Searching Encrypted Data Without Decrypting It: CyberArk's 2021 Patents

Encryption and search pull in opposite directions. Encrypt a database properly and it becomes an opaque blob you cannot query; index it for fast search and you have generally had to expose the plaintext to the index. Searchable encryption is the field that tries to have both — letting a server find records matching a query while the records, and ideally the query, stay encrypted.

CyberArk, a privileged-access and secrets-management vendor, filed in exactly this space and landed two grants in 2021. US10997301B1, “Variable encryption techniques for secure and efficient searchable encryption,” issued May 4, 2021. US10885217B1, “Client microservice for secure and efficient searchable encryption,” issued January 5, 2021. Same inventor, complementary claims.

The pairing tells you something about how the technique is meant to be deployed. One patent (the “variable encryption” grant, under G06F 21/602 and H04L 9/14) is about the cryptographic core — how to encrypt so that search is possible and efficient. The other is about the operational shape: a client-side microservice that mediates between the application and the encrypted store. Together they describe not just an algorithm but an architecture.

The hard part searchable encryption always has to confront is leakage. Even when the data and query stay encrypted, the pattern of which encrypted records a query touches can leak information to an observer who watches enough queries. The “efficient” in both titles is doing real work — efficiency and leakage are in tension, and the engineering is in choosing where on that curve to sit.

Per the desk's discipline: both are granted patents (kind code B1, indicating no pre-grant publication), not pending applications, and they claim methods and a service architecture rather than a specific shipped feature. CyberArk's secrets-management business is the obvious context for why a vendor there would want to search encrypted vaults.

For the portfolio reader, the lesson echoes the homomorphic and MPC stories: the practical privacy-preserving-computation patents in this era come from operating security vendors solving a concrete product problem — here, “how do I let customers query their secrets without ever decrypting them server-side” — not from abstract research alone.