Abstract: A encrypted text wildcard search method enables wildcard search of encrypted text by using a permuterm index storing permuted keyword strings that are encrypted using an order preserving encryption algorithm. The permuted keyword strings are encrypted using an order preserving encryption algorithm or a modular order preserving encryption algorithm and stored in the permuterm index. In response to a search query containing a wildcard search term, the encrypted text wildcard search method transforms the wildcard search term to a permuted search term having a prefix search format. The permuted search term having the prefix search format is then used to perform a range query of the permuterm index to retrieve permuted keyword strings having ciphertext values that fall within the range query. In some embodiments, the encrypted text wildcard search method enables prefix search, suffix search, inner-wildcard search, substring search and multiple wildcard search of encrypted text.

Abstract: A method enables prefix search of cloud stored encrypted files that are encrypted using an order preserving encryption (OPE) algorithm. The encrypted text prefix search method generates a minimum possible plaintext string and a maximum possible plaintext string of the same character length including the search term as the prefix. The minimum and maximum possible plaintext strings are encrypted using the same order preserving encryption algorithm for the encrypted text. The method determines from the minimum ciphertext and the maximum ciphertext a set of common leading digits. The set of common leading digits is used as an OPE encrypted prefix search term and provided to a cloud storage service to search in the cloud stored encrypted files for encrypted text matching the OPE encrypted prefix search term.

Abstract: A encrypted text wildcard search method enables wildcard search of encrypted text by using a permuterm index storing permuted keyword strings that are encrypted using an order preserving encryption algorithm. The permuted keyword strings are encrypted using an order preserving encryption algorithm or a modular order preserving encryption algorithm and stored in the permuterm index. In response to a search query containing a wildcard search term, the encrypted text wildcard search method transforms the wildcard search term to a permuted search term having a prefix search format. The permuted search term having the prefix search format is then used to perform a range query of the permuterm index to retrieve permuted keyword strings having ciphertext values that fall within the range query. In some embodiments, the encrypted text wildcard search method enables prefix search, suffix search, inner-wildcard search, sub string search and multiple wildcard search of encrypted text.

Abstract: A method enables prefix search of cloud stored encrypted files that are encrypted using an order preserving encryption (OPE) algorithm. The encrypted text prefix search method generates a minimum possible plaintext string and a maximum possible plaintext string of the same character length including the search term as the prefix. The minimum and maximum possible plaintext strings are encrypted using the same order preserving encryption algorithm for the encrypted text. The method determines from the minimum ciphertext and the maximum ciphertext a set of common leading digits. The set of common leading digits is used as an OPE encrypted prefix search term and provided to a cloud storage service to search in the cloud stored encrypted files for encrypted text matching the OPE encrypted prefix search term.

Abstract: A encrypted text wildcard search method enables wildcard search of encrypted text by using a permuterm index storing permuted keyword strings that are encrypted using an order preserving encryption algorithm. The permuted keyword strings are encrypted using an order preserving encryption algorithm or a modular order preserving encryption algorithm and stored in the permuterm index. In response to a search query containing a wildcard search term, the encrypted text wildcard search method transforms the wildcard search term to a permuted search term having a prefix search format. The permuted search term having the prefix search format is then used to perform a range query of the permuterm index to retrieve permuted keyword strings having ciphertext values that fall within the range query. In some embodiments, the encrypted text wildcard search method enables prefix search, suffix search, inner-wildcard search, substring search and multiple wildcard search of encrypted text.

Abstract: An encryption key management system and method implements enterprise managed encryption key for an enterprise using encryption for cloud-based services. In some embodiments, the enterprise deploys a key agent on the enterprise data network to distribute encryption key material to the network intermediary on a periodic basis. The network intermediary receives the encryption key material from the enterprise and stores the encryption key material in temporary storage and uses the received encryption key material to derive a data encryption key to perform the encryption of the enterprise's data. In this manner, the enterprise can be provided with the added security assurance of maintaining and managing its own encryption key while using cloud-based data storage services. The encryption key management system and method can be applied to ensure that the enterprise's one or more encryption keys do not leave the enterprise's premises.

Abstract: A method enables prefix search of cloud stored encrypted files that are encrypted using an order preserving encryption (OPE) algorithm. The encrypted text prefix search method generates a minimum possible plaintext string and a maximum possible plaintext string of the same character length including the search term as the prefix. The minimum and maximum possible plaintext strings are encrypted using the same order preserving encryption algorithm for the encrypted text. The method determines from the minimum ciphertext and the maximum ciphertext a set of common leading digits. The set of common leading digits is used as an OPE encrypted prefix search term and provided to a cloud storage service to search in the cloud stored encrypted files for encrypted text matching the OPE encrypted prefix search term.

Abstract: A encrypted text wildcard search method enables wildcard search of encrypted text by using a permuterm index storing permuted keyword strings that are encrypted using an order preserving encryption algorithm. The permuted keyword strings are encrypted using an order preserving encryption algorithm or a modular order preserving encryption algorithm and stored in the permuterm index. In response to a search query containing a wildcard search term, the encrypted text wildcard search method transforms the wildcard search term to a permuted search term having a prefix search format. The permuted search term having the prefix search format is then used to perform a range query of the permuterm index to retrieve permuted keyword strings having ciphertext values that fall within the range query. In some embodiments, the encrypted text wildcard search method enables prefix search, suffix search, inner-wildcard search, substring search and multiple wildcard search of encrypted text.

Abstract: An order-preserving tokenization (OPT) method receives a plaintext and generates a token as the ciphertext which preserves the sort order of the plaintext by using stored legacy plaintext-to-ciphertext mapping data and a tail bounded probability distribution sampler to sample a random order preserving function. More specifically, the OPT method uses a mapping table to store plaintext-to-ciphertext mapping for previously generated ciphertexts. The mapping table enables efficient searching of the ciphertext space as the OPT method only needs to look for ciphertext in the space that most likely will have the desired plaintext. In this manner, the order-preserving tokenization method of the present invention realizes a fast algorithm that is also more computational efficient. In one embodiment, the OPT method uses a tail bounded hypergeometric distribution sampler as the probability distribution sampler.

Abstract: An encryption key management system and method implements enterprise managed encryption key for an enterprise using encryption for cloud-based services. In some embodiments, the enterprise deploys a key agent on the enterprise data network to distribute encryption key material to the network intermediary on a periodic basis. The network intermediary receives the encryption key material from the enterprise and stores the encryption key material in temporary storage and uses the received encryption key material to derive a data encryption key to perform the encryption of the enterprise's data. In this manner, the enterprise can be provided with the added security assurance of maintaining and managing its own encryption key while using cloud-based data storage services. The encryption key management system and method can be applied to ensure that the enterprise's one or more encryption keys do not leave the enterprise's premises.

Abstract: An order-preserving encryption (OPE) encryption method receives a plaintext (clear text) and generates a ciphertext (encrypted text) using a software arbitrary precision floating point libraries during initial recursive computation rounds. In response to the ciphertext space reducing to breakpoint, the OPE encryption method continues computations using a hardware floating point processor to accelerate the computation. In this manner, the OPE encryption method enables efficient order preserving encryption to enable range queries on encrypted data.

Abstract: A method implements searchable encryption of cloud stored data by appending tokenized keywords to an encrypted file destined for a cloud storage service. In some embodiments, the tokenized keywords are appended to the header of the encrypted file. Searching of cloud-stored encrypted files using the native search capability of the cloud storage service is then possible by performing the search using the tokenized keywords. In alternate embodiments of the present invention, a method enables searching of cloud stored encrypted file using a cloud search appliance.

Abstract: An encryption key management system and method implements enterprise managed encryption key for an enterprise using encryption for cloud-based services. In some embodiments, the enterprise deploys a key agent on the enterprise data network to distribute encryption key material to the network intermediary on a periodic basis. The network intermediary receives the encryption key material from the enterprise and stores the encryption key material in temporary storage and uses the received encryption key material to derive a data encryption key to perform the encryption of the enterprise's data. In this manner, the enterprise can be provided with the added security assurance of maintaining and managing its own encryption key while using cloud-based data storage services. The encryption key management system and method can be applied to ensure that the enterprise's one or more encryption keys do not leave the enterprise's premises.

Abstract: A method for operating a fuel cell power plant to supply power to an internal load and an external load, includes the steps of evaluating power needs of the internal and external loads to determine a fixed IDC value sufficient to supply the needs; providing auxiliary power to the internal load and output power to the external load so as to maintain operation of the fuel cell power plant at the fixed IDC value; and adjusting at least one of the auxiliary power to the internal load and output power to the external load so as to maintain operation of the fuel cell power plant at the fixed IDC value. Operation within a preselected voltage range is also provided.

Abstract: A method for operating a fuel cell power plant to supply power to an internal load and an external load, includes the steps of evaluating power needs of the internal and external loads to determine a fixed IDC value sufficient to supply the needs; providing auxiliary power to the internal load and output power to the external load so as to maintain operation of the fuel cell power plant at the fixed IDC value; and adjusting at least one of the auxiliary power to the internal load and output power to the external load so as to maintain operation of the fuel cell power plant at the fixed IDC value. Operation within a preselected voltage range is also provided.

Abstract: An auxiliary load (148) for a fuel cell stack (102) is alternatively connected and disconnected from the fuel cell external circuit (177, 178) by a switch (200) in response to a switch control (201), repetitively, during startup and shutdown. The switch may be an insulated gate bipolar transistor (208) which is turned on and off by hunting between an upper limit voltage (207) and a lower limit voltage (208), which may be performed by compare circuits (205, 206), by the controller (202), or by commercially available voltage responsive hysteresis switches. Schedules of duty cycle as a function of cell stack voltage for startup (212) and shutdown (213) control a pulse width modulator (215) which operates the switch. Controls (229, 231) may limit the modulation so that the auxiliary load does not overheat, in response to temperature (221) of the load or a voltage/power model (235). The auxiliary load may comprise a heater in a water accumulator (247), an air intake (257) or an enthalpy recovery device (262).

Abstract: A method for operating a fuel cell power plant to supply power to an internal load and an external load, includes the steps of evaluating power needs of the internal and external loads to determine a fixed IDC value sufficient to supply the needs; providing auxiliary power to the internal load and output power to the external load so as to maintain operation of the fuel cell power plant at the fixed IDC value; and adjusting at least one of the auxiliary power to the internal load and output power to the external load so as to maintain operation of the fuel cell power plant at the fixed IDC value.

Abstract: An auxiliary load (148) for a fuel cell stack (102) is alternatively connected and disconnected from the fuel cell external circuit (177, 178) by a switch (200) in response to a switch control (201), repetitively, during startup and shutdown. The switch may be an insulated gate bipolar transistor (208) which is turned on and off by hunting between an upper limit voltage (207) and a lower limit voltage (208), which may be performed by compare circuits (205, 206), by the controller (202), or by commercially available voltage responsive hysteresis switches. Schedules of duty cycle as a function of cell stack voltage for startup (212) and shutdown (213) control a pulse width modulator (215) which operates the switch. Controls (229, 231) may limit the modulation so that the auxiliary load does not overheat, in response to temperature (221) of the load or a voltage/power model (235). The auxiliary load may comprise a heater in a water accumulator (247), an air intake (257) or an enthalpy recovery device (262).

Abstract: A method for operating a fuel cell power plant to supply power to an internal load and an external load, includes the steps of evaluating power needs of the internal and external loads to determine a fixed IDC value sufficient to supply the needs; providing auxiliary power to the internal load and output power to the external load so as to maintain operation of the fuel cell power plant at the fixed IDC value; and adjusting at least one of the auxiliary power to the internal load and output power to the external load so as to maintain operation of the fuel cell power plant at the fixed IDC value.

Abstract: A control system and method for controlling a fuel processing system operational to produce a gas for a downstream process from a fuel, wherein the fuel processing system uses a plurality of fuel processing elements, a fuel input and a waste gas input, each of the fuel processing elements having an individual output and the plurality of fuel processing elements having a collective output, and wherein the downstream process has a waste gas output and a dynamic gas load demand. The control system includes a device for receiving communication from the downstream process indicative of the dynamic load demand and a device for controlling the collective output level of the gas in response to the dynamic load demand.