Data storage server and client device for securely storing data
By generating and processing the MAC and encryption keys of the data bucket content through client devices, the problem of storing and querying sensitive data in cloud storage is solved, achieving a balance between secure storage and querying.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- HUAWEI TECH CO LTD
- Filing Date
- 2020-06-29
- Publication Date
- 2026-07-14
AI Technical Summary
Cloud storage providers may access and store users’ security-sensitive data, and existing technologies cannot effectively support scoped queries of such data.
The client device uses the message verification code key to generate a partial MAC of the binary representation of the plaintext data element, and processes the contents of the data bucket with the encryption key to store and query the encrypted form of security-sensitive data in the data storage server, while also supporting range queries.
It enables secure storage of sensitive data in cloud storage while supporting range-based data queries, ensuring data privacy and security.
Smart Images

Figure CN115698996B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to data storage systems. More specifically, this invention relates to client devices and data storage servers for securely storing security-sensitive data (including digital data and / or text data) and supporting range queries of security-sensitive data. Background Technology
[0002] Remote data storage (such as cloud data storage) is gaining popularity because it allows user client devices (which typically store only limited data) to store data and files on one or more remote data storage servers accessible via public or private network connections. Cloud storage providers host, protect, manage, and maintain the data storage servers and associated infrastructure, and ensure user client devices' access to the data. One of the main advantages of cloud storage is the ability to recover user data from the remote data storage server if it has been deleted, corrupted, or is inaccessible on the user client device. However, because cloud storage providers are responsible for protecting user data transmitted to remote data storage servers, they may have access to security-sensitive user data that is unwanted by users and / or violates laws and regulations. Typically, security-sensitive data stored on remote data storage servers includes data such as numbers or text that can be queried in plaintext but, if encrypted, cannot be easily queried using methods such as range queries. Summary of the Invention
[0003] The purpose of this invention is to provide an improved client device and an improved data storage server for secure cloud storage of data including security-sensitive data such as digital and / or text data, thereby supporting range queries of security-sensitive data.
[0004] The foregoing and other objectives are achieved through the subject matter claimed in the independent claims. Other implementations are apparent from the dependent claims, the specification, and the drawings.
[0005] According to a first aspect, a client device including a processor is provided. The processor of the client device is configured to acquire data comprising a plurality of plaintext data elements. The plurality of plaintext data elements can be queried in plaintext and may include, for example, numerical and / or text data, i.e., alphabetic strings. For a plaintext data element among the plurality of plaintext data elements, the processor of the client device is configured to:
[0006] A first MAC is generated using a message authentication code (MAC) key to generate a first portion of the binary representation of the plaintext data element, wherein the first portion includes one or more most significant bits of the binary representation of the plaintext data element, and the binary representation of the plaintext data element also includes a remaining portion complementary to the first portion, the remaining portion including the remaining least significant bits of the binary representation of the plaintext data element.
[0007] Based on the first MAC, a data bucket is retrieved from the data storage server, wherein the data bucket includes a data bucket header and encrypted data bucket content;
[0008] The contents of the data bucket are decrypted using an encryption key to obtain the contents of the data bucket in plaintext form.
[0009] Add the remaining portion of the binary representation of the plaintext data element to the plaintext data bucket content to obtain updated plaintext data bucket content;
[0010] The encrypted key is used to encrypt the updated data bucket contents in plaintext form;
[0011] The data bucket containing the encrypted updated data bucket content is sent to the data storage server for storage in the database of the data storage server.
[0012] Advantageously, client devices and data storage servers allow security-sensitive data (such as numerical or textual data) to be stored in the database in encrypted form, while supporting range queries of the data.
[0013] In another possible implementation of the first aspect, the processor of the client device is further configured to: for a plaintext data element among the plurality of plaintext data elements, generate a second MAC using the MAC key for a second portion of the binary representation of the plaintext data element, wherein the second portion includes one or more other most significant bits of the binary representation of the plaintext data element that are different from the first portion, and the remaining portion of the binary representation of the plaintext data is complementary to the second portion. Furthermore, the client device is configured to retrieve the data bucket from the data storage server based on the first MAC and the second MAC.
[0014] In another possible implementation of the first aspect, the processor of the client device is further configured to: for one of the plurality of plaintext data elements, generate a third MAC using the MAC key for a third portion of the binary representation of the plaintext data element, wherein the third portion includes one or more other most significant bits of the binary representation of the plaintext data element that are different from the second portion, and the remaining portion of the binary representation of the plaintext data is complementary to the third portion. Furthermore, the client device is configured to retrieve the data bucket from the data storage server based on the first MAC, the second MAC, and the third MAC.
[0015] In another possible implementation of the first aspect, the processor of the client device is further configured to: encrypt the plurality of plaintext data elements with the encryption key to obtain a plurality of ciphertext data elements; and send the data including the plurality of ciphertext data elements to the data storage server for storing the data in the database. In one implementation, the database is a relational database, wherein the data storage server is configured to store the data including the plurality of ciphertext data elements in a table of the relational database.
[0016] In another possible implementation of the first aspect, the processor of the client device is further configured to: send the identifier of the encryption key along with the data including the plurality of ciphertext data elements to the data storage server for storing the data in the database based on the identifier of the encryption key. In other words, based on the identifier of the encryption key, the data storage server is used to determine the location in the database where the plurality of ciphertext data elements are stored.
[0017] In another possible implementation of the first aspect, the first MAC is a hash-based message authentication code (HMAC).
[0018] In another possible implementation of the first aspect, the first portion of the binary representation of the plaintext data element includes one or more bytes defined by the most significant bit of the binary representation of the plaintext data element, and the remaining portion of the binary representation of the plaintext data element includes one or more bytes defined by the least significant bit of the binary representation of the plaintext data element.
[0019] In another possible implementation of the first aspect, the processor of the client device is further configured to: obtain at least one of an encrypted version of the encryption key and an encrypted version of the MAC key from a remote key management server, wherein at least one of the encrypted version of the encryption key and the encrypted version of the MAC key is encrypted with the client device master key.
[0020] In another possible implementation of the first aspect, the processor of the client device is further configured to send at least one of the encrypted version of the encryption key and the encrypted version of the MAC key to the data storage server. In one implementation, the encrypted encryption key may be based on an identifier in a database, particularly an identifier in a table of the database, as an identifier for storing data comprising multiple ciphertext data elements.
[0021] In another possible implementation of the first aspect, a data query is used to process data stored in the database of the data storage server, the data including the plurality of encrypted data elements, wherein the data query is defined by at least one query value, and the processor of the client device is further configured to:
[0022] At least one first query MAC is generated using the MAC key to generate a first portion of a binary representation of the at least one query value, wherein the first portion includes one or more most significant bits of the binary representation of the query value, and the binary representation of the query value also includes a complementary remainder defined by the remaining least significant bits of the binary representation of the query value;
[0023] Based on the at least one first query MAC, one or more data buckets are retrieved from the data storage server, wherein each of the one or more data buckets includes a data bucket header and encrypted data bucket content;
[0024] Decrypt the encrypted data bucket contents using the encryption key;
[0025] By combining the first part with the decrypted complementary remainder, a plaintext binary representation of the data element is generated.
[0026] In another possible implementation of the first aspect, for each data bucket, the data bucket content further includes, for each encrypted data element of the data bucket content, a storage location identifier, in particular a row identifier, for identifying the storage location of data associated with the corresponding encrypted data element in the database, wherein the processor of the client device is further configured to: for one or more data elements matching the data query, retrieve the encrypted data element and / or the data associated with the one or more data elements from the database based on the storage location identifier.
[0027] According to a second aspect, a method for operating a client device is provided, the method comprising the following steps:
[0028] Acquire data comprising multiple plaintext data elements; and, for the plaintext data elements among the multiple plaintext data elements:
[0029] A first MAC is generated using a message authentication code (MAC) key to generate a first portion of the binary representation of the plaintext data element, wherein the first portion includes one or more most significant bits of the binary representation of the plaintext data element, and the binary representation of the plaintext data element also includes a remaining portion complementary to the first portion, the remaining portion including the remaining least significant bits of the binary representation of the plaintext data element.
[0030] Based on the first MAC, a data bucket is retrieved from the data storage server, wherein the data bucket includes a data bucket header and encrypted data bucket content;
[0031] The contents of the data bucket are decrypted using an encryption key to obtain the contents of the data bucket in plaintext form.
[0032] Add the remaining portion of the binary representation of the plaintext data element to the plaintext data bucket content to obtain updated plaintext data bucket content;
[0033] The encrypted key is used to encrypt the updated data bucket contents in plaintext form;
[0034] The data bucket containing the encrypted updated data bucket content is sent to the data storage server for storage in the database of the data storage server.
[0035] The method provided in the second aspect of the present invention can be executed by the client device provided in the first aspect of the present invention. Therefore, other features of the method provided in the second aspect of the present invention are directly derived from the functionality of the client device provided in the first aspect of the present invention and its various implementations described above and below.
[0036] According to a third aspect, a data storage server including a processor is provided. The processor of the data storage server is used for:
[0037] A first MAC is received from a client device based on a message authentication code (MAC) key, which is a first portion of a binary representation of a plaintext data element. The first portion includes one or more most significant bits of the binary representation of the plaintext data element, and the binary representation of the plaintext data element also includes a remaining portion complementary to the first portion, which includes the remaining least significant bits of the binary representation of the plaintext data element.
[0038] The data bucket stored in the database of the data storage server is selected based on the first MAC.
[0039] The data bucket is provided to the client device, wherein the data bucket includes a data bucket header and encrypted data bucket content;
[0040] Receive the data bucket with updated encrypted data bucket content from the client device;
[0041] The data bucket containing the updated encrypted data bucket content is stored in the database, wherein the updated encrypted data bucket content includes the remainder of the plaintext data element in a binary representation based on an encryption key.
[0042] Advantageously, the data storage server provided by the third party and the client device provided by the first party allow security-sensitive data, such as numerical and / or text data, to be stored in encrypted form in the database, while supporting range queries of the data.
[0043] In another possible implementation of the third aspect, the processor of the data storage server is further configured to:
[0044] A second MAC is received from the client device based on the MAC key, comprising a second portion of the binary representation of the plaintext data element, wherein the second portion includes one or more other most significant bits of the binary representation of the plaintext data element that are different from the first portion, and the remaining portion of the binary representation of the plaintext data element is complementary to the second portion.
[0045] The data bucket stored in the database is selected based on the first MAC and the second MAC, and the data bucket is provided to the client device.
[0046] In another possible implementation of the third aspect, the processor of the data storage server is further configured to:
[0047] A third MAC is received from the client device based on the MAC key, comprising a third portion of the binary representation of the plaintext data element, wherein the third portion includes one or more other most significant bits of the binary representation of the plaintext data element that are different from the second portion, and the remaining portion of the binary representation of the plaintext data element is complementary to the third portion.
[0048] The data bucket stored in the database is selected based on the first MAC, the second MAC, and the third MAC, and the data bucket is provided to the client device.
[0049] In another possible implementation of the third aspect, the processor of the data storage server is further configured to: receive data from the client device comprising a plurality of ciphertext data elements encrypted with the encryption key, and store the data comprising the plurality of ciphertext data elements encrypted with the encryption key in the database.
[0050] In another possible implementation of the third aspect, the processor of the data storage server is further configured to: receive an identifier of the encryption key and the data including the plurality of ciphertext data elements from the client device, and store the data in the database based on the identifier of the encryption key. In other words, based on the identifier of the encryption key, the data storage server can determine the location in the database where the plurality of ciphertext data elements are stored.
[0051] In another possible implementation of the third aspect, the database is a relational database, wherein the processor of the data storage server is further configured to store the data comprising the plurality of encrypted data elements in a table of the relational database.
[0052] In another possible implementation of the third aspect, the first MAC is a hash-based message authentication code (HMAC).
[0053] In another possible implementation of the third aspect, the first portion of the binary representation of the plaintext data element includes one or more bytes defined by the most significant bit of the binary representation of the plaintext data element, and the remaining portion of the binary representation of the plaintext data element includes one or more bytes defined by the least significant bit of the binary representation of the plaintext data element.
[0054] In another possible implementation of the third aspect, the processor of the data storage server is further configured to receive at least one of the encrypted encryption key and the encrypted MAC key from the client device. In one implementation, the data storage server is configured to use the encrypted encryption key as the identifier for storing the data comprising the plurality of ciphertext data elements, based on the identifier in the database, particularly the identifier in the table of the database.
[0055] In another possible implementation of the third aspect, the processor of the data storage server is further configured to: process data queries on data stored in the database of the data storage server, the data including the plurality of encrypted data elements, wherein the data query is defined by at least one query value;
[0056] Based on the MAC key, at least one first query MAC is received for a first portion of the binary representation of the at least one query value, wherein the first portion includes one or more most significant bits of the binary representation of the query value, and the binary representation of the query value also includes a complementary remainder defined by the remaining least significant bits of the binary representation of the query value;
[0057] Based on the first query MAC, select one or more data buckets stored in the database;
[0058] The client device is provided with one or more data buckets, wherein each data bucket includes a data bucket header and encrypted data bucket content.
[0059] In another possible implementation of the third aspect, for each data bucket, the data bucket content further includes, for each encrypted data element of the data bucket content, a storage location identifier, specifically a row identifier, for identifying the storage location of data associated with the corresponding encrypted data element in the database, and wherein, for retrieving data associated with the data element within the query range from the database, the processor of the data storage server is further configured to: based on the storage location identifier, for one or more data elements matching the data query, retrieve the data associated with the one or more data elements from the database; and send the data to the client device.
[0060] According to the fourth aspect, a method for operating a data storage server is provided, the method comprising the following steps:
[0061] A first MAC is received from a client device based on a message authentication code (MAC) key, which is a first portion of a binary representation of a plaintext data element. The first portion includes one or more most significant bits of the binary representation of the plaintext data element, and the binary representation of the plaintext data element also includes a remaining portion complementary to the first portion, which includes the remaining least significant bits of the binary representation of the plaintext data element.
[0062] The data bucket stored in the database of the data storage server is selected based on the first MAC.
[0063] The data bucket is provided to the client device, wherein the data bucket includes a data bucket header and encrypted data bucket content;
[0064] Receive the data bucket with updated encrypted data bucket content from the client device;
[0065] The data bucket containing the updated encrypted data bucket content is stored in the database, wherein the updated encrypted data bucket content includes the remainder of the binary representation of the plaintext data element based on the encrypted form of the encryption key.
[0066] The method provided in the fourth aspect of the present invention can be executed by the data storage server provided in the third aspect of the present invention. Therefore, other features of the method provided in the fourth aspect of the present invention are directly derived from the functionality of the data storage server provided in the third aspect of the present invention and its various implementations described above and below.
[0067] According to a fifth aspect, a computer program product including a non-transitory computer-readable storage medium is provided. The non-transitory computer-readable storage medium is used to store program code that, when executed by a computer or processor, causes the computer or processor to perform the method provided in the second aspect or the method provided in the fourth aspect.
[0068] One or more embodiments will be described in detail in the accompanying drawings and the following description. Other features, objects, and advantages will be apparent from the specification, drawings, and claims. Attached Figure Description
[0069] The embodiments of the present invention will be described in detail below with reference to the accompanying drawings. In the drawings:
[0070] Figure 1 This is a schematic diagram of a data storage system provided in the embodiment, including multiple client devices provided in the embodiment and a data storage server for operating the database provided in the embodiment;
[0071] Figure 2 This is a schematic diagram illustrating an example of dividing a data element into a first MSB portion and a complementary LSB remainder, implemented by a client device provided in the embodiment.
[0072] Figure 3 An exemplary table is shown in the embodiment, which is used by the data storage server to store security-sensitive data.
[0073] Figure 4 This is a schematic diagram of the index tree structure implemented by the client device provided in the embodiment and the data storage server provided in the embodiment for storing and / or retrieving security-sensitive data;
[0074] Figure 5 This is a schematic diagram illustrating how the client device provided in the embodiment and the data storage server provided in the embodiment for storing and / or retrieving security-sensitive data distribute different data elements to different data buckets based on the corresponding MSB portion;
[0075] Figure 6 This is a sequence diagram of the interactions between the client device provided in the embodiment, the data storage server provided in the embodiment, and the key management server for retrieving data from the data storage server;
[0076] Figure 7 This is a flowchart illustrating a method for storing client device data in a database of a remote data storage server, as provided in an embodiment.
[0077] Figure 8 This is a flowchart of a method for operating a data storage server using a database for storing client device data, as provided in an embodiment.
[0078] In the following text, the same reference numerals refer to the same or at least functionally equivalent features. Detailed Implementation
[0079] In the following description, reference is made to the accompanying drawings, which form part of this invention, which illustrate by way of description specific aspects of embodiments of the invention or aspects in which embodiments of the invention may be used. It should be understood that embodiments of the invention can be used in other aspects and may include structural or logical variations not depicted in the drawings. Therefore, the following detailed description should not be construed as limiting, and the scope of the invention is defined by the appended claims.
[0080] For example, it should be understood that the disclosure relating to the described method also applies to the corresponding device or system for performing the method, and vice versa. For example, if one or more specific method steps are described, the corresponding device may include one or more units (e.g., functional units) to perform the described one or more method steps (e.g., one unit performs one or more steps, or multiple units each perform one or more of a plurality of steps), even if such one or more units are not explicitly described or illustrated in the drawings. On the other hand, for example, if a specific apparatus is described based on one or more units (e.g., functional units), the corresponding method may include a step to perform the function of one or more units (e.g., one step performs the function of one or more units, or multiple steps each perform the function of one or more of a plurality of units), even if such one or more units are not explicitly described or illustrated in the drawings. Furthermore, it is understood that, unless otherwise expressly stated, features of the various exemplary embodiments and / or aspects described herein may be combined with each other.
[0081] Figure 1This is a schematic diagram of a data storage system 100 provided in an embodiment. As detailed below, the data storage system 100 includes multiple client or user devices 110 (e.g., smartphones, smartwatches, tablets, laptops, desktop computers, or other types of IoT devices), one or more remote data storage servers 120 operating a database 125, and a key management server 130. Embodiments of the client devices 110 and data storage servers 120 are described in detail below, wherein the database 125 is implemented as a relational database 125, such as an SQL-based relational database 125. In these embodiments, as detailed below, the data storage server 120 is used to store security-sensitive data in one or more encrypted columns of one or more tables in the relational database 125. As used herein, an encrypted column of a table in the relational database 125 is a column whose column elements are encrypted with one or more encryption keys (e.g., with different encryption keys from different client devices 110). For example, a first column element can be encrypted using an encryption key from a first client device 110, while a second column element can be encrypted using an encryption key from a second client device 110.
[0082] However, it should be understood that data storage server 120 may include a non-relational database 125, and client device 110 may be used to operate with it, wherein security-sensitive data is stored in an encrypted data structure other than encrypted columns of tables. For example, in one embodiment, database 125 may be implemented as a MongoDB database (DB) 125. In this embodiment, data storage server 120 may be used to store security-sensitive data in one or more encrypted fields of MongoDB 125.
[0083] like Figure 1 As shown, multiple client devices 110, one or more remote data storage servers 120, and a key management server 130 can be used to communicate with each other via a wireless (e.g., cellular) and / or wired communication network 140. In one embodiment, the one or more remote data storage servers 120 can be one or more cloud storage servers 120 used to communicate with the client devices 110 via the Internet.
[0084] like Figure 1As shown, client device 110 may include a processor 111 for processing and generating data, a communication interface 113 (including an antenna, etc.) for exchanging data with other components in data storage system 100, and a non-transient memory 115 for storing data. The processor 111 in client device 110 may be implemented in hardware and / or software. The hardware may include digital circuitry, or both analog and digital circuitry. Digital circuitry may include components such as application-specific integrated circuits (ASICs), field-programmable arrays (FPGAs), digital signal processors (DSPs), or general-purpose processors. The non-transient memory 115 may store data, such as electronic keys and executable program code, which, when executed by processor 111, causes client device 110 to perform the functions, operations, and methods described herein. The communication interface 113 may include a wired or wireless communication interface 113. Similarly, the data storage server 120 may include a processor 121 for processing and generating data, a communication interface 123 for exchanging data with other components in the data storage system 100, and a database 125 for storing data.
[0085] As will be described in detail below, client device 110 is used to create an index on data storage server 120 while maintaining the complete privacy of security-sensitive data. This index can be used by data storage server 120 to perform range queries and sort by query. To handle such queries, client device 110 assists remote data storage server 120 in identifying correct and accurate query results without sacrificing the security of security-sensitive data stored in database 125 on remote data storage server 120.
[0086] To this end, the embodiments employ a novel type of index that allows the remote data storage server 120 to run queries on encrypted data without actually knowing the data. As will be described in detail below, in one embodiment, the client device 110 is used to convert the most significant bit (MSB) portion of a sensitive data element into a MAC value, which is exposed to the remote data storage server 120 only through this MAC value. In one embodiment, the data storage server 120 uses the MAC value as a key in an index used to identify the data. In one embodiment, the client device 110 is also used to store the least significant bit (LSB) portion of the encrypted sensitive data in the index, wherein the encryption key 115a is known only to the client device 110.
[0087] More specifically, client device 110 is used to store data 125a in database 125 of remote data storage server 120, wherein data 125a includes multiple security-sensitive plaintext data elements. These multiple plaintext data elements can be queried in plaintext and may include, for example, numeric values such as integer values, real values, floating-point values, etc., and / or text data such as alphabetic strings. Although detailed embodiments will be described below in the context of plaintext data elements in plaintext numeric form, it should be understood that these embodiments are applicable to other types of plaintext data elements that can also be queried, such as text data.
[0088] For each of the plurality of plaintext values, the client device 110 is used to generate at least one first MAC, such as the plaintext value, of the first part 200a of the binary representation 200 of the data element using the MAC key 115b (which may be stored in the memory 115 of the client device 110). Figure 2 The example shows the binary representation of a plaintext value, 200. For example... Figure 2 As shown, the first part 200a of the binary representation 200 of the plaintext value includes one or more most significant bits of the binary representation 200, i.e., the 8 most significant bits, which is the most significant byte of the binary representation 200. In addition to the first part 200a, the binary representation 200 of the plaintext value also includes a complementary remainder 200b defined by the remaining least significant bits of the binary representation 200 of the plaintext value. Figure 2 In the exemplary embodiment shown, the complementary remainder 200b of the binary representation 200 of the plaintext value includes 24 least significant bits, i.e., the last three least significant bytes of the binary representation 200 of the plaintext value. For example... Figure 2 As shown, in one embodiment, the MAC generated by the client device 110 can be a hash-based message authentication code (HMAC).
[0089] Furthermore, client device 110 is used to store the remainder 200b of the binary representation 200 of the plaintext value based on the encrypted form of encryption key 115a (which may be stored in the memory 115 of client device 110) in data buckets 500a-500d in the database 125 of remote data storage server 120. As will be discussed below... Figure 4 and Figure 5 As described in further detail in the context, the data storage server 120 is used to identify data buckets 500a-500d by at least one first MAC of the first part 200a of the binary representation of the plaintext numerical value 200.
[0090] In one embodiment, client device 110 retrieves data buckets 500a-500d identified by data storage server 120 using at least one first MAC based on at least one first MAC of a first portion 200a (e.g., the most significant byte) of a binary representation 200 of a plaintext value. In one embodiment, each data bucket 500a-500d includes a bucket header and encrypted bucket content, wherein the encrypted bucket content includes one or more encrypted portions (e.g., the remaining portion of the binary representation of one or more plaintext values already stored in database 125) that are already stored in database 125. Figure 2 The remaining portion 200b shown in the figure contains one or more plaintext values that have the same MSB portion and therefore have the same first MAC.
[0091] In one embodiment, client device 110 is used to decrypt the contents of data buckets 500a-500d identified by data storage server 120 using encryption key 115a to obtain the data bucket contents in plaintext form. Additionally, in one embodiment, client device 110 is used to add the remainder 200b of the binary representation 200 of the plaintext value to be stored in database 125 to the plaintext data bucket contents to obtain updated data bucket contents in plaintext form. In one embodiment, client device 110 is also used to encrypt the updated data bucket contents in plaintext form using encryption key 115a and send the data buckets 500a-500d with the encrypted updated data bucket contents to data storage server 120. Data storage server 120 is then used to store the updated data buckets 500a-500d (including the encrypted LSB portion of the new value) in database 125.
[0092] As a supplement to client device 110, data storage server 120 is configured to receive, for each of a plurality of plaintext values, a first MAC of the first portion 200a of the binary representation 200 of the corresponding plaintext value from client device 110. Furthermore, data storage server 120 is configured to select (i.e., identify) data buckets 500a-500d stored in database 125 based on the first MAC, and provide the identified data buckets 500a-500d to client device 110. Additionally, data storage server 120 is configured to receive updated data buckets 500a-500d with updated encrypted data bucket contents from client device 110, and store the updated data buckets 500a-500d with updated encrypted data bucket contents in database 125. As described above in the context of client device 110, the updated encrypted data bucket contents include the remaining portion 200b of the binary representation 200 of the plaintext value in encrypted form based on encryption key 115a.
[0093] In one embodiment, the client device 110 is further configured to encrypt plaintext values to be stored in database 125 of data storage server 120 using encryption key 115a to obtain multiple ciphertext values, such as Figure 3 The encrypted salary 300b is shown in the figure. In one embodiment, the client device 110 is used to encrypt the value to be stored in the database 125 of the data storage server 120 using a random encryption scheme or a deterministic encryption scheme.
[0094] In addition, the client device 110 is used to transmit multiple ciphertext values 300b and unencrypted data associated with the values 300b (e.g., Figure 3 The data 125a of the person's name 300c shown is sent to the data storage server 120 for storage in the database 125 of the data storage server 120. In one embodiment, the database 125 is a relational database 125, wherein the data storage server 120 stores the data 125a, which includes multiple encrypted values 300b and unencrypted data 300c associated with the values 300b, in tables of the relational database 125, for example... Figure 3 Table 300 is shown. As described above, in one embodiment, the data storage server 120 is used to store the ciphertext value 300b in an encrypted column of table 300 of the relational database 125.
[0095] In one embodiment, the client device 110 is further configured to send the identifier of the encryption key 115a together with data 125a including a plurality of ciphertext values 300b to the data storage server 120, and the data storage server 120 is configured to store the data 125a in table 300 of the database 125 based on the identifier of the encryption key 115a.
[0096] In one embodiment, the client device 110 is further configured to obtain an encrypted version of the encryption key 115a and / or an encrypted version of the MAC key 115b from the remote key management server 130, wherein the encrypted first encryption key 115a and / or the encrypted MAC key 115b are encrypted using the client device's master key. In one embodiment, the client device 110 is further configured to send the encrypted first encryption key 115a and / or the encrypted MAC key 115b to the data storage server 120. In one embodiment, the identifier of the encryption key 115a may be an encrypted encryption key 115a used by the data storage server 120 to determine the location where data 125a comprising a plurality of ciphertext values 300b is stored.
[0097] In one embodiment, the client device 110 and the data storage server 120 use a second MAC address and a third MAC address, in addition to the first MAC address, to identify the relevant data buckets 500a-500d in the database 125. In other words, besides... Figure 2 In addition to the first-level partitioning, which represents the corresponding numerical value 200 in binary, the client device 110 and the data storage server 120 are also used to implement second-level and third-level partitioning using different MSB portions as indexes, such as... Figure 4 The tree shown in the figure illustrates this. In one embodiment, the number of MACs used by the client device 110 and the data storage server 120, i.e., only one MAC or two, three or more MACs, may depend on the size of the data elements to be stored in the database 125 and / or the desired density of the data buckets 500a-500d, i.e., the "range resolution".
[0098] More specifically, in one embodiment, the client device is used to generate a second MAC for a second portion and a third MAC for a third portion of a binary representation 200 of a plaintext value using MAC key 115b. Figure 4 As can be seen, in one embodiment, the second part of the binary representation 200 of the plaintext value may include the two most significant bytes of the binary representation 200, while the third part may include the three most significant bytes of the binary representation 200. It should be understood that in this embodiment, using the first MAC, second MAC, and third MAC of the added portions of the binary representation 200 of the plaintext value, the complementary remainder 200b of the least significant bit will correspondingly become smaller. For example, for a 4-byte binary representation 200 of a value, the first part includes the first most significant byte, the second part includes the first two most significant bytes, the third part includes the first three most significant bytes of the binary representation 200, and the complementary remainder 200b includes the last byte of the binary representation 200.
[0099] Based on the first MAC, second MAC, and third MAC received from the client device 110, the data storage server 120 identifies one or more associated data buckets 500a-500d and provides the client device 110 with one or more identified data buckets 500a-500d. Therefore, in one embodiment, the data storage server 120 may be used to implement an index structure, such as... Figure 4The tree structure 400 shown is used to identify one or more related data buckets 500a-500d. In other words, in one embodiment, the index structure 400 used by the data storage server 120 is a pointer tree pointing to data buckets 500a-d. In one embodiment, the tree 400 may be a prefix search tree, where the key of each tree node is the HMAC of the MSB portion of a value. In one embodiment, the HMAC may be defined as HMAC(key, "bucket minimum", "bucket maximum"). In another embodiment, the HMAC may be defined as HMAC(key, "MSB value", "MSB level range"). In one embodiment, the "MSB level range" can be determined by the size of the MSB portion used, such as 1, 2, or 3 bytes.
[0100] Such as combination Figure 4 As understood in the exemplary index tree structure 400 shown, nodes with keys based on the same "MSB level" are at the same level in tree 400. The node with the shortest key is at the top level. In other words, a node with a key based on a 1-byte MSB is at the top level (after the root). A node with a key that begins with the key of another node is a child node of that node. For example, if 2-byte MSB nodes all share the same first byte (before the HMAC operation), then the 2-byte MSB node is a child node of the 1-byte MSB node.
[0101] As mentioned above, Figure 4 All leaf nodes of the tree structure 400 shown can hold pointers to data buckets 500a-500d, which in turn contain encrypted LSBs. In one embodiment, non-leaf nodes of the tree structure 400 only hold pointers to their sibling nodes. In one embodiment, the data storage server 120 is used to create the nodes of the tree structure 400 at runtime (e.g., in...). Figure 4 (Only nodes with at least one element are shown in the diagram). In one embodiment, the data storage server 120 can be used to divide each node of the tree structure 400 into two additional nodes to create more storage space.
[0102] Client device 110 and data storage server 120 are also used to process data queries (e.g., "select" queries) of data 125a, which includes multiple encrypted values 300b, stored in database 125. In one embodiment, the data query is defined by at least one query value. (As will be...) Figure 6As described in detail in the context of [the previous text], in one embodiment, in order to identify one or more data buckets 500a-500d associated with a data query, client device 110 is used to initially process the query value in exactly the same manner as a new value to be stored in database 125. More specifically, similar to a new value to be stored in the database, client device 110 is used to generate at least one first query MAC using MAC key 115b to generate at least one first query MAC of a first portion (e.g., a first most significant byte) of the binary representation of the query value, wherein the first portion includes one or more most significant bits of the binary representation of the query value.
[0103] In the above embodiment, the client device 110 can also be used to generate a second query MAC (e.g., the first two most significant bytes) and a third query MAC (e.g., the first three most significant bytes) of the second part of the binary representation of the query value using the MAC key 115b, and send the first query MAC, second query MAC, and third query MAC to the data storage server 120 to identify the relevant data buckets 500a-500d. In other words, based on the first query MAC, second query MAC, and third query MAC, the data storage server 120 is used to select (i.e. identify) one or more relevant data buckets 500a-500d stored in the database 125, and provides one or more selected data buckets 500a-500d to the client device 110. The client device 110 is then used to decrypt the encrypted data bucket contents of one or more selected data buckets 500a-500d using the encryption key 115a. Client device 110 can generate a corresponding plaintext binary representation of the corresponding value included in one or more selected data buckets 500a-500d by combining a first, second, and / or third part of the binary representation of the query value with the decrypted remainder (i.e., the decrypted LSB portion) of the binary representation of one or more values stored in one or more selected data buckets 500a-500d. In another embodiment, to reconstruct the corresponding plaintext binary representation of the corresponding value included in one or more selected data buckets 500a-500d, the MSB portion can be included in encrypted form in the bucket header of one or more corresponding data buckets 500a-500d.
[0104] In one embodiment, for each data bucket 500a-500d, the data bucket content also includes, for each ciphertext value in the data bucket content, a storage location identifier, such as... Figure 3The row identifier 300a of the table 300 shown identifies the storage location of the data 300c associated with the corresponding encrypted value 300b in the database 125 of the data storage server 120. To retrieve the data 300c associated with the values 300b within the query range from the database 125, the data storage server 120 retrieves the data 300c associated with one or more values from the database 125 based on the storage location identifier 300a for one or more values 300b that match the data query, and sends the data 300c as the result of the query to the client device 110.
[0105] Figure 6 An embodiment of the interaction between client device 110, remote data storage server (referred to as database server) 120, and remote key management server (KMS) 130 is illustrated during the process of retrieving encrypted security-sensitive value 300b (and associated data 300c) from database 125 of remote data storage server 120. For example, in Figure 6 In the illustrated embodiment, data retrieval is shown within the context of a selected query. The interaction between client device 110, remote data storage server 120, and remote key management server 130 includes the following steps.
[0106] Step 601: The application 111b running on the processor 111 of the client device 110 notifies the client driver 111a running on the processor 111 of the client device 110 to execute a selection query to retrieve the value 300b and associated data 300c from the relational database 125 of the remote data storage server 120.
[0107] Step 603: In response to step 601, the client driver 111a of the client device 110 parses the selection query of the application 111b to obtain the column names associated with the values to be extracted from the relational database 125 of the remote data storage server 120. The client driver 111a identifies the column names of table 300 as metadata stored in the memory 115 of the client device 110 based on the parsed selection query identifier.
[0108] Step 605: The client driver 111a of the client device 110 generates a binary representation of the query value 200 based on the HMAC key 115b, consisting of the first HMAC (most significant byte 200a), the second HMAC (two most significant bytes), and the third HMAC (three most significant bytes).
[0109] Step 607: The client driver 111a of the client device 110 sends the first HMAC, the second HMAC, and the third HMAC to the data storage server 120.
[0110] Step 609: Data storage server 120 searches for one or more relevant data buckets 500a-500d in database 125 based on the HMAC received from client device 110, that is, one or more data buckets 500a-500d identified by three HMACs.
[0111] Step 611: Data storage server 120 returns identified data buckets 500a-500d with encrypted data bucket contents to client driver 111a of client device 110.
[0112] Step 613: The client driver 111a of the client device 110 decrypts the encrypted contents of one or more data buckets 500a-500d received from the data storage server 120.
[0113] Step 615: Based on the decrypted complementary LSB remainder, the client driver 111a of the client device 110 filters out irrelevant line identifiers.
[0114] Step 617: The client driver 111a of the client device 110 sends a request to the data storage server 120 to extract the table row of table 300 identified by the row identifier 300a determined in step 615.
[0115] Step 619: Data storage server 120 provides client device 110 with the requested table rows of table 300, including encrypted values 300b and associated data 300c of these rows.
[0116] Step 621: The client driver 111a of the client device 110 forwards the requested table row to the application 111b.
[0117] Figure 7 This is a flowchart of a method 700 for storing data 125a from a client device 110 in a database 125 of a remote data storage server 120. Method 700 includes the following steps performed by the client device 110.
[0118] Step 701: Generate at least one first MAC for a first portion 200a of a binary representation 200 of a plaintext data element (e.g., a numerical value) using MAC key 115b, wherein the first portion 200a includes one or more most significant bits of the binary representation 200 of the plaintext data element, and the binary representation 200 of the plaintext data element also includes a complementary remainder 200b defined by the remaining least significant bits of the binary representation 200 of the plaintext data element.
[0119] Step 703: Retrieve data buckets from data storage server 120 based on the first MAC address, wherein data buckets 500a-500d include a data bucket header and encrypted data bucket content.
[0120] Step 705: Decrypt the data bucket contents using encryption key 115a to obtain the data bucket contents in plaintext.
[0121] Step 707: Add the remaining part 200b of the binary representation 200 of the plaintext data element to the plaintext data bucket content to obtain the updated plaintext data bucket content.
[0122] Step 709: Encrypt the updated data bucket contents in plaintext using encryption key 115a.
[0123] Step 711: Send data buckets 500a-500d with encrypted updated data bucket content to data storage server 120 for storage of data buckets 500a-500d in database 125 of data storage server 120.
[0124] Figure 8 This is a schematic diagram of a method 800 for operating a data storage server 120 having a database 125, as provided in an embodiment. Method 800 includes the following steps performed by the data storage server 120.
[0125] Step 801: Data storage server 120 receives a first MAC from client device 110 based on MAC key 115b, the first portion 200a of the binary representation 200 of plaintext data element (e.g., numerical value), wherein the first portion 200a includes one or more most significant bits of the binary representation 200 of the plaintext data element, and the binary representation 200 of the plaintext data element also includes a complementary remainder 200b defined by the remaining least significant bits of the binary representation 200 of the plaintext data element.
[0126] Step 803: Data storage server 120 selects data buckets 500a-500d stored in database 125 based on the first MAC.
[0127] Step 805: Provide data buckets 500a-500d to client device 110, wherein data buckets 500a-500d include a data bucket header and encrypted data bucket content.
[0128] Step 807: Receive data buckets 500a-500d with updated encrypted data bucket contents from client device 110.
[0129] Step 809: Store data buckets 500a-500d with updated encrypted data bucket content in database 125, wherein the updated encrypted data bucket content includes the remainder 200b of the binary representation 200 of plaintext data elements in encrypted form based on encryption key 115a.
[0130] Those skilled in the art will understand that the “blocks” (“units”) in the various drawings (methods and apparatuses) represent or describe the functionality of embodiments of the invention (and are not necessarily separate “units” in hardware or software), and thus equally describe the functionality or features (units equivalent to steps) of apparatus embodiments and method embodiments.
[0131] In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods can be implemented in other ways. For example, the described embodiments of the apparatus are merely exemplary. For example, the unit division is only a logical functional division, and other division methods may be used in actual implementation. For example, multiple units or components may be merged or integrated into another system, or some features may be ignored or not performed. In addition, the mutual coupling or direct coupling or communication connection shown or described can be implemented through some interfaces. Direct coupling or communication connection between devices or units can be implemented electronically, mechanically, or otherwise.
[0132] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of the embodiment solution according to actual needs.
[0133] In addition, the functional units in the embodiments of the present invention can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.
