SECURE WILDCAD SEARCHABLE DATABASE

US 20130067226A1
Filed: 09/14/2011
Published: 03/14/2013
Est. Priority Date: 09/14/2011
Status: Active Grant

First Claim

Patent Images

1. A method for providing access to data stored in encrypted form in a physically non-secure database without compromising security of the data in the physically non-secure database, the method comprising:

in a server,maintaining a representation of at least some of the data from the database in unencrypted form in volatile memory associated with the server;

receiving a request to search the data from an authorized user, the request containing a wildcard character;

executing the request containing the wildcard character by conducting a wildcard search on the representation in the volatile memory of the server;

displaying search results to the user sufficient to allow the user to select database contents to be retrieved;

receiving a selection from the user;

retrieving from the database, specific encrypted data associated with the user'"'"'s selection;

decrypting the specific encrypted data using a key that accessible by the server but is remote from, and inaccessible to, the physically non-secure database to obtain unencrypted selection results; and

providing the unencrypted selection results to the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing access to data stored in encrypted form in a physically non-secure database without compromising security of the data in the physically non-secure database is disclosed. A representation of at least some of the data from the database in unencrypted form is stored in volatile memory associated with the server. The wildcard search is performed on the representation. Search results are displayed to the user to allow the user to select database contents to be retrieved. The user'"'"'s selection is retrieved from the database and decrypted. Finally, the unencrypted selection results are provided to the user.

20 Citations

18 Claims

1. A method for providing access to data stored in encrypted form in a physically non-secure database without compromising security of the data in the physically non-secure database, the method comprising:
- in a server,maintaining a representation of at least some of the data from the database in unencrypted form in volatile memory associated with the server;
  
  receiving a request to search the data from an authorized user, the request containing a wildcard character;
  
  executing the request containing the wildcard character by conducting a wildcard search on the representation in the volatile memory of the server;
  
  displaying search results to the user sufficient to allow the user to select database contents to be retrieved;
  
  receiving a selection from the user;
  
  retrieving from the database, specific encrypted data associated with the user'"'"'s selection;
  
  decrypting the specific encrypted data using a key that accessible by the server but is remote from, and inaccessible to, the physically non-secure database to obtain unencrypted selection results; and
  
  providing the unencrypted selection results to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the server is one of multiple servers, wherein an other of the multiple servers contains a separate representation of the at least some of the data in volatile memory of the other server, and wherein the method further comprises:
    - using a publish/subscribe messaging mechanism to maintain consistency between the representation in the volatile memory and the separate representation.
  - 3. The method of claim 2, wherein, when contents of the data stored in encrypted form in the physically non-secure database is changed and the change affects information that must be included in the representation, the method further comprises:
    - in the server,retrieving the affected information in encrypted form from the database;
      
      decrypting the affected information; and
      
      updating the representation to reflect the affected information.
  - 4. The method of claim 1, wherein, when contents of the data stored in encrypted form in the physically non-secure database is changed and the change affects information that must be included in the representation, the method further comprises:
    - in the server,retrieving the affected information in encrypted form from the database;
      
      decrypting the affected information; and
      
      updating the representation to reflect the affected information.
  - 5. The method of claim 1, wherein the receiving the request comprises:
    - receiving the request over an encrypted connection.
  - 6. The method of claim 1, wherein the retrieving from the database comprises:
    - retrieving the specific encrypted data over an unencrypted connection.
  - 7. The method of claim 1, wherein the providing comprises:
    - providing the unencrypted selection results to the user over an unencrypted connection.
  - 8. The method of claim 1, wherein the maintaining the representation of the at least some of the data in volatile memory associated with the server comprises:
    - maintaining the representation in unencrypted form in cache memory.
  - 9. The method of claim 1, further comprising:
    - retrieving encrypted database content from the physically non-secure database;
      
      decrypting the retrieved encrypted content; and
      
      storing the decrypted content as the representation in the volatile memory associated with the server.

10. A computer apparatus comprising:
- a server including a processor and volatile memory associated with, and accessible by, the processor, the server being configured for connection to a remote, physically non-secure database containing therein content stored in encrypted form, the volatile memory having stored therein an unencrypted representation of a portion of the content obtained from the database;
  
  application programming running on the server, configured toa) in response to receipt of a database query containing a wildcard character, conduct a wildcard search of the representation of the portion stored in the volatile memory and output a result of the wildcard search,b) receive an input from a user in response to the result,c) retrieve from the non-secure database discrete encrypted data from the database based upon the user input;
  
  d) decrypt the discrete encrypted data; and
  
  e) provide an unencrypted version of the discrete encrypted data to the user.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer apparatus of claim 10, wherein the volatile memory comprises a cache memory.
  - 12. The computer apparatus of claim 10, wherein the server is a first server, the computer apparatus further comprising:
    - a second server including a processor and volatile memory associated with, and accessible by, the processor, the second server being configured for connection to the physically non-secure database, the volatile memory having stored therein an unencrypted representation of the portion of the content obtained from the database; and
      
      second application programming running on the server, configured toa) in response to receipt of a database query containing a wildcard character, conduct a wildcard search of the representation of the portion stored in the volatile memory of the second server and output a result of the wildcard search,b) receive an input from a user in response to the result,c) retrieve from the non-secure database discrete encrypted data from the database based upon the user input;
      
      d) decrypt the discrete encrypted data; and
      
      e) provide an unencrypted version of the discrete encrypted data to the user.
  - 13. The computer apparatus of claim 12, further comprising:
    - a publish/subscribe mechanism, coupled to both the first server and the second server, configured to maintain coherency between the unencrypted representation of the portion of the content in the volatile memory associated with the first server and the portion of the content in the volatile memory associated with the second server.
  - 14. The computer apparatus of claim 13 wherein the application programming running on the server is further configured to, in response to an indication from the publish/subscribe mechanism that the representation is stale, retrieve from the non-secure database updated information in encrypted form, decrypt the updated information and update the representation with the unencrypted updated information.
  - 15. The computer apparatus of claim 10, wherein the server is a first server, the computer apparatus further comprising:
    - multiple other servers each having volatile memory containing unencrypted representations of the portion of the content; and
      
      application programming running on each of the multiple other servers configured to perform a) through e).
  - 16. The computer apparatus of claim 15 further comprising:
    - a publish/subscribe subsystem, coupled to the first server and the multiple other servers, configured to maintain coherency among the unencrypted representations of the portion of the content in each of the volatile memories.
  - 17. The computer apparatus of claim 10, further comprising,an encrypted connection to the server over which the database query is received.
  - 18. The computer apparatus of claim 10, further comprising:
    - a key store located remote from, but accessible to the server, the key store including at least one key usable to decrypt encrypted information received by the server from the remote, physically non-secure database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Morgan Stanley Services Group Inc. (Morgan Stanley)
Original Assignee
Morgan Stanley
Inventors
KUNDE, RAGHU RAM, ANDRADE, ERNESTO Jr.

Granted Patent

US 8,549,653 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/6227 where protection concerns t...

H04L 9/0894 Escrow, recovery or storing...

SECURE WILDCAD SEARCHABLE DATABASE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE WILDCAD SEARCHABLE DATABASE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links