FILTERING ENCRYPTED DATA USING INDEXES
First Claim
1. A method for storing encrypted data, comprising:
- storing a first ciphertext associated with a first plaintext in a data field of a database;
storing a second ciphertext associated with a second plaintext in the data field, wherein the first plaintext and the second plaintext are different;
generating a first index for the first plaintext and a second index for the second plaintext using an indexing function, wherein an index value of the first index and an index value of the second index are the same;
determining a set of index values associated with the first plaintext using the indexing function, wherein the set of index values comprises the index value of the first index and the second index; and
identifying, for a set of ciphertexts stored in the data field, all indexes with index values included in the determined set of index values.
1 Assignment
0 Petitions
Accused Products
Abstract
During an encryption process, a database system may generate an index value based on the plaintext to be encrypted, an encryption key, a data field-specific salt, or a combination thereof. The database may store the index value in an index associated with the ciphertext output of the encryption process. In some cases, the database may receive a query specifying a plaintext value for filtering on a data field, where the database may return data objects with the specified plaintext value in the given data field. The database may compute a set of index values associated with the specified plaintext, and may identify indexes with index values included in the set of index values and associated with the given data field. The database may decrypt the ciphertexts associated with the identified indexes to check if they match the specified plaintext.
-
Citations
20 Claims
-
1. A method for storing encrypted data, comprising:
-
storing a first ciphertext associated with a first plaintext in a data field of a database; storing a second ciphertext associated with a second plaintext in the data field, wherein the first plaintext and the second plaintext are different; generating a first index for the first plaintext and a second index for the second plaintext using an indexing function, wherein an index value of the first index and an index value of the second index are the same; determining a set of index values associated with the first plaintext using the indexing function, wherein the set of index values comprises the index value of the first index and the second index; and identifying, for a set of ciphertexts stored in the data field, all indexes with index values included in the determined set of index values. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus for storing encrypted data, in a system comprising:
-
a processor; memory in electronic communication with the processor; and instructions stored in the memory and operable, when executed by the processor, to cause the apparatus to; store a first ciphertext associated with a first plaintext in a data field of a database; store a second ciphertext associated with a second plaintext in the data field, wherein the first plaintext and the second plaintext are different; generate a first index for the first plaintext and a second index for the second plaintext using an indexing function, wherein an index value of the first index and an index value of the second index are the same; determine a set of index values associated with the first plaintext using the indexing function, wherein the set of index values comprises the index value of the first index and the second index; and identify, for a set of ciphertexts stored in the data field, all indexes with index values included in the determined set of index values. - View Dependent Claims (14, 15, 16)
-
-
17. A non-transitory computer readable medium storing code for storing encrypted data, the code comprising instructions executable by a processor to:
-
store a first ciphertext associated with a first plaintext in a data field of a database; store a second ciphertext associated with a second plaintext in the data field, wherein the first plaintext and the second plaintext are different; generate a first index for the first plaintext and a second index for the second plaintext using an indexing function, wherein an index value of the first index and an index value of the second index are the same; determine a set of index values associated with the first plaintext using the indexing function, wherein the set of index values comprises the index value of the first index and the second index; and identify, for a set of ciphertexts stored in the data field, all indexes with index values included in the determined set of index values. - View Dependent Claims (18, 19, 20)
-
Specification