CloudSEEP can find application whenever sensitive or confidential data must be processed in an untrustworthy environment. Any outsourced process is susceptible of being protected by CloudSEEP technology (Secure Signal Processing in the Cloud). Some of the applications of CloudSEEP are:
- Private Outsourced Biometric Authentication
- Secure eHealth analysis/diagnosis
- Secure Watermark Detection in Public Scenarios
- Private Database Queries
- Secure Positioning
- Private Classification
- Secure Data Parsing
- Secure Pattern Finding
Furthermore, CloudSEEP produces secure systems for performing efficient private signal processing operations related to optimization, image processing and eHealth1. Two of the most relevant applications, due to the sensitivity of the involved data, are biometric authentication and eHealth:
Private Outsourced Face Recognition
Face recognition is an important and active area of R+D whose interest has increased in recent years because of theoretical and application-driven motivations. From simple mobile phones unlocking mechanisms to complex secure biometric access control systems, face recognition is getting more and more attention. Due to the sensitivity of the involved biometric signals, privacy has shown to be a serious concern when working with digital imagery, especially for those systems that must process, recognize or classify face images (visual privacy).
Other approaches either obfuscate or partially encrypt the data, but they perform the recognition in the clear, and the recognition server has partial or total access to the sensitive user biometrics. By using advanced encryption techniques for the inputs, optimized for the encrypted processing of biometric data, CloudSEEP fully protects all the involved signals, both the user fresh biometrics (face images and biometric features extracted from those images) and the database templates. Therefore, CloudSEEP enables a secured outsourced biometric recognition that leaks no information at all to the recognition server, that works only with encrypted data.
Secure eHealth analysis/diagnosis
Cloud Computing is a very promising platform for the outsourcing of eHealth systems, both for collaborative analysis and for remote diagnosis; nevertheless, in order to benefit from the advantages that Cloud can bring to eHealth systems, it is a must that Cloud meets their privacy requirements. CloudSEEP proposes a privacy-preserving Cloud architecture grounded upon the use and development of suitable SPED (Signal Processing in the Encrypted Domain) techniques. The proposed architecture solves the privacy issues and enables an automated management of access control and processing privileges over sensitive information outsourced to it.
CloudSEEP service architecture that can be integrated on top of current Cloud IaaS (Infrastructure as a Service), through the inclusion of a middleware layer in both the client and the cloud provider. This middleware layer comprises three essential components: in the client side, an interoperability module, and in the server side, a secure storage module and a secure virtual processor. The secure virtual processor is in charge of the execution of the needed calculations on private data, stored in a suitable encrypted form at the secure storage module. The eHealth algorithms for analysis and diagnosis are translated by the processor into secure encrypted primitives that work on encrypted data, and they are executed within the cloud without accessing the clear-text value of these data. At the client side, the interoperability module keeps the needed keys, used for decrypting the obtained results and for interacting with the secure processor during the execution of the algorithms.
1US Patent No 8433925 and Patent Pending, Appl. No. 12/876224, 12/876229, 13/364598, 13/761448, EPO Appl. No. EP10175467