`
`
`as) United States
`
`
`
`
`
`
`
`
`
`a2) Patent Application Publication co) Pub. No.: US 2013/0159694 Al
`
`
`
`
`
`
`
`
`Chiuehet al.
`(43) Pub. Date:
`Jun. 20, 2013
`
`
`
`
`US 20130159694A1
`
`
`
`
`
`
`
`(54) DOCUMENT PROCESSING METHOD AND
`SYSTEM
`
`
`
`
`
`
`
`(52) U.S. CL
`USPC wiecesssesctesseseseseecssseecsnecensensseseeansentes 713/150
`
`
`
`
`
`(75)
`
`
`
`;
`
`(73) Assignee:
`
`
`
`
`
`
`
`
`
`Inventors: Tzi-Cker Chiueh, Taipei City (TW);
`
`
`
`
`Dilip Simha, Bast Setauket, NY (US)
`
`
`INDUSTRIAL TECHNOLOGY
`
`
`RESEARCH INSTITUTE,Hsinchu
`
`(TW)
`
`
`
`
`
`
`(21) Appl. No.: 13/330,721
`
`
`
`
`
`(22)
`
`Filed:
`
`
`
`
`
`Dec. 20, 2011
`
`
`
`
`Publication Classification
`
`
`
`(51)
`
`
`
`
`
`Int. Cl.
`
`FOAL 9/00
`
`
`
`(2006.01)
`
`
`
`
`
`ABSTRACT
`(57)
`
`
`
`
`
`
`
`
`A document processing method and system are provided. A
`
`
`
`
`
`
`
`
`client divides at least one documentinto a plurality of docu-
`
`
`
`
`
`
`
`
`mentpages,and individually encrypts the document pages by
`
`
`
`
`
`
`
`
`
`a first key to obtain a plurality of encrypted pages. The client
`
`
`
`
`
`
`
`
`removesa part ofwords from the document pages to obtain a
`
`
`
`
`
`
`
`plurality of significant words, and individually encrypts the
`
`
`
`
`
`
`
`
`significant words by a second key different to the first key to
`
`
`
`
`
`
`
`obtain a plurality of encrypted significant words. The client
`
`
`
`
`
`
`
`
`records the encrypted significant words anda plurality offirst
`
`
`
`
`
`
`index information in a significant word set (SWS), where the
`
`
`
`
`
`
`
`
`first index information indicates a page in the encrypted pages
`
`
`
`
`
`
`
`
`where the encrypted significant word comes from. Then, the
`
`
`
`
`
`
`
`
`client transmits the encrypted pages and the SWSto a remote
`
`
`
`server for storage.
`
`
`
`
`
`a client divides a documentinto
`
`
`
`
`
`a plurality of document pages
`
`
`
`
`
`5905
`
`$210
`
`
`
`
`
`
`
`individually encrypts
`the client
`;
`
`
`
`the document pages by a first
`
`
`
`
`key to obtain a plurality of
`
`
`encrypted pages
`
`
`
`
`
`
`
`
`
`
`
`
`the client removes a part
`
`,
`
`
`
`
`of words in the document
`
`
`
`
`pages to obtain a plurality
`
`
`
`of significant words
`
`
`
`
`
`
`
`the client encrypts the significant
`
`
`
`
`
`words by a second key to obtain
`
`
`
`
`
`a plurality of encrypted significant
`
`words
`
`
`
`
`
`
`
`
`the client records the encrypted
`
`
`
`
`
`pluralit
`significant words and a
`
`; preyL_-$095
`
`
`
`
`
`index information in a
`of first
`
`
`
`
`significant word set
`(SWS)
`
`
`
`
`8215
`
`
`
`5990
`
`
`
`
`
`9230
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the client transmits the
`
`
`
`encrypted pages and
`
`
`
`
`the SWS to the remote
`
`
`
`
`
`server for storage
`
`Page 1 of 13
`
`Netskope Exhibit 101 1
`
`Page 1 of 13
`
`Netskope Exhibit 1011
`
`

