公开(公告)号：WO2018208787A1

公开(公告)日：2018-11-15

申请号：PCT/US2018/031615

申请日：2018-05-08

Applicant: ZERODB, INC.

Inventor： EGOROV, Mikhail ,  WILKISON, MacLane Scott ,  NUǸEZ, David ,  AGUDO, Isaac

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L67/2809 ,  H04L63/0442 ,  H04L63/0464 ,  H04L67/2842

Abstract: Provided is a computer system and method that enables delegated access to encrypted information for distributed messaging and queuing frameworks, or in general, to publish/subscribe architectures. In said frameworks and architectures, data is published by data producers and organized in channels or queues, which consumer applications can subscribe to, and that are managed by one or multiple broker entities.

公开(公告)号：WO2018102382A1

公开(公告)日：2018-06-07

申请号：PCT/US2017/063658

申请日：2017-11-29

Applicant: ZERODB, INC.

Inventor： NUÑEZ, David ,  AGUDO, Isaac ,  EGOROV, Mikhail ,  WILKISON, MacLane Scott

IPC: G06F21/62 ,  H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/16

CPC classification number: G06F21/62 ,  G06F21/602 ,  H04L9/0841 ,  H04L9/088

Abstract: Provided is a process, including: obtaining a first ciphertext; obtaining the field size with which the first ciphertext was encrypted; obtaining a first private encryption key of the first encryption key pair; receiving a request to delegate access to the first ciphertext to a second recipient; obtaining a second private encryption key; determining a key-switching key based on the field size, the first private encryption key, and the second private encryption key; in response to the request, delegating access by forming a second ciphertext from which the plaintext is accessible with the second private encryption key; and storing the second ciphertext in memory.

公开(公告)号：WO2016179525A1

公开(公告)日：2016-11-10

申请号：PCT/US2016/031276

申请日：2016-05-06

Applicant: ZERODB, INC.

Inventor： EGOROV, Mikhail ,  WILKISON, MacLane, Scott ,  KHAN, Mohammad, Ali

IPC: G06F21/62 ,  G06F17/40 ,  G06F17/30

CPC classification number: G06F21/6227 ,  G06F21/14 ,  G09C1/00 ,  H04L9/00 ,  H04L9/0822 ,  H04L9/14 ,  H04L9/3221 ,  H04L63/0428 ,  H04L63/061 ,  H04L67/10 ,  H04L2209/16 ,  H04L2209/76

Abstract: Provided is a process of operating a zero-knowledge encrypted database, the process including: obtaining a request for data in a database stored by an untrusted computing system, wherein the database is stored in a graph that includes a plurality of connected nodes, each of the nodes including: an identifier, accessible to the untrusted computing system, that distinguishes the respective node from other nodes in the graph; and an encrypted collection of data stored in encrypted form, wherein: the untrusted computing system does not have access to an encryption key to decrypt the collections of data, the encrypted collections of data in at least some of the plurality of nodes each include a plurality of keys indicating subsets of records in the database accessible via other nodes in the graph and corresponding pointers to identifiers of the other nodes.

Abstract translation: 提供了一种操作零知识加密数据库的过程，该过程包括：获得由不可信计算系统存储的数据库中的数据请求，其中数据库存储在包括多个连接的节点的图中，每一个 所述节点包括：所述不可信计算系统可访问的标识符，其将所述各节点与所述图中的其他节点区分开; 以及以加密形式存储的数据的加密集合，其中：所述不可信计算系统不能访问加密密钥来解密所述数据集合，所述多个节点中的至少一些节点中的加密数据集合各自包括多个 指示数据库中的记录子集可以通过图中的其他节点访问，并且对应于其他节点的标识符的指针。

公开(公告)号：WO2018208786A1

公开(公告)日：2018-11-15

申请号：PCT/US2018/031614

申请日：2018-05-08

Applicant: ZERODB, INC.

Inventor： EGOROV, Mikhail ,  WILKISON, MacLane Scott ,  NUǸEZ, David ,  AGUDO, Isaac

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14

CPC classification number: H04L9/14 ,  H04L9/0825 ,  H04L2209/76

Abstract: Provided is a process including: encrypting each of a plurality of data encryption keys with a first public cryptographic key to form encrypted data encryption keys; obtaining a second public cryptographic key; generating a transformation key based on the first public-private cryptographic key pair and the second public cryptographic key; and transforming the encrypted data encryption keys with proxy re-encryption based on the transformation key; and obtaining the second private cryptographic key and the transformed encrypted data encryption keys.

公开(公告)号：WO2017193108A3

公开(公告)日：2017-11-09

申请号：PCT/US2017/031479

申请日：2017-05-06

Applicant: ZERODB, INC.

Inventor： EGOROV, Mikhail ,  WILKISON, MacLane, Scott ,  NUNEZ, David ,  AGUDO, Isaac

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/30 ,  H04L9/08

Abstract: Provided is a process of securing data in a distributed storage and processing application, the process including: obtaining a cluster of computing nodes, wherein: the cluster stores a plurality of ciphertexts; accessing a transformation key with a first computing node; transforming the ciphertext with the first computing node based on the transformation key into a transformed ciphertext configured to be decrypted with a temporary access key; decrypting the transformed ciphertext with the second computing node based on the temporary access key to obtain plaintext data.

公开(公告)号：WO2017193108A2

公开(公告)日：2017-11-09

申请号：PCT/US2017/031479

申请日：2017-05-06

Applicant: ZERODB, INC.

Inventor： EGOROV, Mikhail ,  WILKISON, MacLane, Scott ,  NUNEZ, David ,  AGUDO, Isaac

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/30 ,  H04L9/08

Abstract: Provided is a process of securing data in a distributed storage and processing application, the process including: obtaining a cluster of computing nodes, wherein: the cluster stores a plurality of ciphertexts; accessing a transformation key with a first computing node; transforming the ciphertext with the first computing node based on the transformation key into a transformed ciphertext configured to be decrypted with a temporary access key; decrypting the transformed ciphertext with the second computing node based on the temporary access key to obtain plaintext data.

Abstract translation: 提供了一种在分布式存储和处理应用程序中保护数据的过程，所述过程包括：获得计算节点的集群，其中：所述集群存储多个密文; 用第一计算节点访问变换密钥; 利用所述第一计算节点基于所述变换密钥将所述密文变换成被配置为利用临时访问密钥来解​​密的变换后的密文; 利用第二计算节点基于临时访问密钥解密变换的密文以获得明文数据。