High privacy of file synchronization with sharing functionality

摘要

Systems and methods for providing privacy of file synchronization with sharing functionality are presented. In embodiments, a file synchronization system comprises one or more folders associated with one or more non-shared encryption keys, which may be a managed key shared across an organization, and/or a personal key that is not shared or has limited third-party sharing. The one or more non-shared encryption keys are not known to the data storage service. The file synchronization system may also include one or more folders associated with a shared encryption key that is shared with the data storage service, and in embodiments, with a set of users of the service. The system may include a mapping correlating folders to encryption type so items in each folder can be handled appropriately. The system may have additional folders, such as one or more public folders that may be available with limited or no restrictions.

主权项

1. A synchronization system client for synchronizing files and providing sharing capabilities, comprising:
at least one not-shared-key folder for storing items to be encrypted with a not-shared key and to be synchronized with a remote datastore, wherein the not-shared key is not shared with the remote datastore; at least one shared-key folder for storing items to be encrypted with a shared key and to be synchronized with the remote datastore, wherein at least the client system and the remote datastore have access to the shared key; a folder encryption map that associates the not-shared key with the at least one not-shared-key folder and associates the shared key with the at least one shared-key folder; and a differential encryption component that, responsive to an item changing within at least one of the at least one not-shared-key folder and the at least one shared-key folder, interfaces with the folder encryption map to access and encrypt the item to be transmitted to and stored at the remote datastore.