Patents by Inventor Walter Tighzert
Walter Tighzert has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10162858Abstract: Methods, systems, and computer-readable storage media for optimizing query processing in encrypted databases. In some implementations, actions include receiving a query that is to be used to query an encrypted database, generating a plurality of query plans based on the query, each query plan including a local query and one or more remote queries, the local query being executable at a client-side and the one or more remote queries being executable at a server-side, selecting an optimal query plan from the plurality of query plans, providing one or more remote queries of the optimal query plan to the server-side for execution, receiving one or more remote results, and processing a local query of the optimal query plan and the one or more remote results to provide a final query result.Type: GrantFiled: July 31, 2013Date of Patent: December 25, 2018Assignee: SAP SEInventors: Florian Kerschbaum, Patrick Grofig, Martin Haerterich, Mathias Kohler, Andreas Schaad, Axel Schroepfer, Walter Tighzert
-
Patent number: 9830470Abstract: Methods, systems, and computer-readable storage media for processing queries in analytical web applications over encrypted data. Implementations include actions of receiving, by a database driver executed on a server-side computing device and from a client-side proxy, a query and one or more encryption keys, the one or more encryption keys having been selected by the client-side proxy based on operations required to perform the query, performing at least one operation of the query to provide a query result including encrypted data, and transmitting, by the database driver, the encrypted data to the client-side proxy, the client-side proxy processing the encrypted data to provide plaintext data to an end user.Type: GrantFiled: October 9, 2015Date of Patent: November 28, 2017Assignee: SAP SEInventors: Florian Kerschbaum, Benny Fuhry, Wei Xu, Josef Köeble, Walter Tighzert
-
Publication number: 20170103227Abstract: Methods, systems, and computer-readable storage media for processing queries in analytical web applications over encrypted data. Implementations include actions of receiving, by a database driver executed on a server-side computing device and from a client-side proxy, a query and one or more encryption keys, the one or more encryption keys having been selected by the client-side proxy based on operations required to perform the query, performing at least one operation of the query to provide a query result including encrypted data, and transmitting, by the database driver, the encrypted data to the client-side proxy, the client-side proxy processing the encrypted data to provide plaintext data to an end user.Type: ApplicationFiled: October 9, 2015Publication date: April 13, 2017Inventors: Florian Kerschbaum, Benny Fuhry, Wei Xu, Josef Köeble, Walter Tighzert
-
Patent number: 9607161Abstract: Methods, systems, and computer-readable storage media for selecting columns for re-encryption in join operations. In some implementations, actions include determining a first column and a second column to be joined, receiving a first key corresponding to the first column and a second key corresponding to the second column, receiving a first rank associated with the first key and a second rank associated with the second key, selecting the second column for re-encryption based on the first rank and the second rank, and providing the first column, the second column, and the first key for performing a join operation, the second column being re-encrypted based on the first key.Type: GrantFiled: February 25, 2015Date of Patent: March 28, 2017Assignee: SAP SEInventors: Martin Haerterich, Florian Kerschbaum, Patrick Grofig, Mathias Kohler, Andreas Schaad, Axel Schroepfer, Walter Tighzert
-
Patent number: 9547720Abstract: Methods, systems, and computer-readable storage media for enforcing access control in encrypted query processing. Implementations include actions of obtaining a set of user groups based on the user credential and a user group mapping, obtaining a set of relations based on the query, obtaining a set of virtual relations based on the set of user groups and the set of relations, receiving a first rewritten query based on the set of virtual relations and a query rewriting operation, encrypting the first rewritten query to provide an encrypted query, and transmitting the encrypted query to at least one server computing device over a network for execution of the encrypted query over access controlled, encrypted data.Type: GrantFiled: December 24, 2014Date of Patent: January 17, 2017Assignee: SAP SEInventors: Isabelle Hang, Florian Kerschbaum, Martin Haerterich, Mathias Kohler, Andreas Schaad, Axel Schroepfer, Walter Tighzert
