-
公开(公告)号:US11429750B2
公开(公告)日:2022-08-30
申请号:US16988815
申请日:2020-08-10
Applicant: SAP SE
Inventor: Andreas Fischer , Jonas Janneck , Joern Kussmaul , Florian Kerschbaum
Abstract: Provided is a system and method for executing an encrypted software program within a host platform. The execution may be bifurcated among a trusted module and an untrusted area of the host platform. In one example, the method may include receiving bytecode and encrypted data of a software program, decrypting, via a secure memory area, the encrypted data into decrypted data, executing, via the secure memory area, instructions from the bytecode on the decrypted data to generate execution results, encrypting the generated execution results, and transmitting the encrypted execution results to a remote computing device.
-
公开(公告)号:US11354218B2
公开(公告)日:2022-06-07
申请号:US16867632
申请日:2020-05-06
Applicant: SAP SE
Inventor: Andreas Fischer , Jonas Janneck , Joern Kussmaul , Nikolas Kraetzschmar , Florian Kerschbaum
Abstract: Provided is a system and method for generating a subset of optimal variations of a software program which allow some statements of the control flow to be exposed to side channels. Furthermore, the subset of optimal variations may be selected based on a security and a performance trade-off analysis. In one example, the method may include identifying a set of statements within a control flow of a software program, generating a plurality of variations of the software program which comprise different subsets of statements which are exposed to side channels, respectively, determining one or more pareto-optimal variations of the software program based on side channel leakage values and performance values of the plurality of variations of the software program, and outputting information about the one or more pareto-optimal variations of the software program to a user device.
-
公开(公告)号:US20200320213A1
公开(公告)日:2020-10-08
申请号:US16373066
申请日:2019-04-02
Applicant: SAP SE
Inventor: Benny Fuhry , Jayanth Jain Hassan Ajith Kumar , Florian Kerschbaum
IPC: G06F21/62 , G06F16/2455 , G06F16/248
Abstract: Embodiments offer database security utilizing dictionary encoding, with certain functionality being implemented inside a secure environment, e.g., a Trusted Execution Environment (TEE). In particular, the secure environment receives a secret key from a data owner, and receives an encrypted query range and a dictionary reference from a query engine. Based upon the query range decrypted using the secret key, and also the dictionary loaded from a database, the secure environment searches the dictionary to produce list of value identifiers corresponding to the query range. The value identifiers are communicated outside the secure environment to the query engine for further processing (e.g., to generate RecordIDs), ultimately producing a query result for a user. Particular embodiments may leverage the processing power of an in-memory database engine in order to perform the role of the query engine that interacts with the secure environment.
-
公开(公告)号:US20200280430A1
公开(公告)日:2020-09-03
申请号:US16289399
申请日:2019-02-28
Applicant: SAP SE
Inventor: Anselme Kemgne Tueno , Florian Kerschbaum
Abstract: A server receives a corresponding data value encrypted using a common threshold public key from each of a plurality of clients. The server distributes the received data values to the clients for evaluating comparison of values. The server receives the encrypted comparison results from each of the clients in response to the distribution of the received encrypted data values. The comparison results are encrypted using the common key. The server homomorphically determines a ciphertext encrypting the rank of each client's data value using the comparison results. Further, the server can compute a ciphertext encrypting the median of the datasets. Thereafter, the server can initiate a threshold decryption to generate a final result.
-
公开(公告)号:US20200279045A1
公开(公告)日:2020-09-03
申请号:US16289415
申请日:2019-02-28
Applicant: SAP SE
Inventor: Anselme Kemgne Tueno , Mubashir Mehmood Qureshi , Florian Kerschbaum
Abstract: A garbled circuit and two garbled inputs are received by a server from each pair of a plurality of clients. The garbled circuit encodes a comparison function and the garbled inputs encode a respective data value from each of the clients in each pair. Thereafter, the server evaluates the garbled circuits using the corresponding garbled inputs to result in a plurality of comparison bits. The server can then sort the datasets in an ascending or descending order by using the comparison bits to compute the rank of each data value. Using the sorted datasets, the server determines a median value for the datasets and transmits data characterizing the median value to each of the clients.
-
Patent Agency Ranking
公开(公告)号:US20200034546A1
公开(公告)日:2020-01-30
申请号:US16048735
申请日:2018-07-30
Applicant: SAP SE
Inventor: Timon Hackenjos , Florian Hahn , Florian Kerschbaum
Abstract: Disclosed herein are system, method, and computer program product embodiments for secure data aggregation in databases. An embodiment operates by identifying a value column and a group column of a plurality of columns of a dataset. Two distinct group values of the group column are identified. An offset value corresponding to the first group value is determined. One or more of the plurality of records including the first group value are identified. A value of the value column of each of the identified one or more plurality of records is encoded with the offset value. Values of the encoded value column are encrypted. The encrypted values are uploaded to a server.
