Space-efficient storage of encrypted data

US 9,965,634 B2
Filed: 03/25/2016
Issued: 05/08/2018
Est. Priority Date: 01/15/2016
Status: Active Grant

First Claim

Patent Images

1. A computer program stored on a non-transitory storage medium for encrypting a field value stored in a database system, the computer program comprising a set of instructions, when executed by a hardware processor, to cause the database system to:

receive the field value associated with a data object or a table in the database system;

identify types of language characters in the field value;

select an encoding scheme from among multiple different encoding schemes to encode the field value based on the types of language characters in the field value;

use the selected encoding scheme from the multiple different encoding schemes to encode the field value into a byte array;

encrypt the encoded byte array of the field value and assign an encoding flag to identify the encoding scheme used to decode the encoded field value; and

store the encoding flag and the encrypted byte array in the database system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption platform may identify language characters in database fields and determine which of multiple encoding schemes more efficiently encodes the language characters. The encryption platform may use the selected encoding scheme to encode plaintext into a byte array and then encrypt the byte array into ciphertext. The encryption platform may assign encoding flags to the ciphertext identifying the encoding scheme used for encoding the plaintext. The encryption platform then may use the encoding flag to determine which encoding schemes to use for decoding the data back into plaintext. Using the different encoding schemes allows encrypted data to fit better into database storage structures. The encryption platform also may enable users to select different fields for different selectable objects for encoding and encrypting.

Citations

18 Claims

1. A computer program stored on a non-transitory storage medium for encrypting a field value stored in a database system, the computer program comprising a set of instructions, when executed by a hardware processor, to cause the database system to:
- receive the field value associated with a data object or a table in the database system;
  
  identify types of language characters in the field value;
  
  select an encoding scheme from among multiple different encoding schemes to encode the field value based on the types of language characters in the field value;
  
  use the selected encoding scheme from the multiple different encoding schemes to encode the field value into a byte array;
  
  encrypt the encoded byte array of the field value and assign an encoding flag to identify the encoding scheme used to decode the encoded field value; and
  
  store the encoding flag and the encrypted byte array in the database system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer program of claim 1, further comprising instructions operable to cause the database system to select the encoding scheme from the multiple different encoding schemes that uses a fewest number of bytes to encode the field value.
  - 3. The computer program of claim 1, further comprising instructions operable to cause the database system to:
    - detect a request to read the field value;
      
      decrypt the encrypted byte array;
      
      select the encoding scheme identified by the encoding flag to decode the byte array into the language characters in the field value; and
      
      send the language characters to a user device.
  - 4. The computer program of claim 1, further comprising instructions operable to cause the database system to:
    - calculate a first number of bytes for encoding the field value using a first one of the encoding schemes;
      
      calculate a second running sum of bytes to encode sequential characters in the field value using a second one of the encoding schemes;
      
      select the first one of the encoding schemes for encoding the field value when the second running sum of bytes exceeds the first number of bytes; and
      
      select the second one of the encoding schemes for encoding the field value when the second running sum of bytes for all of the characters in the field value does not exceed the first number of bytes.
  - 5. The computer program of claim 1, further comprising instructions operable to cause the database system to:
    - select a first one of the encoding schemes to encode the field value when a majority of the language characters are for a first language; and
      
      select a second one of the encoding schemes to encode the field value when a majority of the language characters are for a second language.
  - 6. The computer program of claim 1, further comprising instructions operable to cause the database system to:
    - use an 8 bit unicode transform format (UTF8) encoding scheme to encode the field value when a majority of the language characters are Latin; and
      
      use a 16-bit unicode transform format (UTF16) to encode the field values when a majority of the language characters are Chinese.
  - 7. The computer program of claim 1, further comprising instructions operable to cause the database system to:
    - detect requests to save the field value for different records; and
      
      for each one of the different records, individually and dynamically select from among the multiple different encoding schemes to encode the field value based on the types of language characters used in the field value for the different records.
  - 8. The computer program of claim 1, further comprising instructions operable to cause the database system to:
    - display fields for different objects on a user interface;
      
      receive selections of at least some of the fields for at least some of the different objects;
      
      only encode and encrypt the field value for the selected fields.

9. An encryption platform for operating in a database system, comprising:
- a hardware processor; and
  
  memory storing one or more stored sequences of instructions which, when executed by the hardware processor, cause the hardware processor to carry out the steps of receiving data associated with requests from user systems to save the data in the database system;
  
  scanning the data for each of the requests to identify which encoding scheme from among multiple encoding schemes encodes the data in a smallest number of bytes;
  
  encoding the data for each of the requests into a byte array using the encoding scheme identified as encoding the data in the smallest number of bytes from the multiple encoding schemes;
  
  encrypting the encoded byte array into ciphertext;
  
  assigning an encoding flag to the ciphertext identifying the encoding scheme used for encoding the data and to decode the encoded byte array; and
  
  storing the encoding flag and the ciphertext in the database system.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The encryption platform of claim 9, wherein the instructions further cause the processor to carry out the steps of:
    - calculating a first number of bytes used for encoding the data with a first one of the encoding schemes;
      
      calculating a second running sum of bytes used for serially encoding individual characters in the data using a second one of the encoding schemes;
      
      selecting the first one of the encoding schemes for encoding the data when the second running sum of bytes exceeds the first number of bytes; and
      
      selecting the second one of the encoding schemes for encoding the data when the second running sum of bytes for all of the characters in the data is less than the first number of bytes.
  - 11. The encryption platform of claim 10, wherein the instructions further cause the processor to carry out the steps of:
    - using a 16-bit unicode transform format (UTF16) as the first one of the encoding schemes; and
      
      using an 8-bit unicode transform format (UTF8) as the second one of the encoding schemes.
  - 12. The encryption platform of claim 9, wherein the instructions further cause the processor to carry out the steps of assigning a header to the ciphertext identifying the ciphertext as encrypted.
  - 13. The encryption platform of claim 9, wherein the instructions further cause the hardware processor to carry out the steps of:
    - identifying fields for different objects in the database system;
      
      receiving selections of different ones of the fields for different ones of the objects for encrypting; and
      
      creating an encryption configuration file identifying the fields selected for encrypting.
  - 14. The encryption platform of claim 13, wherein the instructions further cause the hardware processor to carry out the steps of only encoding and encrypting the data associated with the fields identified in the encryption configuration file.
  - 15. The encryption platform of claim 10, wherein the instructions further cause the hardware processor to carry out the steps of:
    - identifying different types of language characters in the data; and
      
      for each of the requests, identifying which encoding scheme to use for encoding the data based on the different types of language characters in the data.

16. A method for encrypting data in a database system, comprising:
- receiving requests to store the data in the database system;
  
  scanning the data for each of the requests for different language characters;
  
  identifying a number of bits used by different encoding schemes for encoding the language characters in the data;
  
  for each of the requests, selecting one of the encoding schemes encoding the data in a fewest number of bits;
  
  using the selected one from the different encoding schemes to encode the data into byte arrays;
  
  encrypting the encoded byte arrays into encrypted data and assigning headers to the encrypted data to identify the encoding scheme used to encode the data and to decode the encoded data; and
  
  storing the headers and the encrypted data in the database system.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16 further comprising:
    - receiving selections of different fields for different objects for encryption; and
      
      only encoding and encrypting the data associated with the selected fields.
  - 18. The method of claim 16 further comprising:
    - identifying the number of bits used by a first one of the encoding schemes for encoding the data, the data including the language characters for both a first language and a second language;
      
      identifying the number of bits used by a second one of the encoding schemes for encoding the data; and
      
      selecting the first one of the encoding schemes or the second one of the encoding schemes using a fewest number of bits to encode the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Calahan, Patrick
Primary Examiner(s)
Chai, Longbit

Application Number

US15/081,317
Publication Number

US 20170206362A1
Time in Patent Office

774 Days
Field of Search

713189
US Class Current
CPC Class Codes

G06F 16/21   Design, administration or m...

G06F 16/22   Indexing; Data structures t...

G06F 16/24   Querying

G06F 21/602   Providing cryptographic fac...

G06F 21/6227   where protection concerns t...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

Space-efficient storage of encrypted data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Space-efficient storage of encrypted data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links