Searchable encrypted data
First Claim
Patent Images
1. A data encryption computer, comprising:
- a processor; and
a non-transitory computer-readable storage medium, comprising code executable by the processor for implementing a method comprising;
receiving a plurality of sensitive data records comprising personal information of different users;
identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user;
generating a searchable field index for each of the one or more searchable fields based on which one of at least three sensitivity levels that each searchable field corresponds to,wherein when the searchable field corresponds to a first sensitivity level, the searchable field index is in a plain text format, when the searchable field corresponds to a second sensitivity level, the searchable field index is a hash value, and when the searchable field corresponds to a third sensitivity level, the searchable field index is an encrypted hash value;
encrypting the sensitive data records using at least one database encryption key;
providing the database encryption key to a plurality of client computers authorized to decrypt the encrypted data records; and
providing a searchable encrypted database comprising the searchable field indices and the encrypted sensitive data records to a database access server, wherein the plurality of client computers are operable to obtain the sensitive data records from the database access server using the database encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user, generating a searchable field index for each of the one or more searchable fields, and encrypting the sensitive data records using a database encryption key.
59 Citations
16 Claims
-
1. A data encryption computer, comprising:
-
a processor; and a non-transitory computer-readable storage medium, comprising code executable by the processor for implementing a method comprising; receiving a plurality of sensitive data records comprising personal information of different users; identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user; generating a searchable field index for each of the one or more searchable fields based on which one of at least three sensitivity levels that each searchable field corresponds to, wherein when the searchable field corresponds to a first sensitivity level, the searchable field index is in a plain text format, when the searchable field corresponds to a second sensitivity level, the searchable field index is a hash value, and when the searchable field corresponds to a third sensitivity level, the searchable field index is an encrypted hash value; encrypting the sensitive data records using at least one database encryption key; providing the database encryption key to a plurality of client computers authorized to decrypt the encrypted data records; and providing a searchable encrypted database comprising the searchable field indices and the encrypted sensitive data records to a database access server, wherein the plurality of client computers are operable to obtain the sensitive data records from the database access server using the database encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method comprising:
-
receiving, by a processor, a database decryption key for a searchable encrypted database from a data encryption computer; receiving, by the processor, personal information of a user; generating, by the processor, one or more index values, each associated with a searchable field index, using the personal information, wherein a format of each searchable field index is determined based on which one of at least three sensitivity levels that an associated searchable field corresponds to, and wherein when the searchable field corresponds to a first sensitivity level, the searchable field index is in a plain text format, when the searchable field corresponds to a second sensitivity level, the searchable field index is a hash value, and when the searchable field corresponds to a third sensitivity level, the searchable field index is an encrypted hash value; sending, by the processor, the one or more index values to a database access server; receiving, by the processor, one or more encrypted data records matching the index values from the database access server; and decrypting, by the processor, the encrypted data records using a database decryption key. - View Dependent Claims (11, 12)
-
-
13. A computer-implemented method comprising:
-
receiving, by a processor, from a data encryption computer, a searchable encrypted database comprising a plurality of searchable field indices and a plurality of encrypted data records, wherein the encrypted data records are encrypted using a database encryption key known to a plurality of client computers, wherein a format of each searchable field index is determined based on which one of at least three sensitivity levels that an associated searchable field corresponds to, and wherein when the searchable field corresponds to a first sensitivity level, the searchable field index is in a plain text format, when the searchable field corresponds to a second sensitivity level, the searchable field index is a hash value, and when the searchable field corresponds to a third sensitivity level, the searchable field index is an encrypted hash value; receiving, by a processor, index values for one or more of the searchable field indices from a client computer in the plurality of client computers, wherein the index values are generated using personal information of a user; retrieving, by the processor, one or more encrypted data records using the index values; and sending, by the processor, the one or more encrypted data records to the client computer. - View Dependent Claims (14, 15, 16)
-
Specification