-
Patent number: 9537838Abstract: Methods, systems, and computer-readable storage media for proxy re-encryption of encrypted data stored in a first database of a first server and a second database of a second server. Implementations include actions of receiving a first token at the first server from a client-side computing device, providing a first intermediate re-encrypted value based on a first encrypted value and the first token, transmitting the first intermediate re-encrypted value to the second server, receiving a second intermediate re-encrypted value from the second server, the second intermediate re-encrypted value having been provided by encrypting the first encrypted value at the second server based on a second token, providing the first encrypted value as a first re-encrypted value based on the first intermediate re-encrypted value and the second intermediate re-encrypted value, and storing the first re-encrypted value in the first database.Type: GrantFiled: December 22, 2014Date of Patent: January 3, 2017Assignee: SAP SEInventors: Isabelle Hang, Florian Kerschbaum, Mathias Kohler, Martin Haerterich, Florian Hahn, Axel Schroepfer, Walter Tighzert, Andreas Schaad
-
Publication number: 20160357869Abstract: Methods, systems, and computer-readable storage media for enforcing access control in encrypted query processing. Implementations include actions of obtaining a set of user groups based on the user credential and a user group mapping, obtaining a set of relations based on the query, obtaining a set of virtual relations based on the set of user groups and the set of relations, receiving a first rewritten query based on the set of virtual relations and a query rewriting operation, encrypting the first rewritten query to provide an encrypted query, and transmitting the encrypted query to at least one server computing device over a network for execution of the encrypted query over access controlled, encrypted data.Type: ApplicationFiled: December 24, 2014Publication date: December 8, 2016Inventors: Isabelle Hang, Florian Kerschbaum, Martin Haerterich, Mathias Kohler, Andreas Schaad, Axel Schroepfer, Walter Tighzert
-
Publication number: 20160182467Abstract: Methods, systems, and computer-readable storage media for proxy re-encryption of encrypted data stored in a first database of a first server and a second database of a second server. Implementations include actions of receiving a first token at the first server from a client-side computing device, providing a first intermediate re-encrypted value based on a first encrypted value and the first token, transmitting the first intermediate re-encrypted value to the second server, receiving a second intermediate re-encrypted value from the second server, the second intermediate re-encrypted value having been provided by encrypting the first encrypted value at the second server based on a second token, providing the first encrypted value as a first re-encrypted value based on the first intermediate re-encrypted value and the second intermediate re-encrypted value, and storing the first re-encrypted value in the first database.Type: ApplicationFiled: December 22, 2014Publication date: June 23, 2016Inventors: Isabelle Hang, Florian Kerschbaum, Mathias Kohler, Martin Haerterich, Florian Hahn, Axel Schroepfer, Walter Tighzert, Andreas Schaad
-
Patent number: 9342707Abstract: Methods, systems, and computer-readable storage media for selecting columns for selecting encryption to perform an operator during execution of a database query. Implementations include actions of determining a current encryption type of a column that is to be acted on during execution of the database query, the column storing encrypted data, determining a minimum encryption type for performance of the operator on the column, selecting a selected encryption type based on the current encryption type, the minimum encryption type, and a budget associated with the column, and performing the operator based on the selected encryption type.Type: GrantFiled: November 6, 2014Date of Patent: May 17, 2016Assignee: SAP SEInventors: Florian Kerschbaum, Martin Haerterich, Isabelle Hang, Mathias Kohler, Andreas Schaad, Axel Schroepfer, Walter Tighzert
-
Publication number: 20160132692Abstract: Methods, systems, and computer-readable storage media for selecting columns for selecting encryption to perform an operator during execution of a database query. Implementations include actions of determining a current encryption type of a column that is to be acted on during execution of the database query, the column storing encrypted data, determining a minimum encryption type for performance of the operator on the column, selecting a selected encryption type based on the current encryption type, the minimum encryption type, and a budget associated with the column, and performing the operator based on the selected encryption type.Type: ApplicationFiled: November 6, 2014Publication date: May 12, 2016Inventors: Florian Kerschbaum, Martin Haerterich, Isabelle Hang, Mathias Kohler, Andreas Schaad, Axel Schroepfer, Walter Tighzert
-
Patent number: 9213764Abstract: Embodiments relate to processing encrypted data, and in particular to identifying an appropriate layer of encryption useful for processing a query. Such identification (also known as the onion selection problem) is achieved utilizing an adjustable onion encryption procedure. Based upon defined requirements of policy configuration, alternative resolution, and conflict resolution, the adjustable onion encryption procedure entails translating a query comprising an expression in a database language (e.g. SQL) into an equivalent query on encrypted data. The onion may be configured in almost arbitrary ways directing the onion selection. An execution function introduces an execution split to allow local (e.g. client-side) query fulfillment that may otherwise not be possible in a secure manner on the server-side. A searchable encryption function may also be employed, and embodiments accommodate aggregation via homomorphic encryption. Embodiments may be implemented as an in-memory column store database system.Type: GrantFiled: November 22, 2013Date of Patent: December 15, 2015Assignee: SAP SEInventors: Florian Kerschbaum, Martin Haerterich, Mathias Kohler, Isabelle Hang, Andreas Schaad, Axel Schroepfer, Walter Tighzert, Patrick Grofig
-
Publication number: 20150178507Abstract: Methods, systems, and computer-readable storage media for selecting columns for re-encrpytion in join operations. In some implementations, actions include determining a first column and a second column to be joined, receiving a first key corresponding to the first column and a second key corresponding to the second column, receiving a first rank associated with the first key and a second rank associated with the second key, selecting the second column for re-encryption based on the first rank and the second rank, and providing the first column, the second column, and the first key for performing a join operation, the second column being re-encrypted based on the first key.Type: ApplicationFiled: February 25, 2015Publication date: June 25, 2015Inventors: Martin Haerterich, Florian Kerschbaum, Patrick Grofig, Mathias Kohler, Andreas Schaad, Axel Schroepfer, Walter Tighzert
-
Publication number: 20150149427Abstract: Embodiments relate to processing encrypted data, and in particular to identifying an appropriate layer of encryption useful for processing a query. Such identification (also known as the onion selection problem) is achieved utilizing an adjustable onion encryption procedure. Based upon defined requirements of policy configuration, alternative resolution, and conflict resolution, the adjustable onion encryption procedure entails translating a query comprising an expression in a database language (e.g. SQL) into an equivalent query on encrypted data. The onion may be configured in almost arbitrary ways directing the onion selection. An execution function introduces an execution split to allow local (e.g. client-side) query fulfillment that may otherwise not be possible in a secure manner on the server-side. A searchable encryption function may also be employed, and embodiments accommodate aggregation via homomorphic encryption. Embodiments may be implemented as an in-memory column store database system.Type: ApplicationFiled: November 22, 2013Publication date: May 28, 2015Applicant: SAP AGInventors: FLORIAN KERSCHBAUM, MARTIN HAERTERICH, MATHIAS KOHLER, ISABELLE HANG, ANDREAS SCHAAD, AXEL SCHROEPFER, WALTER TIGHZERT, PATRICK GROFIG
-
Publication number: 20150149773Abstract: Embodiments provide ideal security, order-preserving encryption (OPE) of data of average complexity, thereby allowing processing of the encrypted data (e.g. at a database server in response to received queries). Particular embodiments achieve high encryption efficiency by processing plaintext in the order preserved by an existing compression dictionary already available to a database. Encryption is based upon use of a binary search tree of n nodes, to construct an order-preserving encryption scheme having ?(n) complexity and even O(n), in the average case. A probability of computationally intensive updating (which renders conventional OPE impractical for ideal security) is substantially reduced by leveraging the demonstrated tendency of a height of the binary search tree to be tightly centered around O(log n). An embodiment utilizing such an encryption scheme is described in the context of a column-store, in-memory database architecture comprising n elements.Type: ApplicationFiled: November 22, 2013Publication date: May 28, 2015Applicant: SAP AGInventors: FLORIAN KERSCHBAUM, AXEL SCHROEPFER, PATRICK GROFIG, ISABELLE HANG, MARTIN HAERTERICH, MATHIAS KOHLER, ANDREAS SCHAAD, WALTER TIGHZERT
-
Patent number: 9037860Abstract: Embodiments provide ideal security, order-preserving encryption (OPE) of data of average complexity, thereby allowing processing of the encrypted data (e.g. at a database server in response to received queries). Particular embodiments achieve high encryption efficiency by processing plaintext in the order preserved by an existing compression dictionary already available to a database. Encryption is based upon use of a binary search tree of n nodes, to construct an order-preserving encryption scheme having ?(n) complexity and even O(n), in the average case. A probability of computationally intensive updating (which renders conventional OPE impractical for ideal security) is substantially reduced by leveraging the demonstrated tendency of a height of the binary search tree to be tightly centered around O(log n). An embodiment utilizing such an encryption scheme is described in the context of a column-store, in-memory database architecture comprising n elements.Type: GrantFiled: November 22, 2013Date of Patent: May 19, 2015Assignee: SAP SEInventors: Florian Kerschbaum, Axel Schroepfer, Patrick Grofig, Isabelle Hang, Martin Haerterich, Mathias Kohler, Andreas Schaad, Walter Tighzert
-
Patent number: 9003204Abstract: Methods, systems, and computer-readable storage media for selecting columns for re-encryption in join operations. In some implementations, actions include determining a first column and a second column to be joined, receiving a first key corresponding to the first column and a second key corresponding to the second column, receiving a first rank associated with the first key and a second rank associated with the second key, selecting the second column for re-encryption based on the first rank and the second rank, and providing the first column, the second column, and the first key for performing a join operation, the second column being re-encrypted based on the first key.Type: GrantFiled: July 10, 2013Date of Patent: April 7, 2015Assignee: SAP SEInventors: Martin Haerterich, Florian Kerschbaum, Patrick Grofig, Mathias Kohler, Andreas Schaad, Axel Schroepfer, Walter Tighzert
-
Publication number: 20150039586Abstract: Methods, systems, and computer-readable storage media for optimizing query processing in encrypted databases. In some implementations, actions include receiving a query that is to be used to query an encrypted database, generating a plurality of query plans based on the query, each query plan including a local query and one or more remote queries, the local query being executable at a client-side and the one or more remote queries being executable at a server-side, selecting an optimal query plan from the plurality of query plans, providing one or more remote queries of the optimal query plan to the server-side for execution, receiving one or more remote results, and processing a local query of the optimal query plan and the one or more remote results to provide a final query result.Type: ApplicationFiled: July 31, 2013Publication date: February 5, 2015Applicant: SAP AGInventors: Florian Kerschbaum, Patrick Grofig, Martin Haerterich, Mathias Kohler, Andreas Schaad, Axel Schroepfer, Walter Tighzert
-
Publication number: 20150019879Abstract: Methods, systems, and computer-readable storage media for selecting columns for re-encryption in join operations. In some implementations, actions include determining a first column and a second column to be joined, receiving a first key corresponding to the first column and a second key corresponding to the second column, receiving a first rank associated with the first key and a second rank associated with the second key, selecting the second column for re-encryption based on the first rank and the second rank, and providing the first column, the second column, and the first key for performing a join operation, the second column being re-encrypted based on the first key.Type: ApplicationFiled: July 10, 2013Publication date: January 15, 2015Applicant: SAP AGInventors: Martin Haerterich, Florian Kerschbaum, Patrick Grofig, Mathias Kohler, Andreas Schaad, Axel Schroepfer, Walter Tighzert