公开(公告)号：US20230315897A1

公开(公告)日：2023-10-05

申请号：US18328907

申请日：2023-06-05

Applicant: MongoDB, Inc.

Inventor： Seny Kamara ,  Tarik Moataz ,  Mark Porter

IPC: G06F21/62 ,  G06F16/21

CPC classification number: G06F21/6227 ,  G06F16/213

Abstract: According to some aspects, provided are systems and methods that implement end-to-end encryption, and provide implementation configured to secure information during execution of queries on an encrypted data source. Various embodiments include multiple encrypted multi-map data structures and associated encryption schemes configured to securely read, write, and delete information while supporting any one or more of the following features: snapshot security, multiple client support, efficient execution under concurrent operation, and resilience to client failures. In various embodiments, addressable multi-map data structures enable concurrent access, and allow correct operation under polynomial time constraints.

公开(公告)号：US20230325524A1

公开(公告)日：2023-10-12

申请号：US18328867

申请日：2023-06-05

Applicant: MongoDB, Inc.

Inventor： Seny Kamara ,  Tarik Moataz ,  Mark Porter

IPC: G06F21/62 ,  G06F16/21

CPC classification number: G06F21/6227 ,  G06F16/213

Abstract: According to some aspects, provided are systems and methods that implement end-to-end encryption, and provide implementation configured to secure information during execution of queries on an encrypted data source. Various embodiments include multiple encrypted multi-map data structures and associated encryption schemes configured to securely read, write, and delete information while supporting any one or more of the following features: snapshot security, multiple client support, efficient execution under concurrent operation, and resilience to client failures. In various embodiments, addressable multi-map data structures enable concurrent access, and allow correct operation under polynomial time constraints.

公开(公告)号：US20230315896A1

公开(公告)日：2023-10-05

申请号：US18328878

申请日：2023-06-05

Applicant: MongoDB, Inc.

Inventor： Seny Kamara ,  Tarik Moataz ,  Mark Porter

IPC: G06F21/62 ,  G06F21/60 ,  G06F21/55

CPC classification number: G06F21/6227 ,  G06F21/602 ,  G06F21/556

Abstract: According to some aspects, provided are systems and methods that implement end-to-end encryption, and provide implementation configured to secure information during execution of queries on an encrypted data source. Various embodiments include multiple encrypted multi-map data structures and associated encryption schemes configured to securely read, write, and delete information while supporting any one or more of the following features: snapshot security, multiple client support, efficient execution under concurrent operation, and resilience to client failures. In various embodiments, addressable multi-map data structures enable concurrent access, and allow correct operation under polynomial time constraints.

公开(公告)号：US20230177177A1

公开(公告)日：2023-06-08

申请号：US18075873

申请日：2022-12-06

Applicant: MongoDB, Inc.

Inventor： Marilyn George ,  Seny Kamara ,  Tarik Moataz

IPC: G06F21/60 ,  G06F16/25 ,  G06F16/2455

CPC classification number: G06F21/602 ,  G06F16/258 ,  G06F16/2455

Abstract: A volume hiding structured encryption system and method is provided. According to some embodiments, the system leverages the principle that a STE scheme can leak cumulative information about the query volumes of the data stored in multi-map format, while still hiding the volumes of client queries at query time. According to various examples, the system implements encryption schemes that have smaller storage and better query complexity than the current state-of-the-art, for some input distributions. According to one example, the STE schemes are adapted to the input data structure in order to improve efficiency over known approaches. Further examples includes schemes that are configured to partition a multi-map into smaller multi-maps, and use different allocation functions for different efficiency trade-offs: (i) random allocation, (ii) cuckoo-hashing allocation, and (iii) Garbled Bloom Filter allocation. In one example, the GBF construct enables a stash-less encryption scheme that hides query volumes.