SECURE ENCRYPTED DOCUMENT RETRIEVAL

US 20190318118A1
Filed: 04/16/2018
Published: 10/17/2019
Est. Priority Date: 04/16/2018
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

receiving, at a third-party storage provider, (i) a plurality of encrypted documents and (ii) a plurality of encrypted vectors corresponding to the plurality of encrypted documents, such that each one of the encrypted documents corresponds to at least one of the encrypted vectors, wherein a data owner has computed document vectors, representing identifiers of text terms, from plaintext versions of the encrypted documents and then encrypted both (i) the plurality of documents, thereby creating the encrypted documents and (ii) the plurality of document vectors, thereby creating the encrypted vectors;

receiving, from a user, a request to search the encrypted documents using an encrypted query vector generated from a plaintext document provided in the received request;

identifying whether at least one encrypted document from the encrypted documents is determined to be similar to the plaintext document provided in the received request, wherein the determining a similarity comprises communicating, between the third-party storage provider and at least another third-party storage provider, components to compute a similarity of the encrypted query vector to the encrypted vectors without communicating components that would allow the other third-party storage provider to derive information regarding the plaintext version of the encrypted documents; and

returning, to the user, a plaintext version of a returned encrypted document determined to be similar to the plaintext document provided in the received request, wherein the data owner has decrypted the returned encrypted document.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment provides a method, including: receiving, at a third-party storage provider, (i) a plurality of encrypted documents and (ii) a plurality of encrypted vectors corresponding to the plurality of encrypted documents; receiving a request to search the plurality of encrypted documents using an encrypted query vector; identifying whether at least one encrypted document from the encrypted documents is determined to be similar to the plaintext document provided in the received request, wherein the determining a similarity comprises communicating, between the third-party storage provider and at least another third-party storage provider without communicating components that would allow the other third-party storage provider to derive information regarding the documents; and returning a plaintext version of a returned encrypted document determined to be similar to the plaintext document provided in the received request.

159 Citations

20 Claims

1. A method, comprising:
- receiving, at a third-party storage provider, (i) a plurality of encrypted documents and (ii) a plurality of encrypted vectors corresponding to the plurality of encrypted documents, such that each one of the encrypted documents corresponds to at least one of the encrypted vectors, wherein a data owner has computed document vectors, representing identifiers of text terms, from plaintext versions of the encrypted documents and then encrypted both (i) the plurality of documents, thereby creating the encrypted documents and (ii) the plurality of document vectors, thereby creating the encrypted vectors;
  
  receiving, from a user, a request to search the encrypted documents using an encrypted query vector generated from a plaintext document provided in the received request;
  
  identifying whether at least one encrypted document from the encrypted documents is determined to be similar to the plaintext document provided in the received request, wherein the determining a similarity comprises communicating, between the third-party storage provider and at least another third-party storage provider, components to compute a similarity of the encrypted query vector to the encrypted vectors without communicating components that would allow the other third-party storage provider to derive information regarding the plaintext version of the encrypted documents; and
  
  returning, to the user, a plaintext version of a returned encrypted document determined to be similar to the plaintext document provided in the received request, wherein the data owner has decrypted the returned encrypted document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the data owner has encrypted the plaintext versions of the documents using a secret key generated using a first encryption standard, wherein each component of the plurality of encrypted vectors is encrypted using a key of a public/private key pair generated using a second encryption standard, and wherein the data owner creates a public/private key pair using a third encryption standard.
  - 3. The method of claim 2, wherein the public/private key pair generated using the second encryption standard and the public/private key pair generated using the third encryption standard are transmitted to the at least another third-party storage provider.
  - 4. The method of claim 1, wherein the computing a similarity comprises computing a cosine similarity.
  - 5. The method of claim 1, wherein the communicating comprises computing encrypted individual components for computing the similarity from the encrypted query vector and transmitting, in random order, the computed encrypted individual components to the at least another third-party storage provider.
  - 6. The method of claim 5, wherein the communicating comprises receiving from the at least another third-party storage provider ciphertexts comprising re-encrypted components, wherein the at least another third-party storage provider generated the ciphertexts by decrypting and re-encrypting the transmitted computed encrypted individual components using at least one public/private key pair transmitted to the at least another third-party storage provider from the data owner.
  - 7. The method of claim 6, wherein the communicating comprises (i) computing the similarity using the received ciphertexts and (ii) transmitting the computed similarity to the at least another third-party storage provider.
  - 8. The method of claim 7, wherein the communicating comprises receiving, from the at least another third-party storage provider, document identifiers having a similarity to the encrypted query vector, wherein the at least another third-party storage provider identified the document identifiers by (i) decrypting, using the at least one public/private key pair, the transmitted computed similarity and (ii) identifying the document identifiers using the decrypted transmitted computed similarity.
  - 9. The method of claim 1, wherein the generated encrypted query vector is encrypted using the same encryption protocol used to encrypt the plurality of document vectors.
  - 10. The method of claim 1, wherein the determining similarity comprises determining a similarity meeting a predetermined threshold.

