Secure and searchable storage system and method
First Claim
1. A system for storing electronic documents in a secure and searchable manner, the system including a client portion and a server portion, the client portion being located at a trusted location and comprising:
- a parser to parse electronic documents received at the client portion to identify terms of interest within the received electronic document;
a search and retrieval interface to specify one or more terms of interest to identify and retrieve one or more documents from the server portion;
a first encryptor to encrypt identified terms of interest to obtain ciphertext versions of the terms of interest;
a second encryptor to encrypt the received document to obtain a ciphertext version of the received document;
a decryptor to decrypt a ciphertext version of a retrieved document to obtain a plaintext version; and
client communications means to transfer the ciphertext version of the received document and the ciphertext version of the identified terms to the server portion and to receive a ciphertext version of documents from the server portion; and
the server portion comprising;
server communications means to receive from a client portion the ciphertext version of a document and the ciphertext version of identified terms and to transfer the ciphertext version of an identified document to the client portion;
a storage device to store ciphertext versions of documents received from the client portion;
an indexer and search engine to construct and maintain a searchable index of received ciphertext versions of identified terms contained in the ciphertext versions of documents received from the client portion and responsive to the search and retrieval interface of the client portion to cause the storage device and the server communications means to transfer ciphertext copies of the identified documents of interest to the client portion;
an encryptor to encrypt ciphertext documents received at the server portion and to decrypt ciphertext documents to be transferred to the client portion;
a retention manager operable to determine the relevant destruction date for each ciphertext document received at the server portion; and
a retention key manager storing an encryption key for each destruction date of documents stored in the storage device, the retention key manager responsive to the retention manager to provide the encryption key for the relevant destruction date to the encryptor and to destroy encryption keys whose related destruction date has passed, wherein the retention manager compares one or more characteristics of each received ciphertext document to predefined criteria to determine the relevant destruction date for the received document; and
a dictionary tool operable to maintain a list of the identified plaintext terms of interest for all documents received at the client portion and wherein wildcard terms specified at the search and retrieval interface are matched to terms in the maintained list, the matched terms being encrypted by the first encryptor.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method for securely storing electronic documents is provided. The system includes a client portion and a server portion and the client portion is located at a trusted location. The client portion encrypts each electronic document and produces a list of terms of interest relating to the document, which terms are also encrypted. The encrypted document and the encrypted terms are transferred to a server portion which need not be located at a trusted location. The document is stored at the server portion in a manner which allows for locating the document again via the encrypted terms and returning the encrypted document to the trusted client portion, where it can be decrypted. Attachments to documents can also be encrypted and stored at the server, as can copies of dynamic documents, such as web pages. The server portion can also have a retention manager and encryptor which is used to implement document retention and destruction policies defined by the user of the system.
129 Citations
9 Claims
-
1. A system for storing electronic documents in a secure and searchable manner, the system including a client portion and a server portion, the client portion being located at a trusted location and comprising:
-
a parser to parse electronic documents received at the client portion to identify terms of interest within the received electronic document; a search and retrieval interface to specify one or more terms of interest to identify and retrieve one or more documents from the server portion; a first encryptor to encrypt identified terms of interest to obtain ciphertext versions of the terms of interest; a second encryptor to encrypt the received document to obtain a ciphertext version of the received document; a decryptor to decrypt a ciphertext version of a retrieved document to obtain a plaintext version; and client communications means to transfer the ciphertext version of the received document and the ciphertext version of the identified terms to the server portion and to receive a ciphertext version of documents from the server portion; and
the server portion comprising;server communications means to receive from a client portion the ciphertext version of a document and the ciphertext version of identified terms and to transfer the ciphertext version of an identified document to the client portion; a storage device to store ciphertext versions of documents received from the client portion; an indexer and search engine to construct and maintain a searchable index of received ciphertext versions of identified terms contained in the ciphertext versions of documents received from the client portion and responsive to the search and retrieval interface of the client portion to cause the storage device and the server communications means to transfer ciphertext copies of the identified documents of interest to the client portion; an encryptor to encrypt ciphertext documents received at the server portion and to decrypt ciphertext documents to be transferred to the client portion; a retention manager operable to determine the relevant destruction date for each ciphertext document received at the server portion; and
a retention key manager storing an encryption key for each destruction date of documents stored in the storage device, the retention key manager responsive to the retention manager to provide the encryption key for the relevant destruction date to the encryptor and to destroy encryption keys whose related destruction date has passed, wherein the retention manager compares one or more characteristics of each received ciphertext document to predefined criteria to determine the relevant destruction date for the received document; anda dictionary tool operable to maintain a list of the identified plaintext terms of interest for all documents received at the client portion and wherein wildcard terms specified at the search and retrieval interface are matched to terms in the maintained list, the matched terms being encrypted by the first encryptor. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of securely storing electronic documents in a secure and searchable manner, comprising the steps of:
-
at a trusted location, receiving copies of electronic documents to be stored; parsing the received copies to identify terms of interest in the documents; validating at the client portion an encryption key to be used to encrypt the received copies of electronic documents by; (a) retrieving from the server portion a validation data set comprising plaintext test data, a ciphertext version of the plaintext test data previously encrypted with the key to be validated, and a digital signature for each of the plaintext test data and ciphertext version of the plaintext data; (b) determining a digital signature for the plaintext test data and comparing the determined digital signature to the retrieved digital signature for the plaintext data set to determine if the plaintext data set has been corrupted and determining a digital signature for the cyphertext version of the plaintext test data and comparing the determined digital signature to the retrieved digital signature for the cyphertext version of the plaintext data set to determine if the cyphertext version of the plaintext data set has been corrupted; (c) if either or both or both of the plaintext data set and the cyphertext version of the plaintext data set has been corrupted, performing steps (a) and (b) again to obtain an uncorrupted validation data set; and (d) encrypting the plaintext data set with the encryption key to be validated and comparing the resulting cyphertext version of the plaintext data set to the ciphertext version of the plaintext data set in the retrieved uncorrupted validation data set and deeming the encryption key to be valid if the encrypted the plaintext data set is identical to the ciphertext version of the plaintext data set in the retrieved uncorrupted validation data set and otherwise deeming the encryption key to be invalid; encrypting the received documents to obtain ciphertext versions of the received documents and encrypting the identified terms of interest found in each document to obtain ciphertext copies of the terms; transferring the ciphertext copies of the documents and identified terms to a second location over a communications link; receiving the ciphertext copies of the documents at the second location and storing received ciphertext copies on a storage device; receiving the ciphertext copies of the identified terms of interest at the second location and constructing and maintaining an index which indicates, for each received ciphertext term of interest, the storage location of each ciphertext copy of the documents which contains the term of interest; providing a search interface at the trusted location wherein a user can search for a stored ciphertext copy of a document stored on the storage device by defining a query containing one or more plaintext terms of interest, the plaintext terms of interest being encrypted and, over the communications link, being compared to the ciphertext terms in the index to identify the ciphertext copies of documents stored on the storage device; transmitting the identified ciphertext copies of documents over the communications link to the trusted location and decrypting the transmitted ciphertext copies of the documents at the trusted location to obtain plaintext copies of the identified documents; and using a dictionary tool to maintain a list of identified terms of interest at the trusted location and accepting queries at the search interface including one or more wildcard operators and examining the maintained list of identified terms of interest to expanding the wildcard operators in the query. - View Dependent Claims (8, 9)
-
Specification