Homomorphic computations on encrypted data within a distributed computing environment
US-2020244435-A1 · Jul 30, 2020 · US
Homomorphic encryption offload for lightweight devices
US12452031B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12452031-B2 |
| Application number | US-202318158657-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 24, 2023 |
| Priority date | Dec 2, 2020 |
| Publication date | Oct 21, 2025 |
| Grant date | Oct 21, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are systems, methods, devices, and computer-readable media for offloading lattice-based cryptographic operations to hybrid cloud computing system. In one embodiment, a method is disclosed comprising receiving a first network request from a client device via a secure application programming interface (API), the request including unencrypted data; encrypting the unencrypted data using an algorithm that generates homomorphically encrypted data; issuing a second network request to a second API of a cloud platform, the second network request including the encrypted data; receiving a response from the cloud platform in response to the second network request; and transmitting, in response to the first network request, a result to the client device based on the response, the result obtained by decrypting an encrypted output returned by the cloud platform.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, at an edge node of a cellular network, an unencrypted data from a client device; retrieving, by the edge node, a homomorphic encryption (HE) key associated with the client device, the HE key synchronized with at least one other edge node in the cellular network; encrypting, by the edge node, the unencrypted data using the HE key to generate encrypted data; transmitting, by the edge node, the encrypted data to a cloud platform; transmitting, by the edge node, a response URL to the client device, the response URL received from the cloud platform; retrieving, by the edge node, encrypted response data from the response URL in response to a request from the client device, the encrypted response data comprising an output of a homomorphic operation performed on the encrypted data by the cloud platform without decrypting the encrypted data; decrypting, by the edge node, the encrypted response data; and returning, by the edge node, the decrypted data to the client device. 2. The method of claim 1 , wherein encrypting the unencrypted data comprises executing an HE algorithm in a secure computing environment. 3. The method of claim 2 , wherein encrypting the unencrypted data using the HE algorithm comprises retrieving the HE key from the secure computing environment. 4. The method of claim 1 , wherein transmitting the encrypted data to the cloud platform comprises initiating a subscription with the cloud platform and wherein responsive data from the cloud platform comprises receiving a notification via the subscription. 5. The method of claim 1 , wherein retrieving encrypted responsive data further comprises: receiving a response code and using the response code as a return value; receiving an out-of-band request for the responsive data from a computing device; and confirming that the computing device is authorized to receive the responsive data. 6. The method of claim 1 , further comprising: receiving, by the edge node, one or more HE keys from the client device before receiving the unencrypted data; and sealing, by the edge node, the one or more HE keys in a secure computing environment. 7. The method of claim 1 , further comprising: receiving, by the edge node, a request to provision an HE key from the client device before receiving the unencrypted data; and generating, by the edge node, the HE key in response to the request. 8. A non-transitory computer-readable storage medium for tangibly storing computer program instructions capable of being executed by a computer processor of an edge node in a cellular network, the computer program instructions defining steps of: receiving an unencrypted data from a client device; retrieving a homomorphic encryption (HE) key associated with the client device, the HE key synchronized with at least one other edge node in the cellular network; encrypting the unencrypted data using the HE key to generate encrypted data; and transmitting the encrypted data to a cloud platform; transmitting a response URL to the client device, the response URL received from the cloud platform; retrieving encrypted response data from the response URL in response to a request from the client device, the encrypted response data comprising an output of a homomorphic operation performed on the encrypted data by the cloud platform without decrypting the encrypted data; decrypting the encrypted response data; and returning the decrypted data to the client device. 9. The non-transitory computer-readable storage medium of claim 8 , wherein encrypting the unencrypted data comprises executing an HE algorithm in a secure computing environment. 10. The non-transitory computer-readable storage medium of claim 9 , wherein encrypting the unencrypted data using the HE algorithm comprises retrieving the HE key from the secure computing environment. 11. The non-transitory computer-readable storage medium of claim 8 , the step further comprising: receiving one or more HE keys from the client device before receiving the unencrypted data; and sealing the one or more HE keys in a secure computing environment. 12. The non-transitory computer-readable storage medium of claim 8 , the steps further comprising: receiving a request to provision an HE key from the client device before receiving the unencrypted data; and generating the HE key in response to the request. 13. A device comprising: a processor configured to execute program logic at an edge node of a cellular network, the program logic comprising: logic, executed by the processor, for receiving an unencrypted data from a client device, logic, executed by the processor, for retrieving a homomorphic encryption (HE) key associated with the client device, the HE key synchronized with at least one other edge node in the cellular network, logic, executed by the processor, for encrypting the unencrypted data using the HE key to generate encrypted data, logic, executed by the processor, for transmitting the encrypted data to a cloud platform, logic, executed by the processor, for transmitting a response URL to the client device, the response URL received from the cloud platform, logic, executed by the processor, for retrieving encrypted response data from the response URL in response to a request from the client device, the encrypted response data comprising an output of a homomorphic operation performed on the encrypted data by the cloud platform without decrypting the encrypted data, logic, executed by the processor, for decrypting the encrypted response data, and logic, executed by the processor, for returning the decrypted data to the client device. 14. The device of claim 13 , wherein encrypting the unencrypted data comprises executing an HE algorithm in a secure computing environment. 15. The device of claim 13 , the program logic further comprising: logic, executed by the processor, for receiving one or more HE keys from the client device before receiving the unencrypted data; and logic, executed by the processor, for sealing the one or more HE keys in a secure computing environment. 16. The device of claim 13 , the program logic further comprising: logic, executed by the processor, for receiving a request to provision an HE key from the client device before receiving the unencrypted data; and logic, executed by the processor, for generating the HE key in response to the request. 17. The method of claim 1 , wherein the edge node performs the encrypting of the unencrypted data via an offload API exposed to client devices. 18. The method of claim 1 , wherein the edge node is part of an encryption as a service platform managing encryption and decryption. 19. The non-transitory computer-readable storage medium of claim 8 , wherein the edge node performs the encrypting of the unencrypted data via an offload API exposed to client devices. 20. The device of claim 13 , wherein the edge node performs the encrypting of the unencrypted data via an offload API exposed to client devices.
Assignees
Inventors
Classifications
Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) (network architectures or network communication protocols for key distribution in a packet data network H04L63/062) · CPC title
Providing cryptographic facilities or services · CPC title
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12452031B2 cover?
- Disclosed are systems, methods, devices, and computer-readable media for offloading lattice-based cryptographic operations to hybrid cloud computing system. In one embodiment, a method is disclosed comprising receiving a first network request from a client device via a secure application programming interface (API), the request including unencrypted data; encrypting the unencrypted data using a…
- Who is the assignee on this patent?
- Verizon Patent & Licensing Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/008. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 21 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).