OBLIVIOUS TRANSFER WITH ACCESS CONTROL
First Claim
1. A computer system comprising:
- a database server (DB) comprising publishing means to publish an encrypted form (ω
DB) of a database (DBase), the database (DBase) comprising at least one record with an associated index and a list of access-control attributes for each record;
at least one user (U_1, U_2, . . . , U_M) of the database (DBase); and
an Issuer (I) comprising means to provide a credential for each access-control attribute of the database (DBase), which is assigned to the at least one user (U_1, U_2, . . . , U_M);
whereinthe publishing means being responsive to database encryption means, the database encryption means comprising;
key generation means to generate an encryption key for a record such that the encryption key is derived from at least the index of the record and the access-control attributes and a secret key of the database server (DB); and
record encryption means responsive to the key generation means to encrypt a database record with the encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
A protocol for anonymous access to a database where the different records have different access control permissions is described. The permissions can be attributes, roles or rights that an authorized user needs to have to access the record. The database provider does not learn which record the user accesses and which attributes or roles the user has when she accesses the database. The database provider publishes the encrypted database where each record is encrypted with a key that is derived from at least the index of the record, its access control attributes and a secret key of the database provider. The user obtains a credential from an issuer for each access control attribute (ACL) that is associated with the user. Then the user retrieves the key for a particular record from the database provider and uses this key to decrypt the encrypted record.
59 Citations
5 Claims
-
1. A computer system comprising:
-
a database server (DB) comprising publishing means to publish an encrypted form (ω
DB) of a database (DBase), the database (DBase) comprising at least one record with an associated index and a list of access-control attributes for each record;at least one user (U_1, U_2, . . . , U_M) of the database (DBase); and an Issuer (I) comprising means to provide a credential for each access-control attribute of the database (DBase), which is assigned to the at least one user (U_1, U_2, . . . , U_M); wherein the publishing means being responsive to database encryption means, the database encryption means comprising; key generation means to generate an encryption key for a record such that the encryption key is derived from at least the index of the record and the access-control attributes and a secret key of the database server (DB); and record encryption means responsive to the key generation means to encrypt a database record with the encryption key. - View Dependent Claims (2)
-
-
3. A method for anonymously reading records from a database (DBase) provided by a database server (DB), wherein the database (DBase) comprises at least one record with an associated index and a list of access-control attributes for each record, and wherein the database provider (DB) publishes an encrypted form (ω
-
DB) of the database (DBase), and wherein at least one user (U_1, U_2, . . . , U_M) of the database (DBase) obtains credentials from an Issuer (I) for each access-control attribute which is assigned to the at least one user (U_1, U_2, . . . , U_M),
wherein for each record in the encrypted form (ω
DB) of the database (DBase) performing;generating (620) a key that is derived from at least the index of the record and the access-control attributes and a secret key of the database server (DB); and encrypting (620) the record with the key. - View Dependent Claims (4, 5)
-
DB) of the database (DBase), and wherein at least one user (U_1, U_2, . . . , U_M) of the database (DBase) obtains credentials from an Issuer (I) for each access-control attribute which is assigned to the at least one user (U_1, U_2, . . . , U_M),
Specification