The following relates to secure information storage, access, and processing arts, and to related arts, and to applications of same.
In some database applications, one party (e.g., a “client”) may seek access to information contained in a database controlled by another party (e.g., a “server”) but under highly secure conditions. The client may not want to (or may be legally bound not to) disclose the nature of the information sought. In such cases the server may be willing to provide this information in a “blind” fashion, that is, without knowing what information was sent to the client. But, the server is likely to want to be able to track the quantity of delivered information, for example in order to charge for its delivery, or in order to maintain usage statistics justifying the continued maintenance of the database. The server may also want to prevent inadvertent disclosure of items that were not requested by the client, and/or the client may want to ensure that the received information is actually the information that the client requested. The server may not want to publish the database in its entirety (or even in sizable part), as the database may comprise confidential information whose publication might result in loss of trade secret rights, loss of copyright rights, or forfeiture of other intellectual property rights.
The security requirements for such applications may be summarized as follows: (1) The Server does not learn which item is retrieved by the client; (2) The Server does not learn the item index searched by the client; (3) The Server does receive a count of the number of retrieved items; and (4) The Client does not learn the content of any items whose retrieval is not counted by the Server.
Examples of applications that would benefit from such a highly secure retrieval protocol include various natural language translation resources. For example, a translation memory (TM) is a natural language translation resource in which source-language text is stored together with corresponding translated target-language text. By way of specific example, a French-English TM stores French text and corresponding translated English text. Creating a reasonably comprehensive TM is an extensive undertaking, and it is likely that the TM owner will want to receive remuneration from users of the TM. On the other hand, a TM user may be translating text that is confidential in nature, and may be unwilling to allow the Server to have access to the source text or the retrieved target text.
Another example of a natural language resource for which similar considerations may pertain is a phrase table for statistical machine translation (SMT). Here the input is a source language phrase and the output is a target language translated phrase and its statistics. Yet another example is a language model where the input is a word n-gram and the output includes n-gram statistics.
As another example of an application that would benefit from a highly secure retrieval protocol of the type addressed herein, consider an electronic encyclopedia. In this case the input is the search term that is to be looked up, and the output is the article for that word or phrase. Again, the owner of such an encyclopedia is likely to want to receive remuneration from users. (As an alternative commercial model, the encyclopedia may include advertisements sent to the user along with the retrieved article, and the owner may receive remuneration from the advertisers on the basis of the number of retrieved articles that are sent out with the advertisor's advertisements. As an alternative non-profit model, the encyclopedia may receive operational support from a philanthropic organization and the owner or maintainer may need to provide article retrieval statistics to justify, or increase, the operational support).
On the other hand, a user of the encyclopedia who is researching a confidential matter may be unwilling to allow the owner to know which articles are retrieved by the user, as such information could enable the owner to guess the research topic and hence gain insight into the confidential matter.
In spite of such potential applications, achieving highly secure database retrieval protocols has heretofore been difficult. The following sets forth improved methods and apparatuses.