SECURE ENCRYPTED DOCUMENT RETRIEVAL
First Claim
1. A method, comprising:
- receiving, at a third-party storage provider, (i) a plurality of encrypted documents and (ii) a plurality of encrypted vectors corresponding to the plurality of encrypted documents, such that each one of the encrypted documents corresponds to at least one of the encrypted vectors, wherein a data owner has computed document vectors, representing identifiers of text terms, from plaintext versions of the encrypted documents and then encrypted both (i) the plurality of documents, thereby creating the encrypted documents and (ii) the plurality of document vectors, thereby creating the encrypted vectors;
receiving, from a user, a request to search the encrypted documents using an encrypted query vector generated from a plaintext document provided in the received request;
identifying whether at least one encrypted document from the encrypted documents is determined to be similar to the plaintext document provided in the received request, wherein the determining a similarity comprises communicating, between the third-party storage provider and at least another third-party storage provider, components to compute a similarity of the encrypted query vector to the encrypted vectors without communicating components that would allow the other third-party storage provider to derive information regarding the plaintext version of the encrypted documents; and
returning, to the user, a plaintext version of a returned encrypted document determined to be similar to the plaintext document provided in the received request, wherein the data owner has decrypted the returned encrypted document.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment provides a method, including: receiving, at a third-party storage provider, (i) a plurality of encrypted documents and (ii) a plurality of encrypted vectors corresponding to the plurality of encrypted documents; receiving a request to search the plurality of encrypted documents using an encrypted query vector; identifying whether at least one encrypted document from the encrypted documents is determined to be similar to the plaintext document provided in the received request, wherein the determining a similarity comprises communicating, between the third-party storage provider and at least another third-party storage provider without communicating components that would allow the other third-party storage provider to derive information regarding the documents; and returning a plaintext version of a returned encrypted document determined to be similar to the plaintext document provided in the received request.
-
Citations
20 Claims
-
1. A method, comprising:
-
receiving, at a third-party storage provider, (i) a plurality of encrypted documents and (ii) a plurality of encrypted vectors corresponding to the plurality of encrypted documents, such that each one of the encrypted documents corresponds to at least one of the encrypted vectors, wherein a data owner has computed document vectors, representing identifiers of text terms, from plaintext versions of the encrypted documents and then encrypted both (i) the plurality of documents, thereby creating the encrypted documents and (ii) the plurality of document vectors, thereby creating the encrypted vectors; receiving, from a user, a request to search the encrypted documents using an encrypted query vector generated from a plaintext document provided in the received request; identifying whether at least one encrypted document from the encrypted documents is determined to be similar to the plaintext document provided in the received request, wherein the determining a similarity comprises communicating, between the third-party storage provider and at least another third-party storage provider, components to compute a similarity of the encrypted query vector to the encrypted vectors without communicating components that would allow the other third-party storage provider to derive information regarding the plaintext version of the encrypted documents; and returning, to the user, a plaintext version of a returned encrypted document determined to be similar to the plaintext document provided in the received request, wherein the data owner has decrypted the returned encrypted document. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus, comprising:
-
at least one processor; and a computer readable storage medium having computer readable program code embodied therewith and executable by the at least one processor, the computer readable program code comprising; computer readable program code configured to receive, at a third-party storage provider, (i) a plurality of encrypted documents and (ii) a plurality of encrypted vectors corresponding to the plurality of encrypted documents, such that each one of the encrypted documents corresponds to at least one of the encrypted vectors, wherein a data owner has computed document vectors, representing identifiers of text terms, from plaintext versions of the encrypted documents and then encrypted both (i) the plurality of documents, thereby creating the encrypted documents and (ii) the plurality of document vectors, thereby creating the encrypted vectors; computer readable program code configured to receive, from a user, a request to search the encrypted documents using an encrypted query vector generated from a plaintext document provided in the received request; computer readable program code configured to identify whether at least one encrypted document from the encrypted documents is determined to be similar to the plaintext document provided in the received request, wherein the determining a similarity comprises communicating, between the third-party storage provider and at least another third-party storage provider, components to compute a similarity of the encrypted query vector to the encrypted vectors without communicating components that would allow the other third-party storage provider to derive information regarding the plaintext version of the encrypted documents; and computer readable program code configured to return, to the user, a plaintext version of a returned encrypted document determined to be similar to the plaintext document provided in the received request, wherein the data owner has decrypted the returned encrypted document.
-
-
12. A computer program product, comprising:
-
a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code executable by a processor and comprising; computer readable program code configured to receive, at a third-party storage provider, (i) a plurality of encrypted documents and (ii) a plurality of encrypted vectors corresponding to the plurality of encrypted documents, such that each one of the encrypted documents corresponds to at least one of the encrypted vectors, wherein a data owner has computed document vectors, representing identifiers of text terms, from plaintext versions of the encrypted documents and then encrypted both (i) the plurality of documents, thereby creating the encrypted documents and (ii) the plurality of document vectors, thereby creating the encrypted vectors; computer readable program code configured to receive, from a user, a request to search the encrypted documents using an encrypted query vector generated from a plaintext document provided in the received request; computer readable program code configured to identify whether at least one encrypted document from the encrypted documents is determined to be similar to the plaintext document provided in the received request, wherein the determining a similarity comprises communicating, between the third-party storage provider and at least another third-party storage provider, components to compute a similarity of the encrypted query vector to the encrypted vectors without communicating components that would allow the other third-party storage provider to derive information regarding the plaintext version of the encrypted documents; and computer readable program code configured to return, to the user, a plaintext version of a returned encrypted document determined to be similar to the plaintext document provided in the received request, wherein the data owner has decrypted the returned encrypted document. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A method, comprising:
-
receiving an encrypted query vector, wherein a data owner generated the encrypted query vector from a query provided by a user, the query comprising a request to find at least one document from a plurality of documents having a similarity to a plaintext document included in the query; the plurality of documents being stored at a third-party storage provider as a plurality of encrypted documents having corresponding encrypted vectors, wherein a data owner has, before storage at the third-party storage provider, encrypted (i) the plurality of documents and (ii) corresponding document vectors in which identifiers of text terms of the corresponding document are represented; identifying at least one encrypted document having a determined similarity to the received at least one encrypted query vector, wherein the identifying comprises communicating between the third-party storage provider and at least another third-party storage provider, wherein the third-party storage provider and the at least another third-party storage provider do not collude; the communicating allowing for (i) computation of a similarity between the received at least one encrypted query vector and at least one of the encrypted vectors and (ii) maintaining the encryption security of the plurality of encrypted documents and corresponding encrypted vectors from the third-party storage provider; and returning, to the user, a plaintext version of the identified at least one encrypted document, wherein the at least one encrypted document has been decrypted by an agent other than an agent of the third-party storage provider.
-
Specification