公开(公告)号：US20250045448A1

公开(公告)日：2025-02-06

申请号：US18923613

申请日：2024-10-22

Applicant: Google LLC

Inventor： Kevin Yeo ,  Sarvar Patel ,  Giuseppe Persiano

IPC: G06F21/62 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40

Abstract: A method for sharing read access to a document stored on memory hardware. The method includes receiving a shared read access command from a sharor sharing read access to a sharee for a document stored on memory hardware in communication with the data processing hardware, and receiving a shared read access request from the sharee. The shared read access command includes an encrypted value and a first cryptographic share value based on a write key, a read key, a document identifier, and a sharee identifier. The method also includes multiplying the first and second cryptographic share values to determine a cryptographic read access value. The cryptographic read access value authorizes read access to the sharee for the document. The method also includes storing a read access token for the sharee including the cryptographic read access value and the encrypted value in a user read set of the memory hardware.

公开(公告)号：US20250013774A1

公开(公告)日：2025-01-09

申请号：US18896152

申请日：2024-09-25

Applicant: Google LLC

Inventor： Eli Simon Fox-Epstein ,  Kevin Wei Li Yeo ,  Sarvar Patel ,  Raimundo Mirisola ,  Craig William Wright

IPC: G06F21/62

Abstract: Encrypted information retrieval can include generating a database that is partitioned into shards each having a shard identifier, and database entries in each shard that are partitioned into buckets having a bucket identifier. A batch of client-encrypted queries are received. The batch of client-encrypted queries are processed using a set of server-encrypted data stored in a database. The processing includes grouping the client-encrypted queries according to shard identifiers of the client-encrypted queries, executing multiple queries in the group of client-encrypted queries for the shard together in a batch execution process, and generating multiple server-encrypted results to the multiple queries in the group of client-encrypted queries. The multiple server-encrypted results for each shard are transmitted to the client device.

公开(公告)号：US12135811B2

公开(公告)日：2024-11-05

申请号：US18008554

申请日：2022-06-14

Applicant: Google LLC

Inventor： Eli Simon Fox-Epstein ,  Kevin Wei Li Yeo ,  Sarvar Patel ,  Raimundo Mirisola ,  Craig William Wright

IPC: G06F21/62

Abstract: Encrypted information retrieval can include generating a database that is partitioned into shards each having a shard identifier, and database entries in each shard that are partitioned into buckets having a bucket identifier. A batch of client-encrypted queries are received. The batch of client-encrypted queries are processed using a set of server-encrypted data stored in a database. The processing includes grouping the client-encrypted queries according to shard identifiers of the client-encrypted queries, executing multiple queries in the group of client-encrypted queries for the shard together in a batch execution process, and generating multiple server-encrypted results to the multiple queries in the group of client-encrypted queries. The multiple server-encrypted results for each shard are transmitted to the client device.

公开(公告)号：US11841973B2

公开(公告)日：2023-12-12

申请号：US17285831

申请日：2020-08-24

Applicant: Google LLC

Inventor： Karn Seth ,  Sarvar Patel ,  Mariana Raykova ,  Srinivasan Seshadri ,  Margo Narayan ,  Philip McDonnell ,  Amin Charaniya

IPC: G06F21/62 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/00 ,  G06F21/60

CPC classification number: G06F21/6245 ,  G06F21/602 ,  G06F21/62 ,  G06F21/6254 ,  H04L9/008 ,  H04L9/0643 ,  H04L9/0869 ,  H04L9/14 ,  G06F2221/2107

Abstract: A method disclosed herein may include receiving, at a first computing system, encrypted identifiers and encrypted values, performing, by the first computing system, a concealing operation on the encrypted identifiers to produce concealed encrypted identifiers, wherein the concealing operation conceals the encrypted identifiers from the first computing system and a second computing system but enables matching between the concealed encrypted identifiers, decrypting, by the second computing system, the concealed encrypted identifiers to produce concealed identifiers, and performing, by the second computing system, an aggregation operation using the concealed identifiers and the encrypted values to produce an encrypted aggregate value without accessing personally identifiable information associated with the encrypted values.

公开(公告)号：US11727124B2

公开(公告)日：2023-08-15

申请号：US16623311

申请日：2018-01-12

Applicant: Google LLC

Inventor： Kevin Yeo ,  Sarvar Patel ,  Giuseppe Persiano

IPC: G06F21/60 ,  G06F16/2458 ,  G06F3/06 ,  G06F12/14 ,  G06F21/62

CPC classification number: G06F21/602 ,  G06F3/064 ,  G06F3/067 ,  G06F3/0623 ,  G06F12/1408 ,  G06F16/2471 ,  G06F21/6227 ,  G06F2212/1052 ,  G06F2221/2123

Abstract: A method executing an instruction (300) to execute a query (q) for a data block (102) and determining whether the data block is stored in a block stash (370). When the data block is stored in the block stash during a download phase, the method includes removing the data block from the block stash, sending a fake query (304) to a distributed system (140) to retrieve a random data block stored in memory (114) of a distributed system (140), and discarding the random data block. When a current version of the data block is stored in the block stash during an overwrite phase, the method includes sending a fake query to the distributed system to retrieve another random data block stored in the memory of the distributed system, decrypting and re-encrypting the random data block with fresh randomness, and re-uploading the re-encrypted random data block onto the distributed system.

公开(公告)号：US11645256B2

公开(公告)日：2023-05-09

申请号：US17457533

申请日：2021-12-03

Applicant: Google LLC

Inventor： Kevin Yeo ,  Ahmet Erhan Nergiz ,  Nicolas Lidzborski ,  Laetitia Estelle Baudoin ,  Sarvar Patel

IPC: H04L29/06 ,  G06F16/22 ,  G06F16/242 ,  G06F16/2455 ,  H04L9/06 ,  H04L9/08 ,  H04L9/00 ,  G06F21/60

CPC classification number: G06F16/2255 ,  G06F16/2246 ,  G06F16/242 ,  G06F16/2455 ,  G06F21/602 ,  H04L9/006 ,  H04L9/0656 ,  H04L9/0861

Abstract: A method for providing encrypted search includes receiving, at a user device associated with a user, a search query for a keyword that appears in one or more encrypted documents stored on an untrusted storage device and accessing a count table to obtain a count of documents that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of documents. The method also includes evaluating a first portion of the DPRF and delegating a remaining second portion of the DPRF to the untrusted storage device which causes the untrusted storage device to evaluate the DPRF and access an encrypted search index associated with the documents. The untrusted storage device determines one or more encrypted documents associated with DPRF and returns, to the user device, an identifier for each encrypted document associated with the DPRF.

公开(公告)号：US11055706B2

公开(公告)日：2021-07-06

申请号：US14660204

申请日：2015-03-17

Applicant: Google LLC

Inventor： Vinod Kumar Ramachandran ,  Shobhit Saxena ,  David Owen Shanahan ,  Marcel M. M. Yung ,  Sarvar Patel

IPC: G06Q20/00 ,  G06Q20/38 ,  G06Q30/06

Abstract: Aggregated transaction data from a transaction data provider may be encrypted and exchanged with a content item selection system using commutative encryption algorithms. The transaction data provider and content item selection system may utilize a set of common identifiers that are each encrypted using a respective commutative encryption algorithm of the transaction data provider or content item selection system. The other of the transaction data provider or content item selection system encrypts the single-encrypted common identifier using a respective commutative encryption algorithm to generate double encrypted common identifiers. The double encrypted common identifiers may be used to match a set of common identifiers with transaction data. The transaction data may be encrypted and/or may include random offset values.

公开(公告)号：US20210184840A1

公开(公告)日：2021-06-17

申请号：US16712487

申请日：2019-12-12

Applicant: Google LLC

Inventor： Kevin Yeo ,  Sarvar Patel

IPC: H04L9/08 ,  H04L9/06 ,  G06F16/93 ,  G06F16/903 ,  G06F16/9032

Abstract: A method for searchable encryption with a public key includes receiving an operation request front a user device associated with a user requesting that encryption of data associated with the user. The data includes a corpus of documents stored on a remote storage device. The method also includes receiving a public key associated with the user. The public key includes an asymmetric cryptographic public key. The method also includes generating a random data key. The data key includes a symmetric cryptographic key. The method also includes encrypting, using the data key, a search index for the corpus of documents based on keywords within the corpus of documents. The method also includes encrypting, using the public key, the data key and sending the encrypted data key to a user device associated with the user.

公开(公告)号：US20210182408A1

公开(公告)日：2021-06-17

申请号：US16713872

申请日：2019-12-13

Applicant: Google LLC

Inventor： Kevin Yeo ,  Ahmet Erhan Nergiz ,  Laetitia Estelle Baudoin ,  Nicolas Lidzborski ,  Sarvar Patel

IPC: G06F21/60 ,  H04L29/06 ,  H04L9/00 ,  H04L9/06

Abstract: A method for providing an encrypted search system includes receiving a search query for a keyword that appears in one or more encrypted emails stored on an untrusted storage device and accessing, a count table to obtain a count of unique emails within the emails that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of unique emails that include the keyword and delegating at least a portion of the DPRF to the untrusted storage device that causes the storage device to evaluate the delegated DPRF, access an encrypted search index associated with the emails, and determine one or more encrypted emails associated with the delegated DPRF based on the encrypted search index. The storage device also returns, to the user device, an identifier for each encrypted email associated with the delegated DPRF.