HIGH PRIVACY OF FILE SYNCHRONIZATION WITH SHARING FUNCTIONALITY

US 20130262862A1
Filed: 03/30/2012
Published: 10/03/2013
Est. Priority Date: 03/30/2012
Status: Active Grant

First Claim

Patent Images

1. A synchronization system operating on a client system for synchronizing files and providing sharing capabilities, comprising:

a sync root folder for storing items to be synchronized with a remote datastore, the sync root folder comprising;

at least one not-shared-key folder for storing items to be encrypted with a not-shared key and to be synchronized with the remote datastore, wherein the not-shared key is not shared with the remote datastore; and

at least one shared-key folder for storing items to be encrypted with a shared key and to be synchronized with the remote datastore, wherein at least the client system and the remote datastore have access to the shared key;

a folder encryption map that associates the not-shared key with the at least one not-shared-key folders and associates the shared key with the at least one shared-key folder; and

a differential encryption component, communicatively coupled to the sync root folder, that, responsive to an item changing within the sync root folder, interfaces with the folder encryption map to access and encrypt the item to transmitted to and stored at the remote datastore.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for providing privacy of file synchronization with sharing functionality are presented. In embodiments, a file synchronization system comprises one or more folders associated with one or more non-shared encryption keys, which may be a managed key shared across an organization, and/or a personal key that is not shared or has limited third-party sharing. The one or more non-shared encryption keys are not known to the data storage service. The file synchronization system may also contain one or more folders associated with a shared encryption key that is shared with the data storage service, and in embodiments, with a set of users of the service. The system may include a mapping correlating folders to encryption type so items in each folder can be handled appropriately. The system may have additional folders, such as one or more public folders that may be available with limited or no restrictions.

Citations

20 Claims

1. A synchronization system operating on a client system for synchronizing files and providing sharing capabilities, comprising:
- a sync root folder for storing items to be synchronized with a remote datastore, the sync root folder comprising;
  
  at least one not-shared-key folder for storing items to be encrypted with a not-shared key and to be synchronized with the remote datastore, wherein the not-shared key is not shared with the remote datastore; and
  
  at least one shared-key folder for storing items to be encrypted with a shared key and to be synchronized with the remote datastore, wherein at least the client system and the remote datastore have access to the shared key;
  
  a folder encryption map that associates the not-shared key with the at least one not-shared-key folders and associates the shared key with the at least one shared-key folder; and
  
  a differential encryption component, communicatively coupled to the sync root folder, that, responsive to an item changing within the sync root folder, interfaces with the folder encryption map to access and encrypt the item to transmitted to and stored at the remote datastore.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The synchronization system of claim 1 wherein the not-shared key is a managed key shared within a client organization but not shared with the remote datastore.
  - 3. The synchronization system of claim 1 wherein the not-shared key is a personal key that is not shared with third parties.
  - 4. The synchronization system of claim 1 wherein the folder encryption map further comprising:
    - storing an encryption algorithm setting for at least one folder of the at least one not-shared-key folders and the at least one shared-key folders.
  - 5. The synchronization system of claim 1 further comprising:
    - an encryption key store that stores the non-shared key and the shared key and securely provides the differential encryption component with access to the keys.
  - 6. The synchronization system of claim 1 further comprising:
    - a controls module that facilitates setting one or more policies related to at least the shared-key folder.
  - 7. The synchronization system of claim 6 wherein the controls module sets a policy restricting which files can be put into the shared-key folder.
  - 8. The synchronization system of claim 6 wherein the controls module sets a policy restricting one or more identified items in the shared-key folder in the remote storage to be viewable only to a third party with whom the one or more identified items have been shared.
  - 9. The synchronization system of claim 6 wherein the control module receives audit data related to items in the shared-key folder in the remote datastore.
  - 10. The synchronization system of claim 1 wherein the sync root folder further comprises:
    - at least one unencrypted folder for storing items that are unencrypted.
  - 11. The synchronization system of claim 10 wherein at least some of the files within the at least one unencrypted folder at the remote datastore are publicly accessible.

