BACKGROUND

[0001] A cloud data center may provide cloud computing services to various computing systems such as desktops, laptops, tablets, smartphones, embedded computers, point-of-sale terminals, and so on. A cloud data center may have many thousands of servers and storage devices and provide various software products such as operating systems, databases, and applications. Rather than maintaining their own data centers, many enterprises subscribe as customers of a database service of a cloud data center to store and process their data. For example, a retail company may subscribe to a database service to store records of the sales transactions at the company's stores and use an interface provided by the database service to run queries to help in analyzing the sales data. As another example, a utility company may subscribe to a database service for storing meter readings collected from the meters of its customers. As another example, a governmental entity may subscribe to a database service for storing and analyzing tax return data of millions of taxpayers.

[0002] Enterprises that subscribe to such cloud-based database services want to ensure the privacy of their data. Although cloud data centers employ many sophisticated techniques to help preserve the privacy of customer data, parties seeking to steal such customer data are continually devising new counter-techniques to access the data. To help ensure the privacy of their data, many customers may encrypt their data locally before sending their data for storage by a database service. For example, each point-of-sale terminal of a retail company may encrypt the sale amount of each transaction and send the sale amount only in an encrypted form to the database service as a record of the transaction. If the retail company wants to determine the total sale amount for each store, the encrypted sale amounts for each store would need to be downloaded to a company computer and then decrypted. The decrypted sale amounts for each store could then be added together to generate the total sale amount for each store.

[0003] If a customer were to use a homomorphic encryption of data, then the downloading and decrypting of all the sales data could be avoided. Homomorphic encryption has the characteristic that a computation performed on the encrypted data generates an encrypted result that, when decrypted, equals the same result as if the computation was performed on the unencrypted data. For example, if the retail company homomorphically encrypts its sale amounts, then the database service could add the encrypted sale amounts for each store to generate an encrypted total sale amount for each store. The retail company need only download the encrypted total sale amount for each store and decrypt those total sale amounts.

[0004] Although homomorphic encryption allows the aggregation of encrypted data to be performed by the database service and thus avoids the downloading of the unaggregated encrypted data, homomorphic encryption can be very computationally expensive. Homomorphic encryption schemes typically use complex mathematical operations such as multiplications, exponentiations, matrix operations, and so on. As a result, many organizations either choose not to use homomorphic encryption or need to expend significant amounts of money purchasing additional computational power that is needed to support homomorphic encryption.

SUMMARY

[0005] In some embodiments, an encryption system secures data using a homomorphic encryption. The encryption system encrypts a number by encrypting a number identifier of the number and combining the number and the encrypted number identifier using a mathematical operation to generate an encrypted number. The encrypted numbers may be stored at a server system along with their number identifiers. The server system can then generate an aggregation (e.g., sum) of the encrypted numbers and provide the aggregation, the encrypted numbers, and the number identifiers. The encryption system can then separate the aggregation of the numbers from the aggregation of the encrypted numbers using an inverse of the mathematical operation to effect removal of an aggregation of the encrypted number identifiers of the numbers from the aggregation of the encrypted numbers. The separated aggregation of the numbers is an aggregation of the plurality of the numbers.

[0006] This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.

BRIEF DESCRIPTION

[0007] Figure 1 is a diagram illustrating data structures stored by a cloud data center in some embodiments.

[0008] Figure 2 is a block diagram that illustrates systems that support an encryption system in some embodiments. [0009] Figure 3 is a flow diagram that illustrates processing of an encrypt numbers component of a data source system in some embodiments.

[0010] Figure 4 is a flow diagram that illustrates processing of an encrypt number component of a data source system in some embodiments.

[0011] Figure 5 is a flow diagram that illustrates processing of an encrypt number component that employs sequential encryption of a data source system in some embodiments.

[0012] Figure 6 is a flow diagram that illustrates processing of a generate encrypted aggregation component of a data storage system in some embodiments.

[0013] Figure 7 is a flow diagram that illustrates processing of a compress identifiers component of a data storage system in some embodiments.

[0014] Figure 8 is a flow diagram that illustrates processing of a pre-generate encrypted aggregation component of a data storage system in some embodiments.

[0015] Figure 9 is a flow diagram that illustrates processing of a decrypt aggregation component of a data consumer system in some embodiments.

[0016] Figure 10 is a flow diagram that illustrates processing of a separate aggregation of numbers component of a data consumer system in some embodiments.

[0017] Figure 11 is a flow diagram that illustrates processing of a separate aggregation component that employs sequential encryption of a data consumer system in some embodiments.

DETAILED DESCRIPTION

[0018] A method and system for homomorphic encryption of data is provided. In some embodiments, an encryption system executing at a data source system homomorphically encrypts a number using a number identifier associated with that number. For example, if the data source system is a point-of-sale terminal of a store of a retail company and the number represents the sale amount of a transaction, then the number identifier may be a combination of a store identifier and a record identifier for that transaction. To encrypt the number, the encryption system generates random value that is a function of the number identifier associated with the number. The encryption system generates the random value by applying a pseudorandom function ("PRF") to a symmetric key and the number identifier. The encryption system may use any type of pseudorandom function. For example, the encryption system may use the Advanced Encryption Standard ("AES") algorithm or the Data Encryption Standard ("DES") algorithm as the pseudorandom function to generate the random value. Since an encryption algorithm is used to generate the random value in some embodiment, the random value generated by the pseudorandom function may be referred to as an "encryption of the number identifier." Continuing with the retail company example, if the store identifier is 10 and the transaction identifier is a numeric representation of date and time (e.g., seconds since 1900), then the number identifier of the sale amount may have 10 in its most significant bits and the numeric representation of date and time in its least significant bits. The encryption of the number identifier may be represented as E(ID), where ID represents the number identifier and E represents the PRF algorithm. The encryption system generates the encrypted number by performing a mathematical operation with the number and the encrypted number identifier (i.e., PRF output) as operands. The mathematical operation has a corresponding inverse mathematical operation that is used for decryption. The number can be decrypted from the encrypted number by performing the inverse mathematical operation with the encrypted number and the encrypted number identifier (i.e., PRF output) as operands. The encrypted number may be represented as follows:

E(number) = number - E(ID)

and the decrypted number may be represented as

number = E(number) + E(ID)

where addition is the inverse of subtraction. The operations take place in a mathematical group (e.g., for integers mod n from some integer n). The encryption system may encrypt any quantity of numbers using the number identifier of each number. Once the encryption system encrypts a number, it can send the encrypted number to a cloud data center for secure storage.

[0019] In some embodiments, the encrypted numbers that have been encrypted with subtraction (or addition) as the mathematical operation can be added together at a cloud data center to generate an aggregation of the encrypted numbers. The cloud data center may receive a request for the aggregation (e.g., a query) from a data consumer system (e.g., management system of a store) that executes the encryption system. For example, if the cloud data center stores the encrypted sale amount for each transaction of a store, the cloud data center can add all the encrypted sale amounts for the store to generate an aggregation that is the sum of the encrypted sale amounts for that store. The sum of the encrypted numbers may be represented as follows:

n

A(E(number(l ..n))) = ^ Einumber _j ) where A represents the aggregation and numben represents the i-th number. When an aggregation is received, the encryption system can decrypt the aggregation of the encrypted numbers by performing the inverse mathematical operation (e.g., addition) for each number to reverse the mathematical operation (e.g., subtraction) used to encrypt the numbers. If the mathematical operation is subtraction, the decrypting of a summation aggregation of the encrypted numbers with the inverse mathematical operation of addition may be represented as follows:

n

A(number(l ..n)) = A(E(number(l ..n))) +∑E(IDi )

i=1

where IDi represents the number identifier of the i-th number.

[0020] In some embodiments, a cloud data center may provide to the encryption system executing at a data consumer system the number identifiers of the numbers that are used to generate an aggregation. For example, when the aggregation is the sum of the encrypted sale amounts for a store, the encryption system may have used a combination of store identifier and date and time as the number identifier (or record identifier) of a transaction. When the cloud data center generates an aggregation, it provides the number identifier of each transaction used to generate the aggregation. The encryption system can then encrypt each number identifier, generate a sum of the encrypted number identifiers, and add that sum to the aggregation of the encrypted numbers to reverse the mathematical operation of subtracting the encrypted number identifiers from the numbers that they identify. The result of adding the sum to the aggregation of the encrypted numbers is an aggregation of the numbers, which is not encrypted.

[0021] In some embodiments, the encryption system may use number identifiers that are sequential. For example, when a transaction occurs, a number identifier for that transaction may be generated by incrementing the number identifier of the previous number that was generated or stored. Continuing with the retail example, such a number identifier may be considered to be a record identifier of a transaction. Each store may be responsible for generating its own sequence of record identifiers for its transactions. If the number identifiers are sequential, the cloud data center may use various compression techniques to compress each range of number identifiers used in an aggregation. The compression techniques may include run-length encoding, range encoding, and so on. For example, if the aggregation is a sum of the sale amounts for the first two Fridays of a certain year, the number identifiers of the transactions may be 10245 through 10344 and 14910 through 15059. If run-length encoding is used, then the compressed sequence of number identifiers would be 10245/100 and 14910/150, where the number before the slash represents the number identifier of the start of the run and the number after the slash represents the length of the run. If range encoding is used, then the compressed sequence would be the number identifiers of the start and end of each range. Even if the number identifiers of numbers used in an aggregation are not in a range or if the number identifiers themselves are not sequential, the number identifiers may be compressed, for example, using a differential encoding. So, if the number identifiers are 10245, 10299, 10303, and 10103, the differential encoding may be 10245/54,4,-200 where the number before the slash represents the first number identifier and the numbers after the slash represent differences to be added to the previous number identifier. Although each number may have a number identifier that is unique, the number identifiers need not be unique. For example, a retail store may generate a new number identifier every hour and encrypt the sale amount of each transaction that occurs during a particular hour with the same number identifier.

[0022] In some embodiments, if it is expected that ranges of sequential number identifiers will be used in an aggregation, the encryption system may encrypt each number using the number identifier of that number and the number identifier of an adjacent number in the sequence in a process referred to as sequential encryption. The encryption system may encrypt each number by performing a mathematical operation with the encrypted number identifier of the number and an inverse mathematical operation with the encrypted number identifier of an adjacent number in the sequence of number identifiers. Such sequential encryption may be represented as follows:

E(numben) = numben - E(IDi) + E(IDi-i)

[0023] Because each encrypted number includes the inverse mathematical operation used to encrypt an adjacent (e.g., prior) number, when a sequence of encrypted numbers are summed, the mathematical operation of the number identifier of each number in the sequence will be reversed by the inverse mathematical operation of the number identifier of that number in the encryption of the adjacent number in the sequence. For example, the encryption of numbers in a sequence may be represented as follows:

numbers - E(ID ₅ ) + E(ID ₄ )

numbere - E(ID ₆ ) + E(ID ₅ )

number? - E(ID ₇ ) + E(ID ₆ )

numbers - E(ID ₈ ) + E(ID ₇ )

The summation aggregation of these numbers may be represented as follows: numbers + number + number? + numbers +

E(ID ₄ ) + (E(ID ₅ ) - E(ID ₅ )) + (E(ID ₆ ) - E(ID ₆ )) + (E(ID ₇ ) - E(ID ₇ )) - E(ID ₈ ) The mathematical operations and the inverse mathematical operations based on the number identifiers for numbers 5-7 result in a sum of zero. Thus, the aggregation of the encrypted numbers can be decrypted by adding the encrypted number identifier of number 4 and subtracting the encrypted number identifier of number 8. If sequential encryption is used for a sequence of numbers of any length, then the summation aggregation can be decrypted using the inverse mathematical operation of the number identifier of a number adjacent to one end of the sequence and the mathematical operation of the number identifier of the number at the other end of the sequence. For example, if the sequence is 1000 numbers in length, then only one mathematical operation and one inverse mathematical operation need to be performed to generate the aggregation of the numbers from the aggregation of the encrypted numbers. If each number were encrypted using only a mathematical operation (i.e., non-sequential encryption) with the number identifier of that number, then 1000 mathematical operations would need to be performed to decrypt the aggregation of the decrypted numbers.

[0024] Although the encryption system is described in the context of supporting an aggregation that is a summation, the aggregation can be another type of aggregation. For example, if the aggregation is to be a product of numbers, then the encryption system can encrypt each number by multiplying a number by the encryption of its number identifier. To decrypt the product of such encrypted numbers, the encryption system would divide the product by each of the encrypted number identifiers of the numbers used to generate the product. Also, although the encryption system is described in the context of storing encrypted numbers at a cloud data center, the encryption system may be useful even when the encrypted numbers are stored locally. If only the encrypted numbers are stored locally, a party seeking to steal the numbers would have a very limited window in which to do so (e.g., prior to the numbers being encrypted) and the encrypted numbers need not ever be \decrypted. In some embodiments, the numbers may be encrypted using a cryptoprocessor, so the window may be even more limited.

[0025] The encryption system thus allows numbers to be homomorphically encrypted and subsequently decrypted based on number identifiers using much less computational expense than prior homomorphic encryption techniques. In addition, the encryption system allows aggregations of encrypted numbers to be rapidly decrypted, especially when the numbers are encrypted using sequential encryption. The compressing of the number identifiers used in generating an aggregation helps reduce the communication bandwidth needed to provide the number identifiers to a data consumer system. Also, any encryption algorithm can be used to encrypt the number identifiers. In particular, since the encrypted number identifiers need not be decrypted, the encryption system can use an encryption algorithm whose encryption is computationally inexpensive but whose decryption may be computationally expensive.

[0026] Figure 1 is a diagram illustrating data structures stored by a cloud data center in some embodiments. In this example, a database service of a cloud data center maintains a store table 110 and a transaction table 120 for a retail company. The store table contains, for each store, an entry that includes the store identifier and the location of the store. The transaction table contains an entry for each transaction that includes a store identifier, a transaction identifier, and an encrypted amount. The store identifier and transaction identifier combine to form a unique number identifier of the amount. In this example, each amount is encrypted by subtracting an encryption of the number identifier. Each store may generate transaction identifiers that are sequential starting from the number one. The database service may support the querying of the transaction table. For example, a client device (e.g., a data consumer system) may submit a query that specifies to aggregate the amounts of all the transactions for the stores in India. The database service would access the store table to identify the store identifiers of the stores in India and then use those store identifiers to identify entries in the transaction table for transactions of those stores. The database service then would sum the encrypted amounts of those entries to generate an aggregation of the encrypted numbers. The database service may provide the aggregation of the encrypted numbers along with an indication of the number identifiers (e.g., store identifiers and transaction identifiers) as the result of the aggregation. In some embodiments, the client device may maintain sufficient information to track the number identifiers that are used in an aggregation. For example, the client device may know the store identifiers of stores in India and know the first and last transaction identifier used by each store. In such a case, the client device would not need the number identifiers to be provided by the database service.

[0027] Figure 2 is a block diagram that illustrates systems that support an encryption system in some embodiments. The systems include a data source system 210, a data store system 220, and a data consumer system 230 that are connected via a communication channel 240. The data source system is a source of encrypted numbers (e.g., a point-of- sale terminal). The data source system may include a generate number component 211, an encrypt number component 212, and a send encrypted number component 213. The generate number component may be, for example, a component of a transaction system that outputs sale amounts. The encrypt number component encrypts each number using homