Secure wildcard searchable database
First Claim
1. A method for providing access to data stored in encrypted form in a physically non-secure database without compromising security of the data in the physically non-secure database, the non-secure database residing in non-volatile storage, the method comprising:
- in a server,maintaining a representation of at least some of the data from the database in unencrypted form in volatile memory associated with the server;
receiving a request to search the data from an authorized user, the request containing a wildcard character;
executing the request containing the wildcard character by conducting a wildcard search on the representation in the volatile memory of the server;
displaying search results to the user sufficient to allow the user to select database contents to be retrieved from the non-volatile storage;
receiving a selection from the user;
retrieving from the database, specific encrypted data associated with the user'"'"'s selection;
decrypting the specific encrypted data using a key retrieved from a keystore that is accessible by the server but is stored remote from the server, and is inaccessible to both the physically non-secure database and the user, so as to obtain unencrypted selection results, wherein the server is one of multiple servers, wherein an other of the multiple servers contains a separate representation of the at least some of the data in volatile memory of the other server in unencrypted form;
providing the unencrypted selection results to the user; and
using a publish/subscribe messaging mechanism to maintain consistency between the unencrypted representation in the volatile memory of the server and the unencrypted separate representation in the volatile memory of the other server.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing access to data stored in encrypted form in a physically non-secure database without compromising security of the data in the physically non-secure database is disclosed. A representation of at least some of the data from the database in unencrypted form is stored in volatile memory associated with the server. The wildcard search is performed on the representation. Search results are displayed to the user to allow the user to select database contents to be retrieved. The user'"'"'s selection is retrieved from the database and decrypted. Finally, the unencrypted selection results are provided to the user.
10 Citations
16 Claims
-
1. A method for providing access to data stored in encrypted form in a physically non-secure database without compromising security of the data in the physically non-secure database, the non-secure database residing in non-volatile storage, the method comprising:
in a server, maintaining a representation of at least some of the data from the database in unencrypted form in volatile memory associated with the server; receiving a request to search the data from an authorized user, the request containing a wildcard character; executing the request containing the wildcard character by conducting a wildcard search on the representation in the volatile memory of the server; displaying search results to the user sufficient to allow the user to select database contents to be retrieved from the non-volatile storage; receiving a selection from the user;
retrieving from the database, specific encrypted data associated with the user'"'"'s selection;decrypting the specific encrypted data using a key retrieved from a keystore that is accessible by the server but is stored remote from the server, and is inaccessible to both the physically non-secure database and the user, so as to obtain unencrypted selection results, wherein the server is one of multiple servers, wherein an other of the multiple servers contains a separate representation of the at least some of the data in volatile memory of the other server in unencrypted form; providing the unencrypted selection results to the user; and using a publish/subscribe messaging mechanism to maintain consistency between the unencrypted representation in the volatile memory of the server and the unencrypted separate representation in the volatile memory of the other server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A computer apparatus comprising:
-
a server including a processor and volatile memory associated with, and accessible by, the processor, the server being configured for connection to a remote, physically non-secure database containing, in non-volatile storage therein, content stored in encrypted form, the volatile memory associated with the server having stored therein an unencrypted representation of a portion of the content obtained from the database; application programming running on the server, configured to a) in response to receipt of a database query containing a wildcard character, conduct a wildcard search of the unencrypted representation of the portion of the content stored in the volatile memory and output a result of the wildcard search, b) receive an input from a user in response to the result, c) retrieve from the non-secure database discrete encrypted data from the database in non-volatile storage based upon the user input; d) decrypt the discrete encrypted data using a key retrieved from a keystore that is accessible by the server but is stored remote from the server, and is inaccessible to both the physically non-secure database and the user; and e) provide an unencrypted version of the discrete encrypted data to the user; a publish/subscribe mechanism, coupled to both the server and a second server, configured to maintain coherency between the unencrypted representation of the portion of the content in the volatile memory associated with the server and an unencrypted representation of the portion of the content stored in a volatile memory associated with the second server. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification