Abstract: In an embodiment, persistent storage contains one or more cryptographic keys. One or more processors may be configured to perform operations comprising: receiving a request for an encrypted record stored within a computational instance, wherein the request includes a plaintext value related to the encrypted record; obtaining a hash value by applying a hash function to the plaintext value; transmitting, to the computational instance, the hash value; receiving, from the computational instance, the encrypted record, wherein the encrypted record includes one or more encrypted values; obtaining an unencrypted version of the encrypted record by applying a cryptographic function to the encrypted record, wherein applying the cryptographic function includes use of a cryptographic key of the one or more cryptographic keys; and transmitting at least part of the unencrypted version of the encrypted record.

Abstract: A determination is made to obfuscate a protected dataset including data elements that are to remain comparable with one another after the obfuscation. An obfuscation function for the protected dataset is selected wherein the obfuscation function is a monotonic one-way function. One or more parameters for the obfuscation function are automatically determined based at least in part on a secret value. Using one or more processors, the protected dataset is automatically obfuscated to generate an obfuscated version using the obfuscation function with the determined one or more parameters. Computer access to the obfuscated version of the protected dataset is provided as a comparable alternative for the protected dataset.

Abstract: The invention relates to a client computer for updating a first relation in a database stored on a server via a network with an update first data item, the server being coupled to the client computer via the network, wherein the first data items are encrypted with a first cryptographic key in the first relation, wherein the first data items form a partially ordered set in the first relation, the partial order being formed with respect to the first data items in non-encrypted form, wherein the client computer has installed thereon an application program, the application program being operational to perform the steps of sequentially requesting and decrypting encrypted first data items and providing a storage request to the data base in case a position for storing the update first data item is determined.

Abstract: The invention relates to a client computer for updating a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises a set of first relations, wherein each first relation in the set of the first relations comprises first data items, wherein for each first relation the first data items are encrypted with a respective first cryptographic key in the first relation, wherein the first data items form a partially ordered set in each first relation, in each first relation the partial order being formed with respect to the first data items of said first relation in non-encrypted form.

Abstract: The invention relates to a client computer for updating a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises first data items and suffix items, wherein each suffix item describes a suffix of at least one first data item of the first data items, wherein for each suffix item a first referential connection exists in the database assigning said suffix item to the at least one first data item comprising the suffix of said suffix item, wherein each suffix item is encrypted with a suffix cryptographic key in the database, wherein each first data item is encrypted with a first cryptographic key in the database, wherein the client computer has installed thereon an application program, the application program being operational to: receiving a search request, the search request specifying a postfix search on a search criterion, determining the suffix item matching the search criterion, providing to the database a request for provi

Abstract: The invention relates to a method for creating a set of asymmetrical cryptographic key pairs, wherein the set of key pairs has a first key pair (K1) and a second key pair (K2), wherein the first key pair is formed by a first private (G1) and a first public key (O1) and the second key pair is formed by a second private (G2) and a second public key (O2), wherein a first cipher (C_G2_O1) is allocated to the first and second key pair, wherein the first cipher is formed by an encryption of the second private key (G2) with the first public key (O1), having the following steps: adding a third asymmetrical cryptographic key pair (K3) to the set of key pairs, wherein the third key pair is formed by a third private (G3) and a third public key (O3); creating a second cipher (C_G3_O1) by encrypting the third private key (G3) with the first public key (O1); storing the second cipher (212; 186), wherein the set of key pairs has a directed graph structure.

Abstract: The invention relates to a client computer for querying a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises first data items and suffix items, wherein each suffix item describes a suffix of at least one first data item of the first data items, wherein for each suffix item a first referential connection exists in the database assigning said suffix item to the at least one first data item comprising the suffix of said suffix item, wherein each suffix item is encrypted with a suffix cryptographic key in the database, wherein each first data item is encrypted with a first cryptographic key in the database, wherein the client computer has installed thereon an application program, the application program being operational to: receiving a search request, the search request specifying an infix search expression, said expression comprising a first wildcard term on the left side of a search criterion and a second wildcard term o

Abstract: The invention relates to a client computer for querying a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises first data items and suffix items, wherein each suffix item describes a suffix of at least one first data item of the first data items, wherein for each suffix item a first referential connection exists in the database assigning said suffix item to the at least one first data item comprising the suffix of said suffix item, wherein each suffix item is encrypted with a suffix cryptographic key in the database, wherein each first data item is encrypted with a first cryptographic key in the database, wherein the client computer has installed thereon an application program, the application program being operational to: receiving a search request, the search request specifying a postfix search on a search criterion, determining the suffix item matching the search criterion, providing to the database a request for provi

Abstract: A computer system is disclosed herein for storage and retrieval of encrypted data items, such as for storing encrypted data items in the cloud, as well as a respective client computer, client computer system, computer program product and computer-implemented method. Embodiments of the disclosed computer system allow for searching for encrypted data items stored in a database based on functional values associated with the data items. The retrieval of the data items from the database can be performed without knowledge of a respective cryptographic key by the database.

Abstract: The invention relates to a client computer for querying a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises a first relation, wherein the first relation comprises first data items, wherein the first data items are encrypted with a first cryptographic key in the first relation, wherein the first data items form a partially ordered set in the first relation, the partial order being formed with respect to the first data items in non-encrypted form, wherein the client computer has installed thereon an application program, the application program being operational to perform the steps of receiving a search request specifying a search interval and determining the first data item forming an interval boundary of the search interval.

Abstract: The invention relates to a client computer for updating a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises a set of first relations, wherein each first relation in the set of the first relations comprises first data items, wherein for each first relation the first data items are encrypted with a respective first cryptographic key in the first relation, wherein the first data items form a partially ordered set in each first relation, in each first relation the partial order being formed with respect to the first data items of said first relation in non-encrypted form.

Abstract: The invention relates to a client computer for updating a first relation in a database stored on a server via a network with an update first data item, the server being coupled to the client computer via the network, wherein the first data items are encrypted with a first cryptographic key in the first relation, wherein the first data items form a partially ordered set in the first relation, the partial order being formed with respect to the first data items in non-encrypted form, wherein the client computer has installed thereon an application program, the application program being operational to perform the steps of sequentially requesting and decrypting encrypted first data items and providing a storage request to the data base in case a position for storing the update first data item is determined.

Abstract: The invention relates to a client computer for querying a database stored on a server via a network, the server-being coupled to the client computer via the network, wherein the database comprises a set of first relations, wherein each first relation in the set of the first relations comprises first data items, wherein for each first relation the first data items are encrypted with a respective first cryptographic key in the first relation, wherein the first data items form a partially ordered set in each first relation, in each first relation the partial order being formed with respect to the first data items of said first relation in non-encrypted form.

Abstract: The invention relates to a client computer for updating a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises first data items and suffix items, wherein each suffix item describes a suffix of at least one first data item of the first data items, wherein for each suffix item a first referential connection exists in the database assigning said suffix item to the at least one first data item comprising the suffix of said suffix item, wherein each suffix item is encrypted with a suffix cryptographic key in the database, wherein each first data item is encrypted with a first cryptographic key in the database, wherein the client computer has installed thereon an application program, the application program being operational to: receiving a search request, the search request specifying a postfix search on a search criterion, determining the suffix item matching the search criterion, providing to the database a request for provi

Abstract: The invention relates to a client computer for querying a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises first data items and suffix items, wherein each suffix item describes a suffix of at least one first data item of the first data items, wherein for each suffix item a first referential connection exists in the database assigning said suffix item to the at least one first data item comprising the suffix of said suffix item, wherein each suffix item is encrypted with a suffix cryptographic key in the database, wherein each first data item is encrypted with a first cryptographic key in the database, wherein the client computer has installed thereon an application program, the application program being operational to: receiving a search request, the search request specifying an infix search expression, said expression comprising a first wildcard term on the left side of a search criterion and a second wildcard term o

Abstract: The invention relates to a computer implemented method for analyzing data of a first user, wherein an asymmetric cryptographic key pair is associated with the first user, said asymmetric cryptographic key pair comprising a public key and a private key, the data being stored pseudonymously in a database with the data being assigned to an identifier, wherein the identifier comprises the public key, the method comprising: receiving a set of rules, the set of rules describing data processing steps, receiving the identifier, retrieving the data assigned to the identifier from the database, analyzing the retrieved data by applying the set of rules, providing a result of the analysis.

Abstract: An apparatus for encrypting data is provided. The apparatus is capable of symmetrically encrypting data and then encrypting the symmetrically encrypted data with the aid of a bit string. The bit string has a maximum entropy. Encryption of the symmetrically encrypted data is designed such that a section of the bit string is used for encryption and successive encryption operations are carried out with carrying sections of the bit string while the bit string remains unchanged.

Abstract: The invention relates to a computer system comprising a client computer (10) and a database (30) stored on a server (22), the server (22) being coupled to the client computer (10) via a network (48; 114), wherein the database (30) comprises a first relation (36) and a second relation (32; 34), wherein the first relation (36) comprises first data items, wherein the first data items are encrypted with a first cryptographic key (18; 108) in the first relation (36), wherein the second relation (32; 34) comprises equivalence classes, wherein the equivalence classes are encrypted with a second cryptographic key (18; 108) in the second relation (32; 34), wherein each equivalence class is a functional value of one of the first data items, the functional value being obtainable by applying an equivalence relation to the one of the first data items, wherein the second relation (32; 34) comprises for each equivalence class a referential connection assigning the equivalence class to the first data item stored encrypted in

Abstract: The invention relates to a method for creating a second asymmetric cryptographic pair of keys, wherein a first private key (G0) together with a first public key (O0) forms a first asymmetric cryptographic pair of keys (K0). Embodiments of the method may comprise the following steps: receiving a user identifier; calculating a second private key (G1), wherein a random value (z) and the user identifier are considered in the calculation; calculating a second public key (O1) from the second private key using an asymmetric cryptographic key creation method, wherein the second private key and the second public key form the second asymmetric cryptographic pair of keys (K1, 206); creating a first cipher (C_G0—O1) by encrypting the first private key (G0) with the second public key (O1); and storing the first cipher (C_G0—O1).

Abstract: The invention relates to a client computer for querying a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises first data items and suffix items, wherein each suffix item describes a suffix of at least one first data item of the first data items, wherein for each suffix item a first referential connection exists in the database assigning said suffix item to the at least one first data item comprising the suffix of said suffix item, wherein each suffix item is encrypted with a suffix cryptographic key in the database, wherein each first data item is encrypted with a first cryptographic key in the database, wherein the client computer has installed thereon an application program, the application program being operational to: receiving a search request, the search request specifying an infix search expression, said expression comprising a first wildcard term on the left side of a search criterion and a second wildcard term o