worked on it no longer need access to the documents, when a change of staffing occurs such as when an employee leaves an organisation, or when security is compromised in other ways for example by the theft of a computer from an authorised user.
The term “computing device” should be construed broadly, and covers not only conventional computers, but also devices where convergence with other consumer devices has taken place, such as telephones (smart phones), media players and other hardware. Furthermore, a user need not be a person but may be a device or a process (such as a software application). Thus computing devices may include controllers, vehicles having computing systems within them, and so on.