Trustworthy extensible markup language for trustworthy computing and data services
US-10348693-B2 · Jul 9, 2019 · US
Systems and methods for data access authentication using searchable encryption
US10951708B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10951708-B2 |
| Application number | US-201916292683-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 5, 2019 |
| Priority date | Mar 5, 2018 |
| Publication date | Mar 16, 2021 |
| Grant date | Mar 16, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computer implemented method of a network connected data storage system, the method including receiving, via the network, and storing a data set including a plurality of data items encrypted using an index-based searchable encryption scheme, wherein the searchable encryption scheme has associated a server index and a client index; receiving, via the network, and storing a set of hashed information for each of a plurality of queries of the data set, each item of hashed information including a hash of a query and a hash of an expected result of executing the query using the server index; receiving, via the network, a query from a data requester to retrieve a set of data items from the data store and a hash of an expected result of executing the received query using the server index; generating a result of the received query for the data set based on the server index; and responsive to a comparison of a hash of the generated result, the received hash of the expected result, and the hashes of expected results in the set of hashed information, granting access for the requester to the data set.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computer implemented method of a network connected data storage system, the method comprising: receiving, via a network, and storing a data set including a plurality of data items encrypted using an index-based searchable encryption scheme, wherein the index-based searchable encryption scheme has associated a server index and a client index; receiving, via the network, and storing a set of hashed information for each of a plurality of queries of the data set, each item of the set of hashed information including a hash of a query and a hash of an expected result of executing the query using the server index; receiving, via the network, a query from a data requester to retrieve a set of data items from the network connected data storage system and a hash of an expected result of executing the received query using the server index; generating a result of the received query for the data set based on the server index; and responsive to a comparison of a hash of the generated result, the received hash of the expected result, and the hashes of expected results in the set of hashed information, granting access for the data requester to the data set. 2. The method of claim 1 , wherein access is granted if an item of hashed information in the set of hashed information is identified including a hash of an expected result matching the received hash of the expected result and matching the hash of the generated result. 3. The method of claim 1 , wherein the query received from the data requester has associated an identification of a location of the server index for providing the searchable encryption scheme, and granting access is further dependent on a determination that the server index is so located at the identified location. 4. The method of claim 3 , wherein the server index is stored in a data store separate from the data storage system. 5. The method of claim 4 , wherein the server index is stored in an inter-planetary file system (IPFS). 6. The method of claim 5 , wherein the identification of a location is a reference in an inter-planetary naming system (IPNS). 7. A non-transitory computer program element comprising computer program code to, when loaded into a computer system and executed thereon, cause the computer system to perform the method as claimed in claim 1 . 8. A computer system comprising: a processor and memory storing computer program code for: receiving, via a network, and storing a data set including a plurality of data items encrypted using an index-based searchable encryption scheme, wherein the index-based searchable encryption scheme has associated a server index and a client index; receiving, via the network, and storing a set of hashed information for each of a plurality of queries of the data set, each item of the set of hashed information including a hash of a query and a hash of an expected result of executing the query using the server index; receiving, via the network, a query from a data requester to retrieve a set of data items from the network connected data storage system and a hash of an expected result of executing the received query using the server index; generating a result of the received query for the data set based on the server index; and responsive to a comparison of a hash of the generated result, the received hash of the expected result, and the hashes of expected results in the set of hashed information, granting access for the data requester to the data set.
Assignees
Inventors
Classifications
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
for controlling access to devices or network resources · CPC title
implemented using Network-attached Storage [NAS] architecture (distributed or networked storage systems G06F3/067; protocols for distributed storage of data in a network H04L67/1097) · CPC title
Presentation of query results · CPC title
using file content signatures, e.g. hash values · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10951708B2 cover?
- A computer implemented method of a network connected data storage system, the method including receiving, via the network, and storing a data set including a plurality of data items encrypted using an index-based searchable encryption scheme, wherein the searchable encryption scheme has associated a server index and a client index; receiving, via the network, and storing a set of hashed informa…
- Who is the assignee on this patent?
- British Telecomm
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 16 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).