TECHNIQUES FOR SECURE NETWORK SEARCHING

US 20090077060A1
Filed: 09/19/2007
Published: 03/19/2009
Est. Priority Date: 09/19/2007
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method, comprising:

acquiring a search and return process instructions for subsequent delivery of search results of the search, wherein the search and return process instructions are initially defined by a principal;

encrypting the search using a first public key of a search service that is to perform the search;

encrypting the return process instructions using a second public key of a return process that is to return the search results;

submitting the encrypted search to the search service and the encrypted return process instructions to the return process; and

receiving, from the return process, the search results in accordance with the return process instructions.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for network searching are provided. A search is defined and the search is encrypted in a format known to a search service. Return instructions are defined for delivering search results of the search to a principal that defined the search and the return instructions. The return instructions are encrypted in a different format know to a return search process. The encrypted search is delivered to the search service for processing the search and the encrypted return instructions are delivered to the return search process for handling search results provided by the search service and for conforming delivery of the search results to the return instructions.

64 Citations

View as Search Results

25 Claims

1. A machine-implemented method, comprising:
- acquiring a search and return process instructions for subsequent delivery of search results of the search, wherein the search and return process instructions are initially defined by a principal;
  
  encrypting the search using a first public key of a search service that is to perform the search;
  
  encrypting the return process instructions using a second public key of a return process that is to return the search results;
  
  submitting the encrypted search to the search service and the encrypted return process instructions to the return process; and
  
  receiving, from the return process, the search results in accordance with the return process instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein acquiring further includes recognizing the search as an extensible mark-up language (XML) encoded document produced by the principal and the return process instructions as another XML encoded document produced by the principal.
  - 3. The method of claim 2, wherein recognizing further includes identifying in the return process instructions as a communication manner in which the search results are to be returned, and wherein the manner includes one or more of the following:
    - via an email communication, via a text message communication, via a website posting communication, via a file placed in a designated directory, and via an instant message communication.
  - 4. The method of claim 1 further comprising:
    - acquiring a private key and a public key for the principal from an identity service on behalf of the principal, wherein the private and public keys are associated with an identity of the principal;
      
      receiving the search results in an encrypted format from the return process, the encrypted format using the public key; and
      
      decrypting the encrypted search results using the private key of the principal.
  - 5. The method of claim 4, wherein acquiring further includes recognizing the identity as a temporary identity or a new identity for the principal that the principal acquired for purposes of having the search executed in an anonymous transaction where a true identity for the principal remains anonymous when the search is executed and when the search results are returned.
  - 6. The method of claim 1 further comprising, acquiring the first public key and the second public key from an identity service.
  - 7. The method of claim 1 further comprising:
    - duplicating the search and the return process instructions one or more additional times;
      
      encrypting each additional duplicated search and return process instructions with a public key of a particular additional search service and a public key of a particular additional return process;
      
      submitting each additional duplicated and encrypted search to the particular additional search service to which it relates and submitting each additional duplicated and encrypted return process instructions to the particular additional return process to which it relates; and
      
      receiving one or more additional search results in accordance with the return instructions from each of the additional return processes.
  - 8. The method of claim 1, wherein encrypting the search further includes encrypting the search via a symmetric key and then encrypting the symmetric key using the first public key.
  - 9. The method of claim 1, wherein encrypting the return process instructions further includes encrypting the return processing instructions via a symmetric key and then encrypting the symmetric key using the second public key.

10. A machine-implemented method, comprising:
- receiving from a principal service an identity for a principal that is associated with a search being performed by a search service and receiving return search instructions in a first encrypted format;
  
  acquiring, from the search service, search results in a second encrypted format for the search that was executed by the search service; and
  
  sending to the principal the search results in accordance with a decrypted version of the return search instructions.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, wherein receiving further includes, receiving a public key associated with the principal from the principal service with the identity of the principal and with the return search instructions.
  - 12. The method of claim 11, wherein sending further includes encrypting the search results in the second encrypted format using the public key of the principal to produce a third encrypted format for the search results before the search results are sent to the principal in accordance with the return search instructions.
  - 13. The method of claim 11, wherein sending further includes decrypting the first encrypted format of the return search instructions using a private key before sending the search results to the principal in accordance with the return search instructions.
  - 14. The method of claim 10, wherein acquiring further includes acquiring a reference to the identity with the search results and matching that reference to the identity of the principal to ensure the search results, which are in the second encrypted format, are for the principal and the search.
  - 15. The method of claim 10, wherein sending further includes sending the search results to the principal in the second encrypted format, which was acquired from the search service and wherein that second encrypted format was encrypted by the search service using a public key of the search service and not known to the processing of the method.

