CN102782692A - System, apparatus and method for encryption and decryption of data transmitted over a network - Google Patents

System, apparatus and method for encryption and decryption of data transmitted over a network Download PDF

Info

Publication number
CN102782692A
CN102782692A CN2010800637842A CN201080063784A CN102782692A CN 102782692 A CN102782692 A CN 102782692A CN 2010800637842 A CN2010800637842 A CN 2010800637842A CN 201080063784 A CN201080063784 A CN 201080063784A CN 102782692 A CN102782692 A CN 102782692A
Authority
CN
China
Prior art keywords
text
processing
input
conversion
input text
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2010800637842A
Other languages
Chinese (zh)
Inventor
B·马特兹科尔
M·塔尔
A·拉哈夫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vaultive Ltd
Original Assignee
Vaultive Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vaultive Ltd filed Critical Vaultive Ltd
Publication of CN102782692A publication Critical patent/CN102782692A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Document Processing Apparatus (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A method and system for securing data transmitted between a client device and a server by obtaining input text at an intermediate module, processing the input text to obtain processed text, deciding whether to transform the input text deterministically or non-deterministically, or a combination of deterministically and non-deterministically, and based on that decision, transforming the input text accordingly, using at least one key to obtain processed text, and transmitting the processed text to the server. Other embodiments and features of the invention include (independently or together) searching for processed text, allowing for sorting of processed text records by applying an order-preserving transformation, storing unabridged processed elements in a storage device managed by the intermediate module, providing a function by the intermediate module on the input data in lieu of the server, and processing the processed text so as to determine by the intermediate module a transformation applied by the server on input text.

