KR20030072348A - Method and system for processing a request of a customer - Google Patents

Abstract

The present invention provides a method and system for securely processing a customer's sender request. The sender request may be sent to at least one first entity. A method for processing a caller request includes a) sending a sender request from a customer to a first entity or each first entity, b) connecting the first entity or each first entity to a computing entity; c) upon receipt of the sender request, adding information about the sender request by the first entity or each first entity to form a first modification request, and d) at least calculate at least a portion of the first modification request. Transmitting to the entity, e) receiving at least a portion of the first modification request by the computing entity to derive the computational entity result from at least a portion of the first modification request, and f) generating at least a portion of the computational entity result. Transmitting to a first entity or each first entity, g) receiving a portion of the calculated entity results by the first entity or each first entity and Derive a first result from the object and received by it at least a portion of the first object and the result of the step, h) at least a portion sent to the customer includes the step of inducing the customer result therefrom.

Description

METHOD AND SYSTEM FOR PROCESSING A REQUEST OF A CUSTOMER}

In an increasingly networked world, mobile code is an increasingly important programming paradigm. It provides a flexible method for structure coperative computation in distributed systems. Currently, the Internet is full of mobile code fragments, such as Java applets that represent only simple forms of mobile code.

Mobile agents are mobile code that voluntarily executes continuous collection, filtering, and processing of information on behalf of a user. They combine the benefits of an agent paradigm, such as responding to changing circumstances and autonomous operations, with the features of remote code execution, operate within a computer network, and can move from server to server to accomplish goals. Critical applications include mobile computing where bandwidth is limited or users are disconnected, data retrieval from large storage, and configuration management of software and networks. When the paradigm is integrated into large applications, the mobile agent's vision of roaming the Internet can be realized soon.

Mobile code is to be understood as a program generated by an entity called a sender, which is then sent to the entity, the host, just before it is executed by the host. That is, instead of a host, no manual intervention is required, such as running or installing a setup routine, and the mobile code is ready to run. In addition, the mobile agent can perform a continuous autonomous operation that is disconnected from the caller and freely moves to another host during its lifetime. Such agents have also been called iterative agents. Mobile code is exposed to a variety of security threats, which can be exploited by a malicious host to inspect the code, reveal the secrets delivered by the agent, and use this knowledge in interacting with the agent to gain an unfair advantage. The host may try to manipulate the result of the calculation.

There are two security issues in the realm of mobile code: (1) protecting the host from malicious code and (2) protecting the code from malicious host. The first problem has received considerable attention because of the imminent danger of computer viruses and Trojan horses. The current solution is to execute mobile code in a so-called sandbox with fine-grained access control, and apply code signatures to promote trust in the code generator.

Protecting mobile code is described by T. Sander and CFTschudin in their article "Protecting mobile agents against malicious hosts, Mobile Agents and Security" (G. Vigna, ed.), Lecture Notes in Computer Science, vol. It is also possible by some mobile code researchers only after realizing that theoretical decryption tools, as disclosed in 1419, Springer, 1998, may be useful for running mobile code in encrypted form against untrusted hosts. Was considered. Most protocols for so-called safe computations require multiple interactions, but it is not easy to achieve safety for the mobile application and the integrity of its output. Sander and Tschudin conclude that only functions that can be expressed as polynomials can be safely calculated in this way. Subsequent studies by Sander et al., As disclosed by T. Sander, A. Young and M. Yung in Non-interactive CryptoComputing for NC ₁ ˝, Proc. 40th IEEE Symposium on Foundations of Computer Science (FOCS), 1999, We extend this to all functions that can be computed by a circuit of logarithmic depth.

Another form of code is an activated mobile code that performs some immediate action on a host. Thereby, information about the encrypted calculations is often leaked to the host, so that only the sender will receive any results.

The fundamental problem with activating mobile code is that a malicious host can observe the results of the calculation and simply rerun the code with different inputs. The only existing defense against active mobile code against malicious hosts is to use reliable hardware. This has been proposed to entail running mobile code exclusively in tamperproof hardware, encrypting as soon as it is left in a trusted environment.

U. S. Patent No. 6,026, 374 is directed to a system and method for providing a description of an information product to potential consumers without using a trusted third party to disclose the full content of the information product, which may reduce the seller's benefit. The buyer believes that the third party provides an accurate description of the information for sale, while the seller believes that the third party does not reveal the content of an excessive amount of information product. The system may include a seller of information products, a buyer of such products, and a trusted third summarizer, each operating like a node in a communication network such as the Internet. Disadvantages of this system and method are that the third party must be a trusted person, and that third party has information and knows everything. This can be dangerous if the third party cracks. In addition, several messages are required to process the buyer's request.

The present invention relates to a method and system for processing a customer's request. More specifically, the present invention relates to cryptographic security of mobile agents.

Preferred embodiments of the invention are described in detail below by way of example only with reference to the following schematic diagram.

1 is an example of a communication flow in accordance with the present invention;

2 is a more detailed example of a communication flow;

3 shows another example of a communication flow.

The drawings are provided for illustrative purposes only and do not necessarily represent embodiments of the invention to scale.

Summary of the Invention

The present invention provides a method and system for securely processing a customer's sender request, ie a request initiated by the customer. This caller request is sent to at least one first entity in the mobile code or agent. A method for processing an originating seat request includes the steps of a) sending a sender request from a customer, i.e., a customer's device, to a first entity or each first entity, and b) sending the first entity or each first entity to a compute entity. Connecting, c) upon receipt of the sender request, adding information about the sender request by the first entity or each first entity to form a first modification request, and d) making a first modification request. Transmitting at least a portion to at least a computational entity, e) receiving at least a portion of the first modification request by the computational entity to derive a computational entity result from at least a portion of the first modification request, and f) the computational entity result Transmitting at least a portion of the to the first entity or each first entity, and g) at least one of the calculated entity results by the first entity or each first entity. Receiving a portion to derive a first entity result, at least partially transmitting it, and h) receiving a portion of the first entity result by the customer to derive the customer result.

The benefit is that only the customer knows the results of the calculation, so that no other entity or host knows anything except the results assigned to them. Mobile code or agents, including the originator request, can be sent over the network to various entities such that the code or at least a piece of code can be safely executed without any additional client hardware at the first entity. Safety is obtained through computational entities that are normally independent entities. This independent entity may be a computing service that performs cryptographic calculations for mobile agents, but does not know anything about encrypted computations. A standalone entity can be used for many different applications, and you do not need to know anything about its use before deploying it. In addition to authentication for the mobile agent, privacy may be maintained. In addition, the computation service itself knows nothing about the computation if it is not consigned with the code sender or the first entity.

Independent entities can be universal, not limited to a specific service or application context. For example, a security calculation server can be set up and operated by an independent entity.

The method and system may be software and commodity hardware type, and therefore may be less expensive to build and operate than any solution that includes specialized hardware.

The encryption operation can be applied to the mobile agent containing the request or result. Thus, completeness for the mobile agent can be advantageously guaranteed.

If a sender request is made by applying an encryption circuit configuration, the request can be safely calculated, and the benefit of the requester can specify how much information the entity will receive.

The sender request may include a function in the form of encryption. This is advantageous because no other entity processing the sender request can then derive useful information from it except for the results assigned to that entity.

The sender request, the first modified request, the calculated entity result and the first entity result may include an encrypted portion. This is advantageous since important information is then protected and not readable as plaintext.

The sender request may include a provider or any other legal tool. It may also include customer information such as purchase information or an address for delivery or a credit card number for a financial transaction.

The first entity result includes a web server that provides a service or a good. This service may be anything including sales, rentals, licenses or financial transactions.

The first entity result may include customer information regarding the acceptance of the sender request. This is advantageous because the first entity can then immediately deliver the service or goods and initiate the necessary transactions.

The customer result may include first entity information regarding the acceptance of the sender request. Therefore, the customer knows that his originator request will be performed and that no other action will be needed.

Referring generally to the drawings, features of a method and system for processing a customer's request using a cryptographic function are described in more detail below. When referring to the word customer, it is evident that it refers to a device such as a computer or mobile device used by the customer.

The defining element of mobile code or agent calculation is that it proceeds automatically and independently of the originator of the code. The secure mobile agent calculation is modeled on the same principle as shown in FIG. 1, whereby the box is named according to the description below.

There is one code sender O and l hosts, referred to as entities H ₁ , ... H _l hereinafter, in which the mobile agent-hereinafter the short agent-is executed.

1 shows a network such as the Internet, whereby the code originator O is connected to the first entity H ₁ , and H ₁ is also connected to the second entity H ₂ . The second entity H ₂ is connected to an entity named H _j , and H _j is also connected to an entity named H _{j + 1} , with several other entities in between, as indicated by the dashed line. Entity H _{j + 1} is connected to the entity named H _l , and entity H _l is then connected to the code caller O again. Each of the entities H ₁ , H ₂ ,..., H _j , H _{j + 1} , H _l is connected to the computational entity T.

Each entity H ₁ , H ₂ , ..., H _j , H _{j + 1} , H _l and the code sender O send and receive only a single message containing the agent. The message sent by the course sender O to the first entity H ₁ is denoted by m _o , and the message sent by another entity H _{j to} H _{j + 1 is} denoted by m _j (j = 1, ..., l-1). The message returned by the last entity H _l to code sender O is denoted by m _l .

2 shows a more detailed example of the communication flow shown in FIG. 1. The code originator O, here the customer O, is connected to the first entity H which is connected to the calculation entity T. A method for processing a customer request's originator request OR, eg, a price request including a product threshold, is performed as follows. The customer O sends the sender request OR to the first entity H. This is indicated by the arrow named m _OR . The first entity H offers several products at a particular price. The first entity H is connected to the computational entity T and, upon receipt of the sender request OR, adds information about the sender request OR, such as information about the price to accept, to form a first modified request FMR. This first modified request FMR is sent to the computing entity T as indicated by the arrow labeled m _FMR . When the calculation entity T receives the first modified request FMR, it derives the calculation entity result CER from it without knowing anything from this calculation. The calculation entity result CER is then sent back to the first entity H as indicated by the arrow labeled m _CER . When the first entity H receives the calculated entity outcome CER, it derives the first entity outcome FER therefrom and passes it back to the customer O as indicated by the arrow named m _FER . The customer O can derive the customer result CR from the first individual result FER. This customer result CR provides the customer O with information as to whether his originator request OR has been performed. The first entity H knows from the first entity outcome FER whether his proposal is acceptable to the customer. The sender request OR may include information about the customer O, namely address, credit card information, such that the first entity H immediately delivers the requested product.

In the embodiment described above, the mobile agent visits various provider sites and compares offers. The sender request OR depends not only on price, but may also include other attributes. The caller or customer O wants to maintain privacy for his or her preferences, but the store is interested in informing the buyer's tactics as well as information about other sellers' offers. In complex proposals where prices are individually determined for each consumer, such as the insurance market, the supplier wants to keep the method of pricing a secret. All these requirements can be fulfilled by the disclosed method for secure mobile code.

In another embodiment, the shopping agent traverses the network and collects proposals from various providers or entities H ₁ , H ₂ , .., H _j , H _{j + 1} , H _l , with a dictionary match for the data format of the proposal. Is helpful.

FIG. 3 shows another embodiment using the same or similar parts as shown in FIGS. 1 and 2. The difference is that the code sender O sends its own caller request OR directly to each object H ₁ , H ₂ , ..., H _l , and accordingly the caller request OR is sent to each object H ₁ , H ₂ , ..., H can be the same for _l and different.

In another embodiment, electronic negotiation is described. Electronic negotiation between the buyer and a single supplier can take place using a method for secure mobile code to visit a single host or entity H. Typically, the provider will act as sender O and will download the applet into the buyer's browser (already quite common on the Internet). The applet is executed by the buyer with the help of the calculation object T, and the proposal is displayed to the buyer. The supplier can also get some information, which should be clearly stated as a "privacy statement" with the applet.

Auctions using the generalized bidding method provide an interesting application area for secure mobile agents. A bid agent can implement a complex method that is a function of time and the behavior of other participants, which provides more flexibility to bidders than a conventional single parameter auction based solely on price. Since the values of the auction lots are correlated, the bidder is interested in making his bidding behavior as dynamic as possible, for example, to make the evaluation of the auction bundle dependent on other successful bids he observed in the previous round. Has If the bidder can represent the method as a calculable function, using that method he can construct an auction function, i.e. a circuit for calculating the result of the auction, as a separate input of every participant. This would require the auction entry to visit each bidder only once. However, in the case where the bidder cannot mathematically express the method, etc., each round of auction can be safely performed by an auction applet that visits each bidder once and returns to the auctioneer. If the bid does not exceed the minimum increment, it outputs a successful auction or the end of the auction. If a method for secure mobile calculation is used, no single entity H ₁ , H ₂ , ..., H _j (such as an auctioner, its computer system, or its operator) will see all bids. Generalized auctions are common in electronic markets, fair trade, bandwidth auctions, and transport exchanges, and bidders often prefer a combination of items.

In the following, implementation details are described.

Calculation: Put the state of the mobile agent as an element of set X. The initial state x ₀ is determined by O. Let the input by H _j be an element of the set Y _j , and the output to H _{j as} an element of Z _j . Agent calculation on entity H _j has two functions that determine the new state of the agent x _j = g _j (x _j-1 , y _j ) and the output z _j = h _j (x _j-1 , y _j )

Is represented by. O obtains the final state ξ = x _l ∈X of the agent. The functions g _j and h _j are known to all objects H ₁ , ..., H _l .

The mobile calculation method includes 2l + 2 algorithms, A ₀ , A ₁ , ..., A _l , B ₁ , ..., B _l and D, where j = 1, ..., l, and x ₀ and ∈X, y _j ∈Y _j,

The following two conditions maintain accuracy and privacy.

accuracy : And , j = 1, ... l

, j '= 1, ..., l-1.

Privacy: The inputs, outputs, and calculations of every entity remain hidden from the sender and all other entities, except after that output. O is not only will find only ξ, not know about the other which y _j, rather than coming to x ₀ and ξ, and then, similarly, H _j is only found only z _j, comes to z _j and y _j, and then No other x ₀ and y _{j '} , j'<j are known about.

For simplicity, the above method assumes that the order in which agents visit all objects is fixed. The function π: z _j → {1, ..., l} is introduced and is extended to make the sequence dependent on z _j by sending the agent from H _j to H _π (z _j ). In the case of a mobile code application with a single host, i.e., only the first entity H, the function g yields an output ξ of 0 and h produces an output z of H.

Calculation entity T is provided, which may be a general security calculation service. This computational entity T is online and is connected to every entity H ₁ , ..., H _l, or host, which runs the agent application, which can be arbitrarily disposed to secure the agent computation. No matter how it operates under the assumption that (1) the computing entity T does not contend with the sender for any entity, and (2) the computing entity T does not contend with the sender or any other entity with any other entity. It does not get any information about the calculation itself. All calculations proceed with minimal or no interaction. This method is universal and is not limited to any particular application. Therefore, the service of the calculation entity T can be provided as a public service for "secure mobile agent calculation" on the Internet. Clients or customers using this service instead of O or H (eg for comparative shopping) may fear that Computing Entity T has a "different intent" to violate their privacy (eg, customer profiling and collection of market data). no need. In addition, the computing entity T itself is interested in maintaining its reputation as a security provider.

This method is based on a function in encrypted form. For example, encrypting binary digital circuits realizes some of the agent computation. This can be realized by the encryption circuit configuration described later.

Encryption circuit configuration

Proc. 27th IEEE Symposium on Foundations of Computer Science (FOCS), 1986, pp. Introduced by A. C. Yao in the paper "How to generate and exchange secrets" in 162-167, Yao's encrypted circuit configuration is an interactive protocol for evaluating the security function between two parties or entities. This is described for the binary functions g (·, ·), Alice side (with input x) and Bob side (with input y). Bob receives the output z = g (x, y) but does not know anything else, and Alice receives nothing.

