Claims
- 1. A method for secure computational outsourcing comprising:
determining a first set of actual arguments for an outsourced computation; determining a second set of actual arguments for said outsourced computation; preparing a first group of disguised arguments corresponding to said first set of actual arguments with a first computer; preparing a second group of disguised arguments corresponding to said second set of actual arguments with a second computer; outputting said first and second groups of disguised arguments from said first and second computers, respectively, for performance of said outsourced computation; receiving said first and second groups of disguised arguments with a third computer; performing said outsourced computation with said third computer using said first and second groups of disguised arguments to achieve a result; sending said result from said third computer to said first and second computers; and receiving said result with said first and second computers.
- 2 The method of claim 1, wherein said result is in a disguised form relative to an actual answer that would have been obtained by submitting said first and second sets of actual arguments to said third computer for said outsourced computation.
- 3. The method of claim 1, further comprising computing an actual answer from said result with said first and second computers.
- 4. The method of claim 1, wherein said first computer has a memory, said memory comprising a plurality of computation types, and wherein said step of preparing said first group of disguised arguments comprises:
classifying said outsourced computation into one of said plurality of computation types; selecting at least one of a plurality of disguising operations based on said classifying step; and performing said at least one disguising operation on said first set of actual arguments with said first computer to provide said first group of disguised arguments.
- 5. The method of claim 4, wherein said plurality of computation types comprises at least one computation type selected from the group consisting of matrix multiplication, matrix inversion, solution of a linear system of equations, quadrature, convolution, solution of one or more differential equations, optimization, solution of a nonlinear system of equations, image edge detection, sorting, character string pattern matching, integral equations, statistical regression, statistical correlation, natural language processing, biometric data matching, database analysis, data mining, and classification problems.
- 6. The method of claim 1, wherein said second computer has a memory, said memory comprising a plurality of computation types, and wherein said step of preparing said second group of disguised arguments comprises:
classifying said outsourced computation into one of said plurality of computation types; selecting at least one of a plurality of disguising operations based on said classifying step; and performing said at least one disguising operation on said second set of actual arguments with said second computer to provide said second group of disguised arguments.
- 7. The method of claim 6, wherein said plurality of computation types comprises at least one computation type selected from the group consisting of matrix multiplication, matrix inversion, solution of a linear system of equations, quadrature, convolution, solution of one or more differential equations, optimization, solution of a nonlinear system of equations, image edge detection, sorting, character string pattern matching, integral equations, statistical regression, statistical correlation, natural language processing, biometric data matching, database analysis, data mining, and classification problems.
- 8. The method of claim 1, wherein said step of preparing said first group of disguised arguments comprises performing at least one disguising operation on said first set of actual arguments with said first computer to provide said first group of disguised arguments, and said step of preparing said second group of disguised arguments comprises performing at least one disguising operation on said second set of actual arguments with said second computer to provide said second group of disguised arguments, the method further comprising the step of:
exchanging information related to said at least one disguising operation performed on said first set of actual arguments and said at least one disguising operation performed on said second set of actual arguments between said first and second computers to permit each of said first and second computers to compute an actual answer from said result.
- 9. The method of claim 1, wherein said third computer is remotely located relative to said first and second computers.
- 10. The method of claim 1, wherein each of said steps of preparing a first group of disguised arguments and a second group of disguised arguments comprises generating a plurality of random numbers, said random numbers each being generated by one of a plurality of random number generation techniques, said techniques each comprising at least one different distribution parameter.
- 11. The method of claim 10, wherein each of said steps of preparing a first group of disguised arguments and a second group of disguised arguments further comprises defining a plurality of disguise functions with one or more of said random numbers.
- 12. The method of claim 1, wherein each of said steps of preparing a first group of disguised arguments and a second group of disguised arguments comprises modifying a linear operator.
