CLIENT COMPUTER FOR QUERYING A DATABASE STORED ON A SERVER VIA A NETWORK

摘要

The invention relates to a client computer for querying a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises a set of first relations, wherein each first relation in the set of the first relations comprises first data items, wherein for each first relation the first data items are encrypted with a respective first cryptographic key in the first relation, wherein the first data items form a partially ordered set in each first relation, in each first relation the partial order being formed with respect to the first data items of said first relation in non-encrypted form.

主权项

1. A client computer for querying a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises a set of first relations, wherein each first relation in the set of the first relations comprises first data items, wherein for each first relation the first data items are encrypted with a respective first cryptographic key in the first relation, wherein the first data items form a partially ordered set in each first relation, in each first relation the partial order being formed with respect to the first data items of said first relation in non-encrypted form, wherein the client computer has installed thereon an application program, the application program being operational for:
a) receiving a search request, said search request specifying a search interval, a number of maximum total hits and a search direction, b) declaring the infimum as the interval boundary in case the search direction is ascending with respect to the order in which the encrypted first data items are stored in said first relations or declaring the supremum as the interval boundary in case the search direction is descending with respect to the order in which the encrypted first data items are stored in said first relations, c) determining for each first relation the encrypted first data item forming the interval boundary, wherein the determining of the encrypted first data item forming the interval boundary is performed by requesting for each first relation encrypted current first data items, receiving and decrypting said requested encrypted current first data items and determining, using the partial order of the first relation, if one data item of the decrypted current first data items forms the interval boundary, d) in case the interval boundary cannot be determined from the decrypted current first data item, repeating step c), wherein said determining results in a set of current decrypted first data items comprising one of the current decrypted first data items for each first relation forming the interval boundary, e) selecting as a current hit data item the decrypted current first data item from the set of current decrypted first data items which forms the interval boundary with respect to the set of current decrypted first data items and which is lying in the interval, and removing the current hit data item from the set of current decrypted first data items, f) in case the total number of selected current hit data items is below the number of maximum total hits, providing a request for a new encrypted first data item, wherein the request for the new encrypted first data item comprises information that the new encrypted first data item is to be retrieved from the first relation comprising the current encrypted first data item corresponding to the current hit data item at a position in the partial order immediately preceding or succeeding the position of the current encrypted first data item corresponding to the current hit data item, depending if the interval boundary is the supremum or the infimum, and in response to said provision of the request for the new encrypted first data item, receiving the new encrypted first data item, decrypting the new encrypted first data item for obtaining a new decrypted first data item as the current decrypted first data item and adding said current decrypted first data item to the set of current decrypted first data items, g) repeating steps e)-f) while the total number of selected current hit data items is below the number of maximum total hits and the current hit data item is satisfying the interval.