(x ₁ , ..., x _nx ), (y ₁ , ..., y _ny ) and (z ₁ , ..., z _nz ) represent the binary forms of x, y and z respectively, and C is Let's represent a polynomial magnitude binary circuit that computes g. The components of the Yao configuration include (I) the first algorithm construct that Alice uses to construct the encrypted circuit, (II) the transport protocol between Alice and Bob, and (III) Bob has g (x, y) is a second algorithm evaluate to retrieve. More specifically, this procedure is as follows.

(I) The first possible algorithm construct (C) is a tuple as input and output. Where Can be regarded as an encrypted version of n _x + n _y -input circuit C (·, ·), , , And Is the so-called key pair corresponding to x, y and z respectively

Represents a list.

password To calculate C (x, y) from Bob, Bob needs one "key" for each input bit, where L _{i, b} corresponds to input bits x _i = b, and K _{i, b} is Corresponds to input bit y _i = b. The keys U _{i, 0} and U _{i, 1} represent the output bits of the encrypted circuit, i.e., if the evaluation produces U _{i, b} , then the output bits z _i are set to b.

The specific way that is encrypted is that if two keys represent its input bits, the key representing the resulting output bit for every gate in the circuit can be easily computed but it does not reveal any information about the cleartext it represents. do.

(II) Alice and Bob are described, for example, by S. Even, O. Goldreich and A. Lempel in "A randomized protocol for signing contract", Communications of the ACM 28 (1985), 637-647 or "Information-theoretic reductions". among disclosure problems ", Proc. 27th IEEE Symposium on Foundations of Computer Science (FOCS), 1986. G. Brassard, C. Crepeau and J.-M. It uses the protocol for undetectable transmission initiated by Robert. This is an interactive two-sided protocol for a sender with two messages m ₀ and m ₁ as input and a selector with bit δ as input. As a result, the selector receives m _δ , but Does not know anything about, and the sender does not have any information about δ.

More specifically, Alice acts as a sender, and Bob gets the value K ' _i = K _{i, yi} for every bit y _i of his input _, but nothing for K _i , _{yi + 1} . At the same time, Alice knows nothing about yi.

In addition, Alice computes the key representing x as L ' _i = l _{i, xi} (i = 1, ..., n _x) and tells Bob , L ' ₁ , ..., L' _nx , Send it.

(III) Evaluate the Second Algorithm Takes as its input an encrypted circuit, a representation of x by each key and a representation of y. That's the key Bob can recover z If Alice and Bob follow the protocol, then z = g (x, y).

Implementing constructs and evaluates, which are the first and second algorithms, is described, for example, in Journal of the ACM 33 (1986), no. 4, 792-807, "How to construct random functions" can be achieved by pseudo random functions proposed by O. Goldreich, S. goldwasser and S. Micali, and are actually realized by block ciphers. Even if implemented in software, block ciphers are very fast encryption primitives.

The following describes a method of using an encrypted circuit configuration to realize secure mobile code calculation with a single, first entity. Extension to multiple entities is considered later.

The calculating entity T issues a public key of the encryption method. Corresponding cryptography and decryption operations are represented by E _T (·) and D _T (·) respectively. All entities can communicate over a secure authentication link, which can be realized by using standard public key encryption and digital signatures.

The basic method is an encrypted circuit where O calculates two values ξ and z To construct. Code caller O to the first object H But encrypts all keys in x for T so that the first entity H knows nothing about ξ, and Key pairs within (Indicated by). Then, the first entity H uses the encryption key representing y Selects and invokes a computational entity T that decrypts them in a single round of interaction. The first entity H then evaluates the circuit and obtains z, which returns to O a key representing ξ at the circuit output, where O determines ξ.

C n _x + n _y input bits And n _x + n _z output bits Let's slightly modify the notation of the previous section, leaving the binary circuit to calculate (ξ, z) = (g (x, y), h (x, y)) from the same input with. As described in the following, the method proceeds to five steps 1) to 5).

1) O selects a string id that uniquely identifies the calculation, such as the name of O, a description of g and h, and a sequence counter. O calls the constructor (C), As mentioned above in obtaining Consists of a total of n _x + n _z key pairs. Has index 1, ..., n _x Denote pairs, Denotes a pair by U with indices n _{x + 1} , ..., n _{x + z} .

for i = 1, ..., n _y and b∈ {0,1}, to be.

Is called a list of all such K pairs. Then, as described above, for i = 1, ..., n _x , O is L ' _i = L _{i, xi} , Is transmitted to the first entity H.

2) The first entity H sets K ' _yi = K _i to be a cipher representing its input y for i = 1, ..., n _y , and sends them along with id to calculation T.

3) Computing entity T decrypts K ' _i for i = 1, ..., n _y and verifies that the ith decrypted string includes identifier id and index i. If all checks are successful, the estimated entity T is the decrypted key Returns to the first entity H.

4) The first entity H calls the second algorithm evaluation (C, L ' ₁ , ..., L' _nx , K ' ₁ , ...., K' _ny ), Acquire. Then, the first entity H is given by i = 1, ..., n _z To be To determine the remaining values To the code sender O.

5) Code originator O for i = 1, .., n _x Determine the output ξ = (ξ ₁ , ...., ξn _x ) so that

For improved security, the computational entity T is referred to as "Non-malleable crytography", SIAM Journal on Computing 30 (2000), no. 2, 391-437, should use a secure (meaning robust) public key cryptography scheme against adaptive selected cryptographic attacks initiated by D. Dolev, C. Dwork and M. Naor. The code sender O and the first entity H also commit to their input. In real systems, for example, "Random oracles are practical: A paradign for designing efficient protocols", Proc. All of this can be realized with a "random oracle model" using so-called secure hash functions, disclosed by M. Bellare and P. Rogaway in 1st ACM Conference on Computer and Communication Security, 1993. In this case, the public key encryption method and pseudo random functions for circuit encryption are described in "Number-theoretic constructions of efficient pseudo-random functions", Proc. It can be implemented in discrete logarithms based on the difficult Diffiee-Hellman problem disclosed by M. Naor and O. Reingold in 38th IEEE Symposium on Foundations of Computer Sicence (FOCS), 1997.

In the following, as indicated in FIG. 1, an extension of the above-described method for achieving a general mobile computing method with a plurality of entities H ₁ , ..., H _l is disclosed. Generalization is a natural generalization in which each entity performs steps 2) to 4) of the basic method described above, and then sends an agent to the next entity.

Accordingly, the code sender O prepares one encrypted circuit C for each object H ₁ , ..., H _l , and encrypts the encrypted state x _j-1 for j> 1. from Make it. This means that the hidden form of the input To decrypt with Output key from Is achieved by using

In symmetric cryptography with cryptographic and decryption operations under the key k denoted by E _k (·) and D _k (·) respectively, if a potential key U and a ciphertext c are given, whether c will result from the cryptography under U The encryption system includes sufficient redundancy so that it can be determined fairly accurately. Modifications to the method are as follows.

1a) code sender O for j = 1, ..., l And Mentioned above Obtain in the same way as. However, the code caller O Only value for Select. The identifier at the jth stage is set to id | j. Code sender O is also j> 1 for each and two passwords for i = 1, ..., n _x Prepare them, And List of these pairs. It is optionally substituted before being assigned to.

After that, the code caller O

for j = 2, ..., l Is sent to the first entity H ₁ in a single message.

About 2a) j> 1, _j-1 from H when H _j run to step 2 of the preferred method And , Which was previously evaluated Has

Each object is a symmetric key Is translated into E, and it is ciphertext And Determining which one to decrypt, decrypts the matched ciphertext. This is the undetectable representation of the i th bit in the agent's current state x _j To calculate. These keys are then Used to evaluate

3a) H _j is being evaluated Obtaining its output from it, it retrieves all data received from H _j-1 And pass to H _{j + 1} . At the end of the circle, H _l is Returns to the code sender O.

Code Generation for Calculation Object T

In a change where the roles of O and T change, the computing entity T creates an encrypted circuit. Since it is believed to follow the protocol, there is no need to add an expensive zero-knowledge proof for the accuracy of the overall circuit. Therefore, the proof of correspondence ensuring different entity behavior and robustness is much simpler. The computing entity T needs to know g and h to construct the circuit, but it can get the description of C from O as the first protocol message.

