Increasing search ability of private, encrypted data
First Claim
Patent Images
1. A method for searching a database to obtain data, comprising:
- receiving, by a computer database system, a request for data comprising a search string;
determining a search column of a first table indicated in relation to the search string, the first table storing plaintext data of a particular type of personally identifiable information (PII) within the search column;
searching the search column of the first table of the computer database system using the search string to identify a matching string, wherein the first table includes an encrypted foreign key for each field, and the matching string is identified from the plaintext data;
obtaining at least one encrypted foreign key corresponding to the matching string identified using the search string;
sending the at least one encrypted foreign key to a decryption engine executing on one or more processors of the computer database system;
receiving from the decryption engine, at least one decrypted foreign key corresponding to the at least one encrypted foreign key, wherein the decrypted foreign key is generated by the decryption engine using a decryption key unique to the first table;
searching a second table of the computer database system using the at least one decrypted foreign key to obtain encrypted data, wherein the encrypted data comprises a different second type of PII;
sending the encrypted data to the decryption engine to decrypt the encrypted data; and
receiving, from the decryption engine, decrypted data resulting from decryption of the encrypted data, wherein the decrypted data comprises the requested data.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are provided to allow full search for encrypted data within a database. In some embodiments, searchable data may be separated into different searchable tables in a database in such a way that encrypted data is stored as plaintext but has no usable link to other data within the source database. In some embodiments, performing a query on a particular user data may result in the retrieval of an encrypted identifier, which may then be decrypted via an encryption module. A second search based on the decrypted identifier may produce a set of relevant search results from a source table.
36 Citations
16 Claims
-
1. A method for searching a database to obtain data, comprising:
-
receiving, by a computer database system, a request for data comprising a search string; determining a search column of a first table indicated in relation to the search string, the first table storing plaintext data of a particular type of personally identifiable information (PII) within the search column; searching the search column of the first table of the computer database system using the search string to identify a matching string, wherein the first table includes an encrypted foreign key for each field, and the matching string is identified from the plaintext data; obtaining at least one encrypted foreign key corresponding to the matching string identified using the search string; sending the at least one encrypted foreign key to a decryption engine executing on one or more processors of the computer database system; receiving from the decryption engine, at least one decrypted foreign key corresponding to the at least one encrypted foreign key, wherein the decrypted foreign key is generated by the decryption engine using a decryption key unique to the first table; searching a second table of the computer database system using the at least one decrypted foreign key to obtain encrypted data, wherein the encrypted data comprises a different second type of PII; sending the encrypted data to the decryption engine to decrypt the encrypted data; and receiving, from the decryption engine, decrypted data resulting from decryption of the encrypted data, wherein the decrypted data comprises the requested data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
one or more processors and a memory including instructions that, when executed by the one or more processors, cause the one or more processors to; receive a request for data comprising a search string; determine a search column of a first table indicated in relation to the search string, the first table storing plaintext data of a particular type of personally identifiable information (PII) within the search column; search the search column of the first table of the computer database system using the search string to identify a matching string, wherein the first table includes an encrypted foreign key for each field, and the matching string is identified from the plaintext data; obtain at least one encrypted foreign key corresponding to the matching string identified using the search string; send the at least one encrypted foreign key to a decryption engine executing on one or more processors of the computer database system; receive from the decryption engine, at least one decrypted foreign key corresponding to the at least one encrypted foreign key, wherein the decrypted foreign key is generated by the decryption engine using a decryption key unique to the first table; search a second table of the computer database system using the at least one decrypted foreign key to obtain encrypted data, wherein the encrypted data comprises a different second type of PII; send the encrypted data to the decryption engine to decrypt the encrypted data; and receive, from the decryption engine, decrypted data resulting from decryption of the encrypted data, wherein the decrypted data comprises the requested data. - View Dependent Claims (9, 10, 11)
-
12. A non-transitory computer readable medium storing specific computer-executable instructions that, when executed by a processor, cause a computer system to at least:
-
receive a request for data comprising a search string; determine a search column of a first table indicated in relation to the search string, the first table storing plaintext data of a particular type of personally identifiable information (PII) within the search column; search the search column of the first table of the computer database system using the search string to identify a matching string, wherein the first table includes an encrypted foreign key for each field, and the matching string is identified from the plaintext data; obtain at least one encrypted foreign key corresponding to the matching string identified using the search string; send the at least one encrypted foreign key to a decryption engine executing on one or more processors of the computer database system; receive from the decryption engine, at least one decrypted foreign key corresponding to the at least one encrypted foreign key, wherein the decrypted foreign key is generated by the decryption engine using a decryption key unique to the first table; search a second table of the computer database system using the at least one decrypted foreign key to obtain encrypted data, wherein the encrypted data comprises a different second type of PII; send the encrypted data to the decryption engine to decrypt the encrypted data; and receive, from the decryption engine, decrypted data resulting from decryption of the encrypted data, wherein the decrypted data comprises the requested data. - View Dependent Claims (13, 14, 15, 16)
-
Specification