SYSTEM AND METHOD FOR DYNAMIC, NON-INTERACTIVE, AND PARALLELIZABLE SEARCHABLE SYMMETRIC ENCRYPTION

摘要

A method of searching encrypted data includes generating with a client computing device a search index identifier corresponding to a search term in an encrypted search table and transmitting the search index identifier, a first single use key and a second single use key to a server. The method includes generating a set of decrypted data with the server for a set of data in an encrypted search table corresponding to the search index identifier using the first single use key to decrypt a first portion of the data and the second single use key to decrypt a second portion of the data. The method further includes identifying one or more encrypted files stored on the server that include the encrypted search term based on the decrypted data from the search table, and transmitting the encrypted files or encrypted file identifiers to the client computing device.

主权项

1. A method of searching encrypted data comprising:
generating with a client computing device a search index identifier using a predetermined encryption process to generate an encrypted key using a first secret cryptographic key and a predetermined hash function to generate the search index identifier from the encrypted search term; generating with the client computing device a first single use cryptographic key with reference to a second secret cryptographic key, and a first counter value associated with the search index identifier; generating with the client computing device a second single use cryptographic key with reference to a second secret cryptographic key, and a second counter value associated with the search index identifier; transmitting with the client computing device the search index identifier, first single use cryptographic key, and second single use cryptographic key to a server computing device; identifying with the server computing device a first set of encrypted data in a search table with reference to the search index identifier; generating with the server computing device a set of decrypted data from the first set of encrypted data, the server computing device using the first single use cryptographic key to decrypt a first portion of the first set of encrypted data and the server computing device using the second single use cryptographic key to decrypt a second portion of the first set of encrypted data; identifying with the server at least one encrypted file stored in a memory associated with the server computing device with reference to the decrypted data, the at least one encrypted file containing an encrypted representation of the search term; transmitting with the server computing device a plurality of file identifiers corresponding to the identified encrypted files to the client computing device; generating with the server computing device a second set of encrypted data from the decrypted set of data from the search table and the second single use cryptographic key; and storing the second set of encrypted data in the search table in associated with the search index identifier to replace the first set of encrypted data in the search table.