A multi-user
file storage service and
system enable each user of a pre-subscribed
user group to operate an arbitrary
client node at an arbitrary geographic location, to communicate with a remote
file server node via a
wide area network and to access the files of the file group via the respective
client node in communication with the remote
file server node via the
wide area network. More than one user of the pre-subscribed
user group is permitted to access the file group at the remote
file server node simultaneously. Illustratively, the integrity of the files at the remote file
server node are maintained by controlling each access to each file at the remote file
server node so that each access to files at the remote file
server is performed, if at all, on a respective portion of each file as most recently updated at the remote file server node. Thus, all native
operating system application
programming interfaces operate as if all multi-user applications accessing the files function as if the remote server and
client nodes were on the same
local area network. Illustratively, an interface is provided for adapting file access one of the client nodes. The interface designates at the client node each accessible file of the group as stored on a
virtual storage device. The interface enables access to the designated files in a fashion which is indistinguishable, by users of, and applications executing at, the client node, with access to one or more files stored on a physical storage device that is locally present at the client node. Illustratively, an encrypted key is transferred from the remote file server node to one of the client nodes via a
secure channel. The key is encrypted using an
encryption function not known locally at the remote file server node. The transferred key is decrypted at the client node. The key is used at the client node to decrypt information of the files downloaded from the remote file server node or to encrypt information of the files prior to uploading for storage at the remote file server node.
Access control to a particular one of the files of the group can be delegated to an
access control node.