Secure network storage

摘要

This invention includes a synchronized storage server enabled to send the end-point device a notification including the root folder list. The end-point device compares the sent root folder list to a previously stored root folder list in the end-point devices' memory. If the end-point device detects either a new root folder on the synchronized storage server, a change in an existing folder, or deleted content in a folder the end-point device will determine that a change is required to the stored data. Next the end-point device will synchronize with the synchronized storage server and create a new storage list. Finally, the synchronized storage server will send the end-point device a new encrypted folder encryption key which includes the encrypted file contents along with identifying information such as the server name and revision information.

主权项

1. A method for securing data comprising:
a change made to a folder originating at a first device resulting in the first device uploading a latest encrypted folder to a server; the server receiving the encrypted folder and a first folder encryption key from a first device, wherein the encrypted folder is encrypted using the first folder encryption key; the server storing the encrypted folder; the server referring to an access control list to identify a second device that is authorized to access the encrypted folder; the server encrypting the first folder encryption key with a public key of the second device to produce an encrypted first folder encryption key; the server creating a root folder list; the server sending the root folder list, encrypted folder, and encrypted first folder encryption key to the second device; the second device decrypting the encrypted first folder encryption key to produce the first folder encryption key; the second device using the first folder encryption key to decrypt the encrypted folder and produce a folder; the second device making a change to the folder, producing a changed folder; the second device encrypting the changed folder with a second folder encryption key to produce an encrypted changed folder; the second device sending the encrypted changed folder and the second folder encryption key to the server; the server storing the encrypted changed folder; the server referencing the access control list to determine if the first device is authorized to access the encrypted changed folder; the server encrypting the second folder encryption key with a public key for the first device to produce an encrypted second folder encryption key; the server creating an updated root folder list; the server sending the updated root folder list to the first device; the first device comparing the updated root folder list to a previously stored root folder list to detect the change to the folder; the first device requesting and receiving the encrypted changed folder and the encrypted second folder encryption key from the server; the first device decrypting the encrypted second folder encryption key to produce the second folder encryption key; and the first device using the second folder encryption key to decrypt the encrypted changed folder to produce the changed folder.