US 12,355,879 B2
WAN optimization for encrypted data traffic using fully homomorphic encryption
Igor Golikov, Kfar Saba (IL); Aran Bergman, Givatayim (IL); Lior Gal, Yoqneam Illit (IL); Avishay Yanai, Petach-Tikva (IL); Israel Cidon, San Francisco, CA (US); Alex Markuze, Rosh HaAyin (IL); and Eyal Zohar, Shimshit (IL)
Assigned to VMWare LLC, Palo Alto, CA (US)
Filed by VMware LLC, Palo Alto, CA (US)
Filed on Dec. 6, 2022, as Appl. No. 18/076,332.
Prior Publication US 2024/0187228 A1, Jun. 6, 2024
Int. Cl. H04L 9/14 (2006.01); H04L 9/40 (2022.01); H04L 41/0823 (2022.01); H04L 67/06 (2022.01); H04L 67/1004 (2022.01)
CPC H04L 9/14 (2013.01) [H04L 41/0823 (2013.01); H04L 63/0272 (2013.01); H04L 63/0428 (2013.01); H04L 67/06 (2013.01); H04L 67/1004 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for WAN (wide area network) optimization for a WAN that connects a first site that sends a data stream to a second site, the method comprising:
at the second site:
generating a plurality of keys for performing operations on the data stream, the plurality of keys comprising at least a secret decryption first key, a public evaluation second key, and a public encryption third key;
from the first site, receiving an optimized, encrypted file in the data stream, the optimized encrypted file comprising a set of encrypted segments and a set of segment identifiers;
without decrypting the optimized, encrypted file, using the secret decryption first key (i) to decompress the optimized, encrypted file and (ii) to identify the set of encrypted segments and the set of segment identifiers;
for each identified segment identifier in the set of segment identifiers, performing a lookup in a segment cache at the second site that stores a plurality of segments received at the second site to identify and retrieve a segment corresponding to the segment identifier; and
using the retrieved segment and the identified set of encrypted segments to reconstruct the encrypted file.