Searchable encryption enabling encrypted search based on document type
First Claim
Patent Images
1. A method comprising:
- receiving, at a network intermediary device over a communication network, a received document destined for a cloud service provider, the received document having a received document type;
determining the received document type of the received document;
determining a received document type identifier corresponding to the received document type;
selecting one or more keywords in the received document;
for each selected one or more keywords in the received document;
deriving a plurality of keys for the selected keyword;
encrypting a document index identifying the received document using a first key of the plurality of keys;
generating an encrypted keyword label by using a second key of the plurality of keys to encode the received document type identifier and a selected keyword counter value indicative of a count of occurrences of the selected keyword in previously encrypted documents of the received document type, and by applying a pseudorandom function to the received document type identifier; and
generating a search index entry mapping the encrypted keyword label to the encrypted document index;
generating a search index in response to the search index entries generated for the one or more keywords in the received document;
encrypting the received document using a second encryption algorithm;
transmitting the encrypted document to the cloud service provider;
storing the encrypted document at the cloud service provider;
receiving, at the network intermediary device, a search request with a search term for all document types;
setting a search document type identifier to an initial search document type identifier value;
setting a search counter value to an initial search counter value;
generating a search term label by applying the pseudorandom function using a key being a function of the search term to encode the search document type identifier and the search counter value;
searching for the search term label in the search index;
in response to the search term label matching the encrypted keyword label in the search index;
retrieving from the search index the encrypted document index mapped to the encrypted keyword label;
incrementing the search counter value; and
after incrementing the search counter value, regenerating the search term label by applying the pseudorandom function using the key being a function of the search term to encode the search document type identifier and the search counter value;
in response to the search term label not matching any encrypted keyword label in the search index;
setting the search document type identifier to a next document type identifier;
resetting the search counter value to the initial search counter value;
after setting the search document type identifier to the next document type identifier and resetting the search counter value to the initial search counter value, regenerating the search term label by applying the pseudorandom function using the key being a function of the search term to encode the search document type identifier and the search counter value;
decrypting the retrieved encrypted document index;
retrieving the encrypted document from the cloud service provider using the decrypted document index;
decrypting the retrieved document; and
providing the decrypted document as the search result.
6 Assignments
0 Petitions
Accused Products
Abstract
A searchable encryption method enables encrypted search of encrypted documents based on document type. In some embodiments, the searchable encryption method is implemented in a network intermediary, such as a proxy server. The network intermediary encrypts documents on behalf of a user or an enterprise destined to be stored on a cloud service provider. The searchable encryption method encodes document type information into the encrypted search index while preserving encryption security. Furthermore, the searchable encryption method enables search of encrypted documents using the same encrypted index, either for a particular document type or for all encrypted documents regardless of the document type.
-
Citations
15 Claims
-
1. A method comprising:
-
receiving, at a network intermediary device over a communication network, a received document destined for a cloud service provider, the received document having a received document type; determining the received document type of the received document; determining a received document type identifier corresponding to the received document type; selecting one or more keywords in the received document; for each selected one or more keywords in the received document; deriving a plurality of keys for the selected keyword; encrypting a document index identifying the received document using a first key of the plurality of keys; generating an encrypted keyword label by using a second key of the plurality of keys to encode the received document type identifier and a selected keyword counter value indicative of a count of occurrences of the selected keyword in previously encrypted documents of the received document type, and by applying a pseudorandom function to the received document type identifier; and generating a search index entry mapping the encrypted keyword label to the encrypted document index; generating a search index in response to the search index entries generated for the one or more keywords in the received document; encrypting the received document using a second encryption algorithm; transmitting the encrypted document to the cloud service provider; storing the encrypted document at the cloud service provider; receiving, at the network intermediary device, a search request with a search term for all document types; setting a search document type identifier to an initial search document type identifier value; setting a search counter value to an initial search counter value; generating a search term label by applying the pseudorandom function using a key being a function of the search term to encode the search document type identifier and the search counter value; searching for the search term label in the search index; in response to the search term label matching the encrypted keyword label in the search index; retrieving from the search index the encrypted document index mapped to the encrypted keyword label; incrementing the search counter value; and after incrementing the search counter value, regenerating the search term label by applying the pseudorandom function using the key being a function of the search term to encode the search document type identifier and the search counter value; in response to the search term label not matching any encrypted keyword label in the search index; setting the search document type identifier to a next document type identifier; resetting the search counter value to the initial search counter value; after setting the search document type identifier to the next document type identifier and resetting the search counter value to the initial search counter value, regenerating the search term label by applying the pseudorandom function using the key being a function of the search term to encode the search document type identifier and the search counter value; decrypting the retrieved encrypted document index; retrieving the encrypted document from the cloud service provider using the decrypted document index; decrypting the retrieved document; and providing the decrypted document as the search result. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
memory; at least one hardware processor that is coupled to the memory and that is configured to; receive a received document destined for a cloud service provider, the received document having a received document type; determine the received document type of the received document; determine a received document type identifier corresponding to the received document type; select one or more keywords in the received document; for each selected one or more keywords in the received document; derive a plurality of keys for the selected keyword; encrypt a document index identifying the received document using a first of the plurality of keys; generate an encrypted keyword label by using a second of the plurality of keys to encode the received document type identifier and a selected keyword counter value indicative of a count of occurrences of the selected keyword in previously encrypted documents of the received document type, and by applying a pseudorandom function to the received document type identifier; and generate a search index entry mapping the encrypted keyword label to the encrypted document index; generate a search index in response to the search index entries generated for the one or more keywords in the received document; encrypt the received document using a second encryption algorithm; transmit the encrypted document to the cloud service provider; store the encrypted document at the cloud service provider; receive a search request with a search term for all document types; set a search document type identifier to an initial search document type identifier value; set a search counter value to an initial search counter value; generate a search term label by applying the pseudorandom function using a key being a function of the search term to encode the search document type identifier and the search counter value; search for the search term label in the search index; in response to the search term label matching the encrypted keyword label in the search index; retrieve from the search index the encrypted document index mapped to the encrypted keyword label; increment the search counter value; and after incrementing the search counter value, regenerate the search term label by applying the pseudorandom function using the key being a function of the search term to encode the search document type identifier and the search counter value; in response to the search term label not matching any encrypted keyword label in the search index; set the search document type identifier to a next document type identifier; reset the search counter value to the initial search counter value; after setting the search document type identifier to the next document type identifier and resetting the search counter value to the initial search counter value, regenerate the search term label by applying the pseudorandom function using the key being a function of the search term to encode the search document type identifier and the search counter value; decrypt the retrieved encrypted document index; retrieve the encrypted document from the cloud service provider using the decrypted document index; decrypt the retrieved document; and provide the decrypted document as the search result. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method comprising:
-
receiving a received document destined for a cloud service provider, the received document having a received document type; determining the received document type of the received document; determining a received document type identifier corresponding to the received document type; selecting one or more keywords in the received document; for each selected one or more keywords in the received document; deriving a plurality of keys for the selected keyword; encrypting a document index identifying the received document using a first key of the plurality of keys; generating an encrypted keyword label by using a second key of the plurality of keys to encode the received document type identifier and a selected keyword counter value indicative of a count of occurrences of the selected keyword in previously encrypted documents of the received document type, and by applying a pseudorandom function to the received document type identifier; and generating a search index entry mapping the encrypted keyword label to the encrypted document index; generating a search index in response to the search index entries generated for the one or more keywords in the received document; encrypting the received document using a second encryption algorithm; transmitting the encrypted document to the cloud service provider; storing the encrypted document at the cloud service provider; receiving, at the network intermediary device, a search request with a search term for all document types; setting a search document type identifier to an initial search document type identifier value; setting a search counter value to an initial search counter value; generating a search term label by applying the pseudorandom function using a key being a function of the search term to encode the search document type identifier and the search counter value; searching for the search term label in the search index; in response to the search term label matching the encrypted keyword label in the search index; retrieving from the search index the encrypted document index mapped to the encrypted keyword label; incrementing the search counter value; and after incrementing the search counter value, regenerating the search term label by applying the pseudorandom function using the key being a function of the search term to encode the search document type identifier and the search counter value; in response to the search term label not matching any encrypted keyword label in the search index; setting the search document type identifier to a next document type identifier; resetting the search counter value to the initial search counter value; after setting the search document type identifier to the next document type identifier and resetting the search counter value to the initial search counter value, regenerating the search term label by applying the pseudorandom function using the key being a function of the search term to encode the search document type identifier and the search counter value; decrypting the retrieved encrypted document index; retrieving the encrypted document from the cloud service provider using the decrypted document index; decrypting the retrieved document; and providing the decrypted document as the search result. - View Dependent Claims (12, 13, 14, 15)
-
Specification