Encrypted table indexes and searching encrypted tables
First Claim
Patent Images
1. A computer-implemented method for building a database having no un-encrypted database table, said method comprising:
- forming a transparent table including at least a row ID column having a plurality of row ID fields, and a sensitive data column having a plurality of sensitive data fields;
populating a plurality of nodes with the transparent table, each node having both an index key being data from a unique one of said plurality of sensitive data fields and an index data being data from a unique one of said plurality of row ID fields, whereby said nodes include a plurality of index keys and a plurality of index data;
encrypting said plurality of index keys found in said plurality of nodes;
ordering said plurality of nodes according to values of said encrypted index keys;
encrypting the plurality of sensitive data fields and forming an at least partially encrypted database table in the database;
deleting the transparent table.
11 Assignments
0 Petitions
Accused Products
Abstract
The present invention teaches a variety of methods for building and searching secure, indexed database tables. Sensitive portions of the database tables and database indexes are encrypted, ordered and searched according to Boolean functions arranged to work with encrypted data. Also disclosed is a database management system that allows authorized users to build and search encrypted tables.
-
Citations
17 Claims
-
1. A computer-implemented method for building a database having no un-encrypted database table, said method comprising:
- forming a transparent table including at least a row ID column having a plurality of row ID fields, and a sensitive data column having a plurality of sensitive data fields;
populating a plurality of nodes with the transparent table, each node having both an index key being data from a unique one of said plurality of sensitive data fields and an index data being data from a unique one of said plurality of row ID fields, whereby said nodes include a plurality of index keys and a plurality of index data; encrypting said plurality of index keys found in said plurality of nodes; ordering said plurality of nodes according to values of said encrypted index keys; encrypting the plurality of sensitive data fields and forming an at least partially encrypted database table in the database;
deleting the transparent table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- forming a transparent table including at least a row ID column having a plurality of row ID fields, and a sensitive data column having a plurality of sensitive data fields;
-
10. A computer-implemented secure index for indexing an at least partially encrypted database table, said secure index searchable only by users authorized to utilize encryption functions available on a computer system, said secure index comprising:
-
a plurality of nodes, each node including an index key and an index data, each index key being encrypted, decrypted data from each index key providing meaningful information, and each index data identifying a storage location within said database table in an encrypted database having no un-encrypted database table; and wherein said plurality of nodes are logically ordered according to value of said encrypted index key of each said node in a manner searchable only through decryption. - View Dependent Claims (11, 12)
-
-
13. A method for searching an at least partially encrypted database table via a secure index, said secure index having a plurality of nodes, each node including an index key and an index data, each index key being encrypted, decrypted data from each index key providing meaningful information, and each index data identifying a storage location within said database table in an encrypted database having no un-encrypted database table, and wherein said plurality of nodes is logically ordered according to value of said encrypted index key of each said node in a manner searchable only through decryption, said method comprising:
-
receiving a request to search said secure index from a user; determining whether said user is authorized to utilize encryption functions; when said user is authorized to utilize encryption functions, performing said requested search using one or more comparison functions operable to decrypt indexed and encrypted data.
-
-
14. A computer system comprising:
- an encrypted database having no un-encrypted database table;
a database table in the encrypted database including at least a row ID column having a plurality of row ID fields, and a sensitive data column having a plurality of sensitive data fields, said row ID column and said sensitive data column encrypted;a database index corresponding to said database table, said database index including a plurality of nodes, each node having both an index key being data from a unique one of said plurality of sensitive data fields and an index data being data from a unique one of said plurality of row ID fields, whereby said nodes include a plurality of index keys and a plurality of index data, said plurality of index keys being encrypted, said plurality of nodes being ordered according to values of said encrypted index keys; and a database management system instantiated on said computer system, said database management system operable to search said database table using said database index. - View Dependent Claims (15, 16, 17)
- an encrypted database having no un-encrypted database table;
Specification