-
公开(公告)号:US20150156178A1
公开(公告)日:2015-06-04
申请号:US14581055
申请日:2014-12-23
Applicant: International Business Machines Corporation
Inventor: Camit Hazay , Ashish Jagmohan , Demijan Klinc , Hugo M. Krawczyk , Tal Rabin
CPC classification number: H04L9/0637 , G06F2221/2107 , H04L9/0618 , H04L9/0819 , H04L9/32 , H04L63/0428 , H04L69/04 , H04L2209/24 , H04L2209/30
Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.
Abstract translation: 公开了一种用于压缩加密数据的方法,系统和计算机程序产品,其中通过使用链式操作模式中的块加密算法来加密数据,并且加密数据由一组N个加密块C1组成。 。 。 CN。 在一个实施例中,该方法包括将块CN未压缩,并压缩所有块C1。 。 。 CN以定义的顺序使用Slepian-Wolf代码。 在一个实施例中,使用加密密钥K对数据进行加密,并且压缩包括压缩所有块C1。 。 。 CN,而不使用加密密钥。 在一个实施例中,压缩包括输出块C1。 。 。 CN作为一组压缩块CmprC1。 。 。 CmprCN-1,并且所述方法还包括解密CN以生成重构块{(t)),并且使用{tilde over(X)} n来解密和解压缩该组压缩块。
-
12.发明授权公开(公告)号:US10887293B2
公开(公告)日:2021-01-05
申请号:US15926883
申请日:2018-03-20
Applicant: International Business Machines Corporation
Inventor: Jason K. Resch , Hugo M. Krawczyk , Mark D. Seaborn , Nataraj Nagaratnam , Erlander Lo
Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device generates a sub-key identifier based on a data ID, which is based on unique ID value(s) associated with an encrypted data object, and a requester secret. The computing device processes the sub-key identifier in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded input and an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., Key Management System (KMS) service) and receives a blinded sub-key therefrom. The computing device processes the blinded sub-key in accordance with an OPRF unblinding operation to generate the key and accesses secure data thereby.
-
公开(公告)号:US20190356475A1
公开(公告)日:2019-11-21
申请号:US15979937
申请日:2018-05-15
Applicant: International Business Machines Corporation
Inventor: Jason K. Resch , Hugo M. Krawczyk , Patricia Sagmeister , Martin Schmatz , Mark D. Seaborn
Abstract: A computing device is configured to divide an Oblivious Pseudorandom Function (OPRF) key to generate a plurality of N partial keys, distribute a respective one of the plurality of N partial keys to a corresponding plurality of N Key Management System (KMS) units. The computing device receives from a threshold number T of KMS units, a plurality T partial blinded keys, wherein the plurality T partial blinded keys are based on processing of a value of a blinded key received by a respective KMS unit and a corresponding stored partial key of the N partial keys, combines the plurality T of partial blinded keys into the blinded key, processes the blinded key based on the blinding key in accordance with an OPRF unblinding operation to generate a key and accesses secure information based on the key.
-
14.发明申请公开(公告)号:US20190297064A1
公开(公告)日:2019-09-26
申请号:US15926883
申请日:2018-03-20
Applicant: International Business Machines Corporation
Inventor: Jason K. Resch , Hugo M. Krawczyk , Mark D. Seaborn , Nataraj Nagaratnam , Erlander Lo
Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device generates a sub-key identifier based on a data ID, which is based on unique ID value(s) associated with an encrypted data object, and a requester secret. The computing device processes the sub-key identifier in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded input and an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., Key Management System (KMS) service) and receives a blinded sub-key therefrom. The computing device processes the blinded sub-key in accordance with an OPRF unblinding operation to generate the key and accesses secure data thereby.
-
15.发明申请公开(公告)号:US20190296897A1
公开(公告)日:2019-09-26
申请号:US15926822
申请日:2018-03-20
Applicant: International Business Machines Corporation
Inventor: Jason K. Resch , Hugo M. Krawczyk , Martin Schmatz , Mark D. Seaborn , Patricia Sagmeister
Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device processes an input value (e.g., associated with a key) based on a blinding key (e.g., homomorphic encryption) to generate a blinded value and generates an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., associated with a Key Management System (KMS) service) and receives a blinded key therefrom that is based on a Partially-Oblivious Pseudorandom Function (P-OPRF). The computing device processes the blinded key based on the blinding key (e.g., homomorphic decryption) to generate the key (e.g., associated with the input value). In some examples, the computing device accesses secure information based on the key.
-
Patent Agency Ranking
公开(公告)号:US10089487B2
公开(公告)日:2018-10-02
申请号:US15476058
申请日:2017-03-31
Applicant: International Business Machines Corporation
Inventor: Charles D. Cash , Stanislaw Jarecki , Charanjit S. Jutla , Hugo M. Krawczyk , Marcel C. Rosu , Michael Steiner
Abstract: A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query.
-
公开(公告)号:US09282082B2
公开(公告)日:2016-03-08
申请号:US14581055
申请日:2014-12-23
Applicant: International Business Machines Corporation
Inventor: Camit Hazay , Ashish Jagmohan , Demijan Klinc , Hugo M. Krawczyk , Tal Rabin
CPC classification number: H04L9/0637 , G06F2221/2107 , H04L9/0618 , H04L9/0819 , H04L9/32 , H04L63/0428 , H04L69/04 , H04L2209/24 , H04L2209/30
Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.
Abstract translation: 公开了一种用于压缩加密数据的方法,系统和计算机程序产品,其中通过使用链式操作模式中的块加密算法来加密数据,并且加密数据由一组N个加密块C1组成。 。 。 CN。 在一个实施例中,该方法包括将块CN未压缩,并压缩所有块C1。 。 。 CN以定义的顺序使用Slepian-Wolf代码。 在一个实施例中,使用加密密钥K对数据进行加密,并且压缩包括压缩所有块C1。 。 。 CN,而不使用加密密钥。 在一个实施例中,压缩包括输出块C1。 。 。 CN作为一组压缩块CmprC1。 。 。 CmprCN-1,并且所述方法还包括解密CN以生成重构块{(t)),并且使用{tilde over(X)} n来解密和解压缩该组压缩块。
-
公开(公告)号:US11115206B2
公开(公告)日:2021-09-07
申请号:US16109856
申请日:2018-08-23
Applicant: International Business Machines Corporation
Inventor: Jason K. Resch , Hugo M. Krawczyk
IPC: H04L9/08
Abstract: A computing device implements a key management system (KMS), and includes an interface, memory, and processing circuitry that executes operational instructions to maintain structured key parameters and a generating procedure associated with associated with a structured key. The generating procedure produces the structured key from an Oblivious Pseudorandom Function (OPRF) output, and the structured key parameters. The computing device receives a blinded value associated with the structured key from a requesting computing device, processes the blinded value using an OPRF secret to generate a blinded OPRF output, and returns the blinded OPRF output, the generating procedure, and the structured key parameters to the requesting computing device, which uses that information to generate the requested structured key.
-
公开(公告)号:US10887088B2
公开(公告)日:2021-01-05
申请号:US15926822
申请日:2018-03-20
Applicant: International Business Machines Corporation
Inventor: Jason K. Resch , Hugo M. Krawczyk , Martin Schmatz , Mark D. Seaborn , Patricia Sagmeister
Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device processes an input value (e.g., associated with a key) based on a blinding key (e.g., homomorphic encryption) to generate a blinded value and generates an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., associated with a Key Management System (KMS) service) and receives a blinded key therefrom that is based on a Partially-Oblivious Pseudorandom Function (P-OPRF). The computing device processes the blinded key based on the blinding key (e.g., homomorphic decryption) to generate the key (e.g., associated with the input value). In some examples, the computing device accesses secure information based on the key.
-
公开(公告)号:US10833861B2
公开(公告)日:2020-11-10
申请号:US15824405
申请日:2017-11-28
Applicant: International Business Machines Corporation
Inventor: Suresh Chari , Hasini Gunasinghe , Hugo M. Krawczyk , Ashish Kundu , Kapil Kumar Singh , Dong Su
Abstract: A processor-implemented method improves security in a blockchain network of devices by protecting security, privacy and ownership assurance of identity assets, where the blockchain network of devices supports a blockchain. An identity asset provider device establishes co-ownership of an identity asset for an identity asset provider and an entity. The identity asset provider device directs a first member of the blockchain network of devices to associate identities of the identity asset provider and the entity based on their co-ownership of the identity asset by using commitments between the identity asset provider and the entity and based on collaborative proof of ownership of the identity asset using zero knowledge proofs in the blockchain network of devices.
-
-
-
-
-
-
-
-
-
Search Results
27
records
(took 0.027 seconds)