Description

Transmit system, the apparatus and method of the encryption and decryption of data on the network
Background technology
The Internet and WWW allow company and tissue to offer trade company and individual to the service in the document such as the network application of digital form, and they can and utilize these services with personal computer and web browser access.Make such document and exactly use through network and can use, be called as software in typical case and promptly serve (SaaS).Some instance of the application that can provide with the form of SaaS is Email, instant messaging, usefulness instrument, customer relation management, Enterprise Resources Planning, human resources application, blog, social network sites etc.
This model has intrinsic security risk.User data such as message, user logging and Corporate Finance, is stored on the remote server, and the user data supplier is uncontrollable.Storage individual or company information is exposed in many risks the data owner on remote server, and means that the owner of this information must trust the entity of the computer system that has this information of host and the network of link information owner and this host system.
For example, generally well-known its client of solution requirement of accounting software transmits accounting information with on the server that is stored in solution provider.In such system, the client must entrust accounting information to solution provider, thereby has abandoned the control to a certain degree to its confidentiality and integrality.
In some software application, use various encipherment schemes, feasible anyone who does not have suitable decryption method or key can't understand these data.For example, application provider can authorize and/or require information owner socket layer safe in utilization (SSL) to encrypt or another kind of method is encrypted in the data that transmit between client computer and the main frame.This has just prevented the data itself during ISP (ISP) and other potential earwigs see transmission.Correspondingly deciphering after the application of data in arriving main frame, owner's clear data can observed and operate in hosts applications provider.But, this method makes sensitive data be exposed to hosts applications provider.
7,165, No. 175 United States Patent (USP)s have been described the apparatus and method of a plurality of parts of optionally encrypting the data of sending through network between client computer and the server.Said device comprises resolver, is used for the first of mask data and the second portion of data; Encryption device is used for the only first of enciphered data; And the merging device, be used for merging the second portion of the first of ciphered data and data.Said device further comprises the decryption device that is installed in client computer, is used for ciphered data is partly deciphered.
PCT patent publication No. WO01/047205 discloses and has used the reinforcement computer network of downloaded software object to encrypt.The method and system that this part application is described is used for protecting process network server computer to be linked to the extremely sensitive finance that transmission comprised and other data of the public network of remote client such as the WWW.Through all sensitive communications between the webserver and the client computer being confirmed (normally strong) particular encryption standard of expectation; And through encrypt the ability of such standard from automatic download of network server to client machine and to client computer " propelling movement "; And in the web browser of client computer, software object, carry out; To carry out encrypt/decrypt task,, client computer is not difficult to guarantee such strong encryption even not having the strong encryption ability at the beginning according to selected standard yet.
A problem trustship SaaS being used these modes of use is; Such application requirements operation information such as data; In order to make it can be used for operating, be unencrypted, so that allow by application provider's operation information through network; Thereby make data exposed in application provider, and make that otherwise data subject to safety problem during operation.
Description of drawings
According to following detailed description, above purpose, feature and advantage with other of the present invention will become more obvious together with accompanying drawing.In the accompanying drawings, similarly Reference numeral in different figure all the time representation class like key element.
Fig. 1 has showed the system that comprises according to the intermediate module and the environment thereof of the embodiment of the invention;
Fig. 2 has showed according to the embodiment of the invention, the data stream from the client terminal to the network node;
Fig. 3 has showed according to the embodiment of the invention, the data stream from the network node to the client terminal;
Fig. 4 has showed the method according to the enciphered data of the embodiment of the invention, allows server end search and index ciphered data;
Fig. 5 has showed standardisation process and the instance that comprises the input text of sentence;
Fig. 6 has showed according to the embodiment of the invention, handles the instance of word;
Fig. 7 has showed the method according to the enciphered data of the embodiment of the invention, allows server end sorting ciphered data;
Fig. 8 has showed according to the embodiment of the invention, produces the method that order is preserved function;
Fig. 9 has showed according to the embodiment of the invention, uses the instance of three order that produced preservation encryption functions of three different key words;
Figure 10 has schematically showed in embodiments of the present invention, the data stream of the user data search of encryption enabled.
Embodiment
In following detailed description,, a lot of specific detail have been set forth for thorough understanding of the present invention is provided.But, it will be apparent to one skilled in the art that do not have these specific detail also can put into practice the present invention.In other instances,, well-known method, process and assembly are not described in detail for fear of making indigestion of the present invention.
Normal flow
With reference to figure 1, it has showed a system, comprises intermediate module 200 and environment thereof according to the embodiment of the invention, and the data stream from the client module of workstation 230 to the application service provider of network node 260.
Intermediate module 200 can comprise blocking module 210 and data protection module 220.Intermediate module 200 can be connected to client terminal 230 as credible workstation with moving, and is connected to network node 260 like the application service provider via network such as public network 250.Should be appreciated that Fig. 1 is an example embodiment of the present invention, and other network configuration also are possible.For example, credible workstation 230 can for example chain operation ground at credible workstation and connect with intermediate module 200 away from each other.
For example, credible workstation 230 can be connected to and comprise a plurality of intermediate modules that are used for a plurality of mechanisms, and on public network, reconciles they and one or more application service providers' data traffic.
Will be appreciated that; From start to finish all middle module is quoted in the application; But; This module can reside on the client devices, at the gateway server place, as with prerequisite that client devices is associated under, or with the server place that separates of credible client machine equipment and insincere server communication.
Therefore, for example, blocking module and/or data protection module can be installed on the credible workstation, can be used as browser plug-in, can be used as operation system driver or module, can be used as software library and can be used as another component software.
In another example, can intermediate module just in time be placed on the front end of insincere application program, all pass through this intermediate module in these whole visits to this insincere application program.
In another instance, intermediate module can be a server separately, and client module transmits the input data to it, and it is sent to insincere server with the data of handling again.
Credible workstation 230 can be a client computers, and client component 240 has been installed on it, and it can be interactive with intermediate module.Client component 240 can be the web application HTML form of in web browser, moving, and network node 260 can be the HTTP webserver of SaaS provider.Client component 240 can comprise the API client software, and as replenishing or alternatively any other method of remote access network node 260.
The data that the terminal user can use client component 240 inputs, retrieval and operation to attempt to pass to network node 260 are perhaps from its data retrieved.The terminal user can comprise end user who utilizes ageng (like web browser) and the active agency that uses client computer API.
Input (being untreated) text from credible workstation 230 can be tackled or otherwise received to the blocking module 210 of intermediate module 200, and provide input text to handle to data protection module 220.Blocking module 210 can be tackled the data that between client component 240 and network node 260, flow, and can revise it, and can disturb normal streams data.For example, blocking module can trigger and differentiate session so that definite terminal user can visit the data of storage in network node 260.Blocking module 210 can be network agent server (perhaps by its execution).
Data protection module 220 can receive input text and optionally handle.Be not selected as the input text that to handle and can be used as untreated text and be sent to network node 260 and operate and/or be stored in the storage system 270, handle in fact or carry out processing still less than the text of selecting to handle.For the text that will handle, data protection module 220 can be handled input text so that the text of processing to be provided, and can it be offered insincere application service provider 260 on public network 250 and be used for storage, operation etc.So according to embodiments of the invention, thereby application service provider 260 can not receive untreated text, but the text of storage and operational processes.As following introduction, processing can comprise application searches and/encryption mode that sorting is launched, thereby the text data of encryption is provided.According to embodiments of the invention, processing is ciphertext optionally, selects which kind of input text is sent to application service provider 260 with forms of treatment, and which kind of input text is transmitted with untreated form.
Be to be understood that; Intermediate module 200 can comprise one or more server, one or more workstation, one or more personal computer, one or more portable computer, one or more media player, one or more personal data accessory, one or more integrated circuit, and/or one or more printed circuit board (PCB)s, specialized hardware and combination thereof.
Data stream is intervened
Intermediate module 200 can comprise or provide encrypting and/or deciphering replenishes or function incoherent with it, and the normal messages that can change between client's the insincere application 2 60 of credible workstation 230 and server flows.Such supplementary functions can have the effect that server side functionality loss that encryption is caused compensates.
According to embodiments of the invention; Intermediate module can receive input data from client devices, the said input data of interception etc.; As prevent or otherwise do not allow to import data to be sent to server, and intermediate module can provide otherwise correlation function that server will provide the input data.For example, intermediate module can produce at least one message to client devices according to the result of this function.
According to some embodiment of the present invention; Intermediate module can obtain the response to said at least one message from said client devices; According to said response, handle the input text of this input text, and the input text of handling is sent to server to obtain handling.
For example, server can be checked the spelling of input text prevailingly and to the user feedback message is provided, for example, point out the speech of misspelling and the correction of suggestion.But, when the text of server reception was encrypted, according to embodiments of the invention, server was not having under the text situation of decryption processing, possibly can't carry out spell check.So according to embodiments of the invention; Intermediate module can provide additional function; For example, input text is carried out spell check, and can feedback message be provided to the user; Like the result that the input data are carried out spell check, perhaps do not detect the message of mistake such as the spelling correction of error messages, suggestion.
In one embodiment of the invention; Such supplementary functions can comprise the function of search of replacing server end; For example, the searching request of being made by client computer through the copy and the response of storaging user data (or its part) is searched for it in intermediate module.
In an embodiment of the present invention, such supplementary functions can comprise that the discriminating session that triggers earlier between client computer and the intermediate module allows the encrypted and deciphering of user data again.
In an embodiment of the present invention, such supplementary functions can comprise to be checked the input data layout, and if suitable, for example, if the input data are first forms, then requesting clients is sent information with second form that is different from first form.Such reception and/or the request form can comprise, for example, (a) the incremental encoding form of input text; Wherein only transmit difference with the known version of input text; (b) the complete version of input text, the input text that (c) in the particular document form, comprises, or its combination.For example, the input data possibly receive with the form of incremental encoding, and intermediate module can be asked the input data with complete input text form.Other instances of particular document form include, but are not limited to PDF, DOC, HTML etc.
According to embodiments of the invention, can be with the text storage of handling network node 260 for example in storage system 270, and remotely operation on public network 250.As following introduction, this processing can be so that can launch search and/or sorting on the text of handling, and its mode is applied as transparent by trusted users and/or insincere server or does not perceive, data that needn't decryption processing at the application service provider place.In following introduction, storage system 270 is represented by database sometimes; But will be appreciated that storage system 270 can be any suitable stored digital framework, and can be stored on any suitable hardware, like raid-array (RAID) etc.
So shown in the displaying property data stream of Fig. 1, credible workstation 230 can provide untreated input data such as " Acme Corp. ", use by application service provider 260.Input text can for example be tackled by blocking module 210 at intermediate module 200, and is handled by data protection module 220.Data protection module 220 can be treated to one or more indivedual unit-in-contexts that are called as token with input text; And the data that the control possibility is encrypted; Be schematically depicted as the data " DHFOEFRGEJIC " of processing; And on network 250, the data of handling are sent to insincere application service provider 260, it can and/or be stored in the database 270 by user's operation at this.Should be appreciated that " DHFOEFRGEJIC " is that schematically any suitable AES can use, and for example, causes any glossary of symbols.As following introduction, according to one embodiment of present invention, can use non-latin script character or symbol, for example Chao Wen or Chinese symbol.
Fig. 2 is carried out reference, and it has been showed according to the embodiment of the invention, 260 the broad sense data stream from client terminal 230 to the application service provider.The terminal user can provide not encrypted input text (clear text).The input data can transmit to network node 250 from client terminal 230, and by blocking module 210 interceptions.Blocking module 210 can offer data protection module 220 with input text, and it handles the input data so that the data of processing to be provided, and wherein said processing comprises at least a portion of encrypting input text.The data of handling can be sent to blocking module 210 then, and it transmits it again on public network 250.The data of handling can be received by network node 260, are used like the SaaS application operating by certain, and are stored in the database 270.Should be appreciated that the input data can be to be stored in new in the storage system 270 or upgrade after data, it also can be any data that offer the SaaS application program for true-time operation, for example certain order is like one or more parameters of search command.
Fig. 3 is carried out reference, and it has been showed according to the embodiment of the invention, 230 the data stream from network node 260 to client terminal.Such process can be started at workstation 230 by the user, and mode is for making retrieval or searching request.The parameter of being asked can be passed through processing like the item that will be searched for, as above introduction together with Fig. 2, and in the data that the application of network node 260 can be searched for or sorting is handled, might be based on the parameter of the processing that is provided.Network node 260 can retrieval process data, for example response retrieval or searching request, the data of wherein handling can comprise the part of some encryption.The data of handling can be sent to client terminal 230 on public network 250.Blocking module 210 can intercept process data, and it is offered data protection module 220, so that any enciphered data in the data that identification is handled.Any enciphered data that identifies can be deciphered, and offers blocking module 210 with restore data communication.Blocking module 210 can be transmitted to client component 240 so that show to the user with untreated data (clear data after the deciphering).
Common tokenization and standardization
That can ask on network node 260 operation should be used for searching for data and the return results of having stored.Figure 10 has schematically showed in embodiments of the present invention, starts the data stream of the user data search of encrypting.
At first, client computer 240 can be imported data and make storage request several times through 200 pairs of insincere application 2s 60 of intermediate module.The input of intermediate module encrypting user, but make each word that can search for all be mapped on the search of encryption, but but make the search of each input all have the search of the encryption of a strict correspondence.But the search of encrypting can be by standardization before encryption.
For example, in Figure 10, word " BAD ", " Bad " and " bad " all are encrypted as the word " cccc " of encryption, so search " bad " provides the result who comprises " BAD " and " Bad ".
In Figure 10, word " the " and " a " are considered to search for, so do not produce the token of searching for of independent encryption.On the contrary, word " dog " and " cat " but be mapped as search " eeee " and " bbbb " of encryption respectively.But to search with can not search keep the information of capital and small letter mark to be comprised among crypto token " ZZZytuv " and " ZZZabcd ".
Fig. 4 is carried out reference, and it is according to the embodiment of the invention, is designed to start the schematic presentation of the data processing method 100 of server end search and/or index user version data.Method 100 can for example be used by the data protection module of above introduction by intermediate module.Should be appreciated that the method that receives the data of handling and be converted into untreated data can be the inverse approach of institute's introduction method in essence.
Method 100 began by receiving input message in the stage 110, the intermediate module that for example is connected by operation ground between client terminal and the network node.
In the stage 111, this method can identify each data cell that will be processed in the input message.For example, input message can comprise file-name field, surname field and document body field.
In the stage 112, this method can at first obtain untreated data cell in the stage 113 to all data cell iteration that is identified, and selects whether to handle the data cell that is obtained then.The data cell of handling can be handled individually or jointly.
In the stage 114, this method can judge whether to handle these input data then.The input data that are not modified are retained (stage 130).In the stage 115, this method can confirm to import the data cell text whether and/or which part should handle.For example; The part that should not encrypt in the input text possibly comprise that the search connector is such as " OR ", " AND "; Perhaps special-purpose important text mark such as " { important} " perhaps " location ", shows the server process of the Special Category that will carry out data.
For the input text that will be processed, this method proceeds to the stage 116, and input text is broken down into each unit-in-context (the process this paper that confirms token from input text is called tokenization) that is called token therein.Will be appreciated that; Tokenization is optional; And method 100 can comprise that (a) will all import data and be encrypted as single token together, (b) encrypts dividually and is confirmed as the input data that are suitable for encrypting, so that the token of a plurality of processing to be provided; Wherein the token of each processing is represented one section input text, perhaps (c) above-mentioned combination.
This method may proceed to the stage 117 then, and wherein some input token can be identified as and should not search for.For example, the criterion of confirming each independent word can be tabulation, the word of predefine word tabulate frequently such as the threshold value word in the English dictionary list of frequency frequently, length or its combination of word.
In the stage 118, this method can be extracted to searching for unessential information, for example from searching for the input token: the capital and small letter of letter, the diacritics of letter, separation, Unicode character combination or the decomposition (as being defined by the Unicode standard) of hyphen.The information of extracting can be stored in position separately and use in order to the later stage, and can be placed on and be called in the output token of controlling token.The text token can be converted into the standardized form that does not comprise institute's information extraction.This paper claims that this process is standardization.Will be appreciated that standardization is optional, and can carry out in any suitable manner.
In the stage 119, the bit table of the full detail unit that this method can obtain to encrypt reaches, comprise can search for token, from can searching for information that token extracts and other parts of input, with use the password encryption program encryption it.Information unit can be classified as maybe can not searching for of can searching for.The information unit that can not search for can be combined or separate.The order that can search for token in the input text can change, and can add the expression of original order to can not search for information unit.
In the stage 120, this method can access to your password encipheror such as AES or des encryption information unit.
In the stage 121, this method can reach the bit table of encrypting and convert the output unit-in-context into, comprises the character string of taking from character set, and for example, the predefine continuous part of one or more Unicodes is as following more detailed introduction.This character set can be deciphered with help by predefined.
In the stage 122, the input data cell in the input message can be used in the output text replacement that the stage 121 obtains.
The present invention can continue the application stage 112-122 of input unit to whole identifications, then the message of handling is sent to the network node (stage 131) that reception server is used.
Tokenization
As above introduction, data processing method can comprise tokenization, and it can comprise many steps again.Should be appreciated that some step of being introduced together with following token displaying is optional.Moreover, it is also understood that tokenization, is the data-switching of the processing of tokenization untreated data promptly, can be the inverse approach of institute's introduction method in essence.
For the search on the user data that is enabled in encryption, input text can be divided into many sections in being called the process of tokenization.The section of preserving each searchable item is called as (untreated) input token, and wherein importing token is complete word in typical case.The input section that is not token is added to certain information set, and it is called as can not the search information collection.Section like this can comprise punctuation mark, space character and other characters.
Together with tokenization, can several words be combined as single token, single word also can be separated into two or more formation tokens.For example, the plurality of compound word can be broken down into token " white " and " board " that can search for respectively like " whiteboard ".For example, do not use space or another kind of unique character in penman text, to make word separately usually such as the language of Chinese or Japanese, thereby single input in Chinese text can be broken down into several input tokens.The such combination or the indication of decomposition can be added to the information set that can not search for.
Tokenization can comprise the morphologic variation of detected words, will import token and be revised as standardized form, and add the indication of original input token to can not search for information set.For example, the form invariant of word can comprise single plural form (" word ", " words "), conjugation (" cry ", " cried ", " crying ") of noun etc.
Tokenization can comprise the word that detection is unlikely searched for, and concentrates its removal and add the information set that can not search for to from the input token that can search for.For example; Such detection can be used (a) predefined word collection, and (b) dictionary is preserved word frequency tabulation and certain threshold frequency, and frequency is higher than that the word of this threshold frequency is considered to search for; (c) but the minimum of search and/or maximum length, perhaps (d) their any combination.
Tokenization can the back-level server end search and/or index, they have ignored some character property, such as alphabet size write, the combination/decomposition of cedilla, hyphen or Unicode character.For example, search " ToKeN " can produce identical result with " tOkEn " during search text, and feasible all character strings that comprise the distortion of word " token " all appear in the Search Results.
The executive mode of supporting so insensitive search of attribute can be that (1) all converts each input character into single canonical form, and (2) produce the indication of original character, and (3) are added this indication to the information set that can not search for.For example, tokenization can be supported in the insensitive search of capital and small letter of server end, and mode is for will import the token character conversion be single capital and small letter (like small letter), and the capital and small letter of original letter is indicated add the information set that can not search for to.
For example; Searching period can be ignored the mark of changing voice; Ignore the mark of changing voice interpolation, that remove or that revise, like
Figure BDA00002006685500111
or
Figure BDA00002006685500112
or " E ".For example; Search " caf é " can all convert the instance of all these words the match user data into standardized form " cafe " such as " Caf é ", " CAFE ",
Figure BDA00002006685500113
or system, the indication of original cedilla is added to the information set that can not search for.
For example; System can support the insensitive search of hyphen (for example,
Figure BDA00002006685500115
and daemon).System can convert hyphen into the form of standard;
Figure BDA00002006685500116
converts " ae " into such as convergent; Produce the indication of original hyphen, and add it to can not search for information set.
Fig. 6 is carried out reference, and it has showed the processing to word " Caf é ".Input text has been peelled off capitalization and cedilla, and converts token " cafe " into.The control token that is associated shows that first letter is capitalization, and the 4th letter has accent mark.According to some embodiment of the present invention, letter can be assumed to be small letter and not have cedilla, makes the control token needn't show small letter or not have cedilla.
Text is put mark and extend information
According to embodiments of the invention; Handle input text and can comprise at least one processing instruction that detects the application particular text; And can or add these processing instructions to the non-text of changing definitely; Perhaps this information is remained clear text in the text of handling, make insincere server can use the processing of any kind of relevant with this text extend information.For example, HTML is that text expands, and it can add format information to user version through in text, embedding the HTML mark.Native system can be handled input HTML mark; In the following manner at least one: (1) is added the HTML mark to the information that can not search for; (2) in the text of processing of output, comprise input HTML mark and not encrypting to allow the processing of server end; (3) the HTML mark is regarded as normal text, as to any processing of on non-HTML mark input text, carrying out of HTML tag application.
According to some embodiment of the present invention, in input text, detect at least one processing instruction after, intermediate module can determine said at least one processing instruction of not conversion.
According to some embodiment of the present invention, in input text, detect at least one processing instruction after, intermediate module can determine said at least one processing instruction of conversion indefinitely.
System can add background information to the information set that can not search for, such as time, user or other known information of system when producing the text of handling.
For example; According to embodiments of the invention; System can add self-defined indication to the token of encrypting, and such as " important " or " sensitive ", makes that these indications can be noted when deciphering; Can produce the incident that indication is deciphered input information, and for example handle this incident through adding record to journal file.
The token ordering
Handle input text and can comprise the order that changes input token in the text of handling.When changing order, can produce the indication of token order and import the order of token in original input text, and can add it to can not search for information set to show.
Extra token
Handle input text can comprise that generation will comprise in the output text at least one falseness or the extra token of bait.Such bait token can be so that ciphertext be more sane to statistical study.Can add extra bait token by the set goal statistical distribution, so that camouflage is lured token and made through the deciphering of statistical study more difficult.Only after the access rights that obtain key, this at least one extra token could can be distinguished with other tokens that in the text of said processing, comprise.For example, the english words frequency can be as the model of bait token target distribution.
The token process
The information set that can not search for can be arranged in the one or more tokens that can not search for (this paper is also referred to as the control token), and it can be included in the output text of processing.The control token can be placed in before the standardization input token collection, after standardization input token collection, also can place within the standardization input token collection.The information set that can not search for can be encrypted whole or in part, is included in then in the output text of processing.
