GRAPH ENCRYPTION
First Claim
1. A method for producing and querying encrypted graph information, the method being implemented using computing functionality, comprising:
- generating a representation of unencrypted graph information, the unencrypted graph information describing relationships among entities within a graph;
encrypting the representation of the unencrypted graph information to produce encrypted graph information;
sending the encrypted graph information to a storage system for storage by the storage system;
generating a token associated with a graph query, the graph query seeking specified information relating to at least one entity in the graph;
sending the token to the storage system; and
receiving, in response to the token, a lookup result from the storage system that provides the specified information,the lookup result being provided without revealing at least aspects of the unencrypted graph information to unauthorized agents, one unauthorized agent being the storage system itself.
2 Assignments
0 Petitions
Accused Products
Abstract
A storage system stores information about a graph in an encrypted form. A query module can submit a token to the storage system to retrieve specified information about the graph, e.g., to determine the neighbors of an entity in the graph, or to determine whether a first entity is connected to a second entity, etc. The storage system formulates its reply to the token in a lookup result. Through this process, the storage system gives selective access to information about the graph to authorized agents, yet otherwise maintains the general secrecy of the graph from the perspective of unauthorized agents, including the storage system itself. A graph processing module can produce encrypted graph information by encrypting any representation of the graph, such as an adjacency matrix, an index, etc.
-
Citations
20 Claims
-
1. A method for producing and querying encrypted graph information, the method being implemented using computing functionality, comprising:
-
generating a representation of unencrypted graph information, the unencrypted graph information describing relationships among entities within a graph; encrypting the representation of the unencrypted graph information to produce encrypted graph information; sending the encrypted graph information to a storage system for storage by the storage system; generating a token associated with a graph query, the graph query seeking specified information relating to at least one entity in the graph; sending the token to the storage system; and receiving, in response to the token, a lookup result from the storage system that provides the specified information, the lookup result being provided without revealing at least aspects of the unencrypted graph information to unauthorized agents, one unauthorized agent being the storage system itself. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A storage system implemented using computing functionality, comprising:
-
a storage module for storing encrypted graph information, the encrypted graph information associated with a graph; and a lookup module for processing a graph query submitted by a query module, comprising; logic configured to receive a token associated with the graph query, the graph query seeking specified information from the encrypted graph information relating to at least one entity in the graph; logic configured to perform a lookup operation based on the token and the encrypted graph information to provide a lookup result; and logic configured to send the lookup result to the query module, the lookup result being provided without revealing at least aspects of unencrypted graph information to unauthorized agents. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A computer readable medium for storing computer readable instructions, the computer readable instructions providing an encryption module when executed by one or more processing devices, the computer readable instructions comprising:
-
logic configured to process an input matrix to produce an output matrix, the input matrix including a plurality of input matrix elements and the output matrix including a plurality of output matrix elements that together constitute an output matrix, said logic comprising; logic configured to determine locations of the output matrix element based on respective locations of the input matrix elements; and logic configured to determine values of the output matrix elements based on respective values of the input matrix elements, said processing having an effect of concealing the locations and the values of the input matrix elements. - View Dependent Claims (19, 20)
-
Specification