CPC G06F 21/6227 (2013.01) [G06F 16/245 (2019.01); G06F 16/258 (2019.01); G06F 16/27 (2019.01); G06F 21/602 (2013.01)] | 30 Claims |
1. A method performed by executing instructions on at least one hardware processor, the method comprising:
sharing, by a first database account with a second database account, a secure function configured to accept as input and to process an encrypted dataset and a decryption parameter, the first database account including a first dataset, the second database account including a second dataset;
selecting, by the second database account, one or more rows and one or more columns of the second dataset as a searchable dataset;
generating, by the second database account, an encrypted searchable dataset by encrypting the searchable dataset with a key;
calling, by the second database account, the secure function by inputting the encrypted searchable dataset and the key into the secure function; and
based on the inputted encrypted searchable dataset and the key, generating, by the secure function, query results of a query by performing operations comprising:
generating a decrypted searchable dataset by decrypting the encrypted searchable dataset with the key in a secure environment;
anonymizing the decrypted searchable dataset by generating a cross reference table that cross references the anonymized searchable dataset and the decrypted searchable dataset;
obtaining the query results by executing the query against a combination of the first dataset and the anonymized searchable dataset in the secure environment to generated query-results data, the first dataset separate from the second database account; and
outputting the query results to the second database account.
|