Securely performing programmatic cloud-based data analysis

摘要

A request from a client system to perform computations on encrypted data is received at a server system. A request for a data key configured to decrypt the encrypted data is sent from the server system to the client system. The data key from the client system is received at the server system. The encrypted data is accessed at the server system. The encrypted data is decrypted using the data key to generate unencrypted data at the server system. The computations are performed on the unencrypted data to generate result data at the server system. The result data is provided to the client system.

主权项

1. A method comprising:
receiving, at a server system and from a client system, a request to instantiate a virtual machine, the request to instantiate the virtual machine including a public key of a public/private key pair associated with the client system; establishing a secure channel between the client system and the server system using the received public key, the establishing comprising one of: (i)
encrypting a first plaintext using the received public key to generate a ciphertext;sending the ciphertext to the client system such that the client system is able to decrypt the ciphertext using a private key of the public/private key pair to generate a second plaintext;in response to sending the ciphertext to the client system, receiving the second plaintext from the client system;determining that the second plaintext is the same as the first plaintext; andin response to determining that the second plaintext is the same as the first plaintext, establishing the secure channel between the client system and the server system; or (ii)
generating a first plaintext;sending the first plaintext to the client system such that the client system is able to encrypt the first plaintext using a private key of the public/private key pair to generate a ciphertext;in response to sending the first plaintext to the client system, receiving the ciphertext from the client system;decrypting the received ciphertext using the public key to generate a second plaintext;determining that the second plaintext is the same as the first plaintext; andin response to determining that the second plaintext is the same as the first plaintext, establishing the secure channel between the client system and the server system; receiving, at the server system and from the client system, code that when executed, performs computations on data; receiving, at the server system and from the client system through the secure channel, a request to execute the code to perform the computations on encrypted data stored at the server system; sending, from the server system and to the client system, a request for a data key configured to decrypt the encrypted data; receiving, at the server system and from the client system, the data key; accessing, at the server system, the encrypted data; decrypting, at the server system, the encrypted data using the data key to generate unencrypted data; performing, at the server system by executing the code received from the client system, the computations on the unencrypted data in the virtual machine to generate result data; and providing the result data to the client system.