| 主权项 |
1. A server having a web application using a published Application Programming Interface (API) of one or more cloud storage providers, said web application being dedicated to secure and economical sharing of encrypted files residing at the cloud storage providers, said files being managed under a virtual folder which is shared by a group of different entities, each entity having an identifier, said server having an interface with the entities to receive and send files from and to the entities and having an interface with the cloud storage providers to receive and send files from and to a corresponding storage folder stored at the cloud storage provider, said server further comprising, for the implementation of the web application:
a key generator to generate at least a master key for each virtual folder dedicated to the encryption of files to be shared with the group in said virtual folder, access to an encrypted file issued from encryption using said master key of a file originating from one of the entities in the group, an authorization control list (ACL) for each shared virtual folder, said ACL listing identifiers of entities authorized to decrypt the encrypted files that are part of the shared virtual folder, and are stored at the cloud storage provider, an ACL manager to manage the content of the ACL, said API with the cloud storage provider being such that it sends the encrypted file on a single account in the cloud storage provider, thus providing economical sharing of files among several entities by usage of the storage quota of a single account per file shared, and said API being such that, on request from one entity of the group for a file in the virtual folder, after a check of the authorization of said one entity in the ACL, it retrieves the shared encrypted file from the single account at the storage provider, decrypts the file to get clear-text file, and forwards the clear-text file to the requesting entity. |
