Wildcard search in encrypted text using order preserving encryption
First Claim
1. A method for performing wildcard search of encrypted cloud stored data comprising:
- receiving, at a network intermediary, a document destined for a cloud service provider;
encrypting, at a network intermediary, the document using a document encryption algorithm;
generating a set of permuted keyword strings for each of some or all of the keywords in the document, the set of permuted keyword strings for each keyword being generated by adding a first character delimiter before the first character of the keyword and applying cyclic rotation of the characters of the keyword, including the first character delimiter;
encrypting the permuted keyword strings using an order preserving encryption algorithm;
storing the encrypted permuted keyword strings in a database;
transmitting the encrypted document to the cloud service provider;
receiving, at a network intermediary, a search request with a search term directed to encrypted documents stored in a cloud service provider, the search term comprising a wildcard search term;
transforming the wildcard search term to a permuted search term having a prefix search format;
generating a minimum possible plaintext string using the permuted search term as prefix and padding the permuted search term to a first character length using one or more trailing characters indicative of a minimum possible value related to the search term;
generating a maximum possible plaintext string using the permuted search term as prefix and padding the permuted search term to the first character length using one or more trailing characters indicative of a maximum possible value related to the search term;
encrypting the minimum possible plaintext string and the maximum possible plaintext string using the order-preserving encryption algorithm used to encrypt the permuted keyword strings;
generating a minimum ciphertext from the minimum possible plaintext string and a maximum ciphertext from the maximum possible plaintext string;
determining a set of common leading digits from the minimum ciphertext and the maximum ciphertext;
generating a range query including the set of common leading digits;
sending the range query to the database of encrypted permuted keyword strings; and
receiving a search result from the database including encrypted permuted keyword strings having ciphertext values that fall within the range query.
10 Assignments
0 Petitions
Accused Products
Abstract
A encrypted text wildcard search method enables wildcard search of encrypted text by using a permuterm index storing permuted keyword strings that are encrypted using an order preserving encryption algorithm. The permuted keyword strings are encrypted using an order preserving encryption algorithm or a modular order preserving encryption algorithm and stored in the permuterm index. In response to a search query containing a wildcard search term, the encrypted text wildcard search method transforms the wildcard search term to a permuted search term having a prefix search format. The permuted search term having the prefix search format is then used to perform a range query of the permuterm index to retrieve permuted keyword strings having ciphertext values that fall within the range query. In some embodiments, the encrypted text wildcard search method enables prefix search, suffix search, inner-wildcard search, substring search and multiple wildcard search of encrypted text.
9 Citations
14 Claims
-
1. A method for performing wildcard search of encrypted cloud stored data comprising:
-
receiving, at a network intermediary, a document destined for a cloud service provider; encrypting, at a network intermediary, the document using a document encryption algorithm; generating a set of permuted keyword strings for each of some or all of the keywords in the document, the set of permuted keyword strings for each keyword being generated by adding a first character delimiter before the first character of the keyword and applying cyclic rotation of the characters of the keyword, including the first character delimiter; encrypting the permuted keyword strings using an order preserving encryption algorithm; storing the encrypted permuted keyword strings in a database; transmitting the encrypted document to the cloud service provider; receiving, at a network intermediary, a search request with a search term directed to encrypted documents stored in a cloud service provider, the search term comprising a wildcard search term; transforming the wildcard search term to a permuted search term having a prefix search format; generating a minimum possible plaintext string using the permuted search term as prefix and padding the permuted search term to a first character length using one or more trailing characters indicative of a minimum possible value related to the search term; generating a maximum possible plaintext string using the permuted search term as prefix and padding the permuted search term to the first character length using one or more trailing characters indicative of a maximum possible value related to the search term; encrypting the minimum possible plaintext string and the maximum possible plaintext string using the order-preserving encryption algorithm used to encrypt the permuted keyword strings; generating a minimum ciphertext from the minimum possible plaintext string and a maximum ciphertext from the maximum possible plaintext string; determining a set of common leading digits from the minimum ciphertext and the maximum ciphertext; generating a range query including the set of common leading digits; sending the range query to the database of encrypted permuted keyword strings; and receiving a search result from the database including encrypted permuted keyword strings having ciphertext values that fall within the range query. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for performing wildcard search of encrypted cloud stored data, comprising:
-
a network proxy server, comprising a hardware computer system, configured as a network intermediary between a user device and a cloud service provider storing encrypted files on behalf of the user device; and a database in communication with the network proxy server, wherein the network proxy server is configured to receive a document destined for the cloud service provider, to encrypt the document using a document encryption algorithm, to generate a set of permuted keyword strings for each of some or all of the keywords in the document, the set of permuted keyword strings for each keyword being generated by adding a first character delimiter before the first character of the keyword and applying cyclic rotation of the characters of the keyword, including the first character delimiter, to encrypt the permuted keyword strings using an order preserving encryption algorithm, to store the encrypted permuted keyword strings in the database, and to transmit the encrypted document to the cloud service provider; and wherein the network proxy server is further configured to receive a search request with a search term directed to encrypted documents stored in a cloud service provider, the search term comprising a wildcard search term, to transform the search term to a permuted search term having a prefix search format, to generate a minimum possible plaintext string using the permuted search term as prefix and padding the permuted search term to a first character length using one or more trailing characters indicative of a minimum possible value related to the search term, to generate a maximum possible plaintext string using the permuted search term as prefix and padding the permuted search term to the first character length using one or more trailing characters indicative of a maximum possible value related to the search term, to encrypt the minimum possible plaintext string and the maximum possible plaintext string using the order-preserving encryption algorithm used to encrypt the permuted keyword strings, to generate a minimum ciphertext from the minimum possible plaintext string and a maximum ciphertext from the maximum possible plaintext string, to determine a set of common leading digits from the minimum ciphertext and the maximum ciphertext, to generate a range query including the set of common leading digits, to send the range query to the database of encrypted permuted keyword strings, and to receive a search result from the database including encrypted permuted keyword strings having ciphertext values that fall within the range query. - View Dependent Claims (11, 12, 13, 14)
-
Specification