`

`
`
`
`Patent Application Publication
`
`
`
`
`
`
`Jun. 20,2013 Sheet 1 of 5
`
`
`
`US 2013/0159694 Al
`
`
`
`
`
` 110
`
`
`
`
`
`
`
`
`
`
`
`FIG.
`
`
`1
`
`
`
`
`
`into
`a client divides a document
`,
`
`
`
`
`
`a plurality of document pages
`
`
`
`$205
`
`
`
`
`
`8215
`
`
`
`9220
`
`
`
`9225
`
`
`
`$210
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`individually encrypts
`the client
`the client removes a part
`
`
`
`
`
`
`
`
`
`the document pages by a firs
`of words in the document
`s+
`
`
`
`
`
`
`
`
`
`key to obtain a plurality of
`pages to obtain a plurality
`
`
`
`
`
`encrypted pages
`of significant words
`
`
`
`
`
`
`
`
`
`the client encrypts the significant
`
`
`
`
`
`words by a second key to obtain
`
`
`
`
`
`a plurality of encrypted significant
`
`
`words
`
`
`
`
`
`
`
`
`the client records the encrypted
`
`
`
`
`significant words and a plurality
`
`
`
`
`index information in a
`of first
`
`
`
`
`
`significant word set (SWS)
`
`
`$230
`
`
`
`
`
`
`
`
`
`
`
`
` the client transmits the
`
`
`
`encrypted pages and
`
`
`
`
`the SWS to the remote
`
`
`
`
`
`server for storage
`
`FIG. 2
`
`Page 2 of 13
`
`Netskope Exhibit 1011
`
`Page 2 of 13
`
`Netskope Exhibit 1011
`
`

`

`
`
`Patent Application Publication
`
`
`
`
`
`
`
`Jun. 20,2013 Sheet 2 of 5
`
`
`
`US 2013/0159694 Al
`
`
`
`
`
` the client encrypts a keyword
`
`
`
`
`
`by the second key to obtain
`
`
`
`an encrypted keyword
`
`
`
`
`
`
`
`
`
`
`
`
`transmits the encrypted
`the client
`
`
`
`
`keyword to the remote server
`
`
`
`$390
`
`
`
`
`
`
`
`
`
`
`
`9310
`
`
`
`9330
`
`
`
`9540
`
`
`
`
`
`
`
`
`
`
`the remote server searches the
`
`
`
`
`
`SWS according to the encrypted
`
`
`
`
`keyword to obtain first
`index
`
`information
`
`
`
`
`
`
`
`
`
`
`
`
`
`the remote server obtains a target
`
`
`
`
`
`
`encrypted page from the encrypted
`
`
`
`
`
`
`
`
`pages according to the first
`index
`
`
`information
`
`
`
`
`
`
`the remote server transmits the
`
`
`
`
`target encrypted page to the client
`
`
`
`9390
`
`
`
`
`
`
`
`
`
`the client uses the first key to
`
`
`
`
`decrypt
`the target encrypted page
`
`
`
`$360
`
`
`
`
`FIG. 3
`
`Page 3 of 13
`
`Netskope Exhibit 1011
`
`Page 3 of 13
`
`Netskope Exhibit 1011
`
`

`

`
`
`Patent Application Publication
`
`
`
`
`
`
`
`Jun. 20,2013 Sheet 3 of 5
`
`
`
`US 2013/0159694 Al
`
`
`
`
`
`the client performs stemming on a
`
`
`
`keyword to obtain a root
`
`
`
`
`
`
`
`
`the client encrypts the root by the second
`
`
`
`
`
`key to obtain an encrypted keyword
`
`
`
`
`
`
`
`the client transmits the encrypted
`
`
`
`
`keyword to the remote server
`
`
`
`
`
`
`
`
`
`
`
`the remote server searches the SWS
`
`
`
`
`
`
`according to the encrypted keyword,
`
`
`
`
`
`to obtain a plurality of candidate
`
`
`
`index information
`
`
`
`
`
`
`the remote server transmits the index
`
`
`
`
`
`information set
`to the client
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the client decrypts the candidate encrypted
`
`
`
`
`
`significant words by the second key to
`
`
`
`
`
`
`obtain a plurality of decrypted candidate
`
`
`
`
`
`
`
`words to facilitate a user selecting a target
`
`
`
`significant. word
`
`
`
`
`
`
`index information
`transmits target
`the client
`
`
`
`
`
`
`corresponding to the target significant word
`
`
`
`
`to the remote server
`
`
`
`
`
`
`
`the remote server obtains a target encrypted
`
`
`
`
`
`
`page from the encrypted pages according to
`
`
`
`
`the target
`index information
`
`
`
`
`
`
`the remote server transmits the
`
`
`
`
`target encrypted page to the client
`
`
`
`
`
`
`
`
`
`the client uses the first key to
`
`
`
`
`decrypt
`the target encrypted page
`
`FIG. 4
`
`
`
`
`
`S410
`
`S490
`
`
`
`$390
`
`
`
`9430
`
`
`
`S440
`
`
`
`$450
`
`
`
`5460
`
`
`
`94/0
`
`
`
`$350
`
`
`
`S360
`
`
`
`Page 4 of 13
`
`Netskope Exhibit 1011
`
`Page 4 of 13
`
`Netskope Exhibit 1011
`
`

