Querying encrypted data in a relational database system
First Claim
1. A client-server relational database system, comprising:
- a client computer;
a server computer; and
a network connecting the client computer and the server computer;
wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and filtered by the client computer to produce actual results.
1 Assignment
0 Petitions
Accused Products
Abstract
A client-server relational database system, wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer, using one or more operators selected from a group of operators comprising: (a) inequality logic operators, (b) aggregation operators, and (c) wildcard matching operators, to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and filtered by the client computer to produce actual results. The group of operators is limited because the encrypted results set, when decrypted, includes inaccuracies therein. The client computer applies a set of correction procedures to the decrypted results set to remove the inaccuracies therein.
125 Citations
40 Claims
-
1. A client-server relational database system, comprising:
-
a client computer;
a server computer; and
a network connecting the client computer and the server computer;
wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and filtered by the client computer to produce actual results. - View Dependent Claims (4, 5, 6)
-
-
2. A client-server relational database system, comprising:
a client computer connected to a server computer, wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and filtered by the client computer to produce actual results.
-
3. A client-server relational database system, comprising:
a server computer connected to a client computer, wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and corrected by the client computer to produce actual results.
-
7. A method of performing computations on encrypted data stored on a computer system, comprising:
-
(a) transforming a computation formulated to be performed on unencrypted data so that at least a portion of the computation can be applied to the encrypted data;
(b) applying the transformed computation to the encrypted data in order to obtain intermediate encrypted results;
(c) decrypting the intermediate encrypted results; and
(d) applying at least a remaining portion of the computation to the decrypted results in order to obtain actual results for the computation. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A computer-implemented apparatus for performing computations on encrypted data, comprising:
-
(1) a computer system;
(2) logic, performed by the computer system, for (a) transforming a computation formulated to be performed on unencrypted data so that at least a portion of the computation can be applied to the encrypted data;
(b) applying the transformed computation to the encrypted data in order to obtain intermediate encrypted results;
(c) decrypting the intermediate encrypted results; and
(d) applying at least a remaining portion of the computation to the decrypted results in order to obtain actual results for the computation.
-
-
40. An article of manufacture embodying logic for performing computations on encrypted data stored on a computer system, the logic comprising:
-
(a) transforming a computation formulated to be performed on unencrypted data so that at least a portion of the computation can be applied to the encrypted data;
(b) applying the transformed computation to the encrypted data in order to obtain intermediate encrypted results;
(c) decrypting the intermediate encrypted results; and
(d) applying at least a remaining portion of the computation to the decrypted results in order to obtain actual results for the computation.
-
Specification