DESC:
FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003

COMPLETE SPECIFICATION
(See Section 10 and Rule 13)

Title of invention:
METHOD AND SYSTEM FOR FACILITATING SECURE AND PRIVACY ENABLED COMPUTATION

Applicant:
Tata Consultancy Services Limited
A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th floor,
Nariman point, Mumbai 400021,
Maharashtra, India

The following specification particularly describes the embodiments and the manner in which it is to be performed.
CROSS-REFERENCE TO RELATED APPLICATIONS AND PRIORITY
[0001] The present application claims priority to Indian Provisional specification (Title: Secure and privacy enabled anonymous computing for heterogeneous IoT systems) No. 4326/MUM/2015, filed in India on November 16, 2015.

TECHNICAL FIELD
[0002] The embodiments herein generally relate to a system and method of performing computation on encrypted heterogeneous data, and, more particularly, to a system and method of performing computation on encrypted heterogeneous data in a privacy and secure manner for the Internet of Things (IoT) devices.

BACKGROUND
[0003] Generally, Internet of Things (IoT) offers great potential in different sectors of the community, specifically, applications in areas for improving enterprise applications from efficiency gains to completely new business processes and business models. The IoT can be utilized to provide solutions for multitude of diversified problems, for instance its services can be leveraged to realize a smart city, a smart home or a smart infrastructure.

[0004] Even though the IoT has a lot of potential in the digital world, it encounters several issues with respect to heterogeneity of devices, device identities, device management and secure device to device communication during deployment. Typical characteristics of IoT includes heterogeneous with devices (limited computing and battery power) which are interconnected in various ways forming different types of topologies (hierarchical, random) through different interfaces. Thus, making difficult to deploy applications for various purposes, such as smart infrastructure (home, grid, and city) in a secure and privacy preserving manner. Further, the applications require real time computation on a real time data from IoT devices without losing security and privacy of data and devices. However, existing cloud or gateway computing paradigms address privacy issues in a limited way. Further, underlying cryptography techniques are designed for specific purposes (for instance smart meter data analysis, large data analytics applications). Hence, the techniques may not be applicable directly for any IoT system. Further, these techniques are computationally expensive and may not be fully privacy enabled.

SUMMARY
[0005] The following presents a simplified summary of some embodiments of the disclosure in order to provide a basic understanding of the embodiments. This summary is not an extensive overview of the embodiments. It is not intended to identify key/critical elements of the embodiments or to delineate the scope of the embodiments. Its sole purpose is to present some embodiments in a simplified form as a prelude to the more detailed description that is presented below.
In view of the foregoing, an embodiment herein provides a method for facilitating secure and privacy enabled computation.
[0006] In one aspect, a system for facilitating secure and privacy enabled computation is provided. The system comprises a cloud device configured to receive a computation operation request to be performed and one or more keywords as an input. The cloud device comprises a registering unit, a search unit, one or more computation unit, an aggregator unit, a database, and a plurality of devices connected through one or more gateways. Further the registering unit is configured to register one or more devices during their first login to capture various device details. During registration the registering unit generates three pairs of private and public keys out of which the first private key and the first public keys are fully homomorphic encryption (FHE) keys, the second public key is a searchable encryption key and the second private key is a master secret key, and the third private key and the third public key are user encryption keys. The registering unit may also generate and store a fourth set of private and public keys by encrypting the first private and the first public key with the corresponding set of third private key and the third public key from the third set in the database and encrypt the device details and the one or more keywords by using the second set of private keys. The registering unit may further transmit the second, third and fourth set of private and public keys to the search unit and the plurality of devices. The database present in the system store the encrypted device details registered by the registering unit. The search unit is configured to receive the computation operation request and one or more encrypted keywords, perform a comparison of the one or more encrypted keywords with the encrypted device details stored in the database and identify the device details based on the comparison. It invokes the identified devices to input encrypted data to the computation unit. One or more computation unit present in the system is configured to perform a privacy enabled computation operation on the encrypted data and transmit the result of this operation to the aggregator unit. The aggregator unit present in the system is configured to aggregate an encrypted output received from each of the one or more computation units upon the privacy enabled computation operation being performed on the received encrypted data. It then transmits the encrypted output of computation operation with the help of a user interface, which can be decrypted by the end user with the help of a decryption key and thereby achieving secure and privacy enabled computation on the heterogeneous data.
[0007] In another aspect, a method for facilitating secure and privacy enabled computation is provided. The method comprises receiving, at a cloud device, a computation operation request to be performed and one or more keywords as an input , registering at a registering unit , one or more devices and capturing device details of the one or more registered devices, generating, at the registering unit, (i) a first set of private and public keys that are fully homomorphic encryption keys, (ii) a second set of private and public keys, wherein a second public key from the second set is a searchable encryption key and a second private key is a master secret key, and (iii) a third set of private and public keys comprising a user encryption key, generating at the registering unit and storing in a database a fourth set of private and public keys by encrypting the first private and the first public key using a third private key and third public key from the third set, encrypting the registered device details and the one or more keywords by using the second set of private and public keys, transmitting the second, third and fourth set of private and public keys to the search unit and plurality of devices and storing in the database, the encrypted device details registered. Receiving the computation operation request and the one or more encrypted keywords happens at the search unit which then identifies the device details by performing a comparison of the one or more encrypted keywords with the encrypted device details being stored in a database and invokes the one or more devices associated with the identified device details to obtain an encrypted data. Receiving the inputted encrypted data the computation unit performs privacy enabled computation operation on the encrypted data and transmit the result of this operation to the aggregator unit. Aggregating the encrypted output received from each of the one or more computation units upon the privacy enabled computation operation on the received encrypted data is performed at the aggregator unit. It then transmits the encrypted output of computation operation with the help of a user interface, which can be decrypted by the end user with the help of a decryption key and thereby achieving secure and privacy enabled computation on the heterogeneous data.
[0008] It should be appreciated by those skilled in the art that any block diagram herein represent conceptual views of illustrative systems embodying the principles of the present subject matter. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be substantially represented in computer readable medium and so executed by a computing device or processor, whether or not such computing device or processor is explicitly shown.

BRIEF DESCRIPTION OF THE DRAWINGS
[0009] The embodiments herein will be better understood from the following detailed description with reference to the drawings, in which:
[0010] FIG. 1 illustrates deployment of Internet of Things (IoT) system for facilitating secure and privacy enabled computation on heterogeneous data (SPEACH) framework, according to an embodiment of the present disclosure;
[0011] FIG. 2A and 2B illustrate an architecture diagram of the system for facilitating secure and privacy enabled anonymous computation on heterogeneous IoT for a cloud and FOG setup , according to an embodiment of the present disclosure;
[0012] FIG. 3 illustrates a flow chart illustrating steps involved for facilitating secure and privacy enabled computation on heterogeneous IoT, according to an embodiment of the present disclosure;
[0013] FIG. 4 illustrates a graph showing performance of encryption and decryption operations using the secure and privacy enabled computation on heterogeneous data (SPEACH) framework, according to an embodiment of the present subject matter;
[0014] FIG. 5 illustrates a graph showing performance of searchable encryption using the SPEACH framework, according to an embodiment of the present subject matter; and
[0015] FIG. 6 illustrates a graph showing computation analysis for fog and cloud computing with the SPEACH framework, according to an embodiment of the present subject matter.

DETAILED DESCRIPTION OF EMBODIMENTS
[0016] The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein may be practiced and to further enable those of skill in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
[0017] The written description describes the subject matter herein to enable any person skilled in the art to make and use the embodiments. The scope of the subject matter embodiments is defined by the claims and may include other modifications that occur to those skilled in the art. Such other modifications are intended to be within the scope of the claims if they have similar elements that do not differ from the literal language of the claims or if they include equivalent elements with insubstantial differences from the literal language of the claims.
[0018] The embodiments herein can comprise hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. The functions performed by various modules described herein may be implemented in other modules or combinations of other modules. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can comprise, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
[0019] The medium can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium. Examples of a computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk. Current examples of optical disks include compact disk-read only memory (CD-ROM), compact disk-read/write (CD-R/W) and DVD.
[0020] A data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus. The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
[0021] Input/output (I/O) devices (including but not limited to keyboards, displays, pointing devices, etc.) can be coupled to the system either directly or through intervening I/O controllers. Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modem and Ethernet cards are just a few of the currently available types of network adapters.
[0022] A representative hardware environment for practicing the embodiments may include a hardware configuration of an information handling/computer system in accordance with the embodiments herein. The system herein comprises at least one processor or central processing unit (CPU). The CPUs are interconnected via system bus to various devices such as a random access memory (RAM), read-only memory (ROM), and an input/output (I/O) adapter. The I/O adapter can connect to peripheral devices, such as disk units and tape drives, or other program storage devices that are readable by the system. The system can read the inventive instructions on the program storage devices and follow these instructions to execute the methodology of the embodiments herein.
[0023] The system further includes a user interface adapter that connects a keyboard, mouse, speaker, microphone, and/or other user interface devices such as a touch screen device (not shown) to the bus to gather user input. Additionally, a communication adapter connects the bus to a data processing network, and a display adapter connects the bus to a display device which may be embodied as an output device such as a monitor, printer, or transmitter, for example.
[0024] The preceding description has been presented with reference to various embodiments. Persons having ordinary skill in the art and technology to which this application pertains will appreciate that alterations and changes in the described structures and methods of operation can be practiced without meaningfully departing from the principle, spirit and scope.
[0025] Referring now to the drawings, and more particularly to FIG. 1 is a block diagram 100 illustrating internet of things (IoT) system deployed with a secure and privacy enabled anonymous computing for heterogeneous (SPEACH) IoT, according to an embodiment of a present subject matter As shown in FIG. 1, the block diagram 100 includes a cloud device 102 with multiple applications, multiple devices 104A-N communicatively coupled with the cloud device 102 via gateways 106A-N, respectively. Further, each of the gateways 106A-N is deployed with the secure and privacy enabled computation on heterogeneous (SPEACH) IoT framework.
[0026] FIG. 2A and FIG. 2B illustrate architecture diagram 200 of the SPEACH framework for facilitating secure and privacy enabled anonymous computation on heterogeneous IoT, according to an embodiment of the present disclosure. It is assumed that, basic functionality of security (confidentiality, integrity and availability) is available on a cloud device 102 and a FOG device 202 and on top of this, the SPEACH framework is envisaged. According to an embodiment of the disclosure, the diagram 200 includes a cloud device 102 communicatively coupled with a client computer 108 and one or more computation units 118. The cloud device 102 further includes a processor 110 and a memory 112. The processor 110 can be implemented as one or more of a microprocessor, a microcomputer, a microcontroller, digital signal processor, a signal processing unit, a logic device or/and any other device that manipulate signals based on operational instructions. The processor 110 can also fetch and execute computer readable instructions stored in the cloud device
[0027] According to preferred embodiment of the disclosure, the memory 112 further includes a registering unit 114, a search unit 116, a computation unit 118, an I/O interface 120, a database 122, a trusted control unit 124, and an aggregator unit 126 as shown in FIG. 2. The database 122 is configured for storing data processed, received, and generated by one or more of the units. The database 122 is communicatively coupled with the processor 110. The database 122 may be coupled wirelessly, wired or a combination thereof. The units may include programs or coded instructions that supplement applications and functions of the system 200.
[0028] According to preferred embodiment of the disclosure, deployment of SPEACH framework for both cloud device 102 and FOG 202 shown in FIG. 2A and FIG. 2B are similar, except that incase of the cloud deployment, the cloud device 102 includes an aggregator unit 126.
[0029] In the exemplary embodiment, the registering unit 114 is configured to register the plurality of devices (104A-N) during their first log in, in order to capture various device details such as type of device, make, year of manufacture, accuracy of the device capability of sensing, internet protocol (IP) location detail and sensor identification etc. The registering unit 114 also generates three sets of private and public key pairs out of which the first private key and the first public key are fully homomorphic encryption (FHE) keys, the second public key is a searchable encryption key and the second private key is a master secret key, and the third private key and the third public key are user encryption keys. The keys are generated based on at least one of a device power consumption, processor speed, memory size etc. Once the keys are generated, the registering unit 114 generates a fourth set of private and public key by encrypting the first private and the first public key with the corresponding set of third private key and the third public key and stores in the database 122. The device details captured in the registration process during the devices first log-in through the registering unit 114 are encrypted by using the second set of private key and the encrypted device details are stored in the database 122. Finally, the second, third and fourth set of private and public keys are sent to the client computer 108 and the plurality of devices 104 A-N.
[0030] To envisage privacy enabled computing the encryption mechanism used in the present disclosure is a fully homomorphic encryption scheme in which one can arbitrarily compute on encrypted data. i.e., encrypted data can be processed (query it, write into it, do anything to it that can be efficiently expressed) without the decryption key. The idea is to operate any function over an encrypted data. Suppose two numbers are added, then it is equivalent to performing addition on two encrypted integers and then result is obtained by decrypting it.
Mathematically addition of two integers x and y, x + y = D K (E K (x) + E K (y)), addition of two encrypted integers (where E K (.) and D K (.) are encryption and decryption operator for homomorphic encryption). There are two types of homomorphic encryption either additive or multiplicative. Fully homomorphic encryption is both additive and multiplicative. It also helps searching on encrypted data. Encrypted data can be stored on a remote server and later the server can retrieve files that (when decrypted) satisfy some condition, even though the server cannot decrypt the data on its own. Broadly, fully homomorphic encryption improves the efficiency of secure multiparty computation.
[0031] In accordance with an embodiment of the present disclosure, the system 200 is configured for facilitating secure and privacy enabled computation on heterogeneous IoT whenever one of the application at the cloud device 102 or FOG 202 is invoked to compute a utility function (e.g. current power consumption). In this case, the system 200 receives a computation operation request (e.g., from one or more users). The one or more users are typically a requestor to request for computation. At any given time, a plurality of users can interact with the system 200 concurrently. Thus, the system 200 can receive multiple requests from one or more users at any point in time. The cloud device is communicatively coupled with the client computer 108 and one or more computation unit. When it receives a computational request from a user having a computation operation request to be performed and one or more key words to be used, as input, the computational request is encrypted by the registration unit, by using the second set of private key and transmitted to the search unit 116 for further processing.
[0032] The search unit 116 is configured to identify the devices having the required data for computation by comparing the encrypted keywords received as an input with the computational request against the encrypted stored device details (such as location and relevant gateways etc.) in the database (122) and identify the device details based on the comparison. To retrieve the details of devices a searchable encryption algorithm is invoked which performs the search operation on the encrypted data. Upon getting a match, the information about the devices 104A-N is retrieved anonymously, after which the search unit 116 invokes the plurality of identified devices to input encrypted data at relevant gateways 106A-N (k numbers {G1, G2,.Gk}) which are distributed at different locations to the computation unit 118.
[0033] Subsequently, each gateway (Gi) receives the encrypted data from various devices which are connected and performs computation based on the computation operation request received through the computation unit 118 as shown below:
