Systems and methods for cryptographically-secure queries using filters generated by multiple parties

US 10,503,730 B1
Filed: 12/28/2016
Issued: 12/10/2019
Est. Priority Date: 12/28/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising the steps of:

receiving a search request at an electronic computing device, the search request comprising one or more phrases to be searched against a plurality of filters representing a plurality of data items stored in a search system;

transforming each of the one or more phrases according to a first predetermined algorithm to generate a masked version of each of the one or more phrases;

transmitting the masked version of each of the one or more phrases to a third party system for securing the masked version of each of the one or more phrases;

receiving, at the electronic computing device, a secured version of the one or more phrases from the third party system;

transforming the received secured version of the one or more phrases according to a second predetermined algorithm to generate query data; and

transmitting the query data to the search system, wherein the search system runs the query data through the plurality of filters to identify one or more data items corresponding to the search request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods that permit the querying of encrypted data in a cryptographically-secure manner. Generally, data that has been encrypted cannot be queried using plaintext terms because it is in ciphertext. Accordingly, use of filters that correspond to the encrypted data and are generated by multiple parties permits querying of the data without decrypting the data or compromising the security of the encrypted data or of the queries against that data.

Citations

14 Claims

1. A method, comprising the steps of:
- receiving a search request at an electronic computing device, the search request comprising one or more phrases to be searched against a plurality of filters representing a plurality of data items stored in a search system;
  
  transforming each of the one or more phrases according to a first predetermined algorithm to generate a masked version of each of the one or more phrases;
  
  transmitting the masked version of each of the one or more phrases to a third party system for securing the masked version of each of the one or more phrases;
  
  receiving, at the electronic computing device, a secured version of the one or more phrases from the third party system;
  
  transforming the received secured version of the one or more phrases according to a second predetermined algorithm to generate query data; and
  
  transmitting the query data to the search system, wherein the search system runs the query data through the plurality of filters to identify one or more data items corresponding to the search request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising the steps of:
    - receiving, at the electronic computing device, a list of references to the one or more data items corresponding to the search request from the search system; and
      
      accessing, based on the list of references to the one or more data items corresponding to the search request, the one or more data items corresponding to the search request.
  - 3. The method of claim 2, wherein the step of accessing further comprises decrypting the one or more data items corresponding to the search request.
  - 4. The method of claim 1, further comprising the step of preprocessing the search request prior to transforming each of the one or more phrases according to predefined rules for removal of redundant phrases from, removal of commonly-used phrases from, and/or stemming of the plurality of phrases.
  - 5. The method of claim 1, wherein the search system, to run the query data through the plurality of filters, identifies contextual data corresponding to the one or more data items corresponding to the search request.
  - 6. The method of claim 1, wherein the one or more phrases are cleartext and the plurality of data items are ciphertext.
  - 7. The method of claim 1, wherein the search system, to run the query data through the plurality of filters, performs a set membership check of each of the plurality of filters based on the query data.

8. A system, comprising:
- an electronic computing device that receives a search request comprising one or more phrases to be searched against a plurality of filters representing one or more data items, wherein the electronic computing device transforms each of the one or more phrases according to a first predetermined algorithm to generate a masked version of each of the one or more phrases and transmits the masked version of each of the one or more phrases to a third party system;
  
  the third party system that receives the masked version of each of the one or more phrases from the electronic computing device, wherein the third party system transforms the masked version of each of the one or more phrases according to a predetermined cryptographic algorithm to generate a secured version of the one or more phrases and transmits the secured version of the one or more phrases back to the electronic computing device;
  
  the electronic computing device that receives the secured version of the one or more phrases from the third party system, wherein the electronic computing device transforms the received secured version of the one or more phrases according to a second predetermined algorithm to generate query data and transmits the query data to a search system; and
  
  the search system that receives the query data, wherein the search system runs the query data through the plurality of filters to identify one or more data items corresponding to the search request.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the search system determines a list of references to the one or more data items corresponding to the search request and transmits the list of references to the one or more data items corresponding to the search request back to the electronic computing device;
    - andthe electronic computing device that receives the list of references to the one or more data items corresponding to the search request from the search system, wherein the electronic computing device accesses the one or more data items corresponding to the search request based on the list of references to the one or more data items corresponding to the search request.
  - 10. The system of claim 9, wherein the electronic computing device decrypts the one or more data items corresponding to the search request as part of accessing the one or more data items corresponding to the search request.
  - 11. The system of claim 8, wherein the electronic computing device preprocesses the search request prior to transforming each of the one or more phrases according to predefined rules for removal of redundant phrases from, removal of commonly-used phrases from, and/or stemming of the plurality of phrases.
  - 12. The system of claim 8, wherein the search system, to run the query data through the plurality of filters, identifies contextual data corresponding to the one or more data items corresponding to the search request.
  - 13. The system of claim 8, wherein the third party system transforms the masked version of each of the one or more phrases using a cryptographic key and the electronic computing device has no access to or knowledge of the cryptographic key.
  - 14. The system of claim 8, wherein the search system, to run the query data through the plurality of filters, performs a set membership check of each of the plurality of filters based on the query data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ionic Security, Inc. (Twilio, Inc.)
Original Assignee
Ionic Security, Inc. (Twilio, Inc.)
Inventors
Speers, Ryan Mark, Ghetti, Adam, Vohaska, Brian Michael, Eckman, Jeremy Michael, Ray, Katrina Jean, Burns, Jonathan Thomas
Primary Examiner(s)
Phillips, III, Albert M

Application Number

US15/392,561
Time in Patent Office

1,077 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2365   Ensuring data consistency a...

G06F 16/2425   Iterative querying; Query f...

G06F 16/332   Query formulation

G06F 21/602   Providing cryptographic fac...

G06F 21/6227   where protection concerns t...

Systems and methods for cryptographically-secure queries using filters generated by multiple parties

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for cryptographically-secure queries using filters generated by multiple parties

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links