Information integration across autonomous enterprises
First Claim
Patent Images
1. A method comprising:
- using a computer to process a query spanning a first database accessible by a first computer client and a second database accessible by a second computer client, the first database containing a first table containing a first set of values, and the second database containing a second table containing a second set of values;
executing specific information-limiting protocols according to a query type to produce a query answer, wherein said protocols process equijoin queries,wherein a equijoin query includes;
references to the first computer client and the second computer client;
hash functions configured to be applied to sets of the first and second computer clients;
a secret key assigned to the first computer client and two secret keys assigned to the second computer client;
an encrypted hashed set of the first computer client;
a reordered and encrypted hashed set of the first computer client assigned to the second computer client; and
a set encrypted with both of the secret keys of the second computer client assigned to the first computer client as 3-tuples;
returning the query answer to the first computer client so that the first computer client learns from the query answer an intersection of the first set of values and the second set of values, and a cardinality of the second set of values;
learning by the first computer client the distribution of duplicates in the second table; and
revealing the query to the second computer client so that the second computer client learns from the query a cardinality of the first set of values.
0 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product for processing a query spanning separate databases while revealing only minimal information beyond a query answer, by executing only specific information-limiting protocols according to query type.
28 Citations
9 Claims
-
1. A method comprising:
-
using a computer to process a query spanning a first database accessible by a first computer client and a second database accessible by a second computer client, the first database containing a first table containing a first set of values, and the second database containing a second table containing a second set of values; executing specific information-limiting protocols according to a query type to produce a query answer, wherein said protocols process equijoin queries, wherein a equijoin query includes; references to the first computer client and the second computer client; hash functions configured to be applied to sets of the first and second computer clients; a secret key assigned to the first computer client and two secret keys assigned to the second computer client; an encrypted hashed set of the first computer client; a reordered and encrypted hashed set of the first computer client assigned to the second computer client; and a set encrypted with both of the secret keys of the second computer client assigned to the first computer client as 3-tuples; returning the query answer to the first computer client so that the first computer client learns from the query answer an intersection of the first set of values and the second set of values, and a cardinality of the second set of values; learning by the first computer client the distribution of duplicates in the second table; and revealing the query to the second computer client so that the second computer client learns from the query a cardinality of the first set of values. - View Dependent Claims (2, 3, 4)
-
-
5. A general purpose computer system programmed with instructions comprising:
-
processing a query spanning a first database accessible by a first computer client and a second database accessible by a second computer client, the first database containing a first table containing a first set of values, and the second database containing a second table containing a second set of values; executing specific information-limiting protocols according to a query type to produce a query answer, wherein said protocols process equijoin queries, wherein an equijoin query includes; the first and second computer clients; hash functions configured to be applied to the sets of the first and second computer clients; a secret key assigned to the first computer client and two secret keys assigned to the second computer client; an encrypted hashed set of the first computer client; a reordered and encrypted hashed set of the first computer client assigned to the second computer client; and a set encrypted with both of the secret keys of the second computer client assigned to the first computer client as 3-tuples; randomly choosing a secret key and encrypting a hashed second set of values; returning the query answer to the first computer client so that the first computer client learns from the query answer an intersection of the first set of values and the second set of values, extra information for values in the intersection, and a cardinality of the second set of values; and revealing the query to the second computer client so that the second computer client learns from the query a cardinality of the first set of values. - View Dependent Claims (6, 7, 8)
-
-
9. A computer program product comprising a machine-readable medium having computer-executable program instructions thereon comprising:
-
code for a query spanning a first database accessible by a first computer client and a second database accessible by a second computer client, the first database containing a first table containing a first set of values, and the second database containing a second table containing a second set of values; code for executing specific information-limiting protocols according to a query type to produce a query answer, wherein said protocols process equijoin queries, wherein an equijoin query includes; the first and second computer clients; hash functions configured to be applied to the sets of the first and second computer clients; a secret key assigned to the first computer client and two secret keys assigned to the second computer client; an encrypted hashed set of the first computer client; a reordered and encrypted hashed set of the first computer client assigned to the second computer client; a set encrypted with both of the secret keys of the second computer client assigned to the first computer client as 3-tuples; code for returning the query answer to the first computer client so that the first computer client learns from the query answer a cardinality of an intersection of the first set of values and the second set of values, and a cardinality of the second set of values; and code for revealing the query to the second computer client so that the second computer client learns from the query a cardinality of the first set of values.
-
Specification