INCREASING SEARCH ABILITY OF PRIVATE, ENCRYPTED DATA
First Claim
Patent Images
1. A method for searching a database to obtain data, comprising:
- receiving, by a computer database system, a search string;
searching a first table of the computer database system using the search string to identify a matching string, wherein the first table includes an encrypted foreign key for each field;
obtaining at least one encrypted foreign key corresponding to the matching string identified using the search string;
sending the at least one encrypted foreign key to a decryption engine executing on one or more processors of the computer database system;
receiving from the decryption engine, at least one decrypted foreign key corresponding to the at least one encrypted foreign key;
searching a second table of the computer database system using the at least one decrypted foreign key to obtain encrypted data;
sending the encrypted data to the decryption engine to decrypt the encrypted data; and
receiving, from the decryption engine, decrypted data resulting from decryption of the encrypted data.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are provided to allow full search for encrypted data within a database. In some embodiments, searchable data may be separated into different searchable tables in a database in such a way that encrypted data is stored as plaintext but has no usable link to other data within the source database. In some embodiments, performing a query on a particular user data may result in the retrieval of an encrypted identifier, which may then be decrypted via an encryption module. A second search based on the decrypted identifier may produce a set of relevant search results from a source table.
50 Citations
20 Claims
-
1. A method for searching a database to obtain data, comprising:
-
receiving, by a computer database system, a search string; searching a first table of the computer database system using the search string to identify a matching string, wherein the first table includes an encrypted foreign key for each field; obtaining at least one encrypted foreign key corresponding to the matching string identified using the search string; sending the at least one encrypted foreign key to a decryption engine executing on one or more processors of the computer database system; receiving from the decryption engine, at least one decrypted foreign key corresponding to the at least one encrypted foreign key; searching a second table of the computer database system using the at least one decrypted foreign key to obtain encrypted data; sending the encrypted data to the decryption engine to decrypt the encrypted data; and receiving, from the decryption engine, decrypted data resulting from decryption of the encrypted data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
one or more processors and a memory including instructions that, when executed by the one or more processors, cause the one or more processors to; receive a query that includes an indication of at least one search column of a source table and a search string; identify at least one searchable table based on the at least one search column; identify a set of encrypted identifiers in the at least one searchable table associated with the search string, each of the set of encrypted identifiers being associated with a value in the searchable table that matches the search string; generate a set of decrypted identifiers from the set of encrypted identifiers; identify a set of encrypted source data in the source table based at least in part on the set of decrypted identifiers; and generate a decrypted set of source data by decrypting each of the encrypted source data in the set of encrypted source data; and return the decrypted set of source data. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method of retrieving data comprising:
-
receiving a search string related to a database column, the database column having encrypted data; identifying at least one searchable table relevant to the search string based on the database column, the at least one searchable table including a column of plaintext data corresponding to the encrypted data; identifying, in the at least one searchable table, at least one row relevant to the search string; determining, from the identified at least one row, at least one identifier; identifying, in a source table, at least one row relevant to the at least one identifier; and retrieving a field value from the at least one row in the source table. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification