公开(公告)号：US20180375838A1

公开(公告)日：2018-12-27

申请号：US15634447

申请日：2017-06-27

Applicant: salesforce.com, inc.

Inventor： Alexandre Hersans ,  Assaf Ben Gur ,  Jesse Yarbro Collins ,  Shreemanth Karthik Hosahalli Venkateshamurthy

IPC: H04L29/06 ,  G06F21/62 ,  H04L9/06

Abstract: Some database systems may implement encryption services to improve the security of data stored in databases. Certain functionality may or may not be supported depending on the implemented encryption scheme. For example, the encryption service may perform deterministic encryption, which may support filtering and unicity on the resulting ciphertexts. To handle case insensitive filtering, the encryption service may encrypt both a plaintext value and a normalized (e.g., lowercased) plaintext value. A database may perform the case insensitive filtering on the stored ciphertexts corresponding to the normalized plaintext values, but may retrieve the ciphertexts corresponding to the standard plaintext values. To handle a unicity requirement, the database may generate additional unique identifiers to distinguish between duplicate ciphertexts. For example, during a key rotation process, potential duplicates may pass the unicity check based on the unique identifiers, and the database may later fix these potential duplicates.