Searchable Encrypted Data

US 20140052999A1
Filed: 08/13/2013
Published: 02/20/2014
Est. Priority Date: 08/15/2012
Status: Active Grant

First Claim

Patent Images

1. A data encryption computer, comprising:

a processor; and

a non-transitory computer-readable storage medium, comprising code executable by the processor for implementing a method comprising;

receiving a plurality of sensitive data records comprising personal information of different users;

identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user;

generating a searchable field index for each of the one or more searchable fields;

encrypting the sensitive data records using a database encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user, generating a searchable field index for each of the one or more searchable fields, and encrypting the sensitive data records using a database encryption key.

124 Citations

View as Search Results

17 Claims

1. A data encryption computer, comprising:
- a processor; and
  
  a non-transitory computer-readable storage medium, comprising code executable by the processor for implementing a method comprising;
  
  receiving a plurality of sensitive data records comprising personal information of different users;
  
  identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user;
  
  generating a searchable field index for each of the one or more searchable fields;
  
  encrypting the sensitive data records using a database encryption key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The data encryption computer of claim 1, wherein the method further comprises:
    - sending, by the processor, the encrypted data records and the generated indices to a searchable encrypted database.
  - 3. The data encryption computer of claim 1, wherein the format of each searchable field index depends on the sensitivity of the searchable field.
  - 4. The data encryption computer of claim 3, wherein generating the one or more indices comprises:
    - when a searchable field is highly sensitive, determining the format of the searchable field to be a hash-based message authentication code (HMAC); and
      
      generating an HMAC for the searchable field using a searchable field key.
  - 5. The data encryption computer of claim 4, wherein generating the one or more indices further comprises:
    - sending the searchable field key to one or more clients authorized to search using the searchable field.
  - 6. The data encryption computer of claim 1, wherein the method further comprises:
    - transmitting the database encryption key to one or more clients authorized to decrypt the encrypted data records.

7. A computer-implemented method comprising:
- receiving, by a processor, personal information of a user;
  
  generating, by the processor, one or more index values, each associated with a searchable field index, using the personal information;
  
  sending, by the processor, the one or more index values;
  
  receiving, by the processor, one or more encrypted data records matching the index values; and
  
  decrypting, by the processor, the encrypted data records using a database decryption key.
- View Dependent Claims (8, 9, 10)
- - 8. The computer-implemented method of claim 7, further comprising:
    - receiving the database decryption key from a data encryption computer.
  - 9. The computer-implemented method of claim 7, wherein the format of each searchable field index is determined using a sensitivity of a corresponding searchable field.
  - 10. The computer-implemented method of claim 7, wherein at least one of the index values is a hash-based message authentication code.

11. A computer-implemented method comprising:
- receiving, by a processor, one or more index values for searchable field indices, wherein the index values are generated using personal information of a user;
  
  retrieving, by the processor, one or more encrypted data records using the index values; and
  
  sending, by the processor, the one or more encrypted data records.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The computer-implemented method of claim 11, wherein the format of each searchable field index is determined using a sensitivity of a searchable field associated with the searchable field index.
  - 13. The computer-implemented method of claim 11, wherein the encrypted data records are encrypted using a data encryption key, wherein the encrypted data records are decryptable using a database decryption key associated with the database encryption key.
  - 14. The computer-implemented method of claim 11, wherein at least one of the index values is a hash-based message authentication code.
  - 15. The computer-implemented method of claim 11, wherein the index values are received from a service center computer, wherein the index values are generated using identification information provided by a user.
  - 16. The computer-implemented method of claim 15, wherein the method further comprises:
    - when multiple encrypted data records match the index values, prompting the service center computer to send additional identification information.
  - 17. A system comprising a server computer configured to perform the method of claim 11, and a client computer in communication with the server computer, the client computer configured to:
    - send the one or more index values;
      
      receive the one or more encrypted data records; and
      
      decrypt the one or more encrypted data records.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Aissi, Selim, Nagasundaram, Sekhar

Granted Patent

US 9,256,764 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 16/13   File access structures, e.g...

G06F 16/137   Hash-based content-based in...

G06F 16/14   Details of searching files ...

G06F 16/148   File search processing

G06F 16/152   using file content signatur...

G06F 16/22   Indexing; Data structures t...

G06F 16/2228   Indexing structures

G06F 16/9535   Search customisation based ...

G06F 21/606   by securing the transmissio...

G06F 21/6245   Protecting personal data, e...

G06F 21/64   Protecting data integrity, ...

G06F 2207/00   Indexing scheme relating to...

G06F 2207/025   String search, i.e. pattern...

H04L 9/08   Key distribution or managem...

Searchable Encrypted Data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

124 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Searchable Encrypted Data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others