11. An apparatus, comprising:
- at least one processor; and
  
  a computer readable storage medium having computer readable program code embodied therewith and executable by the at least one processor, the computer readable program code comprising;
  
  computer readable program code configured to receive, at a third-party storage provider, (i) a plurality of encrypted documents and (ii) a plurality of encrypted vectors corresponding to the plurality of encrypted documents, such that each one of the encrypted documents corresponds to at least one of the encrypted vectors, wherein a data owner has computed document vectors, representing identifiers of text terms, from plaintext versions of the encrypted documents and then encrypted both (i) the plurality of documents, thereby creating the encrypted documents and (ii) the plurality of document vectors, thereby creating the encrypted vectors;
  
  computer readable program code configured to receive, from a user, a request to search the encrypted documents using an encrypted query vector generated from a plaintext document provided in the received request;
  
  computer readable program code configured to identify whether at least one encrypted document from the encrypted documents is determined to be similar to the plaintext document provided in the received request, wherein the determining a similarity comprises communicating, between the third-party storage provider and at least another third-party storage provider, components to compute a similarity of the encrypted query vector to the encrypted vectors without communicating components that would allow the other third-party storage provider to derive information regarding the plaintext version of the encrypted documents; and
  
  computer readable program code configured to return, to the user, a plaintext version of a returned encrypted document determined to be similar to the plaintext document provided in the received request, wherein the data owner has decrypted the returned encrypted document.

12. A computer program product, comprising:
- a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code executable by a processor and comprising;
  
  computer readable program code configured to receive, at a third-party storage provider, (i) a plurality of encrypted documents and (ii) a plurality of encrypted vectors corresponding to the plurality of encrypted documents, such that each one of the encrypted documents corresponds to at least one of the encrypted vectors, wherein a data owner has computed document vectors, representing identifiers of text terms, from plaintext versions of the encrypted documents and then encrypted both (i) the plurality of documents, thereby creating the encrypted documents and (ii) the plurality of document vectors, thereby creating the encrypted vectors;
  
  computer readable program code configured to receive, from a user, a request to search the encrypted documents using an encrypted query vector generated from a plaintext document provided in the received request;
  
  computer readable program code configured to identify whether at least one encrypted document from the encrypted documents is determined to be similar to the plaintext document provided in the received request, wherein the determining a similarity comprises communicating, between the third-party storage provider and at least another third-party storage provider, components to compute a similarity of the encrypted query vector to the encrypted vectors without communicating components that would allow the other third-party storage provider to derive information regarding the plaintext version of the encrypted documents; and
  
  computer readable program code configured to return, to the user, a plaintext version of a returned encrypted document determined to be similar to the plaintext document provided in the received request, wherein the data owner has decrypted the returned encrypted document.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The computer program product of claim 12, wherein the data owner has encrypted the plaintext versions of the documents using a secret key generated using a first encryption standard, wherein each component of the plurality of encrypted vectors is encrypted using a key of a public/private key pair generated using a second encryption standard, and wherein the data owner creates a public/private key pair using a third encryption standard.
  - 14. The computer program product of claim 13, wherein the public/private key pair generated using the second encryption standard and the public/private key pair generated using the third encryption standard are transmitted to the at least another third-party storage provider.
  - 15. The computer program product of claim 12, wherein the communicating comprises computing encrypted individual components for computing the similarity from the encrypted query vector and transmitting, in random order, the computed encrypted individual components to the at least another third-party storage provider.
  - 16. The computer program product of claim 15, the communicating comprises receiving from the at least another third-party storage provider ciphertexts comprising re-encrypted components, wherein the at least another third-party storage provider generated the ciphertexts by decrypting and re-encrypting the transmitted computed encrypted individual components using at least one public/private key pair transmitted to the at least another third-party storage provider from the data owner.
  - 17. The computer program product of claim 16, wherein the communicating comprises (i) computing the similarity using the received ciphertexts and (ii) transmitting the computed similarity to the at least another third-party storage provider.
  - 18. The computer program product of claim 17, wherein the communicating comprises receiving, from the at least another third-party storage provider, document identifiers having a similarity to the encrypted query vector, wherein the at least another third-party storage provider identified the document identifiers by (i) decrypting, using the at least one public/private key pair, the transmitted computed similarity and (ii) identifying the document identifiers using the decrypted transmitted computed similarity.
  - 19. The computer program product of claim 12, wherein the generated encrypted query vector is encrypted using the same encryption protocol used to encrypt the plurality of document vectors.

20. A method, comprising:
- receiving an encrypted query vector, wherein a data owner generated the encrypted query vector from a query provided by a user, the query comprising a request to find at least one document from a plurality of documents having a similarity to a plaintext document included in the query;
  
  the plurality of documents being stored at a third-party storage provider as a plurality of encrypted documents having corresponding encrypted vectors, wherein a data owner has, before storage at the third-party storage provider, encrypted (i) the plurality of documents and (ii) corresponding document vectors in which identifiers of text terms of the corresponding document are represented;
  
  identifying at least one encrypted document having a determined similarity to the received at least one encrypted query vector, wherein the identifying comprises communicating between the third-party storage provider and at least another third-party storage provider, wherein the third-party storage provider and the at least another third-party storage provider do not collude;
  
  the communicating allowing for (i) computation of a similarity between the received at least one encrypted query vector and at least one of the encrypted vectors and (ii) maintaining the encryption security of the plurality of encrypted documents and corresponding encrypted vectors from the third-party storage provider; and
  
  returning, to the user, a plaintext version of the identified at least one encrypted document, wherein the at least one encrypted document has been decrypted by an agent other than an agent of the third-party storage provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Narayanam, Krishnasuri, Kesarwani, Manish, Mehta, Sameep

Application Number

US15/954,369
Publication Number

US 20190318118A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6227   where protection concerns t...

G06F 2221/2115   Third party

SECURE ENCRYPTED DOCUMENT RETRIEVAL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

159 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE ENCRYPTED DOCUMENT RETRIEVAL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links