- 13. The method of claim 1, wherein each of said steps of preparing a first group of disguised arguments and a second group of disguised arguments comprises altering a dimension corresponding to said first and second sets of actual arguments to provide said first and second groups of disguised arguments, respectively.
- 14. The method of claim 13, wherein each of said altering steps comprises expanding the dimension.
- 15. The method of claim 1, wherein each of said steps of preparing a first group of disguised arguments and a second group of disguised arguments comprises performing a function substitution in accordance with at least one mathematical identity.
- 16. A method for secure computational outsourcing comprising:
providing to a computer a plurality of disguised arguments from a first source and a second source, said plurality of disguised arguments hiding a plurality of actual arguments; providing said computer with one or more instructions for performing an outsourced computation on said plurality of disguised arguments; performing said outsourced computation on said disguised arguments with said first computer using said one or more instructions; and outputting a result of said outsourced computation with said computer to both said first source and said second source.
- 17. The method of claim 16, wherein said outsourced computation is of a type selected from the group consisting of matrix multiplication, matrix inversion, solution of a linear system of equations, quadrature, convolution, solution of one or more differential equations, optimization, solution of a nonlinear system of equations, image edge detection, sorting, character string pattern matching, integral equations, statistical regression, statistical correlation, natural language processing, biometric data matching, database analysis, data mining, and classification problems.
- 18. A system for secure computational outsourcing comprising:
a first computer operable to define a first set of actual arguments for an outsourced computation, said first computer being programmed to determine a first group of disguised arguments from said first set of actual arguments, said first group of disguised arguments hiding at least one characteristic of said first set of actual arguments; a second computer operable to define a second set of actual arguments for said outsourced computation, said second computer being programmed to determine a second group of disguised arguments from said second set of actual arguments, said second group of disguised arguments hiding at least one characteristic of said second set of actual arguments; first and second output devices responsive to said first and second computers, respectively, to output said first and second groups of disguised arguments for remote performance of said outsourced computation; and first and second input devices to permit said first and second computers, respectively, to receive a disguised result of said outsourced computation performed with said first and second groups of disguised arguments, said first and second computers being operable to determine an actual answer from said disguised result.
- 19. The system of claim 18, wherein said first and second computers are further programmed to classify said outsourced computation as being one of a plurality of computation types, said plurality of computation types comprising at least one computation type selected from the group consisting of matrix multiplication, matrix inversion, solution of a linear system of equations, quadrature, convolution, solution of one or more differential equations, optimization, solution of a nonlinear system of equations, image edge detection, sorting, character string pattern matching, integral equations, statistical regression, statistical correlation, natural language processing, biometric data matching, database analysis, data mining, and classification problems.
- 20. The system of claim 18, further comprising a computing center, said computing center being programmed to perform said outsourced computation with said first and second groups of disguised arguments.
- 21. The system of claim 18, wherein said first and second computers each comprises a memory and a library of disguising operations stored in said memory, wherein said programming of each said first and second computers references said library to generate said first and second groups of disguised arguments, respectively.
- 22. The system of claim 21, wherein said library of disguising operations comprises at least one disguising operation selected from the group consisting of random object generation, argument dimension modification, linear operator modification, mathematical identity substitution, coordinate system modification, domain mapping, inserting partitions of unity, logical identity substitution, inserting redundant computations, and disguise function generation.
- 23. The system of claim 18, wherein said first and second computers are operable to generate said first and second groups of disguised arguments, respectively, using first and second disguising operations, respectively, said first computer being operable to output information related to said first disguising operation to be received by said second input device of said second computer, and said second computer being operable to output information related to said second disguising operation to be received by said first input device of said first computer, thereby permitting each of said first and second computers to determine said actual answer from said result.
- 24. A method for secure computational outsourcing comprising:
obtaining a first set of actual data; preparing a first set of disguised data corresponding to said first set of actual data with a first computer; transmitting said first set of disguised data from said first computer to a second computer; preparing a second set of disguised data corresponding to a second set of actual data; comparing said first set of disguised data to said second set of disguised data with said second computer; and transmitting a result of said comparing step from said second computer to said first computer.
- 25. The method of claim 24, further comprising the step of transmitting said second set of disguised data from a third computer to said second computer prior to said comparing step.
- 26. The method of claim 24, wherein said second set of actual data is stored in a database, said third computer being operable to prepare said second set of disguised data from said database prior to said transmitting step.
- 27. The method of claim 24, further comprising the step of selectively performing a function in response to instructions from said first computer based on said result received from said second computer.
- 28. The method of claim 27, wherein said selectively performed function comprises an authorization function selected from the group consisting of providing access to an area of a building, automatically unlocking a door, and approving a business transaction.
- 29. The method of claim 24, wherein said first set and said second set of actual data are disguised using an identical disguising operation.
- 30. The method of claim 24, wherein said first set of actual data is selected from a group consisting of fingerprint identification data, DNA sequence data, credit card data, image data, text data, biometric data, password data, keyword data, smart card data, and planar graph data.
- 31. The method of claim 24, wherein said first set and said second set of actual data each comprises an image matrix.
- 32. The method of claim 31, wherein said result comprises a score matrix.
- 33. The method of claim 24, wherein said first set of actual data is obtained using at least one input device.
- 34. The method of claim 33, wherein said at least one of said at least one input devices is selected from the group consisting of a fingerprint reader, a voice print reader, a face geometry reader, a hand geometry reader, an iris scanner, a retina scanner, a bar code reader, an IR signal receiver, an RF signal receiver, a magnetic stripe reader, and a smart card reader.
- 35. The method of claim 24, wherein said second set of disguised data is prepared by a third computer.
- 36. A method for securing data from unauthorized access, theft and tampering, said data and an associated computer program being stored in a computer memory, said method comprising:
performing a disguising operation on said data to disguise said data; and performing a tamperproofmg operation on said computer program.
- 37. The method of claim 36, wherein said data comprises a plurality of data elements, and wherein said disguising operation comprises:
generating a random number for each data element; and modifying each data element by adding said random number to said data element.
- 38. The method of claim 37, wherein seeds for generating said random numbers are obtained from said data elements.
- 39. The method of claim 37, wherein each said data elements comprises a function and said random numbers are generated using a perturbation of said function.
- 40. The method of claim 37, wherein each said data elements comprises a symbolic element and said symbolic element is used to perform said disguising operation.
- 41. The method of claim 36, wherein said data comprises a plurality of ordered data elements and said disguising operation comprises the step of randomly reordering said ordered data elements.
- 42. The method of claim 36, wherein said data comprises a plurality of real numbers, said method further comprising using a floating-point processor of said computer to perform said disguising operation.
- 43. The method of claim 36, wherein said computer program comprises instructions for accessing said data.
- 44. The method of claim 43, wherein said computer program further comprises instructions for accessing information about said data.
- 45. The method of claim 44, wherein said information about said data comprises instructions for changing said data.
- 46. The method of claim 45, wherein said information about said data further comprises an identity of a person authorizing a change to said data.
- 47. A method for securing data from unauthorized access, theft and tampering, said data and an associated computer program being stored in a computer memory, said computer program being written in a first programming language, said method comprising:
partitioning said computer program into a first program and a second program; executing said first program to determine whether access to said data is authorized; executing said second program to entangle said second program and said data; and translating said second program into a second programming language to secure said data.
- 48. The method of claim 47, wherein said step of executing said first program comprises determining whether an authorized output device is being used to access said data.
- 49. The method of claim 47, wherein said step of executing said first program further comprises:
obtaining said identity of said person using said computer to access said data; and determining whether said identity is authorized to access said data.
- 50. The method of claim 47, wherein said step of executing said first program further comprises:
obtaining said identity of said computer being used to access said data; and determining whether said identity is authorized to access said data.
- 51. The method of claim 47, wherein said step of executing said second program further comprises intermixing portions of said second program and portions of said data.
- 52. A method for securing a plurality of data elements from unauthorized access, theft, and tampering, said data elements and an associated computer program being stored in a computer memory, said method comprising:
executing said computer program to generate a sequence of random numbers; dividing said sequence of random numbers into a plurality of random number segments; dividing said data elements into a corresponding plurality of data segments; identifying a programming code segment associated with each of said random number segments; interspersing said code segments and data segments in a file; and replacing each data element with a code segment and a data segment in said file.
- 53. The method of claim 52, further comprising:
generating a plurality of segments of false information; and inserting a segment of false information adjacent to a corresponding data segment in said file.
- 54. The method of claim 53, wherein said segments of false information are configured to appear to comprise data, programming code, or data in combination with programming code.
- 55. A method for securing data from unauthorized access, theft and tampering, said data having an associated first computer program written in a first programming language, said data and said first computer program being stored on a computer, said method comprising the steps of:
creating a second programming language; creating a second computer program to emulate said second programming language, said second computer program configured to be executed on said computer; and translating said first computer program into said second programming language using said second computer program to secure said data.
- 56. A computer-implemented method for securing a picture from unauthorized access, theft, and tampering, said method comprising:
identifying a plurality of points on said picture to create a planar graph; determining coordinates for each of said points on said planar graph; indexing said point coordinates to create a first vector; and performing a disguising operation on said first vector.
- 57. The method of claim 56, further comprising after the step of determining coordinates for each of said points on said planar graph, the step of converting said point coordinates to represent a frontal view of said picture if said picture is not of a frontal view.
- 58. The method of claim 56, wherein said disguising operation comprises:
ordering said vector according to a random permutation of integers; generating a second vector of the same length as said first vector; and adding said second vector to said first vector.
- 59. The method of claim 56, wherein said picture comprises an image of a human face.
- 60. The method of claim 56, wherein said picture comprises an image of a fingerprint.
- 61. A computer-implemented method for identifying said subject of a first picture by comparison to a second picture, said method comprising:
identifying a plurality of points on said first and second pictures to create first and second planar graphs, respectively; determining coordinates for each of said points on each of said first and second planar graphs; indexing said point coordinates for each of said first and second planar graphs to create first and second vectors, respectively; performing a disguising operation on said first and second vectors; and comparing said first and second disguised vectors.
- 62. The method of claim 61, further comprising the step of revealing said subject of said first picture by performing an unveiling operation on said first disguised vector.
- 63. A method for securing a database from unauthorized access, theft, and tampering, said method comprising:
partitioning said database into a computer program and a plurality of data entries; assigning a key to each data entry using said computer program; and performing a disguising operation on each key and each data entry to secure said database.
- 64. The method of claim 63, wherein said disguising operation comprises:
generating random data using a random data generator; adding said random data to each data entry; and adding said random data to each key to disguise said database.
- 65. The method of claim 64, wherein said computer program comprises said random data generator, and a tamperproofing operation is performed on said computer program.
- 66. The method of claim 63, further comprising the step of detecting whether an authorized user has exceeded an access limit.
- 67. A method for securing computer program code from unauthorized access, theft, and tampering, said computer program code operable to perform a real operation on a real input to produce a real output, said method comprising:
creating dummy program code operable to perform a dummy operation on a dummy input to produce a dummy output; replicating each of said real input and said dummy input at least one time; performing said real operation using said replicated real input and said replicated dummy input to produce a first output; performing said real operation using said first output if said first output comprises said real input to produce a second output; performing said dummy operation using said first output if said first output comprises said dummy input to produce a third output; storing said second output as said real output; and storing said third output as said dummy output.
- 68. The method of claim 67, wherein said computer program code comprises a plurality of program statements.
- 69. The method of claim 68, wherein said dummy code comprises a plurality of program statements.
- 70. A method for securing a computer program from unauthorized access, theft, and tampering, said computer program comprising real programming code, said method comprising:
creating dummy program code; replicating each of said real code and said dummy code at least one time; and mixing said dummy code and said real code.
- 71. The method of 70, wherein said real code comprises a plurality of program statements.
- 72. The method of 71, wherein said dummy code comprises a plurality of program statements.
- 73. The method of claim 70, wherein said dummy code comprises a plurality of variables that are not used by said computer program.
- 74. The method of claim 73, wherein said variables are used by said dummy code more than once.
- 75. The method of claim 74, wherein each variable has a variable name and each variable name has no meaning with respect to said computer program.
- 76. A method for secure computational outsourcing comprising:
providing a first computer having a memory, said memory comprising a plurality of computation types, said plurality of computation types comprising at least one computation type selected from the group consisting of matrix multiplication, matrix inversion, solution of a linear system of equations, quadrature, convolution, solution of one or more differential equations, optimization, solution of a nonlinear system of equations, image edge detection, sorting, character string pattern matching, integral equations, statistical regression, statistical correlation, natural language processing, biometric data matching, database analysis, data mining, and classification problems; providing a second computer having a memory, said memory comprising a plurality of computation types, said plurality of computation types comprising at least one computation type selected from the group consisting of matrix multiplication, matrix inversion, solution of a linear system of equations, quadrature, convolution, solution of one or more differential equations, optimization, solution of a nonlinear system of equations, image edge detection, sorting, character string pattern matching, integral equations, statistical regression, statistical correlation, natural language processing, biometric data matching, database analysis, data mining, and classification problems; determining a first set of actual arguments for an outsourced computation; determining a second set of actual arguments for said outsourced computation; preparing a first group of disguised arguments corresponding to said first set of actual arguments with said first computer by classifying said outsourced computation into one of said plurality of computation types, selecting at least one of a plurality of disguising operations based on said classification, and performing said at least one selected disguising operation on said first set of actual arguments with said first computer to provide said first group of disguised arguments; preparing a second group of disguised arguments corresponding to said second set of actual arguments with said second computer by classifying said outsourced computation into one of said plurality of computation types, selecting at least one of a plurality of disguising operations based on said classification, and performing said at least one selected disguising operation on said second set of actual arguments with said second computer to provide said first group of disguised arguments; outputting said first and second groups of disguised arguments from said first and second computers, respectively, for performance of said outsourced computation; receiving said first and second groups of disguised arguments with a third computer; performing said outsourced computation with said third computer using said disguised arguments to produce a disguised result, said disguised result being in a disguised form relative to an actual result of said outsourced computation that would have been obtained by submitting said first and second sets of actual arguments to said third computer for said outsourced computation; sending said disguised result from said third computer to said first and second computers; receiving said disguised result with said first and second computers; exchanging information related to said at least one selected disguising operation performed on said first set of actual arguments and said at least one selected disguising operation performed on said second set of actual arguments between said first and second computers to permit each of said first and second computers to compute an actual answer from said disguised result; and computing said actual answer from said disguised result with said first and second computers.
