公开(公告)号：US20200092094A1

公开(公告)日：2020-03-19

申请号：US15943142

申请日：2018-04-02

Applicant: International Business Machines Corporation

Inventor： Jason K. Resch ,  Hugo M. Krawczyk

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/32

Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device processes an input value in accordance with a Threshold Partially-Oblivious Pseudorandom Function (TP-OPRF) blinding operation to generate a blinded input. The computing device then selects a threshold number of shareholder computing devices that are associated with a Key Management System (KMS) service and transmits the blinded input to them. The computing device then receives at least a threshold number of blinded output components from at least some of the shareholder computing devices and processes them to generate a blinded output. The computing device then processes the blinded output in accordance with a TP-OPRF unblinding operation to generate a key.

公开(公告)号：US20200067707A1

公开(公告)日：2020-02-27

申请号：US16109856

申请日：2018-08-23

Applicant: International Business Machines Corporation

Inventor： Jason K. Resch ,  Hugo M. Krawczyk

IPC: H04L9/08

Abstract: A computing device implements a key management system (KMS), and includes an interface, memory, and processing circuitry that executes operational instructions to maintain structured key parameters and a generating procedure associated with associated with a structured key. The generating procedure produces the structured key from an Oblivious Pseudorandom Function (OPRF) output, and the structured key parameters. The computing device receives a blinded value associated with the structured key from a requesting computing device, processes the blinded value using an OPRF secret to generate a blinded OPRF output, and returns the blinded OPRF output, the generating procedure, and the structured key parameters to the requesting computing device, which uses that information to generate the requested structured key.

公开(公告)号：US09852306B2

公开(公告)日：2017-12-26

申请号：US13958739

申请日：2013-08-05

Applicant: International Business Machines Corporation

Inventor： Charles D. Cash ,  Stanislaw Jarecki ,  Charanjit S. Jutla ,  Hugo M. Krawczyk ,  Marcel C. Rosu ,  Michael Steiner

IPC: H04L29/06 ,  G06F21/62 ,  G06F21/33 ,  H04L9/08

CPC classification number: G06F21/6227 ,  G06F21/335 ,  G06F2221/2141 ,  G06F2221/2149 ,  H04L9/0894 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/168

Abstract: A method comprises receiving a first cryptographic token for one search term and a second cryptographic token is generated using the one search term and at least another search term. A first search is conducted using the first cryptographic token to generate a first result set, and the second cryptographic token is used for computing a subset of results of the first result set.

公开(公告)号：US20170242924A1

公开(公告)日：2017-08-24

申请号：US15476058

申请日：2017-03-31

Applicant: International Business Machines Corporation

Inventor： Charles D. Cash ,  Stanislaw Jarecki ,  Charanjit S. Jutla ,  Hugo M. Krawczyk ,  Marcel C. Rosu ,  Michael Steiner

IPC: G06F17/30 ,  G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6218 ,  G06F17/30864 ,  G06F21/602

Abstract: A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query.

公开(公告)号：US20170155504A1

公开(公告)日：2017-06-01

申请号：US15429590

申请日：2017-02-10

Applicant: International Business Machines Corporation

Inventor： Camit Hazay ,  Ashish Jagmohan ,  Demijan Klinc ,  Hugo M. Krawczyk ,  Tal Rabin

IPC: H04L9/06 ,  H04L29/06

CPC classification number: H04L9/0637 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0819 ,  H04L9/32 ,  H04L63/0428 ,  H04L69/04 ,  H04L2209/24 ,  H04L2209/30

Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.

公开(公告)号：US20160127130A1

公开(公告)日：2016-05-05

申请号：US14993577

申请日：2016-01-12

Applicant: International Business Machines Corporation

Inventor： Camit Hazay ,  Ashish Jagmohan ,  Demijan Klinc ,  Hugo M. Krawczyk ,  Tal Rabin

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/0637 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0819 ,  H04L9/32 ,  H04L63/0428 ,  H04L69/04 ,  H04L2209/24 ,  H04L2209/30

Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.

公开(公告)号：US20150039903A1

公开(公告)日：2015-02-05

申请号：US13958730

申请日：2013-08-05

Applicant: International Business Machines Corporation

Inventor： Charles D. Cash ,  Stanislaw Jarecki ,  Charanjit S. Jutla ,  Hugo M. Krawczyk ,  Marcel C. Rosu ,  Michael Steiner

IPC: G06F17/30 ,  G06F21/60

CPC classification number: G06F21/6218 ,  G06F17/30864 ,  G06F21/602

Abstract: A method for encrypting a database includes the following step. Keywords in the database are encrypted to obtain encrypted search tags for the keywords. A table of reverse indices is generated for the encrypted search tags. A table of cross keyword indices is generated. A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query. Such methods mask query data and the actual composition of the database to reduce computation complexity and privacy leakage.

Abstract translation: 一种用于加密数据库的方法包括以下步骤。 数据库中的关键字被加密以获得关键字的加密搜索标签。 生成加密搜索标签的反向索引表。 生成交叉关键字索引表。 用于在加密数据库中搜索的方法包括以下步骤。 搜索被形成为两个或更多个原子搜索查询的结合。 其中一个连接被选为主要的原子搜索查询。 使用主要原子搜索查询和辅助原子搜索查询生成辅助原子搜索查询的搜索功能。 这种方法掩盖查询数据和数据库的实际组合，以减少计算复杂度和隐私泄漏。