公开(公告)号：US09178704B2

公开(公告)日：2015-11-03

申请号：US13630533

申请日：2012-09-28

Applicant: Alcatel-Lucent USA Inc.

Inventor： Vladimir Y. Kolesnikov ,  Ranjit Kumaresan ,  Abdullatif Shikfa

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L9/32 ,  H04L9/3218 ,  H04L2209/12 ,  H04L2209/46 ,  H04L2209/50

Abstract: Server-assisted secure function evaluation (SFE) is performed with input consistency verification for two parties that want to evaluate a function. The server computes a garbled circuit corresponding to the function. A predefined bit of the 0-secret of wire i in the garbled circuit is set to a random bit bi and a predefined bit of the 1-secret of wire i in the garbled circuit is set to bi. The server communicates with each party using an Oblivious Transfer (OT) to provide encrypted versions of the respective inputs of each party. Each party receives the encrypted wire secret of the other party and the garbled circuit for computation of a respective output and stores the predefined bit of a wire of interest of the other party. A given party can verify input consistency by the other party over at least two executions by comparing the values stored by the given party for the at least two executions with corresponding values obtained from the server.

Abstract translation: 服务器辅助安全功能评估（SFE）是通过输入一致性验证来执行的，这两个方面都是希望评估一个功能的两方。 服务器计算与功能相对应的乱码电路。 混乱电路中的线i的0密码的预定义位被设置为随机比特bi，并且乱码电路中线i的1秘密的预定义位被设置为bi。 服务器与各方通过使用Oblivious Transfer（OT）进行通信，以提供各方输入的加密版本。 每一方接收对方的加密有线秘密和用于计算相应输出的乱码电路，并存储另一方感兴趣的线的预定位。 给定方可以通过将至少两个执行中给定方所存储的值与从服务器获得的对应值进行比较，来验证另一方对至少两个执行的输入一致性。

公开(公告)号：US20140095861A1

公开(公告)日：2014-04-03

申请号：US13630533

申请日：2012-09-28

Applicant: Alcatel-Lucent USA Inc.

Inventor： Vladimir Y. Kolesnikov ,  Ranji Kumaresan ,  Abdullatif Shikfa

IPC: H04L9/32

CPC classification number: H04L9/32 ,  H04L9/3218 ,  H04L2209/12 ,  H04L2209/46 ,  H04L2209/50

Abstract: Server-assisted secure function evaluation (SFE) is performed with input consistency verification for two parties that want to evaluate a function. The server computes a garbled circuit corresponding to the function. A predefined bit of the 0-secret of wire i in the garbled circuit is set to a random bit bi and a predefined bit of the 1-secret of wire i in the garbled circuit is set to bi. The server communicates with each party using an Oblivious Transfer (OT) to provide encrypted versions of the respective inputs of each party. Each party receives the encrypted wire secret of the other party and the garbled circuit for computation of a respective output and stores the predefined bit of a wire of interest of the other party. A given party can verify input consistency by the other party over at least two executions by comparing the values stored by the given party for the at least two executions with corresponding values obtained from the server.

Abstract translation: 服务器辅助安全功能评估（SFE）是通过输入一致性验证来执行的，这两个方面都是希望评估一个功能的两方。 服务器计算与功能相对应的乱码电路。 混乱电路中的线i的0密码的预定义位被设置为随机比特bi，并且乱码电路中线i的1秘密的预定义位被设置为bi。 服务器与各方通过使用Oblivious Transfer（OT）进行通信，以提供各方输入的加密版本。 每一方接收对方的加密有线秘密和用于计算相应输出的乱码电路，并存储另一方感兴趣的线的预定位。 给定方可以通过将至少两个执行中给定方所存储的值与从服务器获得的对应值进行比较，来验证另一方对至少两个执行的输入一致性。

公开(公告)号：US20140095860A1

公开(公告)日：2014-04-03

申请号：US13630460

申请日：2012-09-28

Applicant: Alcatel-Lucent USA Inc. ,  Alcatel Lucent

Inventor： Abdullatif Shikfa ,  Vladimir Kolesnikov

IPC: H04L9/00 ,  H04L9/30

CPC classification number: H04L9/008 ,  H04L63/0428 ,  H04L63/123

Abstract: A method for providing enhanced security in cloud computing architecture by managing the types of interaction a server should be allowed, thus preventing decryption of private data. A client may encrypt data using an order preserving encryption (OPE) algorithm. One application of the method and system is a browser-based webmail application where a client may receive email from one or more servers then store the received email that has been associated with OPE data, on a separate server that is not used to send or receive email.

Abstract translation: 一种通过管理应允许服务器的交互类型来提供云计算架构增强安全性的方法，从而防止私有数据的解密。 客户端可以使用订单保留加密（OPE）算法来加密数据。 方法和系统的一个应用是基于浏览器的webmail应用程序，其中客户端可以从一个或多个服务器接收电子邮件，然后将已经与OPE数据相关联的接收的电子邮件存储在不用于发送或接收的单独的服务器上 电子邮件。