| CPC H04L 9/008 (2013.01) [G06F 9/54 (2013.01); G06F 21/6227 (2013.01); G06N 20/00 (2019.01); H04L 9/0861 (2013.01)] | 21 Claims |
|
1. A computerized method of querying a cryptographic data store, the method comprising:
maintaining an encryption configuration data structure in a non-transitory computer-readable medium;
receiving a first query from a first requestor via an application programming interface (API);
identifying first data required for the first query;
determining, by consulting the encryption configuration data structure, a first encryption regime for the first data, wherein the first encryption regime is one of: a symmetric encryption regime associated with a symmetric key, an asymmetric encryption regime associated with a public key and a private key, a plaintext regime, and a homomorphic encryption regime associated with a first key; and
in response to the first encryption regime being a homomorphic encryption regime:
determining an operation sequence specified by the first query for performance on the first data;
determining, by consulting the encryption configuration data structure, whether the operation sequence is supported by the first encryption regime;
in response to a determination that the operation sequence is supported, commissioning homomorphic execution of the operation sequence on the first data to generate encrypted output data;
in response to a determination that the operation sequence is not supported, selectively commissioning decryption of the first data using the first key to generate decrypted data, execution of the operation sequence on the decrypted data to generate unencrypted output data, and re-encryption of the unencrypted output data using the first key to generate encrypted output data; and
selectively returning the encrypted output data to the first requestor via the API in response to the first query.
|