Querying encrypted data in a relational database system
First Claim
1. A client-server relational database system, comprising:
- a client computer;
a server computer; and
a network connecting the client computer and the server computer;
wherein data from the client computer is encrypted by the client computer, the encrypted data is stored by the server computer, a query is performed against the encrypted data by the server computer to produce an encrypted intermediate results set, the encrypted intermediate results set is sent from the server computer to the client computer and the encrypted intermediate results set is decrypted and filtered by the client computer to produce unencrypred actual results for the query, such that the data is always encrypted when it is stored on or processed by the server computer and the encrypted data is never decrypted by the server computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A client-server relational database system, wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer, using one or more operators selected from a group of operators comprising: (a) inequality logic operators, (b) aggregation operators, and (c) wildcard matching operators, to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and filtered by the client computer to produce actual results. The group of operators is limited because the encrypted results set, when decrypted, includes inaccuracies therein. The client computer applies a set of correction procedures to the decrypted results set to remove the inaccuracies therein.
55 Citations
40 Claims
-
1. A client-server relational database system, comprising:
-
a client computer; a server computer; and a network connecting the client computer and the server computer; wherein data from the client computer is encrypted by the client computer, the encrypted data is stored by the server computer, a query is performed against the encrypted data by the server computer to produce an encrypted intermediate results set, the encrypted intermediate results set is sent from the server computer to the client computer and the encrypted intermediate results set is decrypted and filtered by the client computer to produce unencrypred actual results for the query, such that the data is always encrypted when it is stored on or processed by the server computer and the encrypted data is never decrypted by the server computer. - View Dependent Claims (4, 5, 6)
-
-
2. A client-server relational database system, comprising:
a client computer connected to a server computer, wherein data from the client computer is encrypted by the client computer, the encrypted data is stored by the server computer, a query is performed against the encrypted data by the server computer to produce an encrypted intermediate results set, the encrypted intermediate results set is sent from the server computer to the client computer and the encrypted intermediate results set is decrypted and filtered by the client computer to produce actual results for the query, such that the data is always encrypted when it is stored on or processed by the server computer and the encrypted data is never decrypted by die server computer.
-
3. A client-server relational database system, comprising:
a server computer connected to a client computer, wherein data from the client computer is encrypted by the client computer, the encrypted data is stored by the server computer, a query is performed against the encrypted data by the server computer to produce an encrypted intermediate results set, the encrypted intermediate results set is sent from the server computer to the client computer and the encrypted intermediate results set is decrypted and corrected by the client computer to produce actual results for the query, such that the data is always encrypted when it is stored on or processed by the server computer and the encrypted data is never decrypted by the server computer.
-
7. A computer-implemented method of performing computations on encrypted data, comprising:
-
(a) transforming a computation formulated to be performed on unencrypted data so that at least a portion of the computation can be applied to the encrypted data; (b) applying the transformed computation to the encrypted data on a first computer in order to obtain intermediate encrypted results; (c) decrypting the intermediate encrypted results on a second computer; and (d) applying at least a remaining portion of the computation to the decrypted results on the second computer in order to obtain actual results for the computation; (e) such that the data is always encrypted when it is stored on or processed by the first computer and the encrypted data is never decrypted by the first computer. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A computer-implemented apparatus for performing computations on encrypted data, comprising:
-
(1) a computer system; (2) logic, performed by the computer system, for (a) transforming a computation formulated to be performed on unencrypted data so that at least a portion of the computation can be applied to the encrypted data; (b) applying the transformed computation to the encrypted data on a first computer in order to obtain intermediate encrypted results; (c) decrypting the intermediate encrypted results on a second computer; and (d) applying at least a remaining portion of the computation to the decrypted results on the second computer in order to obtain actual results for the computation; (e) such that the data is always encrypted when it is stored on or processed by the first computer and the encrypted data is never decrypted by the first computer.
-
-
40. An article of manufacture comprising a program storage device embodying instructions for a computer-implemented method for performing computations on encrypted data, the logic comprising:
-
(a) transforming a computation formulated to be performed on unencrypted data so that at least a portion of the computation can be applied to the encrypted data; (b) applying the transformed computation to the encrypted data on a first computer system in order to obtain intermediate encrypted results; (c) decrypting the intermediate encrypted results on a second computer system; and (d) applying at least a remaining portion of the computation to the decrypted results on the second computer system in order to obtain actual results for the computation; (e) such that the data is always encrypted when it is stored on or processed by the first computer and the encrypted data is never decrypted by the first computer.
-
Specification