12. A datastore managing system operating on one or more service provider computer systems for providing storage and sharing capabilities, comprising:
- a storage folder that stores data for a first client, the storage folder associated with the first client and comprises;
  
  a sync root folder for storing items to be synchronized with the first client operating on a client system, the sync root folder comprising;
  
  at least one managed-key folder for storing items encrypted with a managed key, wherein the datastore managing system does not have access to the managed key; and
  
  at least one shared-key folder for storing items encrypted with a shared key, wherein at least the client and the datastore managing system have access to the shared key; and
  
  a folder encryption map that correlates which encryption should be applied to the at least one managed-key folders and to the at least one shared-key folder.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The datastore managing system of claim 12 further comprising:
    - a folder controls manager that allows sharing access to a folder to a second client responsive to receiving instructions from the client to allow the second client sharing access to the folder.
  - 14. The datastore managing system of claim 13 wherein:
    - responsive to the folder shared with the second client being a managed-key folder, transmitting from datastore managing system to the second client the encrypted managed-key folder, the second client knowing that the managed-key folder is encrypted with the managed key based upon its position within a sync root folder and having access to the managed key to unencrypt the managed-key folder; and
      
      responsive to the folder shared with the entity being a shared-key folder, transmitting from the datastore managing system to the second client the encrypted shared-key folder, the second client system knowing that the shared-key folder is encrypted with the shared key based upon its position within a sync root folder and having access to the shared key by being a user of the datastore managing system.
  - 15. The datastore managing system of claim 12 further comprising:
    - a client installation module that, when executed on a client system causes the client system to generate a client module comprising;
      
      the sync root folder for storing items to be synchronized with the datastore managing system, the sync root folder on the client system comprising;
      
      the at least one managed-key folder for storing items encrypted with a managed key, which managed key is accessible by the client system but not accessible by the datastore managing system; and
      
      the at least one shared-key folder for storing items encrypted with a shared key, which shared key is accessible by at least the client system and the datastore managing system; and
      
      a folder encryption map that associates the managed key with the at least one managed-key folders and associates the shared key with the at least one shared-key folder; and
      
      a differential encryption component, communicatively coupled to the sync root folder, that, responsive to an item changing within the sync root folder, interfaces with the folder encryption map to access and encrypt the item to transmitted to and stored at the datastore managing system.
  - 16. The datastore managing system of claim 15 wherein the client module further comprises:
    - a controls module that facilitates setting one or more sharing policies related to one or more folders of the sync root folder.
  - 17. The datastore managing system of claim 16 wherein the control module receives audit data related to items in the shared-key folder in the datastore managing system.

18. A computer-implement method comprising:
- generating at least one not-shared-key folder that is associated with a not-shared key that is used to securely handle items stored in the not-shared-key folder, which not-shared key is accessible by at least one client system but not accessible by a datastore system with which the not-share-key folder is remotely stored;
  
  generating at least one shared-key folder that is associated with a shared key that is used to securely handle items stored in the shared-key folder, which shared key is accessible by at least one client system and accessible by the datastore system with which the share-key folder is remotely stored; and
  
  maintaining a folder encryption map that maps which encryption should be applied based upon whether an item is within the at least one not-shared-key folders or within the at least one shared-key folder.
- View Dependent Claims (19, 20)
- - 19. The computer-implement method of claim 18 wherein the at least one not-shared-key folder comprises at least one of:
    - at least one managed-key folder that is associated with a managed key that is used to securely handle items stored in the manage-key folder, which managed key is accessible by at least one client system within a common organization but is not accessible by the datastore system with which the managed-key folder is remotely stored; and
      
      at least one personal-key folder that is associated with a personal key that is used to securely handle items stored in the personal-key folder, which personal key is accessible by a client system but not accessible by the datastore system with which the personal-key folder is remotely stored.
  - 20. The computer-implement method of claim 18 further comprising:
    - responsive to receiving notification of a change to at least one item within a folder system comprising the at least one not-shared-key folder and the at least one shared-key folder, using the folder encryption map and a file path of the at least one item that changed within a folder system to identify the encryption for the least one item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.), DECHO Corporation (Open Text Corporation)
Inventors
HARTLEY, David John

Granted Patent

US 8,707,035 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 16/16   File or folder operations, ...

G06F 16/176   Support for shared access t...

G06F 16/178   Techniques for file synchro...

G06F 16/27   Replication, distribution o...

G06F 21/602   Providing cryptographic fac...

G06F 21/6245   Protecting personal data, e...

HIGH PRIVACY OF FILE SYNCHRONIZATION WITH SHARING FUNCTIONALITY

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

HIGH PRIVACY OF FILE SYNCHRONIZATION WITH SHARING FUNCTIONALITY

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links