SYSTEM AND METHOD FOR SECURE REVIEW OF AUDIT LOGS
First Claim
Patent Images
1. A method for searching encrypted log data comprising:
- generating with a logging machine a first log message include first plaintext content;
identifying with the logging machine at least one keyword in the first log message;
encrypting with the logging machine the first log message using a first cryptographic key to produce a first encrypted log message;
generating with the logging machine a first encrypted searchable representation of the first message including the at least one keyword using a second cryptographic key, the second cryptographic key being different than the first cryptographic key;
transmitting with the logging machine the first encrypted searchable representation to an auditor;
performing with the auditor a search to identify at least one search keyword in the first encrypted searchable representation, the auditor using the second cryptographic key to access the first encrypted searchable representation; and
generating with the auditor a first output indicating presence or absence of the at least one search keyword from the first log message, the first output not including the first plaintext content of the first log message.
1 Assignment
0 Petitions
Accused Products
Abstract
Audit logs are a fundamental digital forensic mechanism for providing security in computer systems. In one embodiment, a system that enables the verification of log data integrity and that provides searchable encryption of the log data by an auditor includes a key generation center, logging machine, and an auditor computing device. The system enables Compromise-Resilient Searchable Encryption, Authentication and Integrity, Per-item QoF with E&A for Searchable Encrypted Audit Logs, and a Key Management and System Model.
-
Citations
20 Claims
-
1. A method for searching encrypted log data comprising:
-
generating with a logging machine a first log message include first plaintext content; identifying with the logging machine at least one keyword in the first log message; encrypting with the logging machine the first log message using a first cryptographic key to produce a first encrypted log message; generating with the logging machine a first encrypted searchable representation of the first message including the at least one keyword using a second cryptographic key, the second cryptographic key being different than the first cryptographic key; transmitting with the logging machine the first encrypted searchable representation to an auditor; performing with the auditor a search to identify at least one search keyword in the first encrypted searchable representation, the auditor using the second cryptographic key to access the first encrypted searchable representation; and generating with the auditor a first output indicating presence or absence of the at least one search keyword from the first log message, the first output not including the first plaintext content of the first log message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An encrypted log generation and audit system comprising:
-
a logging machine communicatively coupled to an auditor, the logging machine being configured to; generate a first log message include first plaintext content; identify at least one keyword in the first log message; encrypt the first log message using a first cryptographic key to produce a first encrypted log message; generate a first encrypted searchable representation of the first message including the at least one keyword using a second cryptographic key, the second cryptographic key being different than the first cryptographic key; and transmit the first encrypted searchable representation to the auditor; and the auditor being configured to; perform a search to identify at least one search keyword in the first encrypted searchable representation, the auditor using the second cryptographic key to access the first encrypted searchable representation; and generate a first output indicating presence or absence of the at least one search keyword from the first log message, the first output not including the first plaintext content of the first log message. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification