WILDCARD SEARCH IN ENCRYPTED TEXT USING ORDER PRESERVING ENCRYPTION
First Claim
1. A method for performing wildcard search of encrypted cloud stored data comprising:
- receiving, at a network intermediary, a document destined for a cloud service provider;
encrypting, at a network intermediary, the document using a document encryption algorithm;
generating a set of permuted keyword strings for each of some or all of the keywords in the document, the set of permuted keyword strings for each keyword being generated by adding a first character delimiter before the first character of the keyword and applying cyclic rotation of the characters of the keyword, including the first character limiter;
encrypting the permuted keyword strings using an order preserving encryption algorithm;
storing the encrypted permuted keyword strings in a database; and
transmitting the encrypted document to the cloud service provider.
10 Assignments
0 Petitions
Accused Products
Abstract
A encrypted text wildcard search method enables wildcard search of encrypted text by using a permuterm index storing permuted keyword strings that are encrypted using an order preserving encryption algorithm. The permuted keyword strings are encrypted using an order preserving encryption algorithm or a modular order preserving encryption algorithm and stored in the permuterm index. In response to a search query containing a wildcard search term, the encrypted text wildcard search method transforms the wildcard search term to a permuted search term having a prefix search format. The permuted search term having the prefix search format is then used to perform a range query of the permuterm index to retrieve permuted keyword strings having ciphertext values that fall within the range query. In some embodiments, the encrypted text wildcard search method enables prefix search, suffix search, inner-wildcard search, substring search and multiple wildcard search of encrypted text.
19 Citations
16 Claims
-
1. A method for performing wildcard search of encrypted cloud stored data comprising:
-
receiving, at a network intermediary, a document destined for a cloud service provider; encrypting, at a network intermediary, the document using a document encryption algorithm; generating a set of permuted keyword strings for each of some or all of the keywords in the document, the set of permuted keyword strings for each keyword being generated by adding a first character delimiter before the first character of the keyword and applying cyclic rotation of the characters of the keyword, including the first character limiter; encrypting the permuted keyword strings using an order preserving encryption algorithm; storing the encrypted permuted keyword strings in a database; and transmitting the encrypted document to the cloud service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for performing wildcard search of encrypted cloud stored data, comprising:
-
a network proxy server configured as a network intermediary between a user device and a cloud service provider storing encrypted files on behalf of the user device; and a database in communication with the network proxy server, wherein the network proxy server is configured to receive a document destined for the cloud service provider, to encrypt the document using a document encryption algorithm, to generate a set of permuted keyword strings for each of some or all of the keywords in the document, the set of permuted keyword strings for each keyword being generated by adding a first character delimiter before the first character of the keyword and applying cyclic rotation of the characters of the keyword, including the first character limiter, to encrypt the permuted keyword strings using an order preserving encryption algorithm, to store the encrypted permuted keyword strings in the database, and to transmit the encrypted document to the cloud service provider. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification