Confidential computation system, confidential computation method, and confidential computation program
US-9276734-B2 · Mar 1, 2016 · US
Secure data analytics
US9729525B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9729525-B1 |
| Application number | US-201514753453-A |
| Country | US |
| Kind code | B1 |
| Filing date | Jun 29, 2015 |
| Priority date | Jun 29, 2015 |
| Publication date | Aug 8, 2017 |
| Grant date | Aug 8, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques of performing queries involve adapting a query to whether query data is encrypted. Along these lines, a data sensitivity policy defines which types of data is encrypted prior to storage in a data analytics database and which other types of data remain unencrypted. When a client formulates a query, the client encrypts a query input and then conceals the encrypted query input and query function to form concealed query logic. When the concealed query logic is received by a data analytics server, the data analytics server determines whether the query data to be input into the concealed query logic is encrypted or unencrypted. If the query data is unencrypted, then the concealed query logic is unconcealed and the query input unencrypted so that the data analytics server may evaluate the query function without concealment to produce a query result.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of performing a query, the method comprising: receiving, by processing circuitry, bits representing concealed query logic, the concealed query logic being generated from a query function and encrypted query input, the encrypted query input being produced by an encryption operation on query input; and in response to unencrypted query data being input into the concealed query logic: performing an unconcealing operation on the concealed query logic to produce the query function and the query input; and inputting the unencrypted query data and the query input into the second query function to produce a readable query result; and in response to encrypted query data being input into the concealed query logic, producing, by the processing circuitry, a concealed query result based on the encrypted query data and the concealed query logic, the concealed query result, when unconcealed, producing an encrypted query result. 2. A method as in claim 1 , further comprising, prior to receiving the bits representing the concealed query logic, providing each of a set of query data with an encryption bit indicating whether that query datum is encrypted. 3. A method as in claim 1 , further comprising, prior to receiving the bits representing the concealed query logic: receiving (i) data from external data sources and (ii) a data sensitivity policy indicating conditions under which data is encrypted; encrypting a portion of the data received from the external data sources according to the conditions indicated by the data sensitivity policy. 4. A method as in claim 1 , wherein the query function is represented by a set of truth tables, each of the set of truth tables having entries, each entry of that truth table having a value of a server bit, a value of an input bit, and a value of an output bit, wherein the concealed query logic includes, for each of the set of truth tables representing the query function, a respective concealed truth table, the respective concealed truth table replacing the values of the server bits and the client bits of that truth table with random binary strings and replacing the values of the output bits with encrypted binary strings, each of the encrypted binary strings resulting from a respective encryption operation on one of two possible output bitstrings, and wherein performing an unconcealing operation on the concealed query logic includes, for each of the set of truth tables, producing that truth table from the respective concealed truth table. 5. A method as in claim 4 , wherein producing each of the set of truth tables from the respective concealed truth tables includes: sending a message to a client computer, the message including (i) the bits representing the concealed query logic and (ii) an indicator indicating that the query data input into the concealed query logic is unencrypted; and receiving, from the client computer, the query function and the query input. 6. An electronic system constructed and arranged to perform a query, the electronic system comprising: a client computer; and a server computer including a network interface, memory, and controlling circuitry coupled to the memory, the controlling circuitry being constructed and arranged to: receive bits representing concealed query logic, the concealed query logic being generated from a query function and encrypted query input, the encrypted query input being produced by an encryption operation on query input; and in response to unencrypted query data being input into the concealed query logic: perform an unconcealing operation on the concealed query logic to produce the query function and the query input; and input the unencrypted query data and the query input into the second query function to produce a readable query result; and in response to encrypted query data being input into the concealed query logic, produce, by the processing circuitry, a concealed query result based on the encrypted query data and the concealed query logic, the concealed query result, when unconcealed, producing an encrypted query result. 7. An electronic system as in claim 6 , wherein the controlling circuitry is further constructed and arranged to, prior to receiving the bits representing the concealed query logic, provide each of a set of query data with an encryption bit indicating whether that query datum is encrypted. 8. An electronic system as in claim 6 , wherein the controlling circuitry is further constructed and arranged to, prior to receiving the bits representing the concealed query logic: receive (i) data from external data sources and (ii) a data sensitivity policy indicating conditions under which data is encrypted; encrypt a portion of the data received from the external data sources according to the conditions indicated by the data sensitivity policy. 9. An electronic system as in claim 6 , wherein the query function is represented by a set of truth tables, each of the set of truth tables having entries, each entry of that truth table having a value of a server bit, a value of an input bit, and a value of an output bit, wherein the concealed query logic includes, for each of the set of truth tables representing the query function, a respective concealed truth table, the respective concealed truth table replacing the values of the server bits and the client bits of that truth table with random binary strings and replacing the values of the output bits with encrypted binary strings, each of the encrypted binary strings resulting from a respective encryption operation on one of two possible output bitstrings, and wherein the controlling circuitry constructed and arranged to perform an unconcealing operation on the concealed query logic is further constructed and arranged to, for each of the set of truth tables, produce that truth table from the respective concealed truth table. 10. An electronic system as in claim 9 , wherein the controlling circuitry constructed and arranged to produce each of the set of truth tables from the respective concealed truth tables is further constructed and arranged to: send a message to a client computer, the message including (i) the bits representing the concealed query logic and (ii) an indicator indicating that the query data input into the concealed query logic is unencrypted; and receive, from the client computer, the query function and the query input. 11. A computer program product including a non-transitory, computer-readable storage medium which stores executable code, which when executed by a client computer, causes the client computer to perform a method of performing a query, the method comprising: receiving, by processing circuitry, bits representing concealed query logic, the concealed query logic being generated from a query function and encrypted query input, the encrypted query input being produced by an encryption operation on query input; and in response to unencrypted query data being input into the concealed query logic: performing an unconcealing operation on the concealed query logic to produce the query function and the query input; and inputting the unencrypted query data and the unencrypted query input into the second query function to produce a readable query result; and in response to encrypted query data being input into the concealed query logic, producing, by the processing circuitry, a concealed query result based on the encrypted query data and the concealed query logic, the concealed query result, when unconcealed, producing an encrypted query result. 12. A computer program product as in claim 11 , wherein the method further comprises, prior to receiving the bits representing
Assignees
Inventors
Classifications
- G06F16/951Primary
Indexing; Web crawling techniques · CPC title
- H04L63/0457Primary
wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption (cryptographic mechanisms or cryptographic arrangements for stream encryption H04L9/065) · CPC title
- G06F21/6227Primary
where protection concerns the structure of data, e.g. records, types, queries · CPC title
Physics · mapped topic
- H04L63/0471Primary
applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9729525B1 cover?
- Techniques of performing queries involve adapting a query to whether query data is encrypted. Along these lines, a data sensitivity policy defines which types of data is encrypted prior to storage in a data analytics database and which other types of data remain unencrypted. When a client formulates a query, the client encrypts a query input and then conceals the encrypted query input and query…
- Who is the assignee on this patent?
- Kolman Eyal, Kaufman Alon, Emc Ip Holding Co Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F16/951. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 08 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).