fi (Di1,Di2, .. ) where Di1,Di2, .. are encrypted data from devices of ith gateway.
This is assumed that all the devices connected to the cloud device 102 through gateways have kept/stored their data in encrypted form by using the second set of fully homomorphic public key. Hence, the computation also is done on encrypted data ensuring its complete security and privacy.
[0034] For certain computation operation involving homogeneous fully homomorphic encryption (FHE) keys such as comparison or division where performing the computation on encrypted data is not possible, the data is transmitted to the trusted control unit 124 where the transmitted data is decrypted partially by using second set of fully homomorphic private key and then the required operation is performed on the partially decrypted data. After the computation is completed the result is encrypted by using the first set of fully homomorphic public key and transmitted to the aggregator unit 126.
[0035] The aggregator unit 126 is configured to determine the size of the first set of private and public keys by comparing the size across the first set of private and public keys. It then aggregate the received encrypted output of computation from each of the one or more computation unit based on the comparison for a homogeneous key size of the first set of private and public keys and transmits the encrypted aggregated result to the client computer which then are sent back to the end user devices. Subsequently, the received aggregated value is decrypted at the end user devices. However for computation operation involving devices having heterogeneous fully homomorphic encryption (FHE) keys that is FHE having dissimilar key length, the aggregator unit 126 transmits the received encrypted data to the trusted control unit 124. The trusted control unit 124 is further configured to decrypt the received encrypted data, identify a largest size of among the first set of private and public keys and then encrypt the received decrypted data by using the identified largest size key among the first set of private and public keys. Finally, it transmits the encrypted data to the aggregator unit 126 for aggregation.
[0036] In one of the preferred embodiment of the present disclosure, the above set up can also be realized for computation done in offline form. In which case the computation unit 118 is located in one or more gateways and the privacy enabled computation happens at gateways only instead of computation unit 118 in cloud device 102. In this scenario the aggregator unit 126 located in cloud device 102 will receive encrypted output of computation from one or more gateways and only aggregation will happen at cloud device 102 by the aggregator unit 126. The result of aggregation in encrypted form is then shared with end user device (e.g., a client computer).
[0037] A flow chart 300 illustrating steps involved for facilitating secured and privacy enabled computation is shown in FIG. 3 according to an illustrative embodiment of the present disclosure. At step 302, the cloud device 102 communicatively coupled with the client computer 108 and one or more computation unit 118, receives a computational request from a user through the client computer 108 having a computation operation to be performed and one or more key words to be used for identifying the devices from the plurality of devices connected to the cloud or fog set up through one or more gateways. At step 304, a plurality of devices are registered through the registering unit 114 during their first log in to capture device details. Various device details such as sensor identification, location identification and internet protocol address of the device(s) etc. are captured through the one time registration process. At step 306, three sets of private and public key pairs are generated through the registering unit 114 based on at least one of a device power consumption, processor speed, memory size of the plurality of devices. Out of these three sets of private and public key pairs, the first private key and the first public key are fully homomorphic encryption (FHE) keys, the second public key is a searchable encryption key and the second private key is a master secret key, and the third private key and the third public key are user encryption keys.
[0038] At step 308, a fourth set of private and public keys are generated through the registering unit 114 and stored in the database 122 by encrypting the first private and the first public key with the corresponding set of third private key and the third public key. At step 310, the device details captured during the registration process are encrypted by using second set of private keys and then the encrypted device details are stored in the database 122 through the registering unit 114. At step 312, the second, third and fourth set of private and public keys are transmitted to the client computer and the plurality of devices through the registering unit 114.
[0039] At step 314, the computation operation request and the one or more encrypted keywords are transmitted to the search unit 116 in order to identify the devices connected via one or more gateway to invoke data required for the computation operation.
[0040] At step 316, the encrypted keywords are compared against the encrypted stored device details in the database 122 through the search unit 116 in order to identify the device details containing the required data for computation. The search operation is done by using searchable encryption mechanism without decrypting the data so that the security and privacy of these devices can be preserved. After the completion of the search operation based on the comparison, the identified devices are invoked to input encrypted data to the computation unit through the search unit. This is assumed that the plurality of devices have stored their data in encrypted form by using the first set of private key.
[0041] At step 318, data is received from the plurality of identified devices via gateway through the computation unit 118. Computation operation is performed as per the received computational request and encrypted data from the identified devices through the computation unit 118. As the data received from the identified devices are in encrypted form the computation done by the computation unit 118 is on the encrypted form only without decrypting it by using fully homomorphic encryption scheme. For certain computation operation involving homogeneous fully homomorphic encryption (FHE) keys such as comparison or division where performing the computation on encrypted data is not possible, the data is transmitted to trusted control unit 124 where the transmitted data is decrypted partially by using second set of fully homomorphic private key and then the required computation operation is performed on the partially decrypted data. After the computation is completed the result is encrypted by using the first set of fully homomorphic public key and transmitted to the aggregator unit 126.
[0042] At step 320, encrypted output of computation operation is received through the aggregator unit 126.The aggregator unit 126 will further determine the size of the first set of private and public keys by comparing the size across the first set of private and public keys. Aggregation (f= is performed based on the comparison for a homogeneous key size of the first set of private and public keys, on the encrypted output received from each of the one or more computation units 118. However for computation operation involving devices having heterogeneous fully homomorphic encryption (FHE) keys that is FHE having dissimilar key length the aggregator unit 126 transmits the received encrypted data to the trusted control unit 124. The trusted control unit 124 is further configured to decrypt the received encrypted data, identify a largest size of among the first set of private and public keys and then encrypt the received decrypted data by using the identified largest size key among the first set of private and public keys. Finally transmits the encrypted data to the aggregator unit 126 for aggregation
[0043] At step 322, encrypted aggregated result is transmitted to the client computer which then sent back to the end user device (e.g., the client computer). Subsequently, the end user device can decrypt the received aggregated value in order to get the final output.
[0044] In accordance with an exemplary embodiment of the disclosure the system is configured to facilitate secure and privacy enabled computation on heterogeneous IoT when the user invokes one of the application at the cloud or FOG to compute a utility function e.g., computation of inputs from devices having sensor identification starting with 12 connected to the cloud via one or more gateways. The above operation can be achieved in three phases: registration, search and computation. In accordance with the above exemplary embodiment in registration phase, an IoT system with four devices having sensor identification (122 1222,12222,122222) for device D1, device D2, device D3 and device D4 respectively are connected through gateway GW1 and gateway GW2 to cloud device. The device D1 and device D2 are connected to gateway GW1 whereas device D3 and device D4 are connected through gateway GW2. In accordance with an exemplary embodiment, the system 100 is configured to forward the inputs from devices to the gateways which will be then transmitted to the cloud device 102. The SPEACH framework is deployed at the gateways and the cloud device. In accordance with an exemplary embodiment of the disclosure, two functionalities of the SPEACH framework are (i) searchable encryption and (ii) privacy enabled computation. The plurality of devices connected to the cloud device 102 via one or more gateways 106 are registered during their first log in through the registering unit capturing there make, sensor identification etc. The registering unit 114 generates three sets of private and public key pairs out of which the first private key and the first public key are fully homomorphic encryption (FHE) keys, the second public key is a searchable encryption key and the second private key is a master secret key, and the third private key and the third public key are user encryption keys based on at least one of a device power consumption, processor speed, memory size etc. In the above mentioned exemplary embodiment, the FHE key generated is represented as polynomials a0 and a1. These are from a mathematical field of size 128 bit prime 18446744073709551667. The cyclotomic polynomial of power 32 and error bound of 1003.
In accordance with an exemplary embodiment of the disclosure the three pair of keys generated are:
First set of public key which is a fully homomorphic encryption (FHE) public key represented as two polynomial a0 and a1:

a0 = 4471501702716777792 x^15 + 8761242708621941985 x^14 - 3421912678444501109 x^13 - 174314278073986711 x^12 + 2424499984096901043 x^11 + 7776791057723391567 x^10 + 6581615674275314242 x^9 - 9179056166394432854 x^8 - 2850961494916504475 x^7 + 6718444030239612876 x^6 - 7479949351269524257 x^5 + 6622933332370705814 x^4 + 1562052441385563451 x^3 + 7366355255173008721 x^2 - 5183141152594535809 x + 8064377827802281356
a1 = 7078501533902193737 x^15 - 6091577693533221547 x^14 + 1623799200185257199 x^13 + 1299407131085443877 x^12 + 2676145536813245262 x^11 + 8625784345130737171 x^10 - 7880335920334873548 x^9-6059324701115811644 x^8 - 4438669274276717158 x^7 + 2124175346100207267 x^6-2171930695034660798 x^5 + 6692931591362204652 x^4 + 2902151406893722635 x^3-6274748203883772265 x^2 - 2599612546656367251 x – 6267939765259529574

First set of private key which is a fully homomorphic encryption (FHE) private key represented as a polynomial:
x^15 + x^14 + x^13 + x^12 + x^11 + x^10 + x^9 + x^8 + x^7 + x^6 + x^5 + x^4 + x^3 + x^2 + x + 1

Second set of public key a searchable encryption public key is 77, and second set of private key which is a master secret keys (5934931, 5934932) and key size considered is 8 bit. The plurality of device details captured during the registration phase such as sensor location, sensor identification, make, year etc are encrypted by using the searchable encryption private keys and stored in the database based on Damgard-Jurik crypto system. In accordance with the above exemplary embodiment, there are four devices having sensor identifications 122, 1222, 12222, 122222 connected to the cloud device 102 via gateway GW1 and gateway GW2. These sensor identification (IDs) are encrypted using the searchable encryption public key, and stored in the database as following.
For device D1 sensor identification 122 encrypted ciphertext: Ciphertext_D1 ( ( 78 ,78 ,78) , (78, 6084, 1862015), (78, 6084 , 1862015))
For device D2 sensor identification 1222 encrypted ciphertext : Ciphertext_D2 ( ( 78 ,78 ,78) , (78, 6084, 1862015), (78, 6084 , 1862015), (78, 6084 , 1862015))

For device D3 sensor identification 12222 encrypted ciphertext: Ciphertext_D3 ((78,78,78) , (78, 6084, 1862015), (78, 6084, 1862015), (78, 6084, 1862015), (78, 6084, 1862015))

For device D4 sensor identification 122222 encrypted ciphertext: Ciphertext_D4 ((78, 78,78) , (78, 6084, 1862015), (78, 6084, 1862015), (78, 6084, 1862015), (78, 6084, 1862015), (78, 6084, 1862015))
Third set of private and public keys which are user encryption keys required for user can be generated by RSA based algorithm.
[0045] In accordance with the above mentioned exemplary embodiment in search phase, the keyword search pattern (sensor identification starting with 12*) and the computation operation is encrypted by using the searchable encryption public key and transmitted to the search module configured to compare the one or more encrypted keywords against the one or more encrypted registration details stored in the database 122 by using a searchable encryption algorithm to identify the plurality of devices having sensor identification starting with 12*. The one or more encrypted keyword is represented as a finite state automata and further the system 100 is configured to create a transition table wherein the initial state and final states are present. Further the search operation in the exemplary embodiment of the present disclosure to find out the devices having the one or more sensors starting with 12*, the one or more keyword is regular expression: 12*. Example of the transition table can be elaborated as given below with number of states 4, states {1, 2, 3, 4}, number of inputs symbol 3, input symbols {1, 2, 3}, initial state 1, and a final state [3, 4].
Start State Input Symbol To State
1 1 3
1 2 2
1 3 2
2 1 2
2 2 2
2 3 2
3 1 2
3 2 4
3 3 2
4 1 2
4 2 4
4 3 2
Start state 1
Final States [3, 4]. Hence if the string satisfies the automata then it will stop at state 3 or 4.
At the end of the search phase the system 100 is configured to run the lagrange interpolation formula for ciphertext for each device and with extra parameters such as number of states and input symbols. The devices achieving the final state and satisfying the automata are shortlisted from the plurality of devices. In the above mentioned exemplary embodiment, the shortlisted devices comprises device D1, device D2, device D3 and device D4. In another embodiment all types of encrypted searches such as (prefix encrypted search, suffix encrypted search or full keyword encrypted search) are supported. The data is encrypted using a key size of 8 bits. Databases and queries are prepared such that in each run, a number of search hits 30% of a total number of records. Further, a graph 400 illustrates computation time at the application or gateway and cloud device for different number of records.
[0046] In accordance with the above mentioned exemplary embodiment, during the computation phase at cloud device, further to realize the privacy enabled computation based on fully homomorphic encryption, computation of f = (where input from device Di is the input value from the device with number i and is encrypted integers of size 8, 16, 32, 64 and 128 bits) is performed at the cloud device 102 and at the gateway for fog computing. In cloud computing, the IoT devices encrypt data and send the encrypted data to the cloud through the gateways and computation is performed by the cloud in the following manner. Assuming device D1, device D2, device D3, device D4 gives inputs say 30, 128, 30 and 128 respectively which are encrypted by using fully homomorphic encryption (FHE) public key.
In this scenario the fully homomorphic encryption (FHE) public key used:

a0 = 4471501702716777792 x^15 + 8761242708621941985 x^14 - 3421912678444501109 x^13 - 174314278073986711 x^12 + 2424499984096901043 x^11 + 7776791057723391567 x^10 + 6581615674275314242 x^9 - 9179056166394432854 x^8 - 2850961494916504475 x^7 + 6718444030239612876 x^6 - 7479949351269524257 x^5 + 6622933332370705814 x^4 + 1562052441385563451 x^3 + 7366355255173008721 x^2 - 5183141152594535809 x + 8064377827802281356
a1 = - 7078501533902193737 x^15 - 6091577693533221547 x^14 + 1623799200185257199 x^13+ 1299407131085443877 x^12 + 2676145536813245262 x^11 + 8625784345130737171 x^10 - 7880335920334873548 x^9 - 6059324701115811644 x^8 - 4438669274276717158 x^7 + 2124175346100207267 x^6 - 2171930695034660798 x^5 + 6692931591362204652 x^4 + 2902151406893722635 x^3 - 6274748203883772265 x^2 - 2599612546656367251 x - 6267939765259529574
fully homomorphic encryption (FHE) private key:
x^15 + x^14 + x^13 + x^12 + x^11 + x^10 + x^9 + x^8 + x^7 + x^6 + x^5 + x^4 + x^3 + x^2 + x + 1

