	US 12,309,127 B2
	End-to-end secure operations using a query vector
Ellison Anne Williams, Fulton, MD (US)
Assigned to Enveil, Inc., Fulton, MD (US)
Filed by Enveil, Inc., Fulton, MD (US)
Filed on Jan. 19, 2018, as Appl. No. 15/875,952.
Prior Publication US 2018/0212753 A1, Jul. 26, 2018
Int. Cl. H04L 9/00 (2022.01); G06F 16/903 (2019.01); G06F 16/951 (2019.01); G06F 21/62 (2013.01); G09C 1/00 (2006.01); H04L 9/06 (2006.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01); G06F 21/30 (2013.01)

CPC H04L 63/0428 (2013.01) [G06F 16/90335 (2019.01); G06F 16/951 (2019.01); G06F 21/6245 (2013.01); G06F 21/6254 (2013.01); G09C 1/00 (2013.01); H04L 9/008 (2013.01); H04L 9/0643 (2013.01); H04L 9/3226 (2013.01); H04L 9/3242 (2013.01); G06F 21/30 (2013.01); H04L 2209/12 (2013.01)]

10 Claims

1. A computer implemented method for an end-to-end secure operation using a query vector Q_V having size s, comprising:

receiving the end-to-end secure operation;

extracting a set of term components {T} of the end-to-end secure operation using a term generation function, the term generation function performing at least two of:

retrieving name fields from a target data source;

using the retrieved name fields as the set of term components {T}; and

running the retrieved name fields through a trained machine-learning model or other analytic to produce the set of term components {T};

setting Q_V, j=E(B_j) when H(T)=j for j=0, . . . , (s−1), E(B_j) being a non-zero bitmask corresponding to element T from the set of term components {T} encrypted using a homomorphic encryption scheme E;

setting Q_V, j=E(0) when H(T)≠j for j=0, . . . , (s−1), E(0) being a zero bitmask encrypted using the homomorphic encryption scheme E;

creating encrypted query pieces from the query vector Q_V, where one or more servers do not have visibility into which encrypted pieces of data are desired;

providing the encrypted query pieces, the term generation function, and a keyed hash function to a plurality of servers of the target data source, the plurality of servers each:

receiving information describing encryption status for each name field of the target data source, the information including data schemas associated with data in the target data source, the information further indicating whether each name field is unencrypted, deterministically encrypted, or semantically encrypted;

extracting the set of term components {T} from the target data source using the term generation function; and

applying one of the encrypted query pieces over the set of term components {T} to produce an encrypted result E(R) part;

getting the encrypted result E(R) part from the plurality of servers of the target data source;

decrypting the encrypted result E(R) parts obtained from the plurality of servers using a decryption key, the decryption key being a private key associated the query vector Q_V or the keyed hash function, the decryption key not being provided to the plurality of servers, and none of the plurality of servers decrypt the encrypted result E(R) parts;

discarding at least a portion of the encrypted result E(R) parts obtained from the plurality of servers;

aggregating remaining encrypted result E(R) parts;

obtaining another encryption key associated with the encrypted result E(R) part; and

decrypting the encrypted result E(R) part with the another encryption key.