Claims
1. A client device (110), characterized in that, Includes a processor (111), said processor (111) being used for: Acquire data comprising multiple plaintext data elements (125a); and, for the plaintext data elements among the multiple plaintext data elements: A first MAC is generated using a message verification code MAC key (115b) to generate a first portion (200a) of the binary representation (200) of the plaintext data element, wherein the first portion (200a) includes one or more most significant bits of the binary representation (200) of the plaintext data element, and the binary representation (200) of the plaintext data element also includes a remainder (200b) complementary to the first portion (200a), the remainder (200b) including the remainder least significant bits of the binary representation (200) of the plaintext data element; Based on the first MAC, data buckets (500a-500d) are retrieved from the data storage server (120), wherein the data buckets (500a-500d) include a data bucket header and encrypted data bucket content; The encrypted data bucket contents are decrypted using the encryption key (115a) to obtain the data bucket contents in plaintext form; The remaining portion (200b) of the binary representation (200) of the plaintext data element is added to the plaintext data bucket content to obtain the updated plaintext data bucket content; The updated data bucket contents in plaintext form are encrypted using the encryption key (115a); The data buckets (500a-500d) containing the encrypted updated data bucket content are sent to the data storage server (120) for storing the data buckets (500a-500d) in the database (125) of the data storage server (120).
2. The client device (110) according to claim 1, characterized in that, The processor (111) is further configured to, for the plaintext data element among the plurality of plaintext data elements: A second MAC is generated using the MAC key (115b) to generate a second portion of the binary representation (200) of the plaintext data element, wherein the second portion includes one or more other most significant bits of the binary representation (200) of the plaintext data element that are different from the first portion (200a), and the remaining portion (200b) of the binary representation (200) of the plaintext data is complementary to the second portion; Based on the first MAC and the second MAC, the data bucket (500a-500d) is retrieved from the data storage server (120).
3. The client device (110) according to claim 2, characterized in that, The processor (111) is further configured to, for the plaintext data element among the plurality of plaintext data elements: The third MAC is generated using the MAC key (115b) to generate a third portion of the binary representation (200) of the plaintext data element, wherein the third portion includes one or more other most significant bits of the binary representation (200) of the plaintext data element that are different from the second portion, and the remaining portion (200b) of the binary representation (200) of the plaintext data element is complementary to the third portion. Based on the first MAC, the second MAC and the third MAC, the data bucket (500a-500d) is retrieved from the data storage server (120).
4. The client device (110) according to any one of claims 1 to 3, characterized in that, The processor (111) is also used for: The plurality of plaintext data elements are encrypted using the encryption key (115a) to obtain a plurality of ciphertext data elements (300b). The data (125a) comprising the plurality of encrypted data elements (300b) is sent to the data storage server (120) for storing the data (125a) in the database (125).
5. The client device (110) according to claim 4, characterized in that, The processor (111) is also configured to send the identifier of the encryption key (115a) together with the data (125a) including the plurality of ciphertext data elements (300b) to the data storage server (120) for storing the data (125a) in the database (125) based on the identifier of the encryption key (115a).
6. The client device (110) according to any one of claims 1 to 3 and 5, characterized in that, The first MAC is a hash-based message verification code (HMAC).
7. The client device (110) according to any one of claims 1 to 3 and 5, characterized in that, The first portion (200a) of the binary representation (200) of the plaintext data element includes one or more bytes defined by the most significant bit of the binary representation (200) of the plaintext data element, and the remaining portion (200b) of the binary representation (200) of the plaintext data element includes one or more bytes defined by the least significant bit of the binary representation (200) of the plaintext data element.
8. The client device (110) according to any one of claims 1 to 3 and 5, characterized in that, The processor (111) is also configured to obtain at least one of an encrypted version of the encryption key (115a) and an encrypted version of the MAC key (115b) from a remote key management server (130), wherein at least one of the encrypted version of the encryption key (115a) and the encrypted version of the MAC key (115b) is encrypted with a client device master key.
9. The client device (110) according to any one of claims 1 to 3 and 5, characterized in that, The processor (111) is also configured to send at least one of the encrypted version of the encryption key (115a) and the encrypted version of the MAC key (115b) to the data storage server (120).
10. The client device (110) according to claim 4, characterized in that, The processor (111) is used to process data queries on data (125a) stored in the database (125) of the data storage server (120), the data (125a) comprising the plurality of encrypted data elements (300b), wherein the data query is defined by at least one query value, and is further configured to: At least one first query MAC is generated using the MAC key (115b) to generate a first portion of the binary representation of the at least one query value, wherein the first portion includes one or more most significant bits of the binary representation of the query value, and the binary representation of the query value also includes a complementary remainder defined by the remaining least significant bits of the binary representation of the query value; Based on the at least one first query MAC, one or more data buckets (500a-500d) are retrieved from the data storage server (120), wherein each of the one or more data buckets (500a-500d) includes a data bucket header and encrypted data bucket content; The encrypted data bucket contents are decrypted using the encryption key (115a); By combining the first part with the decrypted complementary remainder, a plaintext binary representation of the data element is generated.
11. The client device (110) according to claim 10, characterized in that, For each data bucket (500a-500d), the data bucket content further includes, for each encrypted data element of the data bucket content, a storage location identifier (300a), specifically a row identifier (300a), for identifying the storage location of data (300c) associated with the corresponding encrypted data element (300b) in the database (125), and wherein, for retrieving the encrypted data element (300b) and / or the data (300c) associated with the data element in the query range from the database (125), the processor (111) is further configured to: For one or more data elements that match the data query, the encrypted data element (300b) and / or the data associated with the one or more data elements (300c) are retrieved from the database (125) based on the storage location identifier (300a).
12. A method (700) for operating a client device (110), characterized in that, The method (700) includes: Acquire data comprising multiple plaintext data elements (125a); and, for the plaintext data elements among the multiple plaintext data elements: A first MAC is generated (701) using a message verification code MAC key (115b) to generate (201) a first portion (200a) of the first part (200a) of the binary representation (200) of the plaintext data element, wherein the first portion (200a) includes one or more most significant bits of the binary representation (200) of the plaintext data element, and the binary representation (200) of the plaintext data element also includes a remaining portion (200b) complementary to the first portion (200a), the remaining portion (200b) including the remaining least significant bits of the binary representation (200) of the plaintext data element; Based on the first MAC, retrieve (703) data buckets (500a-500d) from the data storage server (120), wherein the data buckets (500a-500d) include a data bucket header and encrypted data bucket content; The encrypted data bucket contents are decrypted (705) using the encryption key (115a) to obtain the data bucket contents in plaintext form; The remaining portion (200b) of the binary representation (200) of the plaintext data element is added (707) to the plaintext data bucket content to obtain the updated plaintext data bucket content; The updated data bucket contents in plaintext form are encrypted using the encryption key (115a) (709). The data buckets (500a-500d) with the encrypted updated data bucket content are sent (711) to the data storage server (120) for storing the data buckets (500a-500d) in the database (125) of the data storage server (120).
13. A data storage server (120), characterized in that, Includes a processor (121), said processor (121) being used for: A first MAC is received from a client device (110) based on a message authentication code MAC key (115b) for a first portion (200a) of a binary representation (200) of a plaintext data element, wherein the first portion (200a) includes one or more most significant bits of the binary representation (200) of the plaintext data element, and the binary representation (200) of the plaintext data element also includes a remainder (200b) complementary to the first portion (200a), the remainder (200b) including the remainder least significant bits of the binary representation (200) of the plaintext data element; Based on the first MAC, select the data bucket (500a-500d) in the database (125) of the data storage server (120). The data buckets (500a-500d) are provided to the client device (110), wherein the data buckets (500a-500d) include a data bucket header and encrypted data bucket content; Receive the data bucket (500a-500d) with updated encrypted data bucket content from the client device (110). The data buckets (500a-500d) having the updated encrypted data bucket content are stored in the database (125), wherein the updated encrypted data bucket content includes the remainder (200b) of the binary representation (200) of the plaintext data element in an encrypted form based on the encryption key (115a).
14. The data storage server (120) according to claim 13, characterized in that, The processor (121) is also used for: A second MAC is received from the client device (110) based on the MAC key (115b) for a second portion of the binary representation (200) of the plaintext data element, wherein the second portion includes one or more other most significant bits of the binary representation (200) of the plaintext data element that are different from the first portion, and the remaining portion (200b) of the binary representation (200) of the plaintext data element is complementary to the second portion; Based on the first MAC and the second MAC, select the data bucket (500a-500d) stored in the database (125). The data buckets (500a-500d) are provided to the client device (110).
15. The data storage server (120) according to claim 14, characterized in that, The processor (121) is also used for: A third MAC is received from the client device (110) based on the MAC key (115b) of the third portion of the binary representation (200) of the plaintext data element, wherein the third portion includes one or more other most significant bits of the binary representation (200) of the plaintext data element that are different from the second portion, and the remaining portion (200b) of the binary representation (200) of the plaintext data element is complementary to the third portion; Based on the first MAC, the second MAC and the third MAC, select the data bucket (500a-500d) stored in the database (125). The data buckets (500a-500d) are provided to the client device (110).
16. The data storage server (120) according to any one of claims 13 to 15, characterized in that, The processor (121) is also used for: Data (125a) is received from the client device (110), the data (125a) comprising a plurality of ciphertext data elements (300b) encrypted with the encryption key (115a). The data (125a) is stored in the database (125).
17. The data storage server (120) according to claim 16, characterized in that, The processor (121) is also used for: The client device (110) receives the identifier of the encryption key (115a) and the data (125a) including the plurality of ciphertext data elements (300b). The data (125a) is stored in the database (125) based on the identifier of the encryption key (115a).
18. The data storage server (120) according to claim 16, characterized in that, The database (125) is a relational database (125), and the processor (121) is also used to store the data (125a) including the plurality of encrypted data elements (300b) in a table (300) of the relational database (125).
19. The data storage server (120) according to any one of claims 13 to 15, 17 to 18, characterized in that, The first MAC is a hash-based message authentication code (HMAC).
20. The data storage server (120) according to any one of claims 13 to 15, 17 to 18, characterized in that, The first portion (200a) of the binary representation (200) of the plaintext data element includes one or more bytes defined by the most significant bit of the binary representation (200) of the plaintext data element, and the remaining portion (200b) of the binary representation (200) of the plaintext data element includes one or more bytes defined by the least significant bit of the binary representation (200) of the plaintext data element.
21. The data storage server (120) according to any one of claims 13 to 15, 17 to 18, characterized in that, The processor (121) is also configured to receive at least one of the encrypted encryption key (115a) and the encrypted MAC key (115b) from the client device (110).
22. The data storage server (120) according to claim 16, characterized in that, The processor (121) is used to process data queries on data (125a) stored in the database (125), the data (125a) comprising the plurality of encrypted data elements, wherein the data query is defined by at least one query value, and the processor (121) is further used to: Based on the MAC key (115b), at least one first query MAC receives a first portion of the binary representation of the at least one query value, wherein the first portion includes one or more most significant bits of the binary representation of the query value, and the binary representation of the query value also includes a complementary remainder defined by the remaining least significant bits of the binary representation of the query value; Based on the first query MAC, select one or more data buckets (500a-500d) stored in the database (125). The client device (110) is provided with one or more data buckets (500a-500d), wherein each data bucket includes a data bucket header and encrypted data bucket content.
23. The data storage server (120) according to claim 22, characterized in that, For each data bucket (500a-500d), the data bucket content further includes, for each encrypted data element of the data bucket content, a storage location identifier (300a), specifically a row identifier (300a), for identifying the storage location of data (300c) associated with the corresponding encrypted data element (300b) in the database (125), and wherein, for retrieving from the database (125) the data (300c) associated with the data element (300b) within the query range, the processor (121) is further configured to: Based on the storage location identifier (300a), for one or more data elements (300b) that match the data query, the data associated with the one or more data elements is retrieved from the database (125) (300c). The data (300c) is sent to the client device (110).
24. A method (800) for operating a data storage server (120), characterized in that, The method (800) includes: A first MAC is received (801) from a client device (110) based on a message authentication code MAC key (115b) for a first portion (200a) of a binary representation (200) of a plaintext data element, wherein the first portion (200a) includes one or more most significant bits of the binary representation (200) of the plaintext data element, and the binary representation (200) of the plaintext data element also includes a remaining portion (200b) complementary to the first portion (200a), the remaining portion (200b) including the remaining least significant bits of the binary representation (200) of the plaintext data element; Based on the first MAC selection (803), the data buckets (500a-500d) are stored in the database (125) of the data storage server (120). Provide the client device (110) with the data bucket (500a-500d) (805), wherein the data bucket (500a-500d) includes a data bucket header and encrypted data bucket content; Receive (807) the data bucket (500a-500d) with updated encrypted data bucket content from the client device (110). The data buckets (500a-500d) having the updated encrypted data bucket content are stored (809) in the database (125), wherein the updated encrypted data bucket content includes the remainder (200b) of the binary representation (200) of the plaintext data element in an encrypted form based on the encryption key (115a).
25. A computer program product including a computer-readable storage medium, characterized in that, The computer-readable storage medium is used to store program code that, when executed by a computer or processor, causes the computer or processor to perform the method (700) according to claim 12.
26. A computer program product, characterized in that, Includes a computer-readable storage medium for storing program code, which, when executed by a computer or processor, causes the computer or processor to perform the method (800) according to claim 24.