Execution optimization of database statements involving encrypted data
US-2018365290-A1 · Dec 20, 2018 · US
Mass encryption management
US10860727B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10860727-B2 |
| Application number | US-201916667618-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 29, 2019 |
| Priority date | Oct 12, 2017 |
| Publication date | Dec 8, 2020 |
| Grant date | Dec 8, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, systems, and devices for mass encryption management are described. In some database systems, users may select encryption settings for storing data records at rest. A database may receive a request to perform an encryption process on multiple data records corresponding to a user, for example, based on a user input or a change in encryption settings. A database server may partition the data records for encryption (e.g., encryption, decryption, key rotation, or scheme modification) into one or more data record groups of similar sizes, and may perform the encryption process on one record group at a time (e.g., to reduce overhead in the system). The database server may additionally support restricting user access to the data records being actively processed, estimating resources needed for the processing, determining data record encryption statuses to be displayed by a user device, or some combination of these features.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for encryption management, comprising: identifying an encryption process for mass encryption estimation; performing one or more queries as read-only queries to identify, in a database, a set of data objects for the encryption process, wherein the one or more queries are performed as the read-only queries based at least in part on the mass encryption estimation; determining an estimated processing time for the encryption process based at least in part on the identified set of data objects; and transmitting, to a user device as an output of the mass encryption estimation, an indication of the estimated processing time for the encryption process. 2. The method of claim 1 , further comprising: receiving an encryption request to perform the encryption process; performing the one or more queries as part of the encryption process to retrieve, from the database, the set of data objects for the encryption process, wherein the one or more queries are performed as part of the encryption process based at least in part on the encryption request; and performing the encryption process on the retrieved set of data objects. 3. The method of claim 2 , wherein: the one or more queries comprise procedural language extension to structured query language (PL/SQL) queries; the identified set of data objects are maintained in a PL/SQL layer for determining the estimated processing time for the encryption process based at least in part on the one or more queries being performed as the read-only queries; and the retrieved set of data objects are moved to a Java layer for performing the encryption process based at least in part on the one or more queries being performed as part of the encryption process. 4. The method of claim 2 , further comprising: performing the mass encryption estimation based at least in part on receiving the encryption request, wherein the encryption process is performed based at least in part on completion of the mass encryption estimation. 5. The method of claim 4 , further comprising: determining that a previous mass encryption estimation for the encryption process was performed prior to a threshold time, wherein the performing the mass encryption estimation is further based at least in part on the determining that the previous mass encryption estimation for the encryption process was performed prior to the threshold time. 6. The method of claim 1 , wherein determining the estimated processing time further comprises: performing a count on the identified set of data objects to calculate the estimated processing time. 7. The method of claim 1 , wherein performing the one or more queries as the read-only queries to identify the set of data objects for the encryption process further comprises: searching the database for the set of data objects based at least in part on a tenant identifier, a data object type, a data field, a data encryption scheme, or a combination thereof. 8. The method of claim 1 , further comprising: partitioning the identified set of data objects into a plurality of record groups, wherein determining the estimated processing time for the encryption process further comprises: determining a plurality of estimated processing times corresponding to the plurality of record groups. 9. The method of claim 8 , wherein transmitting the indication of the estimated processing time for the encryption process comprises: transmitting, to the user device, a plurality of indications of the plurality of estimated processing times corresponding to the plurality of record groups. 10. The method of claim 8 , further comprising: aggregating the plurality of estimated processing times across the plurality of record groups to obtain the estimated processing time for the encryption process, wherein the indication of the estimated processing time for the encryption process comprises a summary report for the plurality of record groups indicating the plurality of estimated processing times and the estimated processing time for the encryption process. 11. The method of claim 8 , wherein the partitioning is based at least in part on a default record group size, a dynamic record group size, or a combination thereof. 12. The method of claim 1 , wherein the indication of the estimated processing time for the encryption process comprises an alert indicating that the estimated processing time is greater than a threshold time. 13. The method of claim 1 , wherein the encryption process comprises a mass encryption process, a mass decryption process, a mass key rotation process, an encryption scheme modification process, or a combination thereof. 14. The method of claim 1 , further comprising: determining an estimated central processing unit resource consumption, an estimated memory consumption, or a combination thereof for the encryption process based at least in part on the identified set of data objects, wherein the indication of the estimated processing time for the encryption process further indicates the estimated central processing unit resource consumption, the estimated memory consumption, or a combination thereof. 15. An apparatus for encryption management, comprising: a processor; memory coupled with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to: identify an encryption process for mass encryption estimation; perform one or more queries as read-only queries to identify, in a database, a set of data objects for the encryption process, wherein the one or more queries are performed as the read-only queries based at least in part on the mass encryption estimation; determine an estimated processing time for the encryption process based at least in part on the identified set of data objects; and transmit, to a user device as an output of the mass encryption estimation, an indication of the estimated processing time for the encryption process. 16. The apparatus of claim 15 , wherein the instructions are further executable by the processor to cause the apparatus to: receive an encryption request to perform the encryption process; perform the one or more queries as part of the encryption process to retrieve, from the database, the set of data objects for the encryption process, wherein the one or more queries are performed as part of the encryption process based at least in part on the encryption request; and perform the encryption process on the retrieved set of data objects. 17. The apparatus of claim 16 , wherein: the one or more queries comprise procedural language extension to structured query language (PL/SQL) queries; the identified set of data objects are maintained in a PL/SQL layer for determining the estimated processing time for the encryption process based at least in part on the one or more queries being performed as the read-only queries; and the retrieved set of data objects are moved to a Java layer for performing the encryption process based at least in part on the one or more queries being performed as part of the encryption process. 18. A non-transitory computer-readable medium storing code for encryption management, the code comprising instructions executable by a processor to: identify an encryption process for mass encryption estimation; perform one or more queries as read-only queries to identify, in a database, a set of data objects for the encryption process, wherein the one or more queries are performed as the read-only queries based at least in part on the mass encryption estimation; determine an estima
Assignees
Inventors
Classifications
- G06F16/278Primary
Data partitioning, e.g. horizontal or vertical partitioning · CPC title
in relation to content · CPC title
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
by using cryptography (for digital transmission H04L9/00) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10860727B2 cover?
- Methods, systems, and devices for mass encryption management are described. In some database systems, users may select encryption settings for storing data records at rest. A database may receive a request to perform an encryption process on multiple data records corresponding to a user, for example, based on a user input or a change in encryption settings. A database server may partition the d…
- Who is the assignee on this patent?
- Salesforce Com Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F16/278. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 08 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).