`

`
`
`Patent Application Publication
`
`
`
`
`
`
`
`Jun. 20,2013 Sheet 4 of 5
`
`
`
`US 2013/0159694 Al
`
`
`
`
`a client divides a document
`
`
`
`plurality of document pages
`
`
`
`
`
`into a
`
`
`
`S905
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`individually encrypts
`the client
`the client removes a part of words
`
`
`
`
`
`
`
`
`
`
`S70 in the document pages to obtain af~S215
`the document pages by a first
`
`
`
`
`
`
`
`
`
`
`key to obtain a plurality of
`plurality of significant words
`
`
`encrypted pages
`
`
`
`S910
`$220
`|
`
`
`
`
`
`
`
`
`
`
`
`
`the client encrypts the significant
`the client removes a part of
`
`
`
`
`
`
`
`
`
`words by a second key to obtain
`words from the significant
`
`
`
`
`
`
`
`
`
`
`a plurality of encrypted
`words to obtain a plurality of
`
`
`
`
`
`
`significant words
`relevant words
`
`
`
`
`$520
`
`
`
`
`
`
`
`
`
`
`
`
`
`the client records the encrypted
`the client encrypts the relevant
`
`
`
`
`
`
`
`
`
`significant words and a plurality
`words by a third key to obtain
`
`
`
`
`
`
`
`
`
`
`
`
`index information in the
`of first
`a plurality of encrypted
`
`
`
`
`
`
`SWS
`relevant words
`
`
`
`
`5030
`
`
`
`
`
`
`
`the client records the encrypted
`
`
`
`
`
`
`relevant words and a plurality of
`
`
`
`
`
`second index information to a
`
`
`
`
`
`
`most relevant word set
`(MRWS)
`
`
`
`
`
`
`the client transmits the encrypted
`
`
`
`
`
`
`pages,
`the SWS and the MRWS
`
`
`
`
`
`
`to the remote server for storage
`
`
`
`
`
`
`
`
`FIG. 5
`
`Page 5 of 13
`
`Netskope Exhibit 1011
`
`Page 5 of 13
`
`Netskope Exhibit 1011
`
`

`

`
`
`Patent Application Publication
`
`
`
`
`
`
`
`Jun. 20,2013 Sheet 5 of 5
`
`
`
`US 2013/0159694 Al
`
`
`
`
`
`
`
`the client encrypts the keyword by the second
`
`
`
`
`
`key to obtain a first encrypted keyword
`
`
`
`
`
`
`
`
`
`the client encrypts the keyword by the third
`
`
`
`
`
`key to obtain a second encrypted keyword
`
`
`
`
`
`
`
`
`
`transmits the first encrypted
`the client
`
`
`
`
`
`
`keyword and the second encrypted keyword to
`
`
`
`the remote server
`
`
`
`
`
`
`
`the remote server searches the SWS according
`
`
`
`
`
`
`to the first encrypted keyword to obtain a
`
`
`
`first_search result
`
`
`
`
`
`
`
`
`
`the remote server searches the MRWS
`
`
`
`
`
`according to the second encrypted keyword
`
`
`
`
`
`to obtain a second search result
`
`
`
`
`
`5605
`
`
`
`S610
`
`S615
`
`
`
`$620
`
`
`
`9625
`
`
`
`
`
`
`
`
`
`
`the remote server transmits the first search
`
`
`
`
`
`
`
`
`result and the second search result to the client
`
`
`
`
`
`5630
`
`
`
`yes
`
`
`
`
`
`index
`transmits target
`the client
`
`
`
`information corresponding to the
`
`
`
`
`keyword to the remote server
`
`
`
`
`
`
`is
`the
`th
`
`
`
`second search result a
`
`
`
`
`subset of the first search
`
`result?
`5640
`
`
`
`$635
`
`
`
`
`
`no
`
`|
`
`
`S660
`
`
`
`
`
`
`the remote server is confirmed
`
`
`
`
`
`
`to perform an unfaithful query
`
`processing
`
`
`
`
`
`
`
`
`
`
`
`the remote server obtains a
`
`
`
`
`corresponding target encrypted page
`
`
`
`
`
`from the encrypted pages according to
`
`
`
`
`the target
`index information
`
`
`
`
`
`
`
`
`the remote server transmits the target
`
`
`
`
`encrypted page to the client
`
`
`
`
`
`
`
`
`
`the client uses the first key to decrypt
`
`
`
`
`the target encrypted page
`
`
`
`
`
`S645
`
`5650
`
`
`
`S655
`
`
`
`
`FI G. 6
`
`Page 6 of 13
`
`Netskope Exhibit 1011
`
`Page 6 of 13
`
`Netskope Exhibit 1011
`
`

`

`
`
`
`US 2013/0159694 Al
`
`
`
`Jun. 20, 2013
`
`
`
`DOCUMENT PROCESSING METHOD AND
`
`
`
`SYSTEM
`
`
`
`
`
`
`BACKGROUNDOF THE DISCLOSURE
`
`
`
`
`
`
`1. Field of the Disclosure
`[0001]
`
`
`
`
`
`
`
`[0002] The disclosure relates to a document processing
`
`
`
`
`
`
`
`method for storing a document to a remote server and a
`
`
`
`documentprocessing system.
`
`
`
`
`
`2. Description of Related Art
`[0003]
`
`
`
`
`
`
`
`
`[0004]
`In today’s information age, storage and processing
`
`
`
`
`
`
`
`
`of documents are important issues. Along with popularity of
`
`
`
`
`
`
`
`communication technology,
`the user probably wants to
`
`
`
`
`
`
`
`access, search or process a same documentatdifferent places
`
`
`
`
`
`
`
`
`and different time. By using a remote storage technique, a
`
`
`
`
`
`
`
`
`local client can store a plurality of documents in a remote
`
`
`
`
`
`
`
`storage server (RSS) through a communication network. For
`
`
`
`
`
`
`
`
`example, a cloud server could satisfy hnmungousdata storage
`
`
`
`requirements of multiple clients.
`
`
`
`
`
`
`[0005] Considering information security, the documents
`
`
`
`
`
`
`
`stored in the remote server would have to be encrypted. In
`
`
`
`
`
`
`
`
`orderto satisfy a data processing demand (for example, key-
`
`
`
`
`
`
`
`
`wordsearch, etc.) ofthe client, the remote server in a conven-
`
`
`
`
`
`
`
`tional documentprocessing system should have a decryption
`
`
`
`
`
`
`
`capability. For example,
`the conventional remote server
`
`
`
`
`
`
`
`should have a decryption key to convert an encrypted docu-
`
`
`
`
`
`
`
`
`
`
`ment into a plaintext, and then search the plaintext for the
`
`
`
`
`
`
`
`
`keyword. However, the remote serveris probably notreliable.
`
`
`
`
`
`
`
`
`
`
`In case that the remote server has the decryption capability,
`
`
`
`
`
`
`
`
`the client could not prevent an unfaithful query processing of
`
`
`
`
`
`
`
`
`
`the remote server. Namely, the documentstored in the remote
`
`
`
`server could be peeked/leaked.
`
`
`
`
`
`
`
`[0006]
`In another conventional document processing sys-
`
`
`
`
`
`
`
`
`
`
`tem, the remote server would not have the decryption capa-
`
`
`
`
`
`
`
`
`bility, so that the client should completely download each of
`
`
`
`
`
`
`the documents of a plurality of the encrypted documents, and
`
`
`
`
`
`
`
`then uses a key to decrypt the encrypted documents, so as
`
`
`
`
`
`
`
`perform data processing (for example, keyword searching,
`
`
`
`
`
`
`
`
`
`etc.). Therefore,
`in case of the humungous data storage
`
`
`
`
`
`
`requirements, the humungous encrypted documents consume
`
`
`
`
`
`a large amount of bandwidth resources.
`
`
`
`
`
`
`
`
`[0009] The disclosure provides a documentprocessing sys-
`
`
`
`
`
`
`
`
`tem including a remote server and a client. The client is
`
`
`
`
`
`
`connected to the remote server through a communication
`network. The client divides at least one document into a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`plurality of document pages, and individually encrypts the
`
`
`
`
`
`
`
`
`document pages by a first key to obtain a plurality of
`
`
`
`
`
`
`
`
`encrypted pages. Then, the client removes a part of words
`
`
`
`
`
`
`
`from the document pagesto obtain a plurality of significant
`
`
`
`
`
`
`
`words, and individually encrypts the significant words by a
`
`
`
`
`
`
`
`
`second key different to the first key to obtain a plurality of
`
`
`
`
`
`
`
`
`encrypted significant words. The client records the encrypted
`
`
`
`
`
`
`
`significant words anda plurality of first index information in
`
`
`
`
`
`
`
`
`a significant word set (SWS), and transmits the encrypted
`
`
`
`
`
`
`
`
`
`pages and the SWSto the remote server for storage, where the
`
`
`
`
`
`
`
`
`first index information indicates a page in the encrypted pages
`
`
`
`
`
`
`where the encrypted significant word comesfrom.
`
`
`
`
`
`
`
`[0010] According to the above descriptions, in the disclo-
`
`
`
`
`
`
`
`
`
`sure,the client respectively encrypts the document pages and
`
`
`
`
`
`
`
`
`
`the significant word set by using different keys, and then
`
`
`
`
`
`
