Systems and methods for implementing an encrypted search index

摘要

A search index stored within the system having a plurality of individual search index files having information stored therein. At least one of the individual search index files constitutes a term dictionary or a term index type file having internal structure that allows a portion of the individual search index file to be updated, encrypted, and/or decrypted without affecting the internal structure of the individual search index file. A file input/output (IO) layer encrypts the information being written into the individual search index file and to decrypt the information being read from the individual search index file. The file TO layer encrypts and decrypts only a portion of the individual search index file in reply to an operation without requiring decryption or encryption of the individual search index file in its entirety. A query interface executes the operation against the information stored in the memory in its decrypted form.

主权项

1. A system to execute within a host organization, wherein the system comprises:
a processor and a memory to execute instructions at the system; a search index stored on disk within the system comprised of a plurality of individual search index files, each of the individual search index files being accessible as a random access file, the search index having information stored therein, wherein at least one of the individual search index files constitutes a term dictionary or a term index type file having internal structure which allows a portion of the individual search index file to be updated, encrypted, and/or decrypted without affecting the internal structure of the individual search index file; wherein the search index stores both customer data and non-customer data organized into sub-blocks, wherein sub-blocks having customer data therein do not contain non-customer data and wherein sub-blocks having non-customer data therein do not contain customer data; a file input/output (TO) layer to encrypt the information being written into the individual search index file and to decrypt the information being read from the individual search index file, wherein the file IO layer encrypts and decrypts only a portion of the individual search index file in reply to an operation without requiring decryption or encryption of the individual search index file in its entirety; and a query interface to execute the operation against the information stored in the memory in its decrypted form.