Before encrypting, can obtain the information set that to search for and the bit table that can search for token and reach.Obtaining such bit table reaches and can comprise with compression of certain coding and compact model and coded input data.
Can produce the error detection indication and add it to can not search for information set.For example, the verification that can calculate input text with and add the information set that can not search for to.
The bit table of the input token that obtains reaches and the possible information set that can not search for then can be by whole or partly encryption.The encryption that can search for the input token can provide single encrypted form to each instance that can search for the input token.The encryption that can not search for input information can provide single or a plurality of encrypted forms to each instance of same information set.A plurality of encrypted forms can provide better security, but are not having possibly to make under the decrypted user data conditions operating difficulties of certain server end or impossible.A plurality of encrypted forms can use at least one position of the password marrow that in encrypted form, embeds.
Use the coding mode that is fit to, encrypted form can be converted into textual form then.Such coding mode can provide at least one in the following character: (a) separate the token of encrypting and use the unit searched in the text of confirming processing to allow insincere server; (b) use insincere server is used confirm can the unit of search character set (for example; Character "+" possibly is used for mask by insincere server, so possibly be inappropriate for the token of coding encrypting; For example; English all uses to make with the Hebrew character uses the sequence of separating two collection); (c) provide the expression of compression to make the length restriction of server end unlikely be met, and (d) use highly effective algorithm in the intermediate module to encode and decipher.
According to some embodiment of the present invention, the text of processing can comprise the character string of from the predefine character set, selecting, and for example, comprises the character set of at least one continuation subset of Unicode character set.In certain embodiments, said at least one continuation subset can comprise the character among alphabetic character kind, numerical character kind or the both sides.In certain embodiments, elect the character that in the text of handling, uses as and can in the middle of a plurality of continuation subsets of Unicode character set, select, for example, can select two, three, four or five disjoint subsets of Unicode character set.In certain embodiments, the quantity of subclass can and be less than or equal the subclass of ten Unicode character set more than one.
In certain embodiments of the present invention, the subclass of Unicode character set can be one or more subclass, be selected from Korea's Chinese add letter, Chinese, Japanese and Korea (CJK) pictograph with and the combination.So for example the Korean writing symbol can be used to use the server of UTF-16 code storage user input to use.Because Korean writing symbol has showed the single-wide that only comprises alphabetic character in the Unicode character set, so they have and encode efficiently and decipher enforcement.For example, for the same reason can use Chinese character set, but have scope than Korea Wen Gengda; But, use Chinese character set possibly be not suitable in using at the server of search and/or each independent Chinese character of index respectively.
For example, the BASE64 coding that possibly revise can be used to use the server of UTF-8 code storage user input to use.The BASE64 coding self comprises character "+" and "/", and they can be so that server application infers that single crypto token has the word of one or more encryptions.
For example, can use space character to separate the token of encrypting.When for example in the e-mail address field, not expecting space character, can use another character to separate the token of encrypting such as fullstop ". ".
When never trusted servers was sent the output text of handling, the output text of processing can be included in just in the unencryption text that intermediate module receives.In order to trigger deciphering, system can produce that statistics goes up important characteristic in the text of processing.Rare character or character combination in the text of the processing that will search for when for example, system can be included in the text that detects encryption in the unencryption text.
According to some embodiment of the present invention, can the output text of handling be arranged in the more than output token, make the output token be no more than certain length restriction.For example, first is exported the length restriction that token can apply 50 characters, and can apply the length restriction of 1000 characters output token subsequently.
The encryption of combination determinacy and uncertainty
Some embodiment of the present invention can use determinacy and the conversion of uncertainty or the combination of determinacy and uncertainty of input text.Embodiments of the invention can determine determinacy ground or uncertainty ground or determinacy and uncertainty in combination conversion import data (or its several portions); Then according to such decision; Thereby use at least one key determinacy ground or uncertainty ground or determinacy and the uncertainty conversion input text text that obtains handling in combination, and the text of processing is sent to server.
Just as used herein, be a kind of conversion to the uncertainty conversion of input text, its result can be one of a plurality of possible outputs.Determinacy conversion to input text is a kind of conversion, and it can comprise only possible output.In typical case, for confirming possible output or some output, key can used or depend on to two types conversion.
According to embodiments of the invention, can obtain deterministic token and express, for using the reversible encryption that depends on key, perhaps use the irreversible encryption that utilizes key like mode.Can obtain probabilistic token and express, for using the symmetric encipherment algorithm that uses key, perhaps use the right private cipher key of public private cipher key, perhaps depend on other reversible transformations of key as the key application asymmetrical encryption algorithm like mode.
In certain embodiments of the present invention, server can provide the function of search to the input text of previous input.Intermediate module can be selected determinacy ground conversion each token searched in input text under these circumstances.Such determinacy conversion can allow to comprise the following search inquiry of the searchable item of processing and correctly handled at server.The several portions of input text can be by uncertainty ground conversion, for example for the security of enhancing is provided.According to embodiments of the invention, the several portions of input text can being determined property the ground conversion so that allow to require between the reproduction instance of several portions of input text the accurately server side functionality of coupling.For example, if server can compare a plurality of revised editions of input text, wherein each revised edition all somewhat different than its separately in preceding revised edition, server can provide by word or by the row variance analysis.So in such instance, the determinacy transformed word of input text or row allow the semantic analysis of so accurate coupling on server.
For example; The step of handling input text in an embodiment of the present invention can comprise that (1) is encrypted as some or all input text with uncertain mode the token of one or more processing; (2) some or all that produces input text with determinacy mode (after the tokenization of input text, standardization etc.) be token of the pairing processing of input token suitably; And (3) all be included in the data of the uncertainty ground and the processing of determinacy ground conversion in the text of processing of output, is used for transmission and in network node stores.
According to some embodiment of the present invention, decision be determinacy ground or uncertainty ground or determinacy with uncertainty in combination the conversion input text can be the member that word is gathered based on said word.By this way, for example, make its input token that can be used for searching for can being determined property the ground conversion, thereby can be to such word search.According to search to certain record location after, the input text of processing, the data of the processing of conversion can be returned as Search Results with possibly comprising determinacy ground and uncertainty.On the contrary, the input token that does not make it to can be used for searching for need the ground conversion of being determined property.
In certain embodiments of the present invention, decision is that the conversion input text can be based on the length of word in combination for determinacy ground or uncertainty ground or determinacy and uncertainty.Therefore, for example, can be based on the said word of length decision uncertainty ground conversion of the word of input text.Therefore, for example, in the instance of the embodiment of the invention, short word can be by the conversion of uncertainty ground as comprising the word that is less than three characters, and longer word can the ground conversion of being determined property as having three or more multicharacter word.So with such pattern, having the short word that is less than the minimum number character possibly can not search for.
In certain embodiment of the present invention, can use first key to carry out the conversion of uncertainty, and can use second key to carry out deterministic conversion.
In certain embodiments of the present invention, first key can be identical with second key.In other embodiments of the invention, first and second keys can be different.
In certain embodiments of the present invention, if the entire length of output text has surpassed length restriction, can abandon or remove the token that one or more determinacy ground produces.In certain embodiments of the present invention, can make the decision of not conversion at least a portion input text.
Will be appreciated that, can move with opposite in essence mode according to the process of the text of the retrieval process of the embodiment of the invention.That is to say that the text of processing can receive at intermediate module, and the contrary processing that is fit to can be applied to the text of processing so that obtain original input text.In certain embodiments of the present invention, original input text can be sent out or otherwise offer client devices, for example shows or offers the user or move the application program of this client devices.
The processing of search queue
The input text that receives at intermediate module can be a search inquiry, comprises at least one search terms that is used to search for.The search inquiry input text can be handled so that (a) the correct function of search at convenience networks node place by intermediate module, and (b) when it sends it back client computer at network node, starts the deciphering of the search inquiry of intermediate module.Search inquiry generally at network node being processed with handling the identical mode of other input texts, and can use further the processing stage.
In an embodiment of the present invention, the step of conversion input text can comprise uses first key determinacy ground conversion at least one search terms in search inquiry, produces the search terms of at least one determinacy ground conversion.So the step that the input text of handling is sent to server can comprise the search terms that transmits a plurality of determinacy ground conversion to server.In certain embodiments of the present invention, a plurality of search termses in search inquiry can be separated and treat and conversion.
In certain embodiments of the present invention, the search inquiry of processing can comprise in essence the only search terms of determinacy ground conversion, and wherein deterministic conversion can be reversible conversion.Network node can searching disposal item, and can result set be returned to client computer.Intermediate module can use the search terms of processing so that obtain original input text.
In certain embodiments of the present invention; The transformation search inquiry may further include uses second key uncertainty ground conversion whole search inquiry in essence; To produce the text of uncertainty ground conversion; And use logical disjunct operator (like " OR " operator) to make up the search terms of this at least one determinacy ground conversion and the text of uncertainty ground conversion; With the text of the processing that obtains making up, wherein the input text of handling is sent to server and comprises that the text with the processing of combination is sent to server.The text that search terms that network node can searching disposal and the uncertainty that search is extracted ground are handled obtains (or failing to find) result according to the search terms of determinacy ground conversion, and the text of uncertainty ground conversion is not obtained the result.Therefore the result of search can return the result to the search terms search of handling.Use is according to the above method of the embodiment of the invention, and intermediate module can receive the text of uncertainty ground conversion from network node, obtains the original input text of search inquiry then from it.
The knowledge base of the text of handling
Some network-node server can return intercepted Search Results with response inquiry or other requests.For example, if the result of search inquiry is the field of 100 characters, this server just can return only preceding 20 characters of this field, and if this user selected the record that finds, this server will provide whole field.According to embodiments of the invention, intermediate module should be worked in such constraint.According to embodiments of the invention, some units of the text of server intercept process wherein, these units can be that the text of each token, processing in the text of handling is whole or have both at the same time.
According to embodiments of the invention, the mode that addresses this problem can be at the intermediate module place or by intermediate module management or otherwise control or addressable memory device place provide the knowledge base of the text of processing.System can attempt earlier to recover to reentry original input text from such blocking during the deciphering stage; Mode is following: (1) can be stored the unit-in-context of complete processing in trusted memory at encryption stage intermediate module; As not via insincere server and the memory device that is associated thereof; (2) from the server transmission and when intermediate module receives the text of intercepted processing; Inquire about this trusted memory unit to confirm wherein whether to exist coupling or corresponding to the unit-in-context of the one or more non-processing of blocking of the unit-in-context of the processing of blocking; (3) if exist; Intermediate module replaces the unit-in-context of the processing of blocking with the unit-in-context of corresponding complete processing, and with the text of the processing that obtains to recover, the text of the processing that recover (4) is handled to obtain original input text by contrary disposal route (as using the deciphering of key).Then, can original input text be provided to client devices when needed is untreated text.
The content of in knowledge base, storing in certain embodiments of the present invention, can be the element of at least one complete processing of being associated with the text of handling.For example, the element of processing can be certain word or other part that comprises in the text of said entire process or the text handled.
Will be appreciated that, can the system and method that use knowledge base be applied to any suitable request from client devices, comprise for example searching request, record request or report request.
Use the detection of the insincere server conversion of bait
Insincere server often can be to one or more of the big change of variable of some exemplary application of the user data handled.Such conversion can be desired by client component resident on the credible workstation, and still the intermediate module for this paper introduction possibly be unknown.So according to embodiments of the invention, intermediate module can utilize Several Methods to infer the alternative types to the user data applications of handling.
According to one embodiment of present invention, intermediate module can add extra information (this paper is called bait) to the user data of encrypting in known location., intermediate module can use bait when receiving the user data of handling, so that infer alternative types to the user data applications of handling.The limiting examples that can use the conversion of bait is the application that some character code pattern and HTML mark are eliminated.
For example, insincere server can be used coding mode multiple and that possibly make up to the encrypt user data that receives there.Intermediate module never trusted servers receive to encrypt text the time, the text code of one of a large amount of coding modes that can use with insincere server application to encrypting, so as with credible workstation on resident client component communicate by letter.Coding mode can not indicated in the message that server produces yet.In typical case, client component can be known server component, and can positively know employed coding mode.But, intermediate module can not known the specific coding of in each instance of ciphertext, using.Yet, before the user data that deciphering is provided to client component during the decrypted user data, should use that in server, use and the identical coding mode client computer expectation according to the intermediate module of the embodiment of the invention.That is to say, if intermediate module is not known by insincere server and the employed coding mode of credible workstation possibly become fascination or obscure of information in the processing of intermediate module and in going to handle.
For convenient coding mode detects, intermediate module can add known book character as the coding bait to ciphertext.The coding bait can offer the client component sign indicating number again with encrypt user data by server code.When middle module detects crypto token, can check that the coding bait is to infer the employed coding mode kind of instance of coding encrypting text.So intermediate module can use the coding mode of being inferred to be coded in the text of encrypting in the message of processing.The limiting examples of coding mode comprises: (i) UTF-8 coding, and (ii) using the HTML escape sequence is the coding of UTF-8 then; And (iii) use the JavaScript escape sequence, and then use the JavaScript escape sequence, carry out the coding of Latin-l coding (AKA ISO-8859-1) then.For example, the JavaScript escape is passed through with backslash and the some character manipulations of another character replacement in typical case; For example, line feed character with backslash and character " n " just sequence " n " replacement.
In certain embodiments of the present invention, bait can be used to detect at least a conversion, comprises at least one the disposable character in the text of handling with substitute character or substitute character string such as the replacement of one or more ESC of coupling.
This paper provides the instance that uses the coding bait of being made up of angle brackets " < " and backslash " ".The user can input of character string " This ' is a quote ".This for example is encrypted as " QIFJDJNZOP ".During encrypting, bait is affixed to the token of certain encryption, makes " QIFJDJNZOP " become " < QIFJDJNZOP ", wherein be bait.Server can receive the character string of encryption, and this character string is sent to client computer with the JavaScript file.In the JavaScript file, server only needs the escape backslash, and not escape angle brackets.So the message that sends to client computer comprises: " ", wherein the original backslash of this bait uses another backslash by escape.When middle module detected in the message by the leading crypto token of original angle brackets and escape backslash, it can infer that this token is the JavaScript escape.So intermediate module can be with should input QIFJDJNZOP deciphering being " This ' is a quote ".But, inferred the text of this client computer expectation JavaScript escape after, this module can be used the character string of JavaScript escape coding deciphering then, as through this speech of escape so that generation " This ' is a quote ".Therefore the speech of deciphering has used the coding rule of inferring from this coding bait.The character string with coding of this deciphering is forwarded to client computer then.
Another instance that can use bait is the HTML conversion, and the removal of its HTML mark is special situation.Insincere server can receive with HTML and put the text that mark expands, and produces to have removed all or some HTML puts the instance of the some reception texts behind the mark, and can return these instances to client component.Under these circumstances, intermediate module can comprise that HTML puts the mark bait in the user data of handling.Intermediate module can be removed HTML and put the mark bait when receiving the user data of handling; And by its existence or do not exist deduction whether can from the user data of deciphering, remove HTML to put mark, thereby and can keep in the message of returning to client component or remove deciphering after HTML put mark.
Will be appreciated that, in certain embodiments, can add the multi-disc bait text of processing to so that detect multiple conversion or the coding mode of using by insincere server.
Length restriction
In certain embodiments of the present invention, a plurality of divided portion that can the conversion input text, at least one of a plurality of parts of wherein said input text comprises the character of no more than maximum quantity, for example through blocking counterpart.In certain embodiments of the present invention, a plurality of divided portion that can the conversion input text, every part of a plurality of parts of wherein said input text all comprises the character of no more than maximum quantity, for example through blocking counterpart.
The token instance
" the standardization and the tokenization of input text. ".This sentence can by token turn to following input token " This ", " sentence ", " has ", " FIVE ", " words " and "! ".Can standardization these input tokens so that standardized input token and metadata are provided.Standardized input token has following form: " This ", " sentence ", " has ", " five ", " words " and "! ".The metadata that is associated with " sentence " is " lower case ".The metadata that is associated with " FIVE " is " upper case ".The metadata that is associated with " words " is " lower case " and " plural number ".
Next step, this method can detect public input token, comprise word " This ", " has " and be not word "! ".These input tokens can be encrypted with the mode of uncertainty, can encrypt with (" * " expression) marrow like them.
This method can detect non-public input token " word ", " sentence " and " five ".These words can be encrypted with deterministic mode.
The order of input token can be changed, thereby can produce the order metadata.Order metadata, capital and small letter metadata and plural metadata can be included in the control token 530.
Sorting is supported
Common text-processing characteristic is lexicographic order or other attribute sorting records by specific fields in many SaaS use.So it possibly be useful by the ciphering process that keeps order the text of processing being provided.
Can implement any of many reservations time sequential mode.For example, any order that can obtain through following method keeps: (i) on blocking module, keep the tabulation of all records, carry out the specific ordering of website when needing.This method almost require express and data management in all duplicate every station server function; (ii) API is provided so that the sorting order of inquiry specific character string to server; But perhaps (iii) create the expression of dictionary editor ground sorting, it has kept actual sorting order and in network node, has had no modification.
The order that can keep the input text record according to encryption method of the present invention; Mode is for using with next stage and combination thereof: it is digital value (if also not being numeral) that data-switching will be imported in (1); (2) digital value is used order and keep conversion to obtain the output digital value; (3) but obtain the expression of dictionary editor ground sorting from the output digital value; And (4) but use the expression of the dictionary editor sorting in the output text of handling, perhaps as prefix character string (in text data) or as whole output data.The conversion that order keeps can be the dull function that increases.Order reservation function can use can be from the private cipher key of stochastic source generation, so that its function of parametrization.Each input collection of common branch being elected as certain collection can produce private cipher key.According to embodiments of the invention, produce order information, as following further introduction, can comprise input text is used the function that order keeps, relies on key.
According to some embodiment of the present invention, can produce order information according to the truncated version of input text.The further again embodiment according to the present invention can be according to a plurality of words that block in input text, and the order that in input text, occurs with them produces order information.
According to some embodiment of the present invention; Intermediate module can be handled input text through the conversion of using the order reservation; Wherein the conversion of order reservation comprises according to input text generation order information; Order information is represented the relative order according to whole preface rule input text in one group of possible input text, the text of this input text of conversion to obtain to handle, and the text of handling is sent to server.According to some embodiment of the present invention; Can the input text of order information and said processing be sent to server explicitly; Mode is the input data of adding order information to processing as prefix, and the order information of combination and the input data of processing are sent to server.
Keep the security risk that encryption mode is associated in order to reduce with order, when producing the output that keeps order, intermediate equipment can only consider to import the simplification part of data.Simplify input and can comprise that (a) ignores some word such as " the ", " a " so that obtain the simplification part of input data; (b) ignore the alphabet that in each word, appears at certain position place in the word or back; As ignore the character " ra " in " zebra "; (c) ignore at these intrarecord last some words, (d) dwindle the input domain that order keeps function, (e) ignore some character property such as the capital and small letter of letter or (f) its combination.
Fig. 7 has showed a plurality of stages according to the method 170 of the embodiment of the invention, and the order that can be used for obtaining the text data that will comprise at the text of said processing keeps expresses.In the stage 171, can receive the input text that to encrypt.In the stage 172, can from input text, abandon some word.In the stage 173, can abandon some character property, such as capital and small letter, cedilla, hyphen or other character properties of letter.In the stage 174, can block some input words according to the preset parameter of encryption mode, to such an extent as to can abandon last some characters from the input word.
In the stage 175, can abandon last some word of input text.So, carry out the input text after one or more optional stages 172,173,174 and 175 can produce simplification.In the stage 176, (simplifying alternatively) input text can be converted into digital value so that obtain the input digit value.In the stage 177, can use order to the input digit value and keep function to obtain the output digital value.In the stage 178, can obtain the expression that order keeps from the output digital value.At last, in the stage 179, the expression that can order be kept or place as the prefix of the text of handling or whole enciphered data.
In the following instance of the application of having showed stage 172-176, the input digit value of input text " The Green Zebra " can be calculated as follows: (i) receive one group of input token " The Green Zebra "; (ii) ignore incoherent input token " the " so that relevant input token " Green Zebra " to be provided, the input token that (iii) standardization is relevant is to provide " green zebra "; (iv), select only first three letter of each input token, so that six relevant characters to be provided: " gre zeb " for example according to user definition; (v), calculate its digital value as shown in table 1 according to the weight of each alphabetical position in the input token; And (vi) alphabetical numerical value is sued for peace so that the digital value of input token collection to be provided, it is 0.296199790068345.
Weights W can represent alphabetic(al) scale A is carried out the negative power of character position P, i.e. W=A -PFor English text, the alphabet scale is 26.
Figure BDA00002006685500241
Table 1
Fig. 8 has showed according to the embodiment of the invention, produces the method 300 that order keeps function, for example will in the stage 177 of method 170, use this function.In the stage 180, can confirm the territory (D of this function 1, D 2) and scope (R 1, R 2), for example according to the configuration of user or program.In the stage 181, obtain private cipher key K, it will use when calculating order reservation function output valve.In the stage 182, receive input value V In(maybe from the stage 176 of method 170).In stage 183 and 184, can change range of function, make it begin and finish in the position that depends on key, be within the original scope.In the stage 185, can select to be in the some D in the domain of function Mid, D wherein MidThe key K that depends on function makes D Mid=f 1(D 1, D 2, K).In the stage 186, can selected element R L=f 2(R 1, R 2, K, n) and R H=f 3(R 1, R 2, K n), makes R 1<r L<r H<r 2, R wherein LAnd R HThe key K and/or the iterations n that can depend on function, wherein n=1 at the beginning.In the stage 187, check dight input value V InTo understand it is at the current field (D 1, D 2) than lower part (D 1, D Mid) within still higher part (D Mid, D 2) within.If V InWithin than lower part, execute phase 188a so, otherwise execute phase 188b.At stage 188a and stage 188b, revise the territory (D of function 1, D 2) and scope (R 1, R 2): at stage 188a, (D 1, D 2) be set to (D 1, D Mid), and (R 1, R 2) be set to (R 1, R L); At stage 188b, (D 1, D 2) be set to (D Mid, D 2), and (R 1, R 2) be set to (R H, R 2).Can duplication stages 185-188, up to satisfying predetermined stopping criterion in the stages 189.Stopping criterion can be threshold size D for example ThresholdGreater than the current field size | D|=D 2-D 1Perhaps threshold size R ThresholdGreater than current scope size | R|=R 2-R 1Perhaps its combination.
Following examples show in the stage 178 of method 170 operable coding mode.Digital value is 0.344323947 after the conversion of supposing to be produced by order preservation function, but the expression of the last sorting of dictionary is the length of ten characters and only comprises the small letter English alphabet.Table 2 has been showed ten iteration of arithmetic coding pattern, but it is applied to producing upward ten characters of sorting expression of dictionary.
Figure BDA00002006685500251
Table 2
Show as table 2, but the expression of the last sorting of dictionary is " hxsutgeslc ".
Tangible, computer-readable medium can be provided.It is storing some instructions, can make processor manner of execution 100 or its several portions when being carried out by processor.Tangible, computer-readable medium can be disk, floppy disk, tape, magnetic tape cassette, flash disk, flash cell, volatile memory-elements etc.
Though this paper showed and introduced some characteristic of the present invention, those of ordinary skill in the art will expect many modifications now, substitute, change and equivalent.Be intended to contain all such modifications and the change that falls in the true spirit of the present invention so should be appreciated that subsidiary claims.