`
`
`transmits the encrypted pages andthe significant wordset to
`
`
`
`
`
`
`
`
`
`
`
`the remote serverfor storage. Since the remote server does not
`
`
`
`
`
`
`
`
`
`
`
`have the keys, the remote server could not decrypt the docu-
`
`
`
`
`
`
`
`
`
`ment pages andthe significant word set. Moreover, since the
`
`
`
`
`
`
`
`
`
`
`keys used for encrypting the document pages andthe signifi-
`
`
`
`
`
`
`
`cant wordset are different, information security of the docu-
`
`
`
`
`
`
`
`mentstored in the remote server is enhanced.In addition, as
`
`
`
`
`
`
`
`
`
`the client extracts the encrypted significant wordsofthe docu-
`
`
`
`
`
`
`
`
`ment pages in advanceto producethe significant word set, the
`
`
`
`
`
`
`remote server could perform corresponding processing in an
`
`
`
`
`
`encryption-domain according to various processing require-
`
`
`
`
`
`
`
`ments (for example, keyword searching,etc.) of the client.
`
`
`
`
`
`
`
`[0011]
`In order to make the aforementioned andotherfea-
`
`
`
`
`
`tures and advantages of the disclosure comprehensible, sev-
`
`
`
`
`
`
`eral exemplary embodiments accompanied with figures are
`described in detail below.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`
`
`
`
`
`
`
`
`
`[0012] The accompanying drawingsare included to pro-
`
`
`
`
`
`
`vide a further understanding ofthe disclosure, and are incor-
`
`
`
`
`
`
`
`porated in and constitute a part of this specification. The
`
`
`
`
`
`
`drawings illustrate embodiments of the disclosure and,
`
`
`
`
`
`
`
`SUMMARY OF THE DISCLOSURE
`
`
`
`together with the description, serve to explain the principles
`of the disclosure.
`
`
`
`
`
`
`
`
`[0007] The disclosure is related to a documentprocessing
`
`
`
`
`
`
`
`[0013] FIG. 11safunctional block schematic diagram of a
`
`
`
`
`
`
`
`method and a document processing system, which improve
`
`
`
`
`
`documentprocessing system according to an embodimentof
`
`
`
`
`
`
`
`information security ofremote storage documents, and facili-
`the disclosure.
`
`
`
`
`
`
`
`
`
`
`tate a remote server to deal with various data processing
`
`
`
`
`
`
`[0014]
`FIG. 2 is a flowchart illustrating a documentpro-
`requirements.
`
`
`
`
`
`
`
`
`
`
`cessing method according to an embodimentof the disclo-
`[0008] The disclosure provides a document processing
`sure.
`
`
`
`
`
`
`
`method, which is described as follows. A client divides at
`
`
`
`
`
`
`
`
`least one documentinto a plurality of document pages, and
`
`
`
`
`
`
`
`individually encrypts the document pages bya first key to
`
`
`
`
`
`
`
`obtain a plurality of encrypted pages. The client removes a
`
`
`
`
`
`
`
`
`part ofwords from the documentpagesto obtain a plurality of
`
`
`
`
`
`
`
`significant words, and individually encrypts the significant
`
`
`
`
`
`
`
`
`words by a second key different to the first key to obtain a
`
`
`
`
`
`
`
`
`plurality of encrypted significant words. The client records
`
`
`
`
`
`
`
`
`the encrypted significant words and a plurality of first index
`
`
`
`
`
`
`
`information in a significant word set (SWS), where thefirst
`
`
`
`
`
`
`
`index information indicates a page in the encrypted pages
`
`
`
`
`
`
`
`
`where the encrypted significant word comes from. Then, the
`
`
`
`
`
`
`
`
`client transmits the encrypted pages and the SWSto a remote
`
`
`
`server for storage.
`
`
`
`
`
`
`
`FIG. 3 isa flowchart that a remote server processes
`[0015]
`
`
`
`
`
`
`a search requestof a client according to an embodimentofthe
`disclosure.
`
`
`
`
`
`
`
`FIG. 41s a flowchart that a remote server processes
`[0016]
`
`
`
`
`
`
`a search request of a client according to another embodiment
`of the disclosure.
`
`
`
`
`
`
`
`[0017]
`FIG. 5 is a flowchart illustrating a documentpro-
`
`
`
`
`
`cessing method according to another embodimentofthedis-
`closure.
`
`
`
`
`
`
`
`FIG. 6 is a flowchart that a remote server processes
`[0018]
`
`
`
`
`
`
`
`a search request of a client according to still another embodi-
`mentofthe disclosure.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 7 of 13
`
`Netskope Exhibit 101 1
`
`Page 7 of 13
`
`Netskope Exhibit 1011
`
`

