The present invention relates to data encryption, and more specifically, to create and manage encryption keys to facilitate sharing of encrypted content and encryption key recovery.
Encryption has been utilized to protect information since the dawn of computing. While encryption is used widely today to protect data in motion (e.g., hypertext transfer protocol over transport layer security or HTTPS), its application in protecting data at rest is still limited. One key reason for application of encryption to data at rest is not more widely adopted is complexity in managing and sharing of encryption keys.
One common solution creates one encryption key to encrypt many files. A first problem with this solution is that losing the one encryption key will make many encrypted files vulnerable. A second problem is that sharing the one encryption key with a person often allows the person to access more files than the person should not have access to. To mitigate the damages that may be caused by the first problem, some encryption software introduces a key ring where a new encryption key is created periodically to encrypt new documents and old encryption keys are kept in the key ring to support decryption of encrypted documents. To address the second problem, some encryption software re-encrypts an encrypted document with a shared key before the encrypted document is shared. Most existing encryption solutions address these key problems only partially while introduce substantial complexities.
Another common solution creates a unique encryption key for each file to be encrypted. Having one encryption key per document minimizes damage caused by a compromised encryption key, but it results in a lot of encryption keys to be managed. Since encryption keys need to be stored separately from encrypted documents, it is difficult to tell know how long encryption keys need to be maintained.
In additional to encryption key management issues, controlling access to documents and use of their content are complex and evolving tasks that have different life cycles and requirements from managing encryption keys.
Addressing encryption key management and sharing issues is critical to advance the adoption of encryption to data at rest.