"Privacy preserving auctions and mechanism design", Proc. A three-party oblivious transfer protocol is used, as initiated by M. Naor, B. Pinkas and R. Sumner in the 1st ACM Conference on Electronic Commerce, 1999, where the role of the selector is the selector. And a third party called a receiver. Compared to the standard concept of undetectable transmission, the receiver gets the output message m _δ specified by the selector, which the selector itself knows nothing about. This so-called "proxy" undetectable transmission can be realized using three message flows: selector to receiver, receiver to sender and vice versa.

The protocol also uses a one-round implementation of standard undetectable transmission between the two sides, in the paper "One-round secure computation and secure autonomous mobile agenets", at Proc. 27th International Colloquium on Automata, Language and Programming (ICALP) (U. Montanari, JP Rolim, and E. Wlzl, eds), Lecture Notes in Computer Science, vol. 1853, Springer, July 2000, pp. Disclosed in 512-523. It can be realized using the method of.

As in the basic method, the components of an encrypted circuit configuration apply. The protocol is described for the basic case of mobile code with a single entity H. Assume that O uses a public key encryption method with encryption and decryption operations indicated by Eo (·) and Do (·) respectively. O starts counting as one selector for each bit of x with n _x parallel three party undetectable transmission as a selector. O sends this concealed selection along with C and E (·) to H acting as the receiver in the third party undetectable transmission. H forwards the appropriate data to T acting as the sender, which will transmit the key pair L in the third party undetected transmission. In addition, H also prepares inputs with n _y parallel 1 round undetectable transmissions (which act as selectors), one for each bit of _y . It sends these to T along with the description of C and Eo (·), which will transmit the key pair K in one round undetectable transmission.

T And key pair Call configuration (C) to obtain. that is Respond to H with the final flow in all undetectable transmission protocols.

Where H is the key representing x And a key representing y Can be determined. It is rated as described above By running Acquire. After that, it And Determines its output z from To With o to pass. This allows O to obtain its output ξ.

The following represents a single host, that is, the first object hosts l H _{1, 1} ... from H, an extension of the protocol to H _l. The protocol starts for the first host as before. However, the steps for H ₂ ,..., H _l are somewhat different, where no third party undetectable transmission and encryption under Eo are used. Instead, T Is within the input of and As in From Key indicating agent's status x _j-1 under output key in Encrypt it. key May be stored by T or transmitted along the protocol flow between steps j-1 and j, and transmitted through H _j-1 and H _j , and encrypted by E _T (·). In addition, the last host is encrypted from T to Eo (·). And pass it to O as described above.

The communication pattern is the same as the basic method: one message from O to H ₁ , one message from H _{j -1} to H _j , one message from H _l to O plus between each host and compute entity T There is one communication flow. Robustness can be added by using robust public key encryption methods and non-reciprocal knowledge of nonknowledge. However, the result would be much more practical because knowledgeless proof is not needed for potentially large cryptographic circuits. In addition, the encrypted circuit configuration can be implemented by block cipher instead of public key operation.

The disclosed embodiments can be combined with one or several other embodiments shown and / or described. This is also possible for one or more features of the embodiments.

The invention can be realized in hardware, software or a combination of hardware and software. Any kind of computer system—or other apparatus suitable for carrying out the methods described herein—is suitable. A typical combination of hardware and software may be a general purpose computer system having a computer program that controls the computer system to perform the methods described herein when loaded and executed. The invention includes all the features that enable implementation of the methods described herein and may be incorporated into a computer program product capable of performing these methods when loaded into a computer system.

Computer program means or a computer program in this context means that a system having information processing capability directly or in combination with: a) conversion to another language, code or notation, and b) reproduction in different data formats. It means any representation of a set of instructions—any language, code, or notation—that enables later to perform a particular function.

Claims (16)

A method of processing an originator request (OR) of a customer (O) transmittable to at least one first entity (H), a) sending the caller request OR from the customer O to the first entity H or each first entity H, b) connecting said first entity H or each first entity H to a computational entity T; c) upon receipt of the originator request OR, by the first entity H or each first entity H, in addition to the information I on the originator request OR, a first modified request FMR Forming a, d) sending at least a portion of the first modified request FMR to at least the computational entity T; e) receiving at least a portion of the first modified request FMR by the computing entity T to derive a calculated entity result CER from at least a portion of the first modified request FMR; f) sending at least a portion of the calculated entity result CER to the first entity H or each first entity H, g) receive at least some of the calculated entity results CER by the first entity H or each first entity H, derive a first entity outcome FER therefrom, and at least partially deliver it To do that, h) receiving by the customer O at least a portion of the first entity result FER and deriving a customer result CR therefrom. Sender request processing method of a customer comprising a. A method for processing a sender request (OR) of a customer (O) by a supplier (H), a) receiving the sender request OR from the customer O and adding the information I about the caller request to form a first modified request FMR, b) sending at least a portion of the first modification request to at least one computational entity T which derives and at least partially returns a computational entity result CER from at least a portion of the first modification request FMR; , c) receiving at least some of the calculated entity results CER by the first entity H, deriving a first entity outcome FER therefrom, and delivering at least a portion thereof, so that the customer O Enabling to derive a customer outcome (CR) from at least a portion of the first entity outcome (FER) Sender request processing method of a customer comprising a. A method for processing a first modification request (FMR) from at least one first entity (H) comprising at least a portion of a sender request (OR) from a customer (O) by a calculation entity (T), a) receiving said first modified request (FMR) from said first entity (H) or each first entity (H), b) deriving a computational entity result (CER) from at least a portion of the first modified request (FMR), c) the computational entity to the first entity H or each first entity H that derives and at least partially delivers a first entity outcome FER from at least a portion of the first fertilization request FMR Transmitting at least a portion of a result CER so that the customer O can derive a customer result CR from at least a portion of the first entity result FER. Request processing method comprising a. A method of processing a sender request (OR), a) forming the caller request OR; b) sending the sender request OR to at least one first entity H so that the first entity H or each first entity H is informed about the sender request OR. ) Adds the first modification request to at least one calculation entity T which forms a first modification request FER and derives the calculation entity result CER from at least a portion of the first modification request FER. Transmitting at least a portion of a request FER, wherein at least a portion of the computational entity result CER derives a first entity result FER therefrom and at least partially delivers the first entity H or each; Sent to first entity (H) of-, c) receiving at least a portion of the first individual result FER and deriving a customer result CR therefrom Sender request processing method comprising a. The method according to any one of claims 1 to 4, Applying a cryptographic operation to the request (OR, FMR) and result (CER, FER). The method of claim 4, wherein The forming of the sender request OR may include forming an encrypted circuit ( ). A computer program element comprising program code means for performing the method of any one of claims 1 to 6 when the program is run on a computer. Computer readable program means for causing a computer to perform the method according to any one of claims 1 to 6. A computer program product stored on a computer usable medium. A system for processing a sender request (OR), A customer O connected to at least one first entity H, Calculation entity T connected to said at least one first entity H Including, The customer O adds information I about the sender request OR to form a first modification request and transmits at least a portion of the first modification request FMR to at least the computational entity T. Send the sender request OR to the first entity H or each first entity, The calculation entity T derives a calculation entity result CER from at least a portion of the first modified request FMR to retrieve at least a portion of the calculation entity result CER from the first entity H or each agent. 1 object (H), The first entity H or each first entity H derives, at least in part, a first entity outcome FER from at least a portion of the computed entity outcome CER, The customer O can derive a customer result CR from at least a portion of the first individual result FER. Caller request processing system. The method of claim 9, The originator request (OR) comprises a function in the form of a cipher. The method of claim 10, The function in cipher form consists of a cipher circuit ( System). The method of claim 9, The originator request (OR) is part of a mobile code. The method of claim 9, The sender request (OR), the first modified request (FMR), the calculated entity result (CER) and the first entity result (FER) comprising an encrypted portion. The method according to any one of claims 9 to 13, The caller request (OR) comprises one or more of an offer, customer information and purchase information. The method of claim 9, The first entity (H) comprises a web server providing a service and / or customer information relating to accepting the sender request (OR). The method of claim 9, The customer result (CR) includes first entity information about accepting the sender request (OR).