`

`
`
`
`US 2013/0159694 Al
`
`
`
`Jun. 20, 2013
`
`
`
`DETAILED DESCRIPTION OF DISCLOSED
`
`
`EMBODIMENTS
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`obtain a plurality of encrypted significant words. Thefirst key
`
`
`
`
`
`
`CPS-KEYand the second key SWS-KEYare two different
`
`keys.
`
`
`
`
`
`
`
`[0019] FIG.1is a functional block schematic diagram of a
`
`
`
`
`
`
`
`
`
`
`
`
`
`[0023] After the step S220, a step $225 is executed, by
`documentprocessing system according to an embodiment of
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`whichthe client 110 records the encrypted significant words
`the disclosure. The document processing system includes a
`
`
`
`
`
`
`
`and a plurality offirst index informationin a significant word
`remote server 120 and aclient 110. The remote server 120 can
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`set (SWS), wherethe first index information indicates a page
`bea remote storage server (RSS), a cloud serveror other types
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`in the encrypted pages where the encrypted significant word
`of servers. The client 110 can be a personal computer (PC), a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`comes from. In some embodiments, the first index informa-
`notebook computer, a personal digital assistant (PDA), a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`tion may includeafile name ofthe documentand a page offset
`smart phone or other types of programmable devices. The
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`in the document. For example, a documentwith a file name of
`client 110 is connected to the remote server 120 through a
`
`
`
`
`
`
`
`
`communication network 10.
`
`
`
`AA is divided into 5 pages, and a significant word “home”is
`
`
`
`
`
`
`extracted from a third page of the document AA (i.e. a third
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`[0020]
`FIG. 2 is a flowchart illustrating a documentpro-
`page ofencrypted pages), so that the first index information of
`
`
`
`
`
`
`
`
`
`
`
`
`cessing method according to an embodimentof the disclo-
`the significant word “home”includes “AA, 3”.
`
`
`
`
`
`
`
`
`
`sure. Referring to FIG. 1 and FIG. 2, before the client 110
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`[0024] After the step S225 is completed, a step $230 is
`transmits one or a plurality of text documents to the remote
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`executed, by which the client 110 transmits the encrypted
`server 120 through the communication network 10 for stor-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`pages and the SWSto the remote server 120 for storage. The
`age, the client 110 performsthe steps shown in FIG.2. In step
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`remote server 120 stores the encrypted pages into a database
`$205, the client 110 divides each of the documents into a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`after receiving the encrypted pages. After the remote server
`plurality of document pages. For example, the client 110
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`120 receives the SWS, the remote server 120 logs/joins each
`breaks a documentinto a plurality of pages, and each of the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`of the encrypted significant words and the corresponding
`pages has a size of 128 KB. Then,in step S210,the client 110
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`index information in the SWSto a global search index (GSI)
`individually encrypts the documentpagesbya first key CPS-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ofthe remote server 120. For example, the GSI includes a key
`KEYto obtain a plurality of encrypted pages. The encrypted
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`field and a value field, where the key field records the
`pages are respectively assigned with a unique identification
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`encrypted significant words, and the value field records the
`(ID). In the present embodiment, the client 110 individually
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`first index information. The GSI is implemented by using
`compresses the documentpagesto obtain a plurality of com-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`some standard open source utilities (for example, Lucene of
`pressed pages, and individually encrypts the compressed
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Apache). Each of the encrypted significant words in the GSI
`pages by the first key CPS-KEY to obtain the encrypted
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`is mapped to the corresponding index information, and the
`pages. In other embodiments, in the step $210, the client 110
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`remote server 120 can find the corresponding encrypted page
`probably does not compress the documentpages, instead, the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`from the database according to the index information.
`client 110 may directly encrypt the document pages by the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`first key CPS-KEY to obtain the encrypted pages. The
`[0025]
`FIG. 3 is a flowchart that the remote server 120
`
`
`
`
`
`
`
`
`
`
`
`
`
`encrypted and compressed pagesare one-by-one arranged in
`processes a search request of the client 110 according to an
`
`
`
`
`
`
`
`
`
`embodiment of the disclosure. When the client 110 is to
`
`
`
`
`
`
`
`a hugefile, which is referred to as a compressed page
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`sequence (CPS). Then, the client 110 transmits the encrypted
`search a certain keyword KW, in step S310, the client 110
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`pages (the CPS) to the remote server 120 for storage (step
`encrypts the keyword KW by the second key SWS-KEYto
`
`
`
`
`
`
`
`
`
`S230).
`obtain an encrypted keyword. Then,the client 110 transmits
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the encrypted keyword to the remote server 120 (step S320).
`[0021] Moreover, after the step $205, the client 110 further
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`The remote server 120 searches the SWS according to the
`executes a step S215. In the step $215, the client 110 removes
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`encrypted keyword, i.e. searches the GSI to obtain the index
`a part of words from the document pages that are still not
`
`
`
`
`
`
`
`
`
`
`
`
`information corresponding to the encrypted keyword (step
`encrypted to obtain a plurality of significant words. Namely,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`$330). If the remote server 120 can find the encrypted key-
`the client 110 identifies a plurality ofmeaningful words in the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`word from the SWS, the remote server 120 obtainsat least one
`documentpages. In some embodiments,in the step $215, the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`target encrypted page from the encrypted pages stored in the
`client 110 can removearticles (for example, “a’’, “an” and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`database accordingto the index information corresponding to
`“the”, etc.) and other basic grammar words (for example,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the encrypted keyword (step S340). Then, the remote server
`“to”, “for” and “with”, etc.) from the document pages to
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`120 transmits the target encrypted page to the client 110 (step
`obtain the significant words. In some other embodiments, in
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`$350). It should be noticed that in the step S350, the remote
`the step S215,after the client 110 removesthe articles and the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`server 120 transmits a part of the encrypted pages ofthe text
`basic grammar words from the documentpages to obtain a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`document to the client 110 without transmitting all of the
`plurality of original words, the client 110 further performs
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`encrypted pages of the text documentto the client 110.
`stemming on the original words to obtain the significant
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`words. The stemmingis to convert a single word into a root
`[0026] After the client 110 receives the target encrypted
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`according to a Porter algorithm or other algorithms, for
`page from the remote server 120, the client 110 usesthefirst
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`example, convert
`the words “retrieve”, “retrieval” and
`key CPS-KEY to decrypt the target encrypted page (step
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`“retrieving”, etc. into a same root “retriev”, and for another
`$360). In some embodiments, if the document pagesarefirst
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`example, convert the words “have”, “having” and “had”,etc.
`compressed and then encrypted in the step $210 of FIG.2, in
`into a sameroot “hav”.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the step S360 of FIG.3, the client 110 first decrypts the target
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`[0022] Therefore, according to the step S215, regarding a
`encrypted page and then performs decompression to convert
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`documentwith 10000 words, about 500 significant words can
`the target encrypted page into a plaintext document page.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`be extracted there from. After the step S215 is completed, a
`After the plaintext documentpage is obtained, the client 110
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`step S220 is executed, by which the client 110 individually
`performsdata processing (for example, a detailed search) ofa
`
`
`
`
`
`
`
`
`
`encrypts the significant words by a second key SWS-KEYto
`subsequentstage.
`
`Page 8 of 13
`
`Netskope Exhibit 101 1
`
`Page 8 of 13
`
`Netskope Exhibit 1011
`
`

