What technology area does this patent fall under?

Primary CPC classification G06F21/6227. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Mar 23 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Searching for encrypted data within a cloud based platform

US10956602B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10956602-B2
Application number	US-201916530501-A
Country	US
Kind code	B2
Filing date	Aug 2, 2019
Priority date	Oct 3, 2017
Publication date	Mar 23, 2021
Grant date	Mar 23, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Searching encrypted data using encrypted contexts by performing at least the following: configuring a first encryption context that allows access to a first encrypted field, configuring a second encryption context that allows access to a second encrypted field, assigning the first encryption context to a first role and the second encryption context to a second role, assigning the first role to a first user account to allow the first user account to access the first encrypted field, assigning the second role to a second user account to allow the second user to access the second encrypted field, receiving a query request associated with the first user account for a search term, wherein the query request includes instructions to search for an unencrypted version of the search term and a first encrypted value of the search term that is based on the first encryption context.

First claim

Opening claim text (preview).

What is claimed is: 1. A system, comprising: one or more hardware processors; and a non-transitory memory, the non-transitory memory storing instructions that, when executed by the one or more hardware processors, causes the one or more hardware processors to perform actions associated with one or more query requests to search encrypted data within a cloud computing environment comprising: receiving an assignment of an encryption context to a role for a customer instance in the cloud computing environment, wherein the encryption context defines access to a first encrypted field by the customer instance, wherein the encryption context comprises an encryption key encrypting data in the first encrypted field, and the role is assigned to a user account associated with the customer instance to allow the user account to access the first encrypted field; receiving a query request associated with the user account for a first search term, wherein the query request includes instructions to search the first search term using both of an unencrypted version of the first search term and a first encrypted value of the first search term from the first encrypted field, wherein the first encrypted value of the first search term is generated based on the encryption context and the assigned role associated with the encryption context; and transmitting a result of the query request based on the unencrypted version of the first search term and the first encrypted value of the first search term to the customer instance in the cloud computing environment. 2. The system of claim 1 , wherein the actions comprise receiving a second query request for a second search term. 3. The system of claim 2 , wherein the second query request includes instructions to: search the second search term using an unencrypted version of the second search term, wherein the query request omits instructions to search for a second encrypted value of the second search term based on the second search term not being associated with the first encrypted field, the encryption context, and the role. 4. The system of claim 3 , wherein the actions comprise: transmitting the result of the query request comprises transmitting the result of the second query request based on the unencrypted version of the second search term. 5. The system of claim 1 , wherein the actions comprise: receiving a second encryption context defining access to at least a second encrypted field, wherein the second encryption context comprises a second encryption key encrypting data in the second encrypted field for the customer instance, wherein the other encryption context grants the customer instance access to the second encrypted field. 6. The system of claim 5 , wherein the query request includes instructions to: search the first search term using a second encrypted value of the first search term from the second encrypted field, wherein the second encrypted value of the first search term is generated based on the second encryption context and the access granted to the second encrypted field to the customer instance. 7. The system of claim 1 , wherein the actions comprise searching, using the unencrypted version of the first search term and the first encrypted value of the first search term, one or more index tables that maps data content within the first encrypted field to location information. 8. A method for processing one or more query requests for encrypted data within a cloud computing environment, the method comprising: receiving an assignment of an encryption context to a role for a customer instance in the cloud computing environment, wherein the encryption context defines access to a first encrypted field by the customer instance, wherein the encryption context comprises an encryption key encrypting data in the first encrypted field receiving a query request for a first search term and a second search term, wherein the role is assigned to a user account associated with the customer instance to allow the user account to access the first encrypted field, and wherein the query request includes instructions to: search the first search term based on the query request associated with the user account using both of an unencrypted version of the first search term and a first encrypted value of the first search term from the first encrypted field, wherein the first encrypted value of the first search term is generated based on the encryption context and the assigned role associated with the encryption context; and search the second search term using an unencrypted version of the second search term, wherein the query request omits instructions to search for a second encrypted value of the second search term based on the second search term not being associated with the first encrypted field, the encryption context, and the assigned role associated with the encryption context; and transmitting a result of the query request based on the unencrypted version of the first search term and the first encrypted value of the first search term to the customer instance in the cloud computing environment. 9. The method of claim 8 , wherein transmitting the result of the query request comprises transmitting the result of the query request based on the unencrypted version of the second search term. 10. The method of claim 8 , comprising: receiving an assignment of a second encryption context to the role, wherein the second encryption context defines access to a second encrypted field by the customer instance, wherein the encryption context comprises a second encryption key encrypting data in the second encrypted field. 11. The method of claim 10 , wherein the query request includes instructions to: search the first search term using a second encrypted value of the first search term from the second encrypted field, wherein the second encrypted value of the first search term is generated based on the second encryption context and the access granted to the second encrypted field; and search the second search term using a third encrypted value of the second search term from the second encrypted field, wherein the third encrypted value of the second search term is generated based on the second encryption context and the access granted to the second encrypted field to the customer instance. 12. The method of claim 11 , wherein the query request omits instructions to search for the second encrypted value of the second search term on the first encrypted field based on the second search term not being associated with the first encrypted field, the encryption context, and the role. 13. The method of claim 11 , wherein the encryption context and the second encryption context have different encryption keys. 14. The method of claim 8 , comprising searching, using the unencrypted version of the first search term and the first encrypted value of the first search term, one or more index tables that maps data content within the first encrypted field and a second encrypted field to location information. 15. A non-transitory computer-readable storage medium comprising computer readable code, that when executed by one or more hardware processors, causes the one or more hardware processors to perform operations comprising: receiving an assignment of an encryption context to a role for a customer instance in a cloud computing environment, wherein the encryption context defines access to a first encrypted field by the customer instance, wherein the encryption context comprises an encryption key encrypting data in the first encrypted field; receiving a query request for a first search term and a second search term, wherein the

Assignees

Servicenow Inc

Inventors

Classifications

G06F21/6218
to a system of files or objects, e.g. local or distributed file system or database · CPC title
H04L63/0428
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
H04L9/0822
using key encryption key · CPC title
H04L9/0894
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
G06F21/6227Primary
where protection concerns the structure of data, e.g. records, types, queries · CPC title

Patent family

Related publications grouped by family.

View patent family 65896104

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10956602B2 cover?: Searching encrypted data using encrypted contexts by performing at least the following: configuring a first encryption context that allows access to a first encrypted field, configuring a second encryption context that allows access to a second encrypted field, assigning the first encryption context to a first role and the second encryption context to a second role, assigning the first role to …
Who is the assignee on this patent?: Servicenow Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/6227. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Mar 23 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).