Dynamic channels in secure queries and analytics

US 10,721,057 B2
Filed: 01/19/2018
Issued: 07/21/2020
Est. Priority Date: 01/20/2017
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving at one or more servers an encrypted analytic from one or more clients, the analytic encrypted using a homomorphic encryption scheme utilizing dynamic channel techniques;

evaluating the encrypted analytic over a target data source without decrypting the encrypted analytic;

grouping similar result elements of encrypted analytic evaluation;

dynamically resizing and encoding the similar result elements into grouped byte channels of data elements using the dynamic channel techniques;

evaluating the encrypted analytic over each of the dynamic byte channels of data elements to generate an encrypted response, without decrypting the encrypted response and without decrypting the encrypted analytic;

sending the encrypted response from the one or more servers to the one or more clients; and

decrypting and performing channel extraction at the one or more clients using channel extraction techniques associated with the dynamic channel techniques to obtain results of the analytic from the encrypted response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for end-to-end encryption and dynamic resizing and encoding into grouped byte channels are described herein. A query is homomorphically encrypted at a client using dynamic channel techniques. The encrypted query is sent without a private key to a server for evaluation over target data to generate encrypted response without decrypting the encrypted query. The result elements of the encrypted response are grouped, co-located, and dynamically resized and encoded into grouped byte channels using the dynamic channel techniques, without decrypting the encrypted query or the encrypted response. The encrypted response is sent to the client where the client uses the private key and channel extraction techniques associated with the dynamic channel techniques to decrypt and perform channel extraction on the encrypted response to obtain the results of the query without revealing the query or results to a target data owner, an observer, or an attacker.

172 Citations

20 Claims

1. A method comprising:
- receiving at one or more servers an encrypted analytic from one or more clients, the analytic encrypted using a homomorphic encryption scheme utilizing dynamic channel techniques;
  
  evaluating the encrypted analytic over a target data source without decrypting the encrypted analytic;
  
  grouping similar result elements of encrypted analytic evaluation;
  
  dynamically resizing and encoding the similar result elements into grouped byte channels of data elements using the dynamic channel techniques;
  
  evaluating the encrypted analytic over each of the dynamic byte channels of data elements to generate an encrypted response, without decrypting the encrypted response and without decrypting the encrypted analytic;
  
  sending the encrypted response from the one or more servers to the one or more clients; and
  
  decrypting and performing channel extraction at the one or more clients using channel extraction techniques associated with the dynamic channel techniques to obtain results of the analytic from the encrypted response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising co-locating two or more result elements of the target data source on the same server.
  - 3. The method of claim 1, further comprising co-locating two or more groups of result elements on the same server based on a probability that the result elements are similar.
  - 4. The method of claim 1, further comprising converting the grouped result elements into byte streams.
  - 5. The method of claim 1, wherein grouping result elements of the target data source is based on a probability that the result elements are similar.
  - 6. The method of claim 1, wherein the analytic is a model.
  - 7. The method of claim 1, wherein the homomorphic encryption scheme is Paillier encryption.
  - 8. The method of claim 1, wherein the analytic is a chain of series of operations to be performed over the target data source.

9. A system comprising:
- a client configured to;
  
  encrypt an analytic using a homomorphic encryption scheme that utilizes data channel techniques and an encryption key associated with the homomorphic encryption scheme,send the encrypted analytic to a server without the encryption key, decrypt an encrypted response using the homomorphic encryption scheme and the encryption key, andperform channel extraction on the encrypted response using channel extraction techniques associated with dynamic channel techniques; and
  
  the server configured to;
  
  receive the encrypted analytic without the encryption key from the client via a network,evaluate the encrypted analytic over a target data source without decrypting the encrypted analytic,group similar result elements of the target data source evaluation,dynamically resize and encode the similar result elements into grouped byte channels of data elements using the dynamic channel techniques,evaluate the encrypted analytic over each dynamic byte channel of data elements to generate the encrypted response, without decrypting the encrypted analytic and without decrypting the encrypted response, andsend the encrypted response to the client for decryption and channel extraction on the encrypted response to obtain results of the analytic over the target data source.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the server is further configured to co-locate similar result elements from another server.
  - 11. The system of claim 9, wherein the client is further configured to perform channel extraction on the encrypted response to obtain the result of evaluating the analytic over the target data source.
  - 12. The system of claim 9, wherein the server is further configured convert the result elements into byte streams.
  - 13. The system of claim 9, wherein the result elements are grouped based on a probability that the result elements are similar.
  - 14. The system of claim 9, wherein the analytic is a query.
  - 15. The system of claim 9, wherein the analytic is a chain of series of operations to be performed over the target data source.

16. A non-transitory computer readable storage media having a program embodied thereon, the program being executable by a processor to perform a method for secure analytics of a target data source, the method comprising:
- receiving an encrypted analytic from a client via a network, the analytic encrypted at the client using a homomorphic encryption scheme and a public encryption key that utilize data channel techniques, the encrypted analytic received without a corresponding private encryption key;
  
  evaluating the encrypted analytic over the target data source to generate encrypted result elements without decrypting the encrypted analytic;
  
  grouping similar result elements of the encrypted analytic evaluation without decrypting the result elements;
  
  dynamically resizing and encoding the similar result elements into grouped byte channels of data elements using the data channel techniques;
  
  evaluating the encrypted analytic over each dynamic byte channel of data elements to generate an encrypted response having a reduced size, without decrypting the encrypted analytic and without decrypting the encrypted response; and
  
  sending the encrypted response to the client, the encrypted response configured for decryption and channel extraction using channel extraction techniques associated with the dynamic data channel techniques, to obtain a result of the encrypted response.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising co-locating two or more groups of result elements on a server based on a probability that the result elements are similar.
  - 18. The method of claim 16, further comprising converting the grouped result elements into byte streams.
  - 19. The method of claim 16, wherein grouping result elements of the target data source is based on a probability that the result elements are similar.
  - 20. The method of claim 16, wherein the analytic is a query.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Enveil, Inc.
Original Assignee
Enveil, Inc.
Inventors
Carr, Ryan
Primary Examiner(s)
Poltorak, Piotr

Application Number

US15/876,063
Publication Number

US 20180270046A1
Time in Patent Office

914 Days
Field of Search
US Class Current
CPC Class Codes

G06F 1/0307   Logarithmic or exponential ...

G06F 7/552   Powers or roots , e.g. Pyth...

G06F 7/723   Modular exponentiation G06F...

G06F 7/728   using Montgomery reduction

G06F 9/30014   with variable precision

H03M 7/24   Conversion to or from float...

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 9/008   involving homomorphic encry...

H04L 9/30   Public key, i.e. encryption...

Dynamic channels in secure queries and analytics

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

172 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic channels in secure queries and analytics

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

172 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links