`

`
`
`
`US 2013/0159694 Al
`
`
`
`Jun. 20, 2013
`
`
`
`
`
`
`
`
`
`
`
`[0027] According to the above descriptions, the client 110
`
`
`
`
`
`
`uses different keys CPS-KEY and SWS-KEYto respectively
`
`
`
`
`
`
`
`
`
`encrypt the document pages and the SWS,and then transmits
`
`
`
`
`
`
`
`
`
`the encrypted document pages and the SWSto the remote
`
`
`
`
`
`
`
`
`
`
`
`server 120 for storage. Since the remote server 120 does not
`
`
`
`
`
`
`
`have the keys CPS-KEY and SWS-KEY, the remote server
`
`
`
`
`
`
`
`
`
`120 cannot decrypt the encrypted document pages and the
`
`
`
`
`
`
`
`
`
`SWS. Moreover, since the key CPS-KEY usedfor encrypting
`
`
`
`
`
`
`
`
`
`
`the documentpages and the key SWS-KEYusedfor encrypt-
`
`
`
`
`
`
`
`ing the SWSare different, information security of the docu-
`mentstored in the remote server 120 is enhanced.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`[0028]
`In addition, as the client 110 extracts the encrypted
`
`
`
`
`
`
`
`
`significant words of the document pages with a large data
`
`
`
`
`
`
`
`
`amount to produce the SWS with a small data amount in
`
`
`
`
`
`
`
`
`advance, the remote server 120 can perform corresponding
`
`
`
`
`
`
`
`
`
`processing on the SWS with the small data amount in an
`
`
`
`
`
`encryption-domain according to various processing require-
`
`
`
`
`
`
`
`
`ments (for example, keyword searching,etc.) ofthe client 110
`
`
`
`
`
`
`
`
`without searching the encrypted pages with a huge data
`
`
`
`
`
`
`
`amountfrom the database. Therefore, the operation efficiency
`
`
`
`
`
`
`
`
`of the remote server 120 can be effectively improved. More-
`
`
`
`
`
`
`
`
`
`
`over, the remote server 120 transmits back a part of the
`
`
`
`
`
`
`
`
`encrypted pages of the text documentto the client 110 other
`
`
`
`
`
`
`
`than transmits back the entire encrypted text document(orall
`
`
`
`
`
`
`
`
`of the encrypted pages)to the client 110, so that a bandwidth
`
`
`
`
`
`resource of the communication network can be effectively
`saved.
`
`
`
`
`
`
`
`
`
`FIG. 4 is a flowchart that the remote server 120
`[0029]
`
`
`
`
`
`
`
`processes a search request of the client 110 according to
`
`
`
`
`
`another embodimentof the disclosure. Related descriptions
`
`
`
`
`
`
`
`of the embodimentof FIG.3 can bereferred for descriptions
`
`
`
`
`
`
`ofthe embodimentofFIG.4. In some embodiments, when the
`
`
`
`
`
`
`
`
`client 110 is to search a keyword KW, if the stemming is
`
`
`
`
`
`
`
`
`performedin the step $215 of FIG.2, a step S410 of FIG. 4 is
`
`
`
`
`
`
`
`required to be performed, by which the client 110 performs
`
`
`
`
`
`
`
`stemming on the keyword KW to obtain a root thereof. After
`
`
`
`
`
`
`
`
`
`
`the root of the keyword KW is obtained, the client 110
`
`
`
`
`
`
`
`
`encrypts the root by the second key SWS-KEY to obtain an
`
`
`
`
`
`
`
`
`
`encrypted keyword (step $420). Then, the client 110 trans-
`
`
`
`
`
`
`
`
`
`mits the encrypted keyword to the remote server 120 (step
`
`S320).
`
`
`
`
`
`
`
`
`
`[0030] After the remote server 120 obtains the encrypted
`
`
`
`
`
`
`
`
`
`keyword, the remote server 120 searches the SWSaccording
`
`
`
`
`
`
`
`
`
`to the encrypted keyword, 1.e. searches the GSI to obtain a
`
`
`
`
`
`
`plurality of candidate index information corresponding to the
`
`
`
`
`
`
`
`
`encrypted keyword (step $430). The candidate index infor-
`
`
`
`
`
`
`mation corresponding to the encrypted keyword forms an
`
`
`
`
`
`
`
`
`index information set, where the index information set
`
`
`
`
`
`
`includesa plurality of candidate encrypted significant words
`
`
`
`
`
`
`
`
`and a plurality ofthe candidate index information. The remote
`server 120 transmits the index information set to the client
`
`
`
`
`
`
`
`
`
`
`
`
`110 (step S440).
`
`
`
`
`
`
`
`
`[0031]
`Insome embodiments, the remote server 120 counts
`
`
`
`
`
`
`
`occurring times of the encrypted keywordtransmitted to the
`remote server 120 from the client 110 or other clients. There-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`fore, in step S440, the remote server 120 ranks the index
`
`
`
`
`
`
`information set according to a most frequently occurring
`
`
`
`
`
`
`
`
`keyword in the SWSof the remote server 120, 1.e. according
`
`
`
`
`
`
`
`to a searching frequencyor times of the keyword in the SWS
`
`
`
`
`
`
`
`
`
`(the GSI), and transmits the ranked index information set to
`the client 110.
`
`
`
`
`
`
`
`
`
`
`
`[0032] The client 110 decrypts the candidate encrypted
`
`
`
`
`
`
`
`significant words by the second key SWS-KEYto obtain a
`
`
`
`
`
`
`
`
`plurality of decrypted candidate words (step $450), and the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`user can select a target significant word from the decrypted
`
`
`
`
`
`
`
`
`candidate words. After the user selects the target significant
`
`
`
`
`
`
`
`
`word, the client 110 transmits target index information cor-
`
`
`
`
`
`
`responding to the target significant word in the candidate
`
`
`
`
`
`
`
`
`index information to the remote server 120 (step S460).
`
`
`
`
`
`
`
`[0033] According to the target index information transmit-
`
`
`
`
`
`
`
`
`
`
`ted from the client 110, the remote server 120 obtains a
`
`
`
`
`
`
`
`corresponding target