Querying encrypted data in a relational database system
First Claim
1. A method of storing and accessing data in a client-server relational database system, comprising:
- encrypting data from a client computer;
storing the encrypted data at a server computer;
performing a query against the encrypted data stored at the server computer to produce an encrypted intermediate results set;
sending the encrypted intermediate results set from the server computer to the client computer;
decrypting and filtering the encrypted intermediate results set at the client computer to produce unencrypted actual results for the query, such that the data is always encrypted when it is stored at or processed by the server computer and the encrypted data is never decrypted by the server computer.
0 Assignments
0 Petitions
Accused Products
Abstract
A client-server relational database system, wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer, using one or more operators selected from a group of operators comprising: (a) inequality logic operators, (b) aggregation operators, and (c) wildcard matching operators, to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and filtered by the client computer to produce actual results. The group of operators is limited because the encrypted results set, when decrypted, includes inaccuracies therein. The client computer applies a set of correction procedures to the decrypted results set to remove the inaccuracies therein.
38 Citations
12 Claims
-
1. A method of storing and accessing data in a client-server relational database system, comprising:
-
encrypting data from a client computer; storing the encrypted data at a server computer; performing a query against the encrypted data stored at the server computer to produce an encrypted intermediate results set; sending the encrypted intermediate results set from the server computer to the client computer; decrypting and filtering the encrypted intermediate results set at the client computer to produce unencrypted actual results for the query, such that the data is always encrypted when it is stored at or processed by the server computer and the encrypted data is never decrypted by the server computer. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An article of manufacture comprising a program storage device for storing instructions that, when read and executed by one or more computers, result in the computers performing a method of storing and accessing data in a client-server relational database system, comprising:
-
encrypting data from a client computer; storing the encrypted data at a server computer; performing a query against the encrypted data stored at the server computer to produce an encrypted intermediate results set; sending the encrypted intermediate results set from the server computer to the client computer; decrypting and filtering the encrypted intermediate results set at the client computer to produce unencrypted actual results for the query, such that the data is always encrypted when it is stored at or processed by the server computer and the encrypted data is never decrypted by the server computer. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsMehrotra, Sharad, Hacigumus, Vahit Hakan, Iyer, Balakrishna Raghavendra
-
Primary Examiner(s)Smithers; Matthew B
-
Assistant Examiner(s)Fields; Courtney D
-
Application NumberUS12/272,460Publication NumberTime in Patent Office645 DaysField of Search713/193, 713/165, 713/190, 713/189, 380/279US Class Current713/193CPC Class CodesG06F 16/24547 Optimisations to support sp...G06F 16/24561 Intermediate data storage t...H04L 9/0894 Escrow, recovery or storing...
