公开(公告)号：US20200320213A1

公开(公告)日：2020-10-08

申请号：US16373066

申请日：2019-04-02

Applicant: SAP SE

Inventor： Benny Fuhry ,  Jayanth Jain Hassan Ajith Kumar ,  Florian Kerschbaum

IPC: G06F21/62 ,  G06F16/2455 ,  G06F16/248

Abstract: Embodiments offer database security utilizing dictionary encoding, with certain functionality being implemented inside a secure environment, e.g., a Trusted Execution Environment (TEE). In particular, the secure environment receives a secret key from a data owner, and receives an encrypted query range and a dictionary reference from a query engine. Based upon the query range decrypted using the secret key, and also the dictionary loaded from a database, the secure environment searches the dictionary to produce list of value identifiers corresponding to the query range. The value identifiers are communicated outside the secure environment to the query engine for further processing (e.g., to generate RecordIDs), ultimately producing a query result for a user. Particular embodiments may leverage the processing power of an in-memory database engine in order to perform the role of the query engine that interacts with the secure environment.

公开(公告)号：US11048816B2

公开(公告)日：2021-06-29

申请号：US16373066

申请日：2019-04-02

Applicant: SAP SE

Inventor： Benny Fuhry ,  Jayanth Jain Hassan Ajith Kumar ,  Florian Kerschbaum

IPC: G06F12/14 ,  G06F11/30 ,  G06F21/62 ,  G06F16/2455 ,  G06F16/248

Abstract: Embodiments offer database security utilizing dictionary encoding, with certain functionality being implemented inside a secure environment, e.g., a Trusted Execution Environment (TEE). In particular, the secure environment receives a secret key from a data owner, and receives an encrypted query range and a dictionary reference from a query engine. Based upon the query range decrypted using the secret key, and also the dictionary loaded from a database, the secure environment searches the dictionary to produce list of value identifiers corresponding to the query range. The value identifiers are communicated outside the secure environment to the query engine for further processing (e.g., to generate RecordIDs), ultimately producing a query result for a user. Particular embodiments may leverage the processing power of an in-memory database engine in order to perform the role of the query engine that interacts with the secure environment.