公开(公告)号：US08832427B2

公开(公告)日：2014-09-09

申请号：US13435721

申请日：2012-03-30

申请人： Thomas Roeder ,  Mihaela Ion

发明人： Thomas Roeder ,  Mihaela Ion

IPC分类号： H04L29/06 ,  G06F21/60

CPC分类号： G06F21/602 ,  H04L9/0894

摘要： Techniques enable range-based queries in searchable symmetric encryption (SSE) systems. A server device includes or provides access to a database that stores encrypted documents along with an encrypted index that maps bucketized terms (e.g., a term coupled with a value range associated with that term) to encrypted documents. Search is performed through a two-step process in which the client first sends a first search token to request the bucketization for a term, then sends one or more second search tokens each specifying a particular bucket in which to search for the term. In response to the second tokens, the server sends information corresponding to encrypted documents that satisfy the search. Embodiments further provide for incremental addition and deletion of particular values for a term, and rebucketization at the client when a rate of false positive search results exceeds a threshold.

摘要翻译： 技术使可搜索对称加密（SSE）系统中的基于范围的查询。 服务器设备包括或提供对存储加密文档的数据库的访问，以及加密的索引，该加密的索引将桶化的术语（例如，与该术语相关联的值范围加上一个术语）映射到加密的文档。 搜索通过两步过程执行，其中客户端首先发送第一搜索令牌以请求对于术语的分级，然后发送一个或多个第二搜索令牌，每个搜索令牌指定在其中搜索该术语的特定分组。 响应于第二令牌，服务器发送对应于满足搜索的加密文档的信息。 实施例进一步提供用于术语的特定值的增量添加和删除，以及当假阳性搜索结果的速率超过阈值时在客户端进行重新起始化。

公开(公告)号：US20130262852A1

公开(公告)日：2013-10-03

申请号：US13435721

申请日：2012-03-30

申请人： Thomas Roeder ,  Mihaela Ion

发明人： Thomas Roeder ,  Mihaela Ion

IPC分类号： G06F12/14 ,  H04L9/00

CPC分类号： G06F21/602 ,  H04L9/0894

摘要： Techniques enable range-based queries in searchable symmetric encryption (SSE) systems. A server device includes or provides access to a database that stores encrypted documents along with an encrypted index that maps bucketized terms (e.g., a term coupled with a value range associated with that term) to encrypted documents. Search is performed through a two-step process in which the client first sends a first search token to request the bucketization for a term, then sends one or more second search tokens each specifying a particular bucket in which to search for the term. In response to the second tokens, the server sends information corresponding to encrypted documents that satisfy the search. Embodiments further provide for incremental addition and deletion of particular values for a term, and rebucketization at the client when a rate of false positive search results exceeds a threshold.

摘要翻译： 技术使可搜索对称加密（SSE）系统中的基于范围的查询。 服务器设备包括或提供对存储加密文档的数据库的访问，以及加密的索引，该加密的索引将桶化的术语（例如，与该术语相关联的值范围加上一个术语）映射到加密的文档。 搜索通过两步过程执行，其中客户端首先发送第一搜索令牌以请求对于术语的分级，然后发送一个或多个第二搜索令牌，每个搜索令牌指定在其中搜索该术语的特定分组。 响应于第二令牌，服务器发送对应于满足搜索的加密文档的信息。 实施例进一步提供用于术语的特定值的增量添加和删除，以及当假阳性搜索结果的速率超过阈值时在客户端进行重新起始化。