As the amount of digital data created and processed by organizations continues to increase, the need to query and secure those data also grow. Data is thus often encrypted to secure it from improper access. A problem arises when the data is required for use by the proprietor or other legitimate users of the database. In order to perform an operation on encrypted data, it is typically requested from the database, decrypted, and only then can the operation be run, after which the results must be encrypted and returned to the database. The decryption and encryption steps consume vast amounts of processing resources, resulting in significant delays when working with encrypted data.
Typical architectures are network-based (e.g., client-server) database architectures. Multiple users, each with their own workstation, are trying to retrieve records from a central database. Typically, because the database is encrypted, the database private key, used for data encryption and decryption purposes, is kept on a network drive shared among the client machines. The client machines load the key from the shared network drive.
Some existing methods attempt to address data decryption issues by performing operations on encrypted data directly. However these prior methods suffer from the inability to offer virtually the same performance as users are accustomed to today when running against unencrypted data. In addition, these prior methods do not offer robust analytical capabilities over encrypted data.
Thus what is needed is a new encryption system and method capable of querying anonymized electronic databases and obtaining the same results as if performing the queries against the original, unencrypted data all while being done with little actual impact to query speed. As described, our approach considerably differs from typical database operations over encrypted data today. In most of the current schemes, data must be typically decrypted before queries can be run against them. We break with this limitation by permitting queries and analysis over encrypted data.