- 77. A system for secure computational outsourcing comprising:
a first computer comprising a memory and a library of disguising operations stored in said memory, said library of disguising operations comprising at least one disguising operation selected from the group consisting of random object generation, argument dimension modification, linear operator modification, mathematical identity substitution, coordinate system modification, domain mapping, inserting partitions of unity, logical identity substitution, inserting redundant computations, and disguise function generation, said first computer being operable to define a first set of actual arguments for an outsourced computation, said first computer having a resident program for creating a first group of disguised arguments from said first set of actual arguments, said program capable of selecting one or more disguising operations from said library of disguising operations and applying said selected one or more disguising operations to said first set of actual arguments to create said first group of disguised arguments, said first group of disguised arguments hiding at least one characteristic of said first set of actual arguments, said program further capable of classifying said outsourced computation as being one of a plurality of computation types, said plurality of computation types comprising at least one computation type selected from the group consisting of matrix multiplication, matrix inversion, solution of a linear system of equations, quadrature, convolution, solution of one or more differential equations, optimization, solution of a nonlinear system of equations, image edge detection, sorting, character string pattern matching, integral equations, statistical regression, statistical correlation, natural language processing, biometric data matching, database analysis, data mining, and classification problems; a second computer comprising a memory and a library of disguising operations stored in said memory, said library of disguising operations comprising at least one disguising operation selected from the group consisting of random object generation, argument dimension modification, linear operator modification, mathematical identity substitution, coordinate system modification, domain mapping, inserting partitions of unity, logical identity substitution, inserting redundant computations, and disguise function generation, said second computer being operable to define a second set of actual arguments for an outsourced computation, said second computer having a resident program for creating a second group of disguised arguments from said second set of actual arguments, said program capable of selecting one or more disguising operations from said library of disguising operations and applying said selected one or more disguising operations to said second set of actual arguments to create said second group of disguised arguments, said second group of disguised arguments hiding at least one characteristic of said second set of actual arguments, said program further capable of classifying said outsourced computation as being one of a plurality of computation types, said plurality of computation types comprising at least one computation type selected from the group consisting of matrix multiplication, matrix inversion, solution of a linear system of equations, quadrature, convolution, solution of one or more differential equations, optimization, solution of a nonlinear system of equations, image edge detection, sorting, character string pattern matching, integral equations, statistical regression, statistical correlation, natural language processing, biometric data matching, database analysis, data mining, and classification problems; a first output device responsive to said first computer to output said first group of disguised arguments and first identifying information about said one or more disguising operations applied to said first set of actual arguments; a second output device responsive to said second computer to output said second group of disguised arguments and second identifying information about said one or more disguising operations applied to said second set of actual arguments; a computing center, said computing center being separated from said first and second computer and capable of receiving said first and second group of disguised arguments and performing said outsourced computation with said first and second groups of disguised arguments to produce a disguised result; a first input device communicatively connected to said first computer and arranged to permit said first computer to receive said second identifying information about said one or more disguising operations applied to said second set of actual arguments from said second computer and to receive said disguised result of said outsourced computation performed with said first and second groups of disguised arguments from said computing center, said first computer being operable to determine an actual answer from said result based upon said first and second identifying information; and a second input device communicatively connected to said second computer and arranged to permit said second computer to receive said first identifying information about said one or more disguising operations applied to said first set of actual arguments from said first computer and to receive said disguised result of said outsourced computation performed with said first and second groups of disguised arguments from said computing center, said second computer being operable to determine an actual answer from said result based upon said first and second identifying information.
RELATED APPLICATIONS
[0001] This application: (i) claims the benefit of U.S. Provisional Application Serial No. 60/276,598, filed Mar. 16, 2001; (ii) is a continuation-in-part of U.S. application Ser. No. 09/312,230, filed May 14, 1999, which claims the benefit of U.S. Provisional Application Serial No. 60/085,515, filed May 14, 1998; and (iii) is a continuation-in-part of U.S. application Ser. No. 09/455,580, filed Dec. 6, 1999, which claims the benefit of U.S. Provisional Application Serial No. 60/152,769, filed Sep. 3, 1999. The disclosure of each above-referenced application is hereby incorporated by reference in its entirety.
Provisional Applications (3)
|
Number |
Date |
Country |
|
60276598 |
Mar 2001 |
US |
|
60085515 |
May 1998 |
US |
|
60152769 |
Sep 1999 |
US |
Continuation in Parts (2)
|
Number |
Date |
Country |
Parent |
09312230 |
May 1999 |
US |
Child |
10100682 |
Mar 2002 |
US |
Parent |
09455580 |
Dec 1999 |
US |
Child |
10100682 |
Mar 2002 |
US |