Input by device D1 in plain text is 30
Hence input by device D1 in encrypted form with two polynomials c0 and c1
EncInputD1.C0 = 4510365849817122224 x^15 - 6975332396063474701 x^14 - 945138599079573897 x^13 - 7403442145338153839 x^12 + 262095673315500935 x^11 - 4238181738468826071 x^10 + 4603533489720454830 x^9 - 8728016756611869045 x^8 + 2543052212908197970 x^7 - 8462458358191892809 x^6 + 141011088044324283 x^5 - 619536661465036299 x^4 - 7167717970211828904 x^3 - 7751074263749323333 x^2 + 7086778298927894876 x – 3629649761945104196

EncInputD1.C1 = 7990888763731600598 x^15 + 3015096898491951405 x^14 - 3229151773129287965 x^13 - 5390603127527946942 x^12 - 2250138705892160494 x^11 + 4420857614094642958 x^10 - 6665775123166165448 x^9 - 3587837552094739819 x^8 + 3720616751304727937 x^7 + 4301734723118106540 x^6 + 8843098162100093536 x^5 - 3274090654373396302 x^4 - 291678146768748719 x^3 - 1804445755516167231 x^2 - 5358214030436499536 x + 4070007805881114715

Input by device D2 in plaintext is 128
Hence input by device D2 on encrypted form with two polynomials may be
EncInputD2.C0 = 5556599630967009315 x^15 + 5989427869652117154 x^14 + 6997970235640194710 x^13 + 4575251458941376349 x^12 + 4273172862624277591 x^11 + 4084865303943130606 x^10 + 4076989827012187571 x^9 - 3472676571472278437 x^8 + 7763648432723549477 x^7 - 8109947721487151975 x^6 - 7722253177473690740 x^5 + 637152932219016045 x^4 + 6587705353585912509 x^3 + 9026031867267537705 x^2 - 9003386271615172232 x + 7984419109915840364
EncInputD2.C1 = 216414119342554421 x^15 + 504271182994040784 x^14 - 1211359388349407676 x^13 + 9072332738696223947 x^12 - 94153779340573994 x^11 - 3937738465471016 x^10 - 3774833199242233004 x^9 + 5618162502097914458 x^8 + 1286573959749427615 x^7 - 9029524764848044213 x^6 + 4179703054846353393 x^5 - 6248095826171331614 x^4 - 8004208780013962734 x^3 - 9014709069441352461 x^2 + 8493902690765506800 x + 2452862666413353000

Input by device D3 in plain text is 30
Hence input by device D3 in encrypted for with two polynomials may be

EncInputD3.C0 = 4510365849817122224 x^15 - 6975332396063474701 x^14 - 945138599079573897 x^13 - 7403442145338153839 x^12 + 262095673315500935 x^11 - 4238181738468826071 x^10 + 4603533489720454830 x^9 - 8728016756611869045 x^8 + 2543052212908197970 x^7 - 8462458358191892809 x^6 + 141011088044324283 x^5 - 619536661465036299 x^4 - 7167717970211828904 x^3 - 7751074263749323333 x^2 + 7086778298927894876 x – 3629649761945104196

EncInputD3.C1 = 7990888763731600598 x^15 + 3015096898491951405 x^14 - 3229151773129287965 x^13 - 5390603127527946942 x^12 - 2250138705892160494 x^11 + 4420857614094642958 x^10 - 6665775123166165448 x^9 - 3587837552094739819 x^8 + 3720616751304727937 x^7 + 4301734723118106540 x^6 + 8843098162100093536 x^5 - 3274090654373396302 x^4 - 291678146768748719 x^3 - 1804445755516167231 x^2 - 5358214030436499536 x + 4070007805881114715

Input by device D4 in plaintext is 128
Hence input by device D4 on encrypted form with two polynomials will be
EncInputD4.C0 = 5556599630967009315 x^15 + 5989427869652117154 x^14 + 6997970235640194710 x^13 + 4575251458941376349 x^12 + 4273172862624277591 x^11 + 4084865303943130606 x^10 + 4076989827012187571 x^9 - 3472676571472278437 x^8 + 7763648432723549477 x^7 - 8109947721487151975 x^6 - 7722253177473690740 x^5 + 637152932219016045 x^4 + 6587705353585912509 x^3 + 9026031867267537705 x^2 - 9003386271615172232 x + 7984419109915840364

EncInputD4.C1 = 216414119342554421 x^15 + 504271182994040784 x^14 - 1211359388349407676 x^13 + 9072332738696223947 x^12 - 94153779340573994 x^11 - 3937738465471016 x^10 - 3774833199242233004 x^9 + 5618162502097914458 x^8 + 1286573959749427615 x^7 - 9029524764848044213 x^6 + 4179703054846353393 x^5 - 6248095826171331614 x^4 - 8004208780013962734 x^3 - 9014709069441352461 x^2 + 8493902690765506800 x + 2452862666413353000

After receiving the inputs from all the devices connected through gateway GW1 and gateway GW2 cloud device will compute the product of all the inputs from the devices i.e., where input from device Di is the encrypted input integers from device of number i which may be of size 8, 16, 32, 64 and 128 bits received from each gateway.

Here the cloud device will compute the product of the input from the devices Di connected to one or more gateway GWi and encrypted result contains three polynomials c0, c1, c2. Hence
GW1.co= 1469294347728802962 x^15- 4008752733224283001 x^14 + 4059132918970019699 x^13 - 9093701653534427478 x^12 - 8217146563172650816 x^11 - 4974294811402455778 x^10 + 732347921069146833 x^9 + 3874428946582270101 x^8 - 6153126223352460675 x^7 + 7342471935591718647 x^6 + 5789386076337366739 x^5 + 2524773881730891582 x^4 - 6081140701173477924 x^3 + 5362779799306191901 x^2 + 214323526180895626 x + 6322999052470863139
GW1.c1= 5812099023376108095 x^15 - 4832654093883989497 x^14 + 6250269688621146157 x^13 + 6144654736516992591 x^12 + 7441460590044359087 x^11 - 153107011972696938 x^10 + 7297771527099101826 x^9 - 1615825552483802139 x^8 + 3927645865863197133 x^7 + 4988454324053593449 x^6 + 8127967448250524888 x^5 + 7121769558540201757 x^4 + 6146637081636886996 x^3 - 2525857056367350119 x^2 - 8801118661843463881 x - 254190952447131406
GW1.c2= 1249159468794230021 x^15 - 2988416107846358882 x^14 + 1051531126664039480 x^13 + 56828761391454963 x^12 - 9024917564601455975 x^11 - 4856792340569448028 x^10 - 1164389490928987975 x^9 - 7720738641475124066 x^8 - 4930796803241635656 x^7 + 6609324164371179769 x^6 - 3779459366198517305 x^5 - 5500025009276793028 x^4 + 9035219161240067431 x^3 + 3271458284263154257 x^2 - 6820999142836302684 x + 9207813247257781580
Similarly cloud device computes the product for input from devices connected to gateway GW2 in the following manner.
GW2.co = 7471540662562091979 x^15 - 1873060637780893224 x^14 + 243189326029201483 x^13 + 9035049950831804586 x^12 + 2548641099676553582 x^11 - 6346717773441840682 x^10 - 8863211838105566216 x^9 + 3711586711227411772 x^8 + 6402921294050479333 x^7 - 7882572737779891669 x^6 - 6369678680961145063 x^5 + 5246403100955101073 x^4 + 3950230965819609690 x^3 - 4439525525828551907 x^2 - 2457420369448643291 x – 7090036214394384054
GW2.c1=8381584214634771714 x^15 - 9136088148823784010 x^14 + 7504247766247175145 x^13 - 2388526761374372261 x^12 - 3687306937564195386 x^11 - 7518001495562266575 x^10 + 7586755149036491820 x^9 + 3065681636947499681 x^8 - 2084277975381269482 x^7 - 870185905435034993 x^6 + 8617604058420749203 x^5 + 669403608191798517 x^4 - 1555063929459556191 x^3 + 4766017897225401186 x^2 + 3946741727517229575 x + 3478810012283379892
GW2.c2= 5104991566584203090 x^15 - 2572106744563399319 x^14 - 1126819894823573194 x^13 - 47152582617457123 x^12 + 5713308555743839841 x^11 + 8391241187237146564 x^10 - 9013042801268275021 x^9 - 2942458670915084491 x^8 - 7954237005644720583 x^7 - 2393587967752238248 x^6 - 746036745855817003 x^5 - 3950523698110809830 x^4 + 5179261519775679428 x^3 - 7979329871380720328 x^2 - 420828019663584367 x - 1731970710215743231
Finally cloud device computes the product of GW1 and GW2 (having polynomials c0 and c1)
Cloud.c0 = - 8489979404107797646 x^15 - 6365104638535387988 x^14 + 5030867880979543015 x^13 - 2843144436278164453 x^12 - 3381290672977565863 x^11 - 5480519484874083771 x^10 - 2454083035951651370 x^9 - 3117028196904014455 x^8 + 3077670732771886046 x^7 - 7406017980912446723 x^6 - 9101243291958060835 x^5 + 6003690285783870002 x^4 - 2745453558119523977 x^3 - 4392237768652694815 x^2 + 4126870777437803979 x + 7512070820536370042
Cloud.C1= 1062437382854607423 x^15 + 5697986259808777477 x^14 + 5286365878269186003 x^13 - 269073118301910766 x^12 - 1049614405873806264 x^11 - 7710153812322640512 x^10 - 331472580424373082 x^9 - 6126022571972055673 x^8 + 3981527680030722626 x^7 + 8375759381406422972 x^6 - 1670905247952621127 x^5 - 4374571921911955622 x^4 - 823392105255019826 x^3 + 4259554273031154238 x^2 + 1692600021541729940 x + 488954291775147197
The output of this operation done by cloud device is then shared with the user in encrypted form which can be decrypted by the user using the secret key.
[0047] In accordance with the above exemplary embodiment, to illustrate secure and privacy enabled computing for fog setup having device D1 and D2 connected to gateway GW1 and device D3 and device D4 connected to gateway GW2 ,the initial steps of registration, key generation and search are same as the cloud setup. However computation of data happens at gateways instead of cloud device. Assuming device D1 to D4 transmits input 57, 127, 57 and 127 respectively which are encrypted using the fully homomorphic encryption (FHE) public key.
Input transmitted by device D1 in plain text is 57 which is encrypted by using fully homomorphic encryption (FHE) public key
InputD1 on encrypted form with two polynomials and may be represented as

EncInputD1.C0 = 3768495297471179325 x^15 + 8931802142264109227 x^14 - 987864084639054538 x^13 - 5962004780407069543 x^12 + 783416623813543107 x^11 - 5877786621275926340 x^10 + 4886987595130632131 x^9 - 6474926754817211948 x^8 + 6259215658615522126 x^7 + 825488875268273131 x^6 - 8697175363956697218 x^5 - 8694244247975604668 x^4 + 7260553365252384935 x^3 + 3378883973722551612 x^2 - 7172359518393371820 x - 3185143336977050763
EncInputD1.C1 = - 6641718614458315884 x^15 - 4959833113451556875 x^14 - 2487070347884022507 x^13 - 5850661334744464507 x^12 - 3330601622544699713 x^11 - 3840984928651506601 x^10 - 5680957174973927041 x^9 - 2856300830138393792 x^8 - 2716863391673619496 x^7 - 4761332119612475172 x^6 - 9221906478864204551 x^5 + 7977398806613979797 x^4 + 7282537341089834165 x^3 - 5275621746057961716 x^2 + 1993608090708200540 x – 291675980247089288
Input transmitted by device D2 in plain text is 127 which may be encrypted by using fully homomorphic encryption (FHE) public key.
InputD2 on encrypted form with two polynomials and may be represented as
EncInputD2.C0 = - 5593578204662261004 x^15 - 8141578883295307091 x^14 + 1525967796811039513 x^13 + 3375160435143459701 x^12 + 8206769606887532734 x^11 + 6439033432791634838 x^10 + 6688347399178252002 x^9 - 3474238053500485460 x^8 - 8578553806545282304 x^7 + 1047210539303801068 x^6 + 5779597700237046535 x^5 + 1815325909628360263 x^4 + 9193321371549976106 x^3 + 5987749380757922863 x^2 - 3328842645117441873 x - 5483088499929557321
EncInputD2.C1 = 7949371697538232784 x^15 - 4389598696801577524 x^14 + 924596319166230100 x^13 - 6807567450982729314 x^12 + 8339503949806831887 x^11 + 124656983193288576 x^10 + 4142079310515412104 x^9 - 2552157876522408425 x^8 - 4410489863930244151 x^7 - 6857178456388143097 x^6 + 7241236141550457705 x^5 - 5534374305893977915 x^4 - 1602785995396021620 x^3 - 4658296012937672365 x^2 + 8146249109448723111 x + 5538333352295869151
Input transmitted by device D3 in plain text is 57 which may be encrypted by using fully homomorphic encryption (FHE) public key.
Input D3 on encrypted form with two polynomials and may be represented as
EncInput D3.C0 = 3768495297471179325 x^15 + 8931802142264109227 x^14 - 987864084639054538 x^13 - 5962004780407069543 x^12 + 783416623813543107 x^11 - 5877786621275926340 x^10 + 4886987595130632131 x^9 - 6474926754817211948 x^8 + 6259215658615522126 x^7 + 825488875268273131 x^6 - 8697175363956697218 x^5 - 8694244247975604668 x^4 + 7260553365252384935 x^3 + 3378883973722551612 x^2 - 7172359518393371820 x - 3185143336977050763
EncInput D3.C1 = - 6641718614458315884 x^15 - 4959833113451556875 x^14 - 2487070347884022507 x^13 - 5850661334744464507 x^12 - 3330601622544699713 x^11 - 3840984928651506601 x^10 - 5680957174973927041 x^9 - 2856300830138393792 x^8 - 2716863391673619496 x^7 - 4761332119612475172 x^6 - 9221906478864204551 x^5 + 7977398806613979797 x^4 + 7282537341089834165 x^3 - 5275621746057961716 x^2 + 1993608090708200540 x – 291675980247089288

Input transmitted by device D4 in plain text is 127 which may be encrypted by fully homomorphic encryption (FHE) public key.
InputD4 on encrypted form with two polynomials and may be represented as

EncInputD4.C0 = - 5593578204662261004 x^15 - 8141578883295307091 x^14 + 1525967796811039513 x^13 + 3375160435143459701 x^12 + 8206769606887532734 x^11 + 6439033432791634838 x^10 + 6688347399178252002 x^9 - 3474238053500485460 x^8 - 8578553806545282304 x^7 + 1047210539303801068 x^6 + 5779597700237046535 x^5 + 1815325909628360263 x^4 + 9193321371549976106 x^3 + 5987749380757922863 x^2 - 3328842645117441873 x - 5483088499929557321
EncInputD4.C1 = 7949371697538232784 x^15 - 4389598696801577524 x^14 + 924596319166230100 x^13 - 6807567450982729314 x^12 + 8339503949806831887 x^11 + 124656983193288576 x^10 + 4142079310515412104 x^9 - 2552157876522408425 x^8 - 4410489863930244151 x^7 - 6857178456388143097 x^6 + 7241236141550457705 x^5 - 5534374305893977915 x^4 - 1602785995396021620 x^3 - 4658296012937672365 x^2 + 8146249109448723111 x + 5538333352295869151

Once the encrypted inputs from the two devices are received at gateway, following computation happens at each gateway using the inputs from the connected devices:

f = (where value of devicei is the encrypted input integers from Node with number i) through the SPEACH framework
As encrypted text at GW1contains 2 polynomials c0 and c1 product may be
GW1.co = -7238370442531339398 x^15 + 2272832173512122632 x^14 - 405840646084038478 x^13 - 7996233303867612465 x^12 - 1427133822365936073 x^11 - 6755485019187665704 x^10 - 8975311216392104132 x^9 + 2289787027693357921 x^8 + 2431101382414549733 x^7 + 2053983839168725491 x^6 - 2283256513736045583 x^5 - 850181771081835077 x^4 + 1228991434059179303 x^3 - 6752926287516715237 x^2 + 1188652959478549102 x + 7803907143294804823
GW1.c1 = 4755601314625611585 x^15 + 7884035636362261111 x^14 - 3795196324839266602 x^13 - 5938822287198596839 x^12 + 6559196449350426989 x^11 - 1109913091047738552 x^10 - 3590822908708274225 x^9 + 70657183614611548 x^8 + 9034813269934754154 x^7 - 2168620175701820435 x^6 - 8506834669329860893 x^5 - 8183785440037634133 x^4 + 5232413172564838284 x^3 - 5252582418460204123 x^2 - 5915744955352988939 x - 282768354534208079
Similarly product of input from each device D3 and D4 at gateway GW2 with two polynomials may be
GW2.co = - 7238370442531339398 x^15 + 2272832173512122632 x^14 - 405840646084038478 x^13 - 7996233303867612465 x^12 - 1427133822365936073 x^11 - 6755485019187665704 x^10 - 8975311216392104132 x^9 + 2289787027693357921 x^8 + 2431101382414549733 x^7 + 2053983839168725491 x^6 - 2283256513736045583 x^5 - 850181771081835077 x^4 + 1228991434059179303 x^3 - 6752926287516715237 x^2 + 1188652959478549102 x + 7803907143294804823
GW2.c1 = 4755601314625611585 x^15 + 7884035636362261111 x^14 - 3795196324839266602 x^13 - 5938822287198596839 x^12 + 6559196449350426989 x^11 - 1109913091047738552 x^10 - 3590822908708274225 x^9 + 70657183614611548 x^8 + 9034813269934754154 x^7 - 2168620175701820435 x^6 - 8506834669329860893 x^5 - 8183785440037634133 x^4 + 5232413172564838284 x^3 - 5252582418460204123 x^2 - 5915744955352988939 x - 282768354534208079

The encrypted products from gateways are then transmitted to cloud device where further multiplication of the product happens (encryption object contains two polynomials c0 and c1).
Cloud.c0 - 1528538239906889160 x^15 + 3652572966720642059 x^14 - 5817007938874577031 x^13 + 1383959831381175514 x^12 + 2189366180797133567 x^11 - 7386310424994304876 x^10 + 8839598115740042772 x^9 + 7830278243703399467 x^8 - 7619206742289554628 x^7 + 232182267931618744 x^6 - 2166591380749135544 x^5 - 7780199466372397465 x^4 - 1886812060144106133 x^3 - 8601493525876332670 x^2 + 7736197728787743293 x + 7159114604657495926
Cloud.c1 - 8161354662241348427 x^15 - 4734790434036422877 x^14 - 5622888145423118994 x^13 - 8820668851490500882 x^12 - 4787838290238188106 x^11 - 1110417761284666602 x^10 + 8718712101536874244 x^9 + 1498629545609413963 x^8 + 3925694512014737305 x^7 - 1199386828692902510 x^6 + 6416567984437374011 x^5 + 2946693695659649993 x^4 + 5866031296884471952 x^3 - 1054526414175633302 x^2 + 8934830462482161010 x – 4343826422432307559

The output of the above computation is transmitted to the user, which gets decrypted and the result 72390 is obtained by using the decryption key

[0048] For example, FIG. 5 illustrates a graph 500 showing performance of the cloud which involves interactions. Higher the complexity of the search query and larger the search space, more is the aggregate function and finally result is sent to a number of interactions and thus, more time is taken to search. Performance of the computation depends on performance of data encryption, privacy enabled computation and decryption. The performances with respect to computation time against bit size are illustrated in the graphs 400 and 600 in FIG. 4 and FIG. 6 respectively. In case of the IoT system, encryption can be outsourced to a gateway (to increase lifetime of IoT devices).
[0049] In another example, computation time for a given function (fi= ) is less at a fog than that of a cloud. In this example, for dynamic and adhoc computations, where function needs to be computed in a distributed and shared manner, fog computation is better. Also for predetermined computations, hybrid computation model is a better approach where computation of the given function is done at gateways and aggregation is done at one of the gateways.
[0050] The preceding description has been presented with reference to various embodiments. Persons skilled in the art and technology to which this application pertains will appreciate that alterations and changes in the described structures and methods of operation can be practiced without meaningfully departing from the principle, spirit and scope.
[0051] It is, however to be understood that the scope of the protection is extended to such a program and in addition to a computer-readable means having a message therein; such computer-readable storage means contain program-code means for implementation of one or more steps of the method, when the program runs on a server or mobile device or any suitable programmable device. The hardware device can be any kind of device which can be programmed including e.g. any kind of computer like a server or a personal computer, or the like, or any combination thereof. The device may also include means which could be e.g. hardware means like e.g. an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or a combination of hardware and software means, e.g. an ASIC and an FPGA, or at least one microprocessor and at least one memory with software modules located therein. Thus, the means can include both hardware means and software means. The method embodiments described herein could be implemented in hardware and software. The device may also include software means. Alternatively, the embodiments may be implemented on different hardware devices, e.g. using a plurality of CPUs.
,CLAIMS:1. A system for facilitating secured and privacy enabled computation, the system comprising
a cloud device configured to receive a computation operation request to be performed and one or more keywords as an input, wherein the cloud device comprises:
a registering unit that is configured to:
register one or more devices and capture device details of the one or more registered devices,
generate (i) a first set of private and public keys that are fully homomorphic encryption keys, (ii) a second set of private and public keys, wherein a second public key from the second set is a searchable encryption key and a second private key is a master secret key, and (iii) a third set of private and public keys comprising a user encryption key;
generate a fourth set of private and public keys by encrypting the first private and the first public key using thethird private key and the third public key from the third set,
encrypt the device details and the one or more keywords by using the second set of private and public keys,
a search unit that is configured to:
receive the computation operation request and the one or more encrypted keywords,
perform a comparison of the one or more encrypted keywords with the encrypted device details being stored in a database, and
identify the device details based on the comparison and invoke the one or more devices associated with the identified device details to obtain an encrypted data;
one or more computation units that are configured to perform a privacy enabled computation operation on the encrypted data; and
an aggregator unit is configured to aggregate an encrypted output received from each of the one or more computation units upon the privacy enabled computation operation being performed on the received encrypted data.

2. The system of claim 1, wherein the one or more encrypted keywords comprise at least one of a sensor identification, a location identification, and internet protocol address of the one or more devices.

3. The system of claim 1, wherein the device details comprise at least one of type of device, make, year of manufacture, accuracy, location detail and internet protocol (IP) address.

4. The system of claim 1, wherein the first, the second and the third set of private and public keys are generated based on at least one of a device power consumption, processor speed, and a memory size.

5. The system of claim 1, wherein the one or more computation units comprise a trusted control unit that is configured to perform privacy enabled computation operation, wherein the privacy enabled computation operation further comprises at least one of:
perform a computation operation comprising at least one of addition, subtraction or multiplication on the encrypted data from the captured device details; and
perform the computation operation comprising at least one of comparison or division on the encrypted data from the identified device details comprising:
decrypt the encrypted data by using the first set of private keys;
perform the computation operation on the decrypted data; and
encrypt an output of the computation operation by using the first set of public keys.

6. The system of claim 5, wherein the aggregator unit is further configured to:
determine size of the first set of private and public keys by comparing the size across, the first set of private and public keys,
aggregate, based on the comparison for a homogeneous key size of the first set of private and public keys, an encrypted output received from each of the one or more computation units upon the privacy enabled computation operation being performed on the received encrypted data.
send, based on the comparison for a heterogeneous key size of the first set of private and public keys, the received encrypted data to the trusted control unit.

7. The system of claim 6, wherein the homogeneous key size is having same key length and the heterogeneous key size is having different key length.

8. The system of claim 6, wherein the trusted control unit is configured to:
decrypt, the received encrypted data,
identify, a largest size of among the first set of private and public keys,
encrypt ,the received decrypted data by using the identified largest size key among the first set of private and public keys,
send the encrypted data to the aggregator unit for aggregation.

9. A method for facilitating secured and privacy enabled computation, the method comprising:
receiving, at a cloud device, a computation operation request to be performed and one or more keywords as an input;
registering, at a registering unit, one or more devices and capturing the device details of the one or more registered devices,
generating, at the registering unit, (i) a first set of private and public keys that are fully homomorphic encryption keys, (ii) a second set of private and public keys, wherein a second public key from the second set is a searchable encryption key and a second private key is a master secret key, and (iii) a third set of private and public keys comprising a user encryption key;
generating, at the registering unit, a fourth set of private and public keys by encrypting the first private and the first public key using the third private key and the third public key from the third set;
encrypting, at the registering unit, the device details and the one or more keywords by using the second set of private and public keys;
receiving, at a search unit, the computation operation request and the one or more encrypted keywords;
performing, at the search unit, a comparison of the one or more encrypted keywords with the encrypted device details being stored in a database, and
identifying, at the search unit, the device details based on the comparison and invoking the one or more devices associated with the identified device details to obtain an encrypted data;
performing, at one or more computation units, a privacy enabled computation operation on the encrypted data; and
aggregating, at an aggregator unit, an encrypted output received from each of the one or more computation units upon the privacy enabled computation operation being performed on the received encrypted data.

10. The method of claim 9, wherein the registering is a one-time registration process and the device details comprises at least one of type of device, make, year of manufacture, accuracy, location detail, internet protocol address and sensor identification.

11. The method of claim 10, wherein the step of generating of the first, second and third set of private and public keys are based on at least one of a device power consumption, processor speed, memory size.

12. The method of claim 10, wherein the step of receiving the computation operation request comprising one or more keywords, wherein the one or more keywords further comprise at least one of a sensor identification, location identification and internet protocol address of the device.

13. The method of claim 10, wherein the device details are identified by using shared key homomorphic scheme.

14. The method of claim 10, wherein the step of performing a privacy enabled computation operation further comprises:
performing computation on the input data in encrypted form from the plurality of devices, wherein the computation operation involves at least one of addition, subtraction or multiplication;
performing a computation operation on the received encrypted data from the identified device details, wherein the computation operation involves at least one of addition, subtraction or multiplication;
decrypting, by the trusted control unit, the received encrypted data by using the received first set of private key and performing received computation operation on the decrypted data; and
encrypting output of the computation operation by using the received first set of public key.

15. The method of claim 14, wherein the step of performing a privacy enabled computation operation on the received encrypted data is done by performing a fully homomorphic technique.

16. The method of claim 10, wherein the step of aggregating further comprises
determining size of the first set of private and public keys by comparing the size across the first set of private and public keys,
aggregating, based on the comparison for a homogeneous key size of the first set of private and public keys, an encrypted output received from each of the one or more computation units upon the privacy enabled computation operation being performed on the received encrypted data; and
sending, based on the comparison for a heterogeneous key size of the first set of private and public keys the received encrypted data to the trusted control unit.

17. The method of claim 16, wherein the homogeneous key size is having same key length and the heterogeneous key size is having different key length.

18. The method of claim 15, wherein the step of performing a privacy enabled computation operation further comprises:
decrypting, the received encrypted data,
identifying, a largest size of among the first set of private and public keys,
encrypting, the received decrypted data by using the identified largest size key among the first set of private and public keys, and
sending the encrypted data to the aggregator unit for aggregation.