16. A machine-implemented method, comprising:
- acquiring a temporary identity for a principal from an identity service along with a first public key, a first private key, a second public key, and a second private key for the temporary identity;
  
  acquiring, from the identity service, a search service public key for a search service and a return results public key for a search return process, the search service to process a search on behalf of the principal and then communicate the search results to the search return process in an encrypted format that uses the first public key, the first public key known to the search service but not the search return process and the second public key known to the search return process but not the search service;
  
  encrypting the search in a first format using the search service public key;
  
  encrypting return search instructions for the search results in a second format using the return results public key;
  
  sending the encrypted search in the first format to the search service over a wide-area network (WAN) connection;
  
  sending the encrypted return search instructions in the second format to the search return process over the WAN connection;
  
  receiving the search results from the search return process in response to the search service performing the search and receiving the search results in a third encrypted format and in accordance with the return search instructions; and
  
  decrypting the third encrypted format that the search results are in using one or more of the first private key and the second private key and providing the search results to the principal for use.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16 further comprising, supplying a reference to the temporary identity for the principal to the search service and the search return process to ensure the search return process can match the search results received from the search return process to the temporary identity, and wherein a true identity for the principal remains unknown to the search service and to the search return process.
  - 18. The method of claim 16 further comprising sending the first public key to the search service to encrypt the search results in a format that cannot be decrypted by the search return process and sending the second public key to the search return process to provide the search results in the third encrypted format.
  - 19. The method of claim 18 further comprising, recognizing the third encrypted format of the search results as a dual encrypted format that includes the encrypted format used by the search service using the first public key, which is not known to the search return process, and includes the third encrypted format that uses the second public key, which is not know to the search service.
  - 20. The method of claim 16 further comprising, communicating the first public key to the identity service for the search service to subsequently acquire and to encrypt the search results before providing the search results to the search return process and also communicating the second public key to the identity service for the search return process to subsequently acquire to produce the third encrypted format for the search results, and wherein the first public key is not accessible to the search return process via the identity service and the second public key is not accessible to the search service via the identity service.
  - 21. The method of claim 16 further comprising, iterating the processing of the method for duplicate instances of the search and the return search instructions with different keys associated with different search services and different search return processes.

22. A machine-implemented system, comprising:
- a request search service implemented in a machine accessible medium and to process on a machine; and
  
  a process search service implemented in a machine accessible medium and to process the machine or a different machine;
  
  wherein the request search service encrypts a search of a principal using a search service public key and encrypts search return instructions for delivering search results associated with the search service processing the search with a search return process public key, and wherein the encrypted search and search return instructions are delivered to the process search service, and wherein the process search service delivers the encrypted search to the search service along with a first public key for the principal and delivers the encrypted search return instructions to the search return process along with a second public key of the principal, and wherein the search is processed and the search results are encrypted by the search service using the first public key and delivered to the search return process, and the search return process encrypts the search results again with the second public key and then delivers the encrypted search results to the principal.
- View Dependent Claims (23, 24, 25)
- - 23. The system of claim 22 further comprising, an identity service implemented in a machine-accessible and readable medium and to process on the machine or a different machine, wherein the identity service supplies, manages, and delivers the keys in a secure and trusted fashion.
  - 24. The system of claim 23, wherein the identity service supplies a temporary identity to the principal that is associated with the first and second public keys and first and second private keys, and wherein a true identity of the principal is not known to the request search service, the process search service, the search service, and the search return process, just the temporary identity is known to these resources.
  - 25. The system of claim 22 further comprising, a receive results service implemented in a machine-accessible medium and to process on the machine or a different machine, and wherein the receive results service receives the encrypted search results from the search return process on behalf of the principal and decrypts using multiple private keys associated with the principal to deliver the search results in accordance with the search return instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
CPTN Holdings LLC
Inventors
Carter, Stephen R., Sermersheim, James Gerald

Granted Patent

US 8,010,779 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/83   Querying

G06F 21/6227   where protection concerns t...

H04L 63/0421   Anonymous communication, i....

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0478   applying multiple layers of...

H04L 67/10   in which an application is ...

TECHNIQUES FOR SECURE NETWORK SEARCHING

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

TECHNIQUES FOR SECURE NETWORK SEARCHING

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others