HIGH PRIVACY OF FILE SYNCHRONIZATION WITH SHARING FUNCTIONALITY
First Claim
1. A synchronization system operating on a client system for synchronizing files and providing sharing capabilities, comprising:
- a sync root folder for storing items to be synchronized with a remote datastore, the sync root folder comprising;
at least one not-shared-key folder for storing items to be encrypted with a not-shared key and to be synchronized with the remote datastore, wherein the not-shared key is not shared with the remote datastore; and
at least one shared-key folder for storing items to be encrypted with a shared key and to be synchronized with the remote datastore, wherein at least the client system and the remote datastore have access to the shared key;
a folder encryption map that associates the not-shared key with the at least one not-shared-key folders and associates the shared key with the at least one shared-key folder; and
a differential encryption component, communicatively coupled to the sync root folder, that, responsive to an item changing within the sync root folder, interfaces with the folder encryption map to access and encrypt the item to transmitted to and stored at the remote datastore.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for providing privacy of file synchronization with sharing functionality are presented. In embodiments, a file synchronization system comprises one or more folders associated with one or more non-shared encryption keys, which may be a managed key shared across an organization, and/or a personal key that is not shared or has limited third-party sharing. The one or more non-shared encryption keys are not known to the data storage service. The file synchronization system may also contain one or more folders associated with a shared encryption key that is shared with the data storage service, and in embodiments, with a set of users of the service. The system may include a mapping correlating folders to encryption type so items in each folder can be handled appropriately. The system may have additional folders, such as one or more public folders that may be available with limited or no restrictions.
-
Citations
20 Claims
-
1. A synchronization system operating on a client system for synchronizing files and providing sharing capabilities, comprising:
-
a sync root folder for storing items to be synchronized with a remote datastore, the sync root folder comprising; at least one not-shared-key folder for storing items to be encrypted with a not-shared key and to be synchronized with the remote datastore, wherein the not-shared key is not shared with the remote datastore; and at least one shared-key folder for storing items to be encrypted with a shared key and to be synchronized with the remote datastore, wherein at least the client system and the remote datastore have access to the shared key; a folder encryption map that associates the not-shared key with the at least one not-shared-key folders and associates the shared key with the at least one shared-key folder; and a differential encryption component, communicatively coupled to the sync root folder, that, responsive to an item changing within the sync root folder, interfaces with the folder encryption map to access and encrypt the item to transmitted to and stored at the remote datastore. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A datastore managing system operating on one or more service provider computer systems for providing storage and sharing capabilities, comprising:
a storage folder that stores data for a first client, the storage folder associated with the first client and comprises; a sync root folder for storing items to be synchronized with the first client operating on a client system, the sync root folder comprising; at least one managed-key folder for storing items encrypted with a managed key, wherein the datastore managing system does not have access to the managed key; and at least one shared-key folder for storing items encrypted with a shared key, wherein at least the client and the datastore managing system have access to the shared key; and a folder encryption map that correlates which encryption should be applied to the at least one managed-key folders and to the at least one shared-key folder. - View Dependent Claims (13, 14, 15, 16, 17)
-
18. A computer-implement method comprising:
-
generating at least one not-shared-key folder that is associated with a not-shared key that is used to securely handle items stored in the not-shared-key folder, which not-shared key is accessible by at least one client system but not accessible by a datastore system with which the not-share-key folder is remotely stored; generating at least one shared-key folder that is associated with a shared key that is used to securely handle items stored in the shared-key folder, which shared key is accessible by at least one client system and accessible by the datastore system with which the share-key folder is remotely stored; and maintaining a folder encryption map that maps which encryption should be applied based upon whether an item is within the at least one not-shared-key folders or within the at least one shared-key folder. - View Dependent Claims (19, 20)
-
Specification