Patent Application Titled “Method And System For Dynamic Searchable Symmetric Encryption With Forward Privacy And Delegated Verifiability” Published Online (USPTO 20190278939)
2019 OCT 01 (NewsRx) -- By a
The assignee for this patent application is
Reporters obtained the following quote from the background information supplied by the inventors: “Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to the prior arty by inclusion in this section.
“The integration of cloud computing and Internet of Things (IoTs) is quickly becoming the key enabler for the digital transformation of the healthcare industry by offering comprehensive improvements in patient engagements, productivity and risk mitigation. In a typical e-healthcare setting, a group of wearable and/or implantable devices such as smart watches, bracelets, or pacemakers, which forms a wireless body area network (BAN), gathers key vital signals such as heart rate, blood pressure, temperature, or pulse oxygen from patients at home periodically. These information is aggregated into a single file known as personal health information (PHI) at an IoT gateway and then is forwarded to a cloud server for storage. Third party healthcare service providers (HSPs) can monitor patients’ PHI and provide timely diagnosis and reactions by submitting on-demand queries to a cloud storage. Although the increasing adoption of cloud computing and IoT services in healthcare industry help reduce IT cost and improve patient outcomes, this paradigm shift has raised security and privacy concerns such as data and security breaches that is vulnerable to malicious attacks, software bugs or accidental errors. In particular, the healthcare regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) explicitly require that PHI be secured even as it migrates to the cloud infrastructure.
“While simply encrypting PHI before outsourcing to the cloud can ensure the regulatory compliance of a healthcare system, it makes PHI utilization such as query submitted by third party HSPs particularly challenging. Conventional searchable encryption technology which allows encrypted documents to be searched as is by augmenting them with an encrypted search index is available. One example of the searchable encryption technology is static searchable symmetric encryption (SSE) which processes static datasets on encrypted database but does not support subsequent updates or dynamic datasets. Another example of the searchable encryption technology is dynamic SSE where a large static dataset is first processed and outsourced to the cloud storage, followed by a number of infrequent update operations. However, the dynamic SSE does not support forward privacy to prevent the cloud server from inferring sensitive information such as activity pattern or diet habit related to a patient based solely on observation of the stored encrypted indices to another data user and/or HSPs.
“Thus, there is a long felt need to improve the existing system and method.”
In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventors’ summary information for this patent application: “A summary of certain embodiments disclosed herein is set forth below. It should be understood that these aspects are presented merely to provide the reader with a brief summary of these certain embodiments and that these aspects are not intended to limit the scope of this disclosure. Indeed, this disclosure may encompass a variety of aspects that may not be set forth below.
“Embodiments of the disclosure related to a dynamic searchable symmetric encryption (DSSE) system and method with forward privacy and delated verifiability. The DSSE system includes an IoT gateway, a cloud network, and at least one HSP coupled to a cloud server via the cloud network. A user such as a patient is connected to the DSSE system via any number of client devices that are either portable and/or wearable. The IoT gateway aggregates periodically collected data into a single PHI file, extract keywords, build an encrypted index, and encrypt the PHI files. The encrypted index and PHI files are then transmitted to the cloud network having a cloud server for storage. For the cloud server to retrieve multiple or all file identifiers having specific keyword, a chaining scheme is provided to implicitly link tuples corresponding to the same keyword together. The cloud server then obtains all file identifiers by iterating such scheme until the key is .lamda.-bit of zero. The cloud server maintains a bloom filter (BF.sub.s) and puts each received encrypted keyword .sub.1(, w.parallel.cnt) into the bloom filter BF.sub.s. An authorized user generates a symmetric key r and is securely shared with the cloud server. All authorized users such that a search token of keyword w generated by authorized users be SE.Enc(r, ((, w.parallel.cnt)), .sub.cnt) and the cloud server can recover ((, w.parallel.cnt), .sub.cnt) with the stored r via SE.Dec, where SE is a secured symmetric encryption. The authorized users use the timestamp T together with the bloom filter BF.sub.c to generate the MAC. New file is periodically uploaded so that authorized users can use the timestamp T to assure the aggregate MAC is newly generated by the data owner. Authorized users may use at least one binary search to accelerate the guessing of the latest counter cnt.”
The claims supplied by the inventors are:
“1. A dynamic searchable symmetric encryption (DSSE) system comprising: a body area network (BAN) generates a first symmetric key (r); a health service provider (HSP) generates a search token of keyword (w) using a second symmetric key (r’) after the HSP is revoked; and a cloud network is communicatively coupled the HSP to the BAN; wherein the BAN updates the first symmetric key (r) to the second symmetric key (r’) after the HSP is revoked, the cloud network recovers the search token using the second symmetric key (r’).
“2. The DSSE system of claim 1 wherein the cloud network recovers a second search token using the first symmetric key (r) before the HSP is revoked, the second token is different from the first search token.
“3. The DSSE system of claim 2 further comprising a cloud server, the cloud server is configured to maintain a bloom filter (BF).
“4. The DSSE system of claim 3 wherein the BAN further generates a MAC using a timestamp T and the BF.
“5. The DSSE system of claim 3 further comprising a gateway configured to periodically collect data from at least one of HSP and BAN and aggregate the collected data in a single personal health information (PHI) file.
“6. The DSSE system of claim 5 wherein the gateway is further configured to perform at least one of the features including extract keywords from, build an encrypted index into, and encrypt the PHI files.
“7. The DSSE system of 6 wherein the gateway transmits the PHI file including the encrypted index to the cloud server for storage.
“8. The DSSE system of claim 7 wherein the cloud server is within the cloud network.
“9. The DSSE system of claim 8 wherein the HSP retrieves the BF from the cloud server using a secret key.
“10. The DSSE system of claim 5, wherein the BAN is a pacemaker, wrist health monitoring device, a watch, a bracelet, a ring, a patch, headband, a wristband, a chest hand, a glasses, a goggle, a hearing aid, an earpiece, or a headphone.”
For more information, see this patent application: Fan, Xinxin; Zheng, Qingji; Yang, Lei. Method And System For Dynamic Searchable Symmetric Encryption With Forward Privacy And Delegated Verifiability. Filed
(Our reports deliver fact-based news of research and discoveries from around the world.)
Fire repairs begin at Trail Blazer Building in Sharpsville
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News