-
公开(公告)号:US20190220620A1
公开(公告)日:2019-07-18
申请号:US15874754
申请日:2018-01-18
Applicant: SAP SE
Inventor: Florian Hahn , Nicolas Loza , Florian Kerschbaum
CPC classification number: G06F21/6227 , G06F16/90344 , G06F21/602 , G06F21/606 , G06F21/6218 , H04L9/008 , H04W12/02
Abstract: Secure substring searching on encrypted data may involve a first preprocessing comprising fragmenting a plaintext string slated for remote secure storage, in a plurality of overlapping plaintext substrings. A second preprocessing encrypts these substrings into ciphertexts (e.g., utilizing Frequency-Hiding Order Preserving Encryption) further including position information of the substring. A search index and a secret state result from the first and second preprocessing. The ciphertexts and search index are outsourced to a database within an unsecure server. An engine within the server determines candidate ciphertexts matching a query request received from a secure client. The engine returns ciphertexts to the client for decryption according to the secret state. Preprocessing may be delegated to a third party for outsourcing search index/ciphertexts to the server, and the secret state to the client. Filtering of candidate ciphertexts on the server-side, can eliminate false positives and reduce the volume of communication with remote clients.
-
公开(公告)号:US10885216B2
公开(公告)日:2021-01-05
申请号:US15874754
申请日:2018-01-18
Applicant: SAP SE
Inventor: Florian Hahn , Nicolas Loza , Florian Kerschbaum
Abstract: Secure substring searching on encrypted data may involve a first preprocessing comprising fragmenting a plaintext string slated for remote secure storage, in a plurality of overlapping plaintext substrings. A second preprocessing encrypts these substrings into ciphertexts (e.g., utilizing Frequency-Hiding Order Preserving Encryption) further including position information of the substring. A search index and a secret state result from the first and second preprocessing. The ciphertexts and search index are outsourced to a database within an unsecure server. An engine within the server determines candidate ciphertexts matching a query request received from a secure client. The engine returns ciphertexts to the client for decryption according to the secret state. Preprocessing may be delegated to a third party for outsourcing search index/ciphertexts to the server, and the secret state to the client. Filtering of candidate ciphertexts on the server-side, can eliminate false positives and reduce the volume of communication with remote clients.
-
公开(公告)号:US10769295B2
公开(公告)日:2020-09-08
申请号:US15874698
申请日:2018-01-18
Applicant: SAP SE
Inventor: Nicolas Loza , Florian Hahn , Florian Kerschbaum
IPC: G06F21/62 , H04L9/14 , G06F21/60 , G06F16/2455
Abstract: Embodiments allow join operations to be performed upon encrypted database tables stored on an unsecure server (e.g., as part of a DBaaS offering), with reduced information leakage. Such secure join operations may be implemented through the combination of two cryptographic techniques: non-deterministic (randomized) searchable encryption; and attribute based encryption. The searchable encryption (e.g., Symmetric Searchable Encryption: SSE) allows join values to be revealed only for rows fulfilling additional predicate attributes that the client has filtered for, thereby offering fine granular security. The attribute based encryption (e.g., Key-Policy Attribute-Based Encryption: KP-ABE) avoids the unmanageable consumption of memory that would otherwise result from the creation of intermediate constructions on the server. Embodiments offer a solution reducing information leakage of join values not contained in the result of the actual database query. This results in fine granular security because join values of data rows not involved in the join computation, remain semantically secure.
-
公开(公告)号:US20190220619A1
公开(公告)日:2019-07-18
申请号:US15874698
申请日:2018-01-18
Applicant: SAP SE
Inventor: Nicolas Loza , Florian Hahn , Florian Kerschbaum
Abstract: Embodiments allow join operations to be performed upon encrypted database tables stored on an unsecure server (e.g., as part of a DBaaS offering), with reduced information leakage. Such secure join operations may be implemented through the combination of two cryptographic techniques: non-deterministic (randomized) searchable encryption; and attribute based encryption. The searchable encryption (e.g., Symmetric Searchable Encryption: SSE) allows join values to be revealed only for rows fulfilling additional predicate attributes that the client has filtered for, thereby offering fine granular security. The attribute based encryption (e.g., Key-Policy Attribute-Based Encryption: KP-ABE) avoids the unmanageable consumption of memory that would otherwise result from the creation of intermediate constructions on the server. Embodiments offer a solution reducing information leakage of join values not contained in the result of the actual database query. This results in fine granular security because join values of data rows not involved in the join computation, remain semantically secure.
-
-
-
Search Results
4
records
(took 0.012 seconds)
