主权项 |
1. A computer system comprising:
a network; a first client device in communication with the network having a first transaction description for a transaction t and sending said first transaction description to a second client device in communication with the network, the second client device receives the first transaction description from the first client device, one of said first or second client devices executes the first transaction description and creates a second transaction description for transaction t which tells which records to modify or insert and how for transaction t and then sends the second transaction description to a client device, the first and second client devices each having a database; a storage device having a database wherein said storage device is in communication with the first and second client devices through the network, the first and second client devices each having a copy of a portion of the database of the storage device where the portion of the storage device's database of the first device is allowed to be different from the portion of the storage device's database of the second device, each client device has at least a portion of a copy of data in the database and performs at least a portion of reads of transactions at each of said client devices on the portion of the copy of the data in the storage device's database that each client device also has; the copy of the portion of the storage device's database that each client device has is subject to access privacy because all data accesses that go to each client's database, have a property that the storage device does not know which data items are in each copy of the portion of the storage device's database of the first or second client devices nor does the storage device know which data items are accessed nor whether a same data item is accessed more than once, the storage device receives only encrypted data 1; the storage device is a backup for data of each client device so if any client device needs to recover data, the data is able to be retrieved from the storage device; and a conduit which orders transactions in communication with the storage device and each client device through the network, wherein all read-write transactions pass through the conduit so that read-write transactions are executed in a same order in every client. |