Claims (112)

1. method that is used to protect the data that between client devices and server, transmit comprises:
The input text of acquisition from said client devices to intermediate module;
Handle the text of said input text to obtain to handle at said intermediate module, wherein, said processing comprises:
Decision is determinacy ground or uncertainty ground or determinacy and the uncertainty said input text of conversion in combination; And
According to said decision, use at least one key determinacy ground or uncertainty ground or determinacy and the uncertainty text of the said input text of conversion to obtain to handle in combination; And
Transmit the text of handling to said server.
2. according to the method for claim 1, further comprise at least a portion, confirm the part of the said input text of not conversion for said input text.
3. according to the method for claim 1, further comprise:
Receive the text of handling at said intermediate module; And
Handle to obtain original input text the text application of said processing is contrary.
4. according to the method for claim 3, further comprise to said client devices and send said original input text.
5. according to the process of claim 1 wherein, the said step of the said input text of conversion comprises:
Use the whole basically input texts of first key uncertainty ground conversion to produce the text of uncertainty ground conversion; And
Each that use a plurality of input tokens in the said input text of second key determinacy ground conversion to be producing the token of corresponding a plurality of determinacy ground conversion,
Wherein, the input text that transmits said processing to said server comprises to said server and transmits the text of said uncertainty ground conversion and the token of said a plurality of determinacy ground conversion.
6. according to the method for claim 5, wherein, said first key is identical with said second key.
7. according to the method for claim 5, wherein, the said input text of determinacy ground conversion comprises carries out irreversible transformation to said input text.
8. according to the process of claim 1 wherein,
Said input text is the search inquiry that comprises at least one search terms,
The said input text of conversion comprises and uses said at least one search terms of first key determinacy ground conversion producing the search terms of corresponding at least one determinacy ground conversion, and
The input text that transmits said processing to said server comprises the search terms that transmits said at least one determinacy ground conversion to said server.
9. according to Claim 8 method, wherein,
The said input text of conversion further comprises:
Use the whole basically input texts of second key uncertainty ground conversion to produce the text of uncertainty ground conversion; And
The text of search terms and the ground conversion of said uncertainty that uses said at least one determinacy ground conversion of logical disjunct operator combination is with the text of the processing that obtains combination,
The input text that transmits said processing to said server comprises the text that transmits the processing of said combination to said server.
10. according to the method for claim 9, wherein, the said input text of determinacy ground conversion comprises carries out reversible transformation to said input text.
11. according to the process of claim 1 wherein, the text of said processing comprises that the text character collection of said processing comprises at least one continuation subset of Unicode character set from the character string of the character of the text character collection selection of handling.
12. according to the method for claim 11, wherein, said at least one continuation subset comprises the character of letter or number character kind, perhaps the character of letter and number character kind.
13. according to the method for claim 11, wherein, said at least one continuation subset is included between one of the Unicode character set and ten subset ranges.
14. according to the method for claim 11, wherein, said at least one continuation subset is selected from the Unicode character set, comprise Korea's Chinese add letter, Chinese, Japanese and Korea (CJK) pictograph with and the combination.
15. according to the process of claim 1 wherein, the said input text of conversion comprises a plurality of divided portion of the said input text of conversion, at least one of said a plurality of parts of said input text comprises the character of no more than maximum quantity.
16. according to the process of claim 1 wherein, the said input text of determinacy ground conversion comprises:
Through said input text is used at least one normalisation rule, at least a portion of the said input text of standardization is to obtain at least one standardized importation;
Said at least one standardized importation of conversion, determinacy ground is to obtain the standardized importation of at least one conversion; And
The standardized importation that in the input text of said processing, comprises said at least one conversion.
17. according to the method for claim 16, wherein, said at least one normalisation rule comprises that alphabet size writes conversion.
18. according to the method for claim 16, wherein, said at least one normalisation rule comprises the coupling character of the character replacement with the mark of changing voice for the mark of not changing voice.
19. according to the method for claim 16, wherein, said at least one normalisation rule comprises hyphen is replaced with its corresponding composition character.
20. according to the method for claim 16, wherein, said at least one normalisation rule comprises at least one word that comprises in the said input text is replaced with the morphologic variation with said at least one word coupling.
21. according to the method for claim 16, wherein, said at least one normalisation rule comprises at least one word that comprises in the said input text is replaced with a plurality of words.
22. method according to claim 1; Wherein, decision be determinacy ground or uncertainty ground or determinacy with uncertainty in combination the said input text of conversion further comprise according to the word of said input text whether being member's said word of conversion of word set with determining uncertainty.
23. method according to claim 1; Wherein, decision be determinacy ground or uncertainty ground or determinacy with uncertainty in combination the said input text of conversion further comprise according to the length decision uncertainty of the word of said input text the said word of conversion.
24. according to the process of claim 1 wherein, the said input text of conversion further comprises the order of the part of the text that changes said processing.
25. method according to claim 1; Wherein, The said input text of conversion further is included in the text of said processing and comprises at least one extra token; Only after the access rights that obtain key, said at least one extra token could be distinguished with other tokens that in the text of said processing, comprise.
26. according to the process of claim 1 wherein, said intermediate module is mounted in the software insert module in the said client devices.
27. according to the process of claim 1 wherein, said intermediate module is the intermediate server computing machine that is connected to said client devices and said server.
28. according to the process of claim 1 wherein, said input text comprises text message and at least one instruction relevant with the mode of handling said text message, said method further comprises:
Handle said at least one instruction to obtain at least one processed instruction;
In the text of said processing, comprise said at least one processed instruction; And
In the text of said processing, comprise indication, indicate the existence and the position of said processed instruction in the text of processing.
29. according to the method for claim 28, wherein, said at least one processing instruction comprises that HTML puts mark.
30., wherein, confirm that the part of the said input text of not conversion further comprises according to the method for claim 2:
Detect at least one processing instruction that comprises in the said input text, said processing instruction is relevant with the mode of handling said input text; And
Determine said at least one processing instruction of not conversion.
31. according to the process of claim 1 wherein, decision be determinacy ground or uncertainty ground or determinacy and uncertainty in combination the said input text of conversion comprise:
Detect at least one processing instruction that comprises in the said input text, said processing instruction is relevant with the mode of handling said input text; And
Said at least one processing instruction of decision uncertainty ground conversion.
32. a system that is used to protect the data that between client devices and server, transmit comprises:
Intermediate module is configured to:
Obtain input text;
Handle the text of said input text to obtain to handle, wherein, said intermediate module is configured to handle said input text through following processing:
Decision is determinacy ground or uncertainty ground or determinacy and the uncertainty said input text of conversion in combination; And
According to said decision, use at least one key determinacy ground or uncertainty ground or determinacy and the uncertainty text of the said input text of conversion to obtain to handle in combination; And
Transmit the text of handling to said server.
33. according to the system of claim 32, wherein, said intermediate module further is configured to confirm at least a portion of the said input text of not conversion.
34. according to the system of claim 32, wherein, said intermediate module further is configured to:
Receive the text of handling from said server; And
Handle to obtain original input text the text application of said processing is contrary.
35. according to the system of claim 34, wherein, said intermediate module further is configured to sends said original input text to said client devices.
36. according to the system of claim 32, wherein, said intermediate module further is configured to through the said input text of following processing conversion:
Use the whole basically input texts of first key uncertainty ground conversion to produce the text of uncertainty ground conversion; And
Each that use a plurality of input tokens in the said input text of second key determinacy ground conversion to be producing the token of corresponding a plurality of determinacy ground conversion,
Wherein, said intermediate module is configured to the token through the text that transmits said uncertainty ground conversion to said server and said a plurality of determinacy ground conversion, transmits the input text of said processing to said server.
37. according to the system of claim 36, wherein, said first key is identical with said second key.
38. according to the system of claim 36, wherein, said intermediate module further is configured to through said input text being carried out irreversible transformation, the said input text of determinacy ground conversion.
39. according to the system of claim 32, wherein,
Said input text is the search inquiry that comprises at least one search terms,
Said intermediate module is configured to through using conversion said at least one search terms in first key determinacy ground to come the said input text of conversion with the search terms that produces corresponding at least one determinacy ground conversion, and
Said intermediate module further through transmit the search terms of said at least one determinacy ground conversion to said server, transmits the input text of said processing to said server.
40. according to the system of claim 39, wherein,
Said intermediate module is further through the said input text of following processing conversion:
Use the whole basically input texts of second key uncertainty ground conversion to produce the text of uncertainty ground conversion; And
The text of search terms and the ground conversion of said uncertainty that uses said at least one determinacy ground conversion of logical disjunct operator combination is with the text of the processing that obtains combination,
Said intermediate module is configured to transmit the input text of said processing to said server through transmitting the text of the processing of said combination to said server.
41. according to the system of claim 40, wherein, said intermediate module is configured to bring the said input text of determinacy ground conversion through said input text being carried out possibility of reversal.
42. according to the system of claim 32, wherein, the text of said processing comprises that the text character collection of said processing comprises at least one continuation subset of Unicode character set from the character string of the character of the text character collection selection of handling.
43. according to the system of claim 42, wherein, said at least one continuation subset comprises the character of letter or number character kind, perhaps the character of letter and number character kind.
44. according to the system of claim 42, wherein, said at least one continuation subset is included between one of the Unicode character set and ten subset ranges.
45. according to the system of claim 42, wherein, said at least one continuation subset is selected from the Unicode character set, comprise Korea's Chinese add letter, Chinese, Japanese and Korea (CJK) pictograph with and the combination.
46. system according to claim 32; Wherein, Said intermediate module is configured to come the said input text of conversion through a plurality of divided portion of the said input text of conversion, and at least one of said a plurality of parts of said input text comprises the character of no more than maximum quantity.
47. according to the system of claim 42, wherein, said intermediate module is configured to through the said input text of following processing determinacy ground conversion:
Through said input text is used at least one normalisation rule, at least a portion of the said input text of standardization is to obtain at least one standardized importation;
Said at least one standardized importation of conversion, determinacy ground is to obtain the standardized importation of at least one conversion; And
The standardized importation that in the input text of said processing, comprises said at least one conversion.
48. according to the system of claim 47, wherein, said at least one normalisation rule comprises that alphabet size writes conversion.
49. according to the system of claim 47, wherein, said at least one normalisation rule comprises the coupling character of the character replacement with the mark of changing voice for the mark of not changing voice.
50. according to the system of claim 47, wherein, said at least one normalisation rule comprises hyphen is replaced with its corresponding composition character.
51. according to the system of claim 47, wherein, said at least one normalisation rule comprises at least one word that comprises in the said input text is replaced with the morphologic variation with said at least one word coupling.
52. according to the system of claim 47, wherein, said at least one normalisation rule comprises at least one word that comprises in the said input text is replaced with a plurality of words.
53. system according to claim 32; Wherein, Whether said intermediate module is configured to through being that the member of word set determines the said word of uncertainty ground conversion according to the word of said input text, and decision is determinacy ground or uncertainty ground or determinacy and the uncertainty said input text of conversion in combination.
54. system according to claim 32; Wherein, Said intermediate module is configured to through the said word of length decision uncertainty ground conversion according to the word of said input text, and decision is determinacy ground or uncertainty ground or determinacy and the uncertainty said input text of conversion in combination.
55. according to the system of claim 32, wherein, said intermediate module is configured to come the said input text of further conversion through the order of the part of the text that changes said processing.
56. system according to claim 32; Wherein, Said intermediate module is configured to through comprising that in the text of said processing at least one extra token comes the said input text of conversion; Only after the access rights that obtain key, said at least one extra token could be distinguished with other tokens that in the text of said processing, comprise.
57. according to the system of claim 32, wherein, said intermediate module is mounted in the software insert module in the said client devices.
58. according to the system of claim 32, wherein, said intermediate module is the intermediate server computing machine that is connected to said client devices and said server.
59. according to the system of claim 32, wherein, said input text comprises text message and at least one instruction relevant with the mode of handling said text message, said intermediate module further is configured to:
Handle said at least one instruction to obtain at least one processed instruction;
In the text of said processing, comprise said at least one processed instruction; And
In the text of said processing, comprise indication, indicate the existence and the position of said processed instruction in the text of processing.
60. according to the system of claim 59, wherein, said at least one processing instruction comprises that HTML puts mark.
61. according to the system of claim 33, wherein, said intermediate module is configured to confirm through following processing the part of the said input text of not conversion:
Detect at least one processing instruction that comprises in the said input text, said processing instruction is relevant with the mode of handling said input text; And
Determine said at least one processing instruction of not conversion.
62. according to the system of claim 32, wherein, it is determinacy ground or uncertainty ground or determinacy and the uncertainty said input text of conversion in combination that said intermediate module is configured to through following processing decision:
Detect at least one processing instruction that comprises in the said input text, said processing instruction is relevant with the mode of handling said input text; And
Said at least one processing instruction of decision uncertainty ground conversion.
63. method of in the system that comprises server and client devices, using; Wherein, In response during to the request of stored text data wherein; Said server is suitable for returning the text of processing, and the text of this processing comprises at least one element that blocks of the text data of being asked, and said method comprises:
The a plurality of input texts of acquisition from said client devices to intermediate module;
Handle said a plurality of input text to obtain the text of corresponding a plurality of processing at said intermediate module;
In the memory device of said intermediate module management, store the element of at least one complete processing of the text of said a plurality of processing respectively;
Transmit the text of said a plurality of processing to said server;
Once request, receive the text of the processing of returning from said server at said intermediate module, the text of this processing comprises at least one element that blocks of the record of institute's processing of request;
The element of at least one processing of search and each said element coupling of blocking in said memory device; And
Use the element of said at least one complete processing to obtain untreated input text.
64., further comprise to said client devices said untreated text is provided according to the method for claim 63.
65. according to the method for claim 63, wherein, the element of said processing comprises the word that comprises in the text of text or processing of processing.
66. according to the method for claim 65, wherein, at least one request in the group that the next free searching request of described request, record request and report request are formed.
67. system that is used to protect the data that between client devices and server, transmit; Wherein, In response during to the request of stored text data wherein; Said server is suitable for returning the text of processing, and the text of this processing comprises at least one element that blocks of the text data of being asked, and said system comprises:
Intermediate module is configured to:
Obtain a plurality of input texts;
Handle said a plurality of input text to obtain the text of corresponding a plurality of processing;
The element of at least one complete processing of the text of said a plurality of processing is stored in respectively in the memory device of said intermediate module management;
Transmit the text of said a plurality of processing to server;
Once request, receive the text of the processing of returning from said server at said intermediate module, the text of this processing comprises at least one element that blocks of the record of institute's processing of request;
The element of at least one processing of search and each said element coupling of blocking in said memory device; And
Use the element of said at least one complete processing to obtain untreated input text.
68. according to the system of claim 67, wherein, said intermediate module further is configured to provides said untreated text to said client devices.
69. according to the system of claim 67, wherein, the element of said processing comprises the word that comprises in the text of text or processing of processing.
70. according to the system of claim 69, wherein, at least one request in the group that the next free searching request of described request, record request and report request are formed.
71. a method of in the system that comprises server and client devices, using, wherein, said server is suitable for the text that receives from said client devices through at least one conversion of using in a plurality of conversion, and this method comprises:
Receive from the text of said client devices input at intermediate module;
Handle the text of said input text to handle at said intermediate module, wherein, said processing is included in the text of said processing and comprises bait;
Transmit the text of handling to said server;
Once request, at the text of said intermediate module from the processing of said server receiving conversion, said server to the text application of said processing the text of at least one in said a plurality of conversion with the processing that obtains said conversion; And
Contrast according between the text of the processing of text of handling and conversion is confirmed at least one in the applied said conversion of said server by said intermediate module.
72. the method according to claim 71 further comprises:
To the text application inverse transformation of said processing to obtain untreated input text; And
Revise said untreated input text according to said at least one conversion of confirming.
73. the method according to claim 72 further comprises:
Send the untreated input text of said modification to said client devices.
74. according to the method for claim 71, wherein,
At least one conversion in said a plurality of conversion comprises substitute character or the substitute character string of at least one the convertible character replacement in the input text of said processing for coupling; And
Comprising in the text of said processing that bait is included in the text of said processing comprises said at least one convertible character.
75. the method according to claim 74 further comprises:
To the text application inverse transformation of said processing to obtain untreated input text; And
Substitute character or substitute character string through being said coupling with said at least one the convertible character replacement in the said untreated input text are revised said untreated input text.
76. the method according to claim 75 further comprises:
Send the untreated input text of said modification to said client devices.
77. according to the method for claim 71, wherein,
At least one conversion in said a plurality of conversion comprises the html tag in the input text that omits said processing; And
Comprising in the text of said processing that bait is included in the text of said processing comprises html tag.
78. the method according to claim 77 further comprises:
To the text application inverse transformation of said processing to obtain untreated input text;
Revise said untreated input text through omitting the html tag that wherein comprises; And
Send the untreated input text of said modification to said client devices.
79. a system that is used to protect the data that between client devices and server, transmit, wherein, said server is suitable for the text that receives from said client devices through at least one conversion of using in a plurality of conversion, and said system comprises:
Intermediate module is configured to:
Receive input text;
Handle the text of said input text through in the text of said processing, comprising bait to obtain to handle;
Transmit the text of handling to server;
Once request, from the text of the processing of said server receiving conversion, said server to the text application of said processing the text of at least one in said a plurality of conversion with the processing that obtains said conversion; And
At least one in the applied said conversion of said server confirmed in contrast according between the text of the processing of text of handling and conversion.
80. according to the system of claim 79, wherein, said intermediate module further is configured to:
To the text application inverse transformation of said processing to obtain untreated input text; And
According to said at least one conversion of confirming, revise said untreated input text.
81. 0 system according to Claim 8, wherein said intermediate module further is configured to:
Send the untreated input text of said modification to said client devices.
82. according to the system of claim 79, wherein,
At least one conversion in said a plurality of conversion comprises substitute character or the substitute character string of at least one the convertible character replacement in the input text of said processing for coupling; And
Said intermediate module is handled the text of said input text to obtain to handle through in the text of said processing, comprising said at least one convertible character.
83. 2 system according to Claim 8, wherein said intermediate module further is configured to:
To the text application inverse transformation of said processing to obtain untreated input text; And
Substitute character or substitute character string through being said coupling with said at least one the convertible character replacement in the said untreated input text are revised said untreated input text.
84. 3 system according to Claim 8, wherein said intermediate module further is configured to:
Send the untreated input text of said modification to said client devices.
85. according to the system of claim 79, wherein,
At least one conversion in said a plurality of conversion comprises the html tag in the input text that omits said processing; And
Said intermediate module is handled the text of said input text to obtain to handle through in the text of said processing, comprising html tag.
86. 5 system according to Claim 8, wherein said intermediate module further is configured to:
To the text application inverse transformation of said processing to obtain untreated input text;
Revise said untreated input text through omitting the html tag that wherein comprises; And
Send the untreated input text of said modification to said client devices.
87. a method that is used to protect the data between client devices and server comprises:
Obtain input text at intermediate module;
Handle said input text through using order reservation conversion at said intermediate module, said order keeps conversion and comprises:
Produce order information according to said input text, said order information indicates the relative order of said input text in one group of possible input text according to ordering rule; And
The text of the said input text of conversion to obtain to handle; And
Transmit the text of handling to said server.
88. 7 method according to Claim 8; Further comprise through order information is added to the input data of processing as prefix; And order information and the input data of processing of combination are sent to server, the input text of order information and said processing is sent to said server explicitly.
89. 7 method according to Claim 8 wherein, produces said order information according to the truncated version of said input text.
90. 9 method according to Claim 8, wherein, a plurality of words that block according in the said input text produce said order information with its order that in said input text, occurs.
91. 7 method wherein, produces said order information and comprises said input text application order function that keep, that depend on key according to Claim 8.
92. according to the method for claim 91, wherein, the function that said order keeps adopts the dull function that increases of numerical value, and uses the function that said order keeps and comprise:
At least a portion according to said input text obtains the input digit value;
Input range and output area are provided;
Is two input ranges and two output areas according to key with said input and output scope division;
Which input range to comprise that the input digit value selects a pair of input and output scope from the scope of said division according to;
Repeat said division iteratively and select step up to said output area less than predetermined parameters, said output area is final output area; And
Return the output digital value that is in the said final output area.
93. a system that is used to protect the data between client devices and server comprises:
Intermediate module is configured to:
Obtain input text;
Handle said input text through using order reservation conversion, said order keeps conversion and comprises:
Produce order information according to said input text, said order information indicates the relative order of said input text in one group of possible input text according to ordering rule; And
The text of the said input text of conversion to obtain to handle; And
Transmit the text of handling to said server.
94. according to the system of claim 93, wherein, said intermediate module sends to said server through following processing with the input text of order information and said processing explicitly:
The input data of adding order information to processing as prefix, and
The order information of combination and the input data of processing are sent to server.
95. according to the system of claim 93, wherein, said intermediate module will produce said order information according to the truncated version of said input text.
96. according to the system of claim 95, wherein, said intermediate module will produce said order information with its order that in said input text, occurs according to a plurality of words that block in the said input text.
97. according to the system of claim 93, wherein, said intermediate module produces said order information through said input text being used order function that keep, that depend on key.
98. according to the system of claim 97, wherein, the function that said order keeps adopts the dull function that increases of numerical value, and said intermediate module is used the function that said order keeps through following processing:
At least a portion according to said input text obtains the input digit value;
Input range and output area are provided;
Is two input ranges and two output areas according to key with said input and output scope division;
Which input range to comprise that the input digit value selects a pair of input and output scope from the scope of said division according to;
Repeat said division iteratively and select step up to said output area less than predetermined parameters, said output area is final output area; And
Return the output digital value that is in the said final output area.
99. method of in the system that comprises server, client devices and intermediate module, using; Wherein, The input data that said server is configured to said client devices is provided provide at least one function; And said intermediate module is configured to receive the input data from said client devices, and said input data conversion is transmitted the data of said processing for the data handled with to said server, and said method comprises:
Receive the input data at said intermediate module from client devices;
Tackle said input data and do not transmit said input data at said intermediate module to said server;
To said input data function is provided by said intermediate module; And
According to the result of said function, produce at least one message of said client devices by said intermediate module.
100. the method according to claim 99 further comprises:
Obtain response at said intermediate module from said client devices to said at least one message;
According to said response, handle the input text of said input text to obtain to handle; And
Transmit the input text of handling to said server.
101. according to the method for claim 99, wherein, said function is the spell check function, and said message is the result of said spell check function to said input data.
102. method according to claim 99; Wherein, Said function is the format checking function to said input data, and said input data are first form, and said message is the request that said input data are provided with second form different with said first form.
103. according to the method for claim 102, wherein, said first form is the incremental encoding form, and said second form is complete input text form.
104. according to the method for claim 99, wherein, said intermediate module is mounted in the software insert module in the said client devices.
105. according to the method for claim 99, wherein, said intermediate module is the intermediate server computing machine that is connected to said client devices and said server.
106. a system that is used to protect the data between client devices and server comprises:
Intermediate module; Be configured to receive the input data from client devices; Said input data conversion is transmitted the data of said processing for the data of processing with to server; Wherein, said server is configured to its data that provide of subtend at least one function is provided, and said intermediate module further is configured to:
Receive said input data from client devices;
Tackle said input data and do not transmit said input data to said server;
To said input data said at least one function is provided; And
According to the result of said function, produce at least one message of said client devices.
107. according to the system of claim 106, wherein said intermediate module further is configured to:
Obtain response from said client devices to said at least one message;
According to said response, handle the input text of said input text to obtain to handle; And
Transmit the input text of handling to said server.
108. according to the system of claim 106, wherein, said function is the spell check function, and said message is the result of said spell check function to said input data.
109. system according to claim 106; Wherein, Said function is the format checking function to said input data, and said input data are first form, and said message is the request that said input data are provided with second form different with said first form.
110. according to the system of claim 109, wherein, said first form is the incremental encoding form, and said second form is complete input text form.
111. according to the system of claim 106, wherein, said intermediate module is mounted in the software insert module in the said client devices.
112. according to the system of claim 106, wherein, said intermediate module is the intermediate server computing machine that is connected to said client devices and said server.
CN2010800637842A 2009-12-31 2010-12-30 System, apparatus and method for encryption and decryption of data transmitted over a network Pending CN102782692A (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US29139809P 2009-12-31 2009-12-31
US61/291,398 2009-12-31
US30620710P 2010-02-19 2010-02-19
US61/306,207 2010-02-19
PCT/IL2010/001097 WO2011080745A2 (en) 2009-12-31 2010-12-30 System, apparatus and method for encryption and decryption of data transmitted over a network

Publications (1)

Publication Number Publication Date
CN102782692A true CN102782692A (en) 2012-11-14

Family

ID=44041607

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010800637842A Pending CN102782692A (en) 2009-12-31 2010-12-30 System, apparatus and method for encryption and decryption of data transmitted over a network

Country Status (6)

Country Link
EP (1) EP2520063A2 (en)
JP (1) JP5735539B2 (en)
CN (1) CN102782692A (en)
CA (1) CA2786058C (en)
IL (1) IL220662A (en)
WO (1) WO2011080745A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980397A (en) * 2014-04-03 2015-10-14 腾讯科技(深圳)有限公司 Instant messaging method, system and terminal
CN111625796A (en) * 2020-05-18 2020-09-04 金骏(广州)智能科技有限公司 Data transmission method based on communication terminal and APP

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8548170B2 (en) 2003-12-10 2013-10-01 Mcafee, Inc. Document de-registration
US9253154B2 (en) 2008-08-12 2016-02-02 Mcafee, Inc. Configuration management for a capture/registration system
US8738683B2 (en) 2008-09-15 2014-05-27 Vaultive Ltd. System, apparatus and method for encryption and decryption of data transmitted over a network
US8473442B1 (en) 2009-02-25 2013-06-25 Mcafee, Inc. System and method for intelligent state management
US8447722B1 (en) 2009-03-25 2013-05-21 Mcafee, Inc. System and method for data mining and security policy management
US8806615B2 (en) * 2010-11-04 2014-08-12 Mcafee, Inc. System and method for protecting specified data combinations
US20130246336A1 (en) 2011-12-27 2013-09-19 Mcafee, Inc. System and method for providing data protection workflows in a network environment
CN102816055B (en) * 2012-08-24 2015-08-26 青岛琅琊台集团股份有限公司 A kind of novel process utilizing sea water desaltination membrane separation technique treatment of itaconic acid fermentation waste liquor
JP6571927B2 (en) * 2014-11-13 2019-09-04 エヌ・ティ・ティ・コミュニケーションズ株式会社 Data protection device, data protection method, and data protection program
WO2018102861A1 (en) * 2016-12-08 2018-06-14 Commonwealth Scientific And Industrial Research Organisation Secure text analytics
CN113064533B (en) * 2021-04-02 2023-04-07 南京维沃软件技术有限公司 Control method and control device for electronic equipment
CN113259390B (en) * 2021-06-25 2021-09-14 深圳市爱挖网络科技有限公司 Account safety protection system for recruitment platform

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5958006A (en) * 1995-11-13 1999-09-28 Motorola, Inc. Method and apparatus for communicating summarized data
JP2001147934A (en) * 1999-11-19 2001-05-29 Nippon Telegr & Teleph Corp <Ntt> Enciphered information distributing method and device capable of retrieving information
AU1408501A (en) 1999-12-22 2001-07-03 Tashilon Ltd. Enhanced computer network encryption using downloaded software objects
US7165175B1 (en) 2000-09-06 2007-01-16 Widevine Technologies, Inc. Apparatus, system and method for selectively encrypting different portions of data sent over a network
JP2004101905A (en) * 2002-09-10 2004-04-02 Sharp Corp Information display device
JP2005130352A (en) * 2003-10-27 2005-05-19 Victor Co Of Japan Ltd Decoder
JP2005242740A (en) * 2004-02-27 2005-09-08 Open Loop:Kk Program, storage medium and information processor in information security system
JP2005284915A (en) * 2004-03-30 2005-10-13 Canon Inc Information retrieval device and method, information retrieval system, and control method for the same
US7484107B2 (en) * 2004-04-15 2009-01-27 International Business Machines Corporation Method for selective encryption within documents
JP4561661B2 (en) * 2006-03-09 2010-10-13 日本電気株式会社 Decoding method and decoding apparatus
JP4736877B2 (en) * 2006-03-16 2011-07-27 日本電気株式会社 Demultiplexer and demultiplexer
JP2008301335A (en) * 2007-06-01 2008-12-11 Kddi R & D Laboratories Inc Video signal switching apparatus

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980397A (en) * 2014-04-03 2015-10-14 腾讯科技(深圳)有限公司 Instant messaging method, system and terminal
CN104980397B (en) * 2014-04-03 2019-04-26 腾讯科技(深圳)有限公司 Instant communicating method, system and terminal
CN111625796A (en) * 2020-05-18 2020-09-04 金骏(广州)智能科技有限公司 Data transmission method based on communication terminal and APP

Also Published As

Publication number Publication date
JP2013516642A (en) 2013-05-13
EP2520063A2 (en) 2012-11-07
CA2786058A1 (en) 2011-07-07
WO2011080745A2 (en) 2011-07-07
CA2786058C (en) 2017-03-28
IL220662A (en) 2016-09-29
JP5735539B2 (en) 2015-06-17
WO2011080745A3 (en) 2011-11-10

Similar Documents

Publication Publication Date Title
US10021078B2 (en) System, apparatus and method for encryption and decryption of data transmitted over a network
CN102782692A (en) System, apparatus and method for encryption and decryption of data transmitted over a network
CN109981297B (en) Block chain processing method, device, equipment and storage medium
US9647989B2 (en) System and method of data interception and conversion in a proxy
US10032046B1 (en) Protecting confidential information
CA2736584C (en) Method and system for secure use of services by untrusted storage providers
US20120260108A1 (en) Font encryption and decryption system and method
EP1406410A1 (en) Method for an integrated protection system of data distributed processing in computer networks and system for carrying out said method
US10541982B1 (en) Techniques for protecting electronic data
US10615965B1 (en) Protected search index
CN105359155A (en) Disrupting password attack using compression
CN103607420A (en) Safe electronic medical system for cloud storage
JP5307199B2 (en) Data management system and data management method
EP2702723A1 (en) System and method for data obfuscation in interception of communication with a cloud
Vershinin et al. Associative steganography of text messages
CN107533617B (en) Server device, information management system, information management method, and computer program
Rijanandi et al. Implementation of encrypt national ID card in Sinovi application use waterfall methodology
EP3018647B1 (en) Fake information based on n-gram randomizations
KR20120047720A (en) Method and system of managing data transmission
KL Text steganography: enhanced character-level embedding algorithm using font attribute with increased resilience to statistical attacks
Onodueze et al. Rijndael algorithm for database encryption on a course management system
Jagat et al. An Interactive Practical Approach for Traditional Cryptanalysis of Vigenere Cipher
JP2024000926A (en) Information processing system and information processing method
CN115811393A (en) Data decryption method and device
KR20050045935A (en) Method and system for security certification

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C05 Deemed withdrawal (patent law before 1993)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20121114