-
公开(公告)号:US20180165460A1
公开(公告)日:2018-06-14
申请号:US15379034
申请日:2016-12-14
Applicant: SAP SE
Inventor: Anselme Kemgne Tueno , Florian Kerschbaum
IPC: G06F21/60
CPC classification number: G06F21/602 , G06F16/245 , H04L9/06 , H04L2209/50
Abstract: Methods, systems, and articles of manufacture are provided for oblivious order preserving encryption. A method may include: traversing, by a cloud service provider, an order preserving encryption (OPE) tree based on a result of an oblivious comparison performed by a data owner and a data client, the OPE tree having nodes that each correspond to a ciphertext of data associated with the data owner, the ciphertext of the data being stored at the cloud service provider, and a relative position of the nodes within the OPE tree corresponding to an order that is present in the data associated with the data owner; and determining, based on the traversing of the OPE tree, an OPE encoding for an input value from the data client, the OPE encoding for the input value indicative of a position of a node corresponding to the input value within the OPE tree.
-
公开(公告)号:US20180019866A1
公开(公告)日:2018-01-18
申请号:US15209003
申请日:2016-07-13
Applicant: SAP SE
Inventor: Florian Kerschbaum
CPC classification number: H04L9/002 , G06F21/6227 , H04L9/0618 , H04L2209/12 , H04L2209/30
Abstract: Embodiments implement leakage-free order-preserving encryption by assigning a distinct ciphertext for each plaintext, including repeated plaintext whose ciphertext is randomly inserted. In order to conceal insertion order, the randomized ciphertexts are compressed to minimal ciphertext space. A uniform distribution is achieved by rotating about a modulus on the ciphertexts rather than the plaintexts. The resulting ciphertext distribution has no leakage from the ciphertexts—even if an adversary has perfect background knowledge on the distribution of plaintexts. The encryption may be further secured even against passive query monitoring attacks by hiding the access pattern using ε, δ-differential privacy, such that the adversary observing a sequence of queries will not learn the frequency of plaintext. The leakage-free order-preserving encryption may be converted into an adjustable encryption scheme to allow querying (e.g., on a remote server).
-
公开(公告)号:US12106227B2
公开(公告)日:2024-10-01
申请号:US16573813
申请日:2019-09-17
Applicant: SAP SE
Inventor: Anselme Kemgne Tueno , Yordan Boev , Florian Kerschbaum
CPC classification number: G06N5/01 , G06N20/00 , H04L9/008 , H04L9/0656 , H04L63/0442
Abstract: A non-interactive protocol is provided for evaluating machine learning models such as decision trees. A client can delegate the evaluation of a machine learning model such as a decision tree to a server by sending an encrypted input and receiving only the encryption of the result. The inputs can be encoded using their binary representation. Efficient data representations are then combined with different algorithmic optimizations to keep the computational overhead and the communication cost low. Related apparatus, systems, techniques and articles are also described.
-
公开(公告)号:US12069156B2
公开(公告)日:2024-08-20
申请号:US18221665
申请日:2023-07-13
Applicant: SAP SE
Inventor: Anselme Tueno , Yordan Boev , Florian Kerschbaum
IPC: H04L9/00 , G06F40/126 , G06F40/205 , G06N5/01 , G06N20/00 , G06N20/10 , H04L9/06
CPC classification number: H04L9/008 , G06F40/126 , G06F40/205 , G06N5/01 , G06N20/10 , H04L9/0618 , H04L2209/08
Abstract: A non-interactive protocol is provided for evaluating machine learning models such as decision trees. A client can delegate the evaluation of a machine learning model such as a decision tree to a server by sending an encrypted input and receiving only the encryption of the result. The inputs can be encoded as vector of integers using their binary representation. The server can then evaluate the machine learning model using a homomorphic arithmetic circuit. The homomorphic arithmetic circuit provides an implementation that requires fewer multiplication than a Boolean comparison circuit. Efficient data representations are then combined with different algorithmic optimizations to keep the computational overhead and the communication cost low. Related apparatus, systems, techniques and articles are also described.
-
-
-
-
-
-
-
-
-
Search Results
44
records
(took 0.016 seconds)
