CONTROLLING SECURE PROCESSING OF CONFIDENTIAL DATA IN UNTRUSTED DEVICES
First Claim
1. A system comprising:
- at least one hardware device processor; and
a computer-readable storage medium storing executable instructions that, when executed, cause one or more of the at least one hardware device processor to;
control a number of transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a database management system, the data being communicated for database transaction processing in the secure trusted device, the number of transmissions being controlled by;
receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, the index comprising secure, encrypted index values,decrypting, at the trusted device, the key and one or more of the encrypted index values, andinitiating a transmission, in response to the receiving, a pointer value that identifies a lookup position in the index for the key.
1 Assignment
0 Petitions
Accused Products
Abstract
A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.
-
Citations
20 Claims
-
1. A system comprising:
-
at least one hardware device processor; and a computer-readable storage medium storing executable instructions that, when executed, cause one or more of the at least one hardware device processor to; control a number of transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a database management system, the data being communicated for database transaction processing in the secure trusted device, the number of transmissions being controlled by; receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, the index comprising secure, encrypted index values, decrypting, at the trusted device, the key and one or more of the encrypted index values, and initiating a transmission, in response to the receiving, a pointer value that identifies a lookup position in the index for the key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
at least one hardware device processor; and a computer-readable storage medium storing executable instructions that, when executed, cause one or more of the at least one hardware device processor to; control available computation resources on a secure trusted device in a database management system (DBMS) by; receiving, at the secure, trusted device, from an untrusted device, a request to perform one or more database processing operations on data that is stored in secure, encrypted form at the untrusted device, and initiating the one or more database processing operations using a plurality of stack machines that are physically hosted at the secure, trusted device. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
at least one hardware device processor; and a computer-readable storage medium storing executable instructions that, when executed, cause one or more of the at least one hardware device processor to; control a number of transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a database management system (DBMS), the data being communicated for database transaction processing in the secure trusted device, the number of transmissions being controlled by; obtaining, at the untrusted device, one or more intra-transaction batched database transaction processing requests, each transaction processing request comprising a plurality of query expressions on secure, encrypted data, the plurality of query expressions folded into a single evaluation call for processing at the secure trusted device, initiating a transmission in a single communication operation, from the untrusted device, to the secure trusted device, of the one or more intra-transaction batched database transaction processing requests, and receiving, from the secure trusted device, in response to the transmission, results of processing of the intra-transaction batched database transaction processing requests that is performed at the secure trusted device. - View Dependent Claims (19, 20)
-
Specification