Communications of the ACM
A new privacy homomorphism and applications
Information Processing Letters
Multi-application smart cards and encrypted data processing
Future Generation Computer Systems - Special issue on smart cards
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Executing SQL over encrypted data in the database-service-provider model
Proceedings of the 2002 ACM SIGMOD international conference on Management of data
PicoDMBS: Scaling Down Database Techniques for the Smartcard
VLDB '00 Proceedings of the 26th International Conference on Very Large Data Bases
FOCS '95 Proceedings of the 36th Annual Symposium on Foundations of Computer Science
Web services and business process management
IBM Systems Journal
EUROCRYPT'87 Proceedings of the 6th annual international conference on Theory and application of cryptographic techniques
Privacy conflicts in CRM services for online shops: a case study
CRPIT '14 Proceedings of the IEEE international conference on Privacy, security and data mining - Volume 14
Blind custodians: a database service architecture that supports privacy without encryption
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Encryption techniques for secure database outsourcing
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Provable Security for Outsourcing Database Operations
International Journal of Information Security and Privacy
| Hi-index | 0.00 |
Application service providers (ASPs) and web services are becoming increasingly popular despite adverse IT market conditions. New languages and protocols like XML, SOAP, and UDDI provide the technical underpinnings for a global infrastructure where anybody with a networked computer has access to a large number of digital services. Not every potential customer, however, may feel comfortable about entrusting sensitive personal or corporate data to a service provider in an unprotected manner. Even if there is a high level of trust between customer and provider, there may be legal requirements that require a higher level of privacy. Customers may also want to be prepared for an unforeseen change of control on the provider's side - something that is not an uncommon occurrence especially among start-up companies. This paper reviews several solutions how customers can use a provider's services without giving it access to any sensitive data. After discussing the relative merits of trust vs. technology, we focus on privacy homomorphisms, an encryption technique originally proposed by Rivest et al. that maintains the structure of the input data while obscuring the actual content. We conclude with several proposals how to integrate privacy homomorphisms into existing service architectures.