KEY SEARCH TOKEN FOR ENCRYPTED DATA

US 20170262546A1
Filed: 07/30/2014
Published: 09/14/2017
Est. Priority Date: 07/30/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

receiving, at a data storage system from a client, a key search token that has not been used to encrypt data records or keywords associated with the data records, said key search token being independent of an encryption key used to encrypt the data records associated with the key search token;

determining, by the data storage system, an encrypted data record associated with the key search token; and

transmitting, by the data storage system, the determined encrypted data record to the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations are directed, for example, to a method that includes receiving, at a data storage system from a client, a key search token that has not been used to encrypt data records or keywords associated with the data records. The key search token is independent of an encryption key used to encrypt the data records associated with the key search token. The method further includes determining an encrypted data record associated with the key search token, and transmitting the determined encrypted data record to the client. Implementations of the client are also provided.

37 Citations

View as Search Results

15 Claims

1. A method, comprising:
- receiving, at a data storage system from a client, a key search token that has not been used to encrypt data records or keywords associated with the data records, said key search token being independent of an encryption key used to encrypt the data records associated with the key search token;
  
  determining, by the data storage system, an encrypted data record associated with the key search token; and
  
  transmitting, by the data storage system, the determined encrypted data record to the client.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising generating the key search token by:
    - generating a parent encryption key; and
      
      deriving a child encryption key from the parent encryption key.
  - 3. The method of claim 1 further comprising:
    - generating a parent encryption key;
      
      deriving a first child encryption key from the parent encryption key to be used as a data encryption key;
      
      deriving a second child encryption key from the parent encryption key to be used as a keyword encryption key; and
      
      deriving a third child encryption key from the parent encryption key to be used as the key search token;
  - 4. The method of claim 1 further comprising generating a data structure to include a plurality of encrypted data records and, associated with each encrypted data record, an encrypted keyword and the key search token.
  - 5. The method of claim 1 further comprising generating a data structure to include a plurality of encrypted data records and, associated with each encrypted data record, an encrypted keyword, a plaintext keyword, and the key search token.
  - 6. The method of claim 1 further comprising generating the key search token by at least one of:
    - choosing an encryption key that is independent of a parent encryption key; and
      
      performing a symmetric encryption computation on the parent key and a salt value.

7. A data storage system, comprising:
- a storage device containing a data structure, the data structure to include a plurality of entries, each entry to include an encrypted data record and, associated with each encrypted data record, an encrypted keyword and a key search token, the key search token not used to encrypt data or a keyword, said key search token being independent of an encryption key used to encrypt the data records associated with the key search token; and
  
  a management unit coupled to the storage device, the management unit to receive a key search token and at least one of a plaintext keyword and an encrypted keyword for encrypted data record retrieval.
- View Dependent Claims (8, 9, 10)
- - 8. The data storage system of claim 7 wherein, for at least one entry, the data structure is to include a plurality of keywords associated with a corresponding encrypted data record, at least one such keyword is encrypted.
  - 9. The data storage system of claim 7 wherein, for at least one entry, the data structure is to include a plurality of encrypted keywords associated with a corresponding encrypted data record.
  - 10. The data storage system of claim 7 wherein the management unit is to:
    - receive a plaintext keyword and search the data structure for an encrypted data record associated with the received plaintext keyword, and upon finding a first encrypted data record associated with the plaintext keyword, provide the first encrypted data record; and
      
      receive an encrypted keyword and search the data structure for an encrypted data record associated with the received encrypted keyword, and upon finding a second encrypted data record associated with the encrypted keyword, provide the second encrypted data record.

11. A computing apparatus, comprising:
- a processing resource; and
  
  network interface coupled to the processing resource;
  
  wherein the processing resource causes a plurality of child encryption keys to be derived from a parent encryption key, the child encryption keys to include;
  
  a first child encryption key to be used to encrypt data records to generate encrypted data records;
  
  a second child encryption key to be used to encrypt keywords associated with encrypted data records; and
  
  a third child encryption key to be used as a key search token; and
  
  wherein the processing resource is to cause the third child encryption key to be transmitted through the interface to a data storage apparatus containing encrypted data records and, via the interface, to receive an encrypted data record that is associated with the transmitted third child encryption key.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computing apparatus of claim 11 wherein the processing resource is to cause the third child encryption key to be derived from the parent using a message authentication code (MAC) computation on the parent key and a salt value.
  - 13. The computing apparatus of claim 11 wherein the processing resource is to:
    - cause a keyword to be encrypted using the second child encryption key;
      
      cause the encrypted keyword to be transmitted through the interface to the data storage apparatus; and
      
      via the interface, to receive an encrypted data record that is associated with the transmitted encrypted keyword.
  - 14. The computing apparatus of claim 11 wherein the computing apparatus is to cause a plurality of child encryption keys to be used as key search tokens and associated with different encrypted data records.
  - 15. The computing apparatus of claim 14 wherein the computing apparatus is to cause a plurality of child encryption keys to be derived from the parent encryption key and used to encrypt a plurality of keywords associated with a common encrypted data record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Chen, Liqun, Haber, Stuart Haber, Mallichan, Kate, Shiu, Simon Kai-Ying

Application Number

US15/500,028
Publication Number

US 20170262546A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/9535   Search customisation based ...

G06F 21/602   Providing cryptographic fac...

H04L 63/0428   wherein the data content is...

H04L 9/0861   Generation of secret inform...

KEY SEARCH TOKEN FOR ENCRYPTED DATA

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

KEY SEARCH TOKEN FOR ENCRYPTED DATA

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links