External Indexing and Search for a Secure Cloud Collaboration System

摘要

An end-to-end secure cloud-hosted collaboration service is provided with a hybrid cloud/on-premise index and search capability. This approach includes on-premise indexing and search handling, while relying on the cloud for persistent storage and search of the index. The on-premise indexer receives a copy of an encrypted message from the cloud-hosted collaboration service. The encrypted message has been encrypted with a conversation key. The indexer receives the conversation key from an on-premise key management service, and decrypts the encrypted message with the conversation key. A set of tokens are extracted from the decrypted message, and subsequently encrypted with a secret key, different than the conversation key, to generate a first set of encrypted tokens. The first set of encrypted tokens is transmitted for storage in a search index on the cloud-hosted collaboration service.

主权项

1. A method comprising:
receiving a copy of an encrypted message from a cloud-hosted collaboration service, the encrypted message encrypted with a conversation key; receiving the conversation key from an on-premise key management service; decrypting the encrypted message with the conversation key; extracting a set of tokens from the decrypted message; encrypting the set of tokens with a secret key different than the conversation key to generate a first set of encrypted tokens; and transmitting the first set of encrypted tokens for storage on the cloud-hosted collaboration service.