主权项 |
1. A method comprising:
establishing a secure channel with a trusted party in a cloud via an untrusted cloud service provider; receiving a trusted party public key from the trusted party, without disclosing the trusted party public key to the provider, via the secure channel through the provider; sending encrypted private data via the secure channel through the provider for processing by the trusted party separately from the provider, wherein sending said encrypted private data comprises sending, to the trusted party, a first session key encrypted using the trusted party public key, and a client public key, the private data, and an nonce all encrypted together using the first session key; receiving encrypted results of said processing from the trusted party via said secure channel through the provider, wherein receiving said encrypted results comprises receiving, from the trusted party, a second session key encrypted using the client public key, and the results of said processing and the nonce both encrypted together using the second session key; and obtaining decrypted results of said processing, wherein obtaining said decrypted results comprises decrypting the second session key using a client private key, and decrypting the results of said processing and the nonce using the second session key. |