Secure application access system
First Claim
Patent Images
1. A method, comprising:
- requesting, by a first device, an encrypted record from a second device;
receiving, by the first device, the encrypted record from the second device;
decrypting, by the first device, the received encrypted record as decrypted data;
creating, by the first device, an index of keywords;
scanning the decrypted data, and for each keyword encountered in the decrypted data, associating in the index a unique identifier string with the encountered keyword and inserting the unique identifier string in a modified encrypted record corresponding to a location where the keyword was encountered;
sending the modified encrypted record to the second device to replace the encrypted record stored on the second device;
receiving a search query from a client device, the search query entered by a user in a search area that is mapped to the first device, the search query comprising one or more keywords;
matching the one or more keywords with one or more keywords in the index;
in response to a match of a keyword in the index, generating a second search query for the second device that includes a substring of encrypted data retrieved from the index that is associated with the matched keyword; and
sending the second search query to the second device.
5 Assignments
0 Petitions
Accused Products
Abstract
A proxy server creates an index of keywords, receives an encrypted record, decrypts the received encrypted record as decrypted data and, when a keyword in the index is encountered in the decrypted data, associates in the index an encrypted record location identifier with the encountered keyword. The proxy server receives a search query and uses the keyword index to retrieve encrypted records from the server. The encrypted records are decrypted and sent as search results in response to the search query.
78 Citations
21 Claims
-
1. A method, comprising:
-
requesting, by a first device, an encrypted record from a second device; receiving, by the first device, the encrypted record from the second device; decrypting, by the first device, the received encrypted record as decrypted data; creating, by the first device, an index of keywords; scanning the decrypted data, and for each keyword encountered in the decrypted data, associating in the index a unique identifier string with the encountered keyword and inserting the unique identifier string in a modified encrypted record corresponding to a location where the keyword was encountered; sending the modified encrypted record to the second device to replace the encrypted record stored on the second device; receiving a search query from a client device, the search query entered by a user in a search area that is mapped to the first device, the search query comprising one or more keywords; matching the one or more keywords with one or more keywords in the index; in response to a match of a keyword in the index, generating a second search query for the second device that includes a substring of encrypted data retrieved from the index that is associated with the matched keyword; and sending the second search query to the second device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a subsystem at a first device, implemented at least partially in hardware, that requests an encrypted record from a second device; a subsystem at the first device, implemented at least partially in hardware, that receives the encrypted record from the second device; a subsystem at the first device, implemented at least partially in hardware, that decrypts the received encrypted record as decrypted data; a subsystem at the first device, implemented at least partially in hardware, that creates an index of keywords; a scanner subsystem at the first device, implemented at least partially in hardware, that scans the decrypted data, and for each keyword encountered in the decrypted data, associates in the index a unique identifier string with the encountered keyword and inserts the unique identifier string in a modified encrypted record corresponding to a location where the keyword was encountered; a subsystem at the first device, implemented at least partially in hardware, that sends the modified encrypted record to the second device to replace the encrypted record stored on the second device; a subsystem at the first device, implemented at least partially in hardware, that receives a search query from a client device, the search query entered by a user in a search area that is mapped to the first device, the search query comprising one or more keywords; a subsystem at the first device, implemented at least partially in hardware, that matches the one or more keywords with one or more keywords in the index; a subsystem at the first device, implemented at least partially in hardware, that, in response to a match of a keyword in the index, generates a second search query for the second device that includes a substring of encrypted data retrieved from the index that is associated with the matched keyword; and a subsystem at the first device, implemented at least partially in hardware, that sends the second search query to the second device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium, storing software instructions, which when executed by one or more processors cause performance of:
-
requesting, by a first device, an encrypted record from a second device; receiving, by the first device, the encrypted record from the second device; decrypting, by the first device, the received encrypted record as decrypted data; creating, by the first device, an index of keywords; scanning the decrypted data, and for each keyword encountered in the decrypted data, associating in the index a unique identifier string with the encountered keyword and inserting the unique identifier string in a modified encrypted record corresponding to a location where the keyword was encountered; sending the modified encrypted record to the second device to replace the encrypted record stored on the second device; receiving a search query from a client device, the search query entered by a user in a search area that is mapped to the first device, the search query comprising one or more keywords; matching the one or more keywords with one or more keywords in the index; in response to a match of a keyword in the index, generating a second search query for the second device that includes a substring of encrypted data retrieved from the index that is associated with the matched keyword; and sending the second search query to the second device. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification