Secure and searchable storage system and method
First Claim
1. A system for storing electronic documents in a secure and searchable manner, the system including a client portion and a server portion, the client portion being located at a trusted location and comprising:
- a parser to parse electronic documents received at the client portion to identify terms of interest within the received electronic document;
a search and retrieval interface to specify one or more terms of interest to identify and retrieve one or more documents from the server portion;
a first encryptor to encrypt identified terms of interest to obtain cipher text versions of the terms of interest;
a second encryptor to encrypt the received document to obtain a ciphertext version of the received document;
a decryptor to decrypt a ciphertext version of a retrieved document to obtain a plaintext version; and
client communications means to transfer the ciphertext version of the received document and/or the ciphertext version of the identified terms to a server portion and to receive a ciphertext version of documents from the server portion; and
the server portion comprising;
server communications means to receive from a client portion the ciphertext version of a document and the ciphertext version of identified terms and to transfer the ciphertext version of an identified document to the client portion;
a storage device to store ciphertext versions of documents received from the client portion; and
and an indexer and search engine to construct and maintain a searchable index of received ciphertext versions of identified terms contained in the ciphertext versions of documents received from the client portion and responsive to the search and retrieval interface of the client portion to cause the storage device and the server communications means to transfer ciphertext copies of the identified documents of interest to the client portion.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method for securely storing electronic documents is provided. The system includes a client portion and a server portion and the client portion is located at a trusted location. The client portion encrypts each electronic document and produces a list of terms of interest relating to the document, which terms are also encrypted. The encrypted document and the encrypted terms are transferred to a server portion which need not be located at a trusted location. The document is stored at the server portion in a manner which allows for locating the document again via the encrypted terms and returning the encrypted document to the trusted client portion, where it can be decrypted. Attachments to documents can also be encrypted and stored at the server, as can copies of dynamic documents, such as web pages. The server portion can also have a retention manager and encryptor which is used to implement document retention and destruction policies defined by the user of the system.
303 Citations
15 Claims
-
1. A system for storing electronic documents in a secure and searchable manner, the system including a client portion and a server portion, the client portion being located at a trusted location and comprising:
-
a parser to parse electronic documents received at the client portion to identify terms of interest within the received electronic document;
a search and retrieval interface to specify one or more terms of interest to identify and retrieve one or more documents from the server portion;
a first encryptor to encrypt identified terms of interest to obtain cipher text versions of the terms of interest;
a second encryptor to encrypt the received document to obtain a ciphertext version of the received document;
a decryptor to decrypt a ciphertext version of a retrieved document to obtain a plaintext version; and
client communications means to transfer the ciphertext version of the received document and/or the ciphertext version of the identified terms to a server portion and to receive a ciphertext version of documents from the server portion; and
the server portion comprising;
server communications means to receive from a client portion the ciphertext version of a document and the ciphertext version of identified terms and to transfer the ciphertext version of an identified document to the client portion;
a storage device to store ciphertext versions of documents received from the client portion; and
and an indexer and search engine to construct and maintain a searchable index of received ciphertext versions of identified terms contained in the ciphertext versions of documents received from the client portion and responsive to the search and retrieval interface of the client portion to cause the storage device and the server communications means to transfer ciphertext copies of the identified documents of interest to the client portion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of securely storing electronic documents in a secure and searchable manner, comprising the steps of:
-
at a trusted location, receiving copies of electronic documents to be stored;
parsing the received copies to identify terms of interest in the documents;
encrypting the received documents to obtain ciphertext versions of the received documents and encrypting the identified terms of interest found in each document to obtain ciphertext copies of the terms;
transferring the ciphertext copies of the documents and identified terms to a second location over a communications link;
receiving the ciphertext copies of the documents at the second location and storing received ciphertext copies on a storage device;
receiving the ciphertext copies of the identified terms of interest at the second location and constructing and maintaining an index which indicates, for each received ciphertext term of interest, the storage location of each ciphertext copy of the documents which contains the term of interest; and
providing a search interface at the trusted location wherein a user can search for a stored ciphertext copy of a document stored on the storage device by defining a query containing one or more plaintext terms of interest, the plaintext terms of interest being encrypted and, over the communications link, being compared to the ciphertext terms in the index to identify the ciphertext copies of documents stored on the storage device; and
transmitting the identified ciphertext copies of documents over the communications link to the trusted location and decrypting the transmitted ciphertext copies of the documents at the trusted location to obtain plaintext copies of the identified documents. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification