Someone has applied for a US patent on the technique of
using a symmetric session key on a document, and then using
multiple public keys to encrypt the session key to multiple
recipients. Newton Hammet newton(at)hammet.net brought
this to our attention.
http://appft1.uspto.gov/netahtml/PTO/srchnum.html
(search for 20010055396)
http://lists.gnupg.org/pipermail/gnupg-users/2002-January/011444.html
http://lists.gnupg.org/pipermail/gnupg-users/2002-January/011445.html
He cites RSA as prior art, but not RFC1991/RFC2440.
This seems to be in the context of a business model where
a server allows secure access to a symmetrically-encrypted
document by allowing the author to upload multiple
public-key headers for multiple recipients, and to repost
both amended PKI access lists and amended updates of
the document (potentially re-using the orig.sess key).
However:
[0024] As another example, encrypted decryption keys could
be bundled into the message and the single message with the
encrypted decryption keys could be broadcast to all recipients
without compromising the security of the mechanism.
--
John Kane
Stratham, NH (USA)