SECURE APPLICATION ACCESS SYSTEM

US 20150039887A1
Filed: 12/09/2013
Published: 02/05/2015
Est. Priority Date: 08/01/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

requesting, by a first device, an encrypted record from a second device;

receiving, by the first device, an encrypted record from a second device;

decrypting, by the first device, the received encrypted record as decrypted data;

creating, by the first device, an index of keywords;

searching the decrypted data, when a keyword in the index is encountered in the decrypted data, associating an encrypted record location identifier in the index with the encountered keyword.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A proxy server creates an index of keywords, receives an encrypted record, decrypts the received encrypted record as decrypted data and, when a keyword in the index is encountered in the decrypted data, associates in the index an encrypted record location identifier with the encountered keyword. The proxy server receives a search query and uses the keyword index to retrieve encrypted records from the server. The encrypted records are decrypted and sent as search results in response to the search query.

90 Citations

View as Search Results

30 Claims

1. A method, comprising:
- requesting, by a first device, an encrypted record from a second device;
  
  receiving, by the first device, an encrypted record from a second device;
  
  decrypting, by the first device, the received encrypted record as decrypted data;
  
  creating, by the first device, an index of keywords;
  
  searching the decrypted data, when a keyword in the index is encountered in the decrypted data, associating an encrypted record location identifier in the index with the encountered keyword.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as recited in claim 1, wherein the encrypted location identifier is a pointer to an encrypted data record.
  - 3. The method as recited in claim 1, further comprising:
    - wherein the encrypted location identifier is a unique identifier string; and
      
      inserting the unique identifier string in the encrypted record corresponding to a location where the keyword was encountered;
      
      sending the encrypted record to the second device to replace the requested encrypted record on the second device.
  - 4. The method as recited in claim 1, further comprising:
    - encrypting the decrypted data as a new encrypted record using a new encryption key;
      
      sending the new encrypted record to the second device to replace the requested encrypted record on the second device.
  - 5. The method as recited in claim 1, wherein the second device is a server.
  - 6. The method as recited in claim 1, wherein the first device is a proxy server.
  - 7. The method as recited in claim 1, wherein an index is created for a particular cloud application program.
  - 8. The method as recited in claim 1, wherein an index is created for a particular user.
  - 9. The method as recited in claim 1, further comprising:
    - receiving, by the first device, a search query, the search query comprising one or more keywords;
      
      matching the one or more keywords with one or more keywords in the index;
      
      in response to a match of a keyword in the index, issuing a search query to the second device, the search query including an encrypted location identifier associated with the matched keyword.
  - 10. The method as recited in claim 9, further comprising:
    - receiving, by the first device, a search result set from the second device, the search result set including at least one encrypted record;
      
      decrypting the at least one encrypted record;
      
      including the decrypted at least one encrypted record in a second search result set;
      
      sending the second search result set to a third device.

11. An apparatus, comprising:
- a subsystem at a first device, implemented at least partially in hardware, that requests an encrypted record from a second device;
  
  a subsystem at a first device, implemented at least partially in hardware, that receives an encrypted record from a second device;
  
  a subsystem at a first device, implemented at least partially in hardware, that decrypts the received encrypted record as decrypted data;
  
  a subsystem at a first device, implemented at least partially in hardware, that creates an index of keywords;
  
  a subsystem at a first device, implemented at least partially in hardware, that searches the decrypted data, when a keyword in the index is encountered in the decrypted data, associates an encrypted record location identifier in the index with the encountered keyword.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus as recited in claim 11, wherein the encrypted location identifier is a pointer to an encrypted data record.
  - 13. The apparatus as recited in claim 11, further comprising:
    - wherein the encrypted location identifier is a unique identifier string; and
      
      a subsystem at a first device, implemented at least partially in hardware, that inserts the unique identifier string in the encrypted record corresponding to a location where the keyword was encountered;
      
      a subsystem at a first device, implemented at least partially in hardware, that sends the encrypted record to the second device to replace the requested encrypted record on the second device.
  - 14. The apparatus as recited in claim 11, further comprising:
    - a subsystem at a first device, implemented at least partially in hardware, that encrypts the decrypted data as a new encrypted record using a new encryption key;
      
      a subsystem at a first device, implemented at least partially in hardware, that sends the new encrypted record to the second device to replace the requested encrypted record on the second device.
  - 15. The apparatus as recited in claim 11, wherein the second device is a server.
  - 16. The apparatus as recited in claim 11, wherein the first device is a proxy server.
  - 17. The apparatus as recited in claim 11, wherein an index is created for a particular cloud application program.
  - 18. The apparatus as recited in claim 11, wherein an index is created for a particular user.
  - 19. The apparatus as recited in claim 11, further comprising:
    - a subsystem at a first device, implemented at least partially in hardware, that receives a search query, the search query comprising one or more keywords;
      
      a subsystem at a first device, implemented at least partially in hardware, that matches the one or more keywords with one or more keywords in the index;
      
      a subsystem at a first device, implemented at least partially in hardware, that, in response to a match of a keyword in the index, issues a search query to the second device, the search query including an encrypted location identifier associated with the matched keyword.
  - 20. The apparatus as recited in claim 19, further comprising:
    - a subsystem at a first device, implemented at least partially in hardware, that receives, by the first device, a search result set from the second device, the search result set including at least one encrypted record;
      
      a subsystem at a first device, implemented at least partially in hardware, that decrypts the at least one encrypted record;
      
      a subsystem at a first device, implemented at least partially in hardware, that includes the decrypted at least one encrypted record in a second search result set;
      
      a subsystem at a first device, implemented at least partially in hardware, that sends the second search result set to a third device.

21. A non-transitory computer readable medium, storing software instructions, which when executed by one or more processors cause performance of:
- requesting, by a first device, an encrypted record from a second device;
  
  receiving, by the first device, an encrypted record from a second device;
  
  decrypting, by the first device, the received encrypted record as decrypted data;
  
  creating, by the first device, an index of keywords;
  
  searching the decrypted data, when a keyword in the index is encountered in the decrypted data, associating an encrypted record location identifier in the index with the encountered keyword.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The non-transitory computer readable medium as recited in claim 21, wherein the encrypted location identifier is a pointer to an encrypted data record.
  - 23. The non-transitory computer readable medium as recited in claim 21, further comprising:
    - wherein the encrypted location identifier is a unique identifier string; and
      
      inserting the unique identifier string in the encrypted record corresponding to a location where the keyword was encountered;
      
      sending the encrypted record to the second device to replace the requested encrypted record on the second device.
  - 24. The non-transitory computer readable medium as recited in claim 21, further comprising:
    - encrypting the decrypted data as a new encrypted record using a new encryption key;
      
      sending the new encrypted record to the second device to replace the requested encrypted record on the second device.
  - 25. The non-transitory computer readable medium as recited in claim 21, wherein the second device is a server.
  - 26. The non-transitory computer readable medium as recited in claim 21, wherein the first device is a proxy server.
  - 27. The non-transitory computer readable medium as recited in claim 21, wherein an index is created for a particular cloud application program.
  - 28. The non-transitory computer readable medium as recited in claim 21, wherein an index is created for a particular user.
  - 29. The non-transitory computer readable medium as recited in claim 21, further comprising:
    - receiving, by the first device, a search query, the search query comprising one or more keywords;
      
      matching the one or more keywords with one or more keywords in the index;
      
      in response to a match of a keyword in the index, issuing a search query to the second device, the search query including an encrypted location identifier associated with the matched keyword.
  - 30. The non-transitory computer readable medium as recited in claim 29, further comprising:
    - receiving, by the first device, a search result set from the second device, the search result set including at least one encrypted record;
      
      decrypting the at least one encrypted record;
      
      including the decrypted at least one encrypted record in a second search result set;
      
      sending the second search result set to a third device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bitglass, Inc. (Forcepoint LLC)
Original Assignee
Bitglass, Inc. (Forcepoint LLC)
Inventors
Kahol, Anurag, Bhattacharjya, Anoop Kumar, Kausik, Balas Natarajan

Granted Patent

US 9,552,492 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/6227   where protection concerns t...

H04L 41/0893   Assignment of logical group...

H04L 63/0272   Virtual private networks

H04L 63/0471   applying encryption by an i...

H04L 63/105   Multiple levels of security

H04L 67/56   Provisioning of proxy servi...

SECURE APPLICATION ACCESS SYSTEM

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE APPLICATION ACCESS SYSTEM

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links