Method and computer program product for order preserving symbol based encryption
US-9059851-B2 · Jun 16, 2015 · US
Searchable encrypted data
US9544134B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9544134-B2 |
| Application number | US-201514980686-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 28, 2015 |
| Priority date | Aug 15, 2012 |
| Publication date | Jan 10, 2017 |
| Grant date | Jan 10, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user, generating a searchable field index for each of the one or more searchable fields, and encrypting the sensitive data records using a database encryption key.
First claim
Opening claim text (preview).
What is claimed is: 1. A data encryption computer comprising: a processor; and a non-transitory computer-readable storage medium, comprising code executable by the processor for implementing a method comprising: receiving a plurality of data records; identifying one or more searchable fields for the data records; generating a searchable field index for each of the one or more searchable fields based on which one of at least three sensitivity levels that each searchable field corresponds to, wherein when the searchable field corresponds to a first sensitivity level, the searchable field index is in a plain text format, when the searchable field corresponds to a second sensitivity level, the searchable field index is a hash value, and when the searchable field corresponds to a third sensitivity level, the searchable field index is an encrypted hash value; encrypting the data records using at least one database encryption key; and providing a searchable encrypted database comprising the searchable field indices and the encrypted data records to a database access server, wherein the plurality of client computers are operable to obtain the data records from the database access server using the database encryption key. 2. The data encryption computer of claim 1 , wherein the encrypted hash value is a hash-based message authentication code generated using a searchable field key. 3. The data encryption computer of claim 2 , wherein the searchable field key is sent to one or more of the plurality of client computers that are authorized to search using the searchable field. 4. The data encryption computer of claim 1 , wherein when the searchable field corresponds to the second sensitivity level, generating a searchable field index for each of the one or more searchable fields includes determining a salt value for the corresponding searchable field. 5. The data encryption computer of claim 4 , wherein the salt value is a username. 6. The data encryption computer of claim 1 , wherein a first subset of the data records containing a first type of information is encrypted with a first database encryption key, and a second subset of the data records containing a second type of information is encrypted with a second database encryption key. 7. The data encryption computer of claim 1 , wherein a first subset of the sensitive data records corresponding to a first subset of one or more users is encrypted with a first database encryption key, and a second subset of the sensitive data records corresponding to a second subset of one or more users is encrypted with a second database encryption key. 8. A computer-implemented method comprising: receiving, by a processor, a plurality of data records; identifying, by the processor, one or more searchable fields for the data records; generating, by the processor, a searchable field index for each of the one or more searchable fields based on which one of at least three sensitivity levels that each searchable field corresponds to, wherein when the searchable field corresponds to a first sensitivity level, the searchable field index is in a plain text format, when the searchable field corresponds to a second sensitivity level, the searchable field index is a hash value, and when the searchable field corresponds to a third sensitivity level, the searchable field index is an encrypted hash value; encrypting, by the processor, the data records using at least one database encryption key; and providing, by the processor, a searchable encrypted database comprising the searchable field indices and the encrypted data records to a database access server, wherein the plurality of client computers are operable to obtain the data records from the database access server using the database encryption key. 9. The computer-implemented method of claim 8 , wherein the encrypted hash value is a hash-based message authentication code generated using a searchable field key. 10. The computer-implemented method of claim 9 , wherein the searchable field key is sent to one or more of the plurality of client computers that are authorized to search using the searchable field. 11. The computer-implemented method of claim 8 , wherein when the searchable field corresponds to the second sensitivity level, generating a searchable field index for each of the one or more searchable fields includes determining a salt value for the corresponding searchable field. 12. The computer-implemented method of claim 11 , wherein the salt value is a username. 13. The computer-implemented method of claim 8 , wherein a first subset of the data records containing a first type of information is encrypted with a first database encryption key, and a second subset of the data records containing a second type of information is encrypted with a second database encryption key. 14. The computer-implemented method of claim 8 , wherein a first subset of the sensitive data records corresponding to a first subset of one or more users is encrypted with a first database encryption key, and a second subset of the sensitive data records corresponding to a second subset of one or more users is encrypted with a second database encryption key. 15. A computer-implemented method comprising: receiving, by a processor, from a data encryption computer, a searchable encrypted database comprising a plurality of searchable field indices and a plurality of encrypted data records, wherein the encrypted data records are encrypted using at least one database encryption key, wherein a format of each searchable field index is determined based on which one of at least three sensitivity levels that an associated searchable field corresponds to, and wherein when the searchable field corresponds to a first sensitivity level, the searchable field index is in a plain text format, when the searchable field corresponds to a second sensitivity level, the searchable field index is a hash value, and when the searchable field corresponds to a third sensitivity level, the searchable field index is an encrypted hash value; receiving, by a processor, index values for one or more of the searchable field indices from a client computer in the plurality of client computers; retrieving, by the processor, one or more encrypted data records using the index values; and sending, by the processor, the one or more encrypted data records to the client computer. 16. The computer-implemented method of claim 15 , wherein the encrypted hash value is a hash-based message authentication code. 17. The computer-implemented method of claim 15 , wherein the client computer is a service center computer, wherein the index values are generated using identification information provided by a user. 18. The computer-implemented method of claim 17 , further comprises: when multiple encrypted data records match the index values, prompting the service center computer to send additional identification information. 19. The computer-implemented method of claim 15 , wherein a first subset of the encrypted data records containing a first type of information is encrypted with a first database encryption key, and a second subset of the encrypted data records containing a second type of information is encrypted with a second database encryption key. 20. The computer-implemented method of claim 15 , wherein a first subset of the sensitive data records corresponding to a first subset of one or more users is encrypted with a first database encryption key, and a second subset of the sensitive data records corresponding to
Assignees
Inventors
Classifications
Indexing structures · CPC title
Hash-based (content-based indexing of textual data G06F16/31) · CPC title
using file content signatures, e.g. hash values · CPC title
- G06F21/6245Primary
Protecting personal data, e.g. for financial or medical purposes · CPC title
Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9544134B2 cover?
- Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sen…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6245. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 10 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).