Wildcard search in encrypted text
First Claim
1. A method for wildcard searchable encryption of cloud stored data, comprising:
- receiving, at a network intermediary, a document destined for a cloud service provider;
processing, at the network intermediary, the content of the document to generate a plurality of keyword-wildcard combinations in plaintext for some or all of the keywords in the document;
generating a processed document including the original document content and the keyword-wildcard combinations in plaintext appended to the original document;
encrypting the processed document using an exact match searchable encryption algorithm;
generating one or more entries in a search index stored in the network intermediary, the one or more entries including a mapping of encrypted keyword labels to an encrypted document index identifying the document being encrypted, the encrypted keyword labels being generated using at least some keywords of the original document content and at least some keyword-wildcard combinations appended to processed document;
encrypting the original document using a second encryption algorithm; and
transmitting the encrypted document to the cloud service provider.
11 Assignments
0 Petitions
Accused Products
Abstract
A wildcard searchable encryption method enables wildcard search of encrypted text in a cloud-stored encrypted document. In some embodiments, the wildcard searchable encryption method is implemented in a network intermediary, such as a proxy server. The network intermediary encrypts documents on behalf of a user or an enterprise destined to be stored on a cloud service provider. The wildcard searchable encryption method performs keyword pre-processing of the document to be encrypted to generate a set of keyword-wildcard combinations in plaintext for some or all of the keywords in the document. The processed document is encrypted using an exact match searchable encryption algorithm. As a result of the encryption process, a search index is generated to include the keyword-wildcard combinations. As thus configured, the wildcard searchable encryption method enables wildcard search of the encrypted text, such as searches for prefixes or suffixes of the keywords.
-
Citations
20 Claims
-
1. A method for wildcard searchable encryption of cloud stored data, comprising:
-
receiving, at a network intermediary, a document destined for a cloud service provider; processing, at the network intermediary, the content of the document to generate a plurality of keyword-wildcard combinations in plaintext for some or all of the keywords in the document; generating a processed document including the original document content and the keyword-wildcard combinations in plaintext appended to the original document; encrypting the processed document using an exact match searchable encryption algorithm; generating one or more entries in a search index stored in the network intermediary, the one or more entries including a mapping of encrypted keyword labels to an encrypted document index identifying the document being encrypted, the encrypted keyword labels being generated using at least some keywords of the original document content and at least some keyword-wildcard combinations appended to processed document; encrypting the original document using a second encryption algorithm; and transmitting the encrypted document to the cloud service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for wildcard searchable encryption of cloud stored data, comprising:
-
a memory; a hardware processor coupled to the memory and configured to receive a document destined for a cloud service provider, to process the content of the document to generate a plurality of keyword-wildcard combinations in plaintext for some or all of the keywords in the document, to generate a processed document including the original document content and the keyword-wildcard combinations in plaintext appended to the original document, to encrypt the processed document using an exact match searchable encryption algorithm, to generate one or more entries in a search index stored in the network intermediary, the one or more entries including a mapping of encrypted keyword labels to an encrypted document index identifying the document being encrypted where the encrypted keyword labels are generated using at least some keywords of the original document content and at least some keyword-wildcard combinations appended to processed document, to encrypt the original document using a second encryption algorithm, and to transmit the encrypted document to the cloud service provider. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification