Managing keys for encrypted shared documents

摘要

A system administrator, while logged into a system-administrator account, creates and configures a key-administrator account and a member account. A key administrator, while logged into said key-administrator account, creates a group private key, a group public key, and a group symmetric key, a member private key, and a member public key. The key administrator encrypts the group private key with the group symmetric key, and encrypts said group symmetric key with the member public key. A publisher encrypts a document using the group public key. The publisher distributes the resulting encrypted group document so that it is accessible via said member account but not through said key-administrator account.

主权项

1. A method comprising:
creating and configuring accounts via a system-administrator account on a network system, said accounts including a key-administrator account and plural member accounts, said key-administrator account being separate from said system-administrator account, said creating and configuring including processing by processors of said network system; creating keys via said key-administrator account, said keys including a group private key, a group public key, a group symmetric key, member private keys corresponding to respective accounts, and member public keys corresponding to respective member accounts; encrypting, via said key-administrator account, said group private key with said group symmetric key and said group symmetric key with said member public keys; encrypting a document with said group public key to yield an encrypted group document; and distributing said encrypted group document to locations accessible via respective ones of said member accounts and via said system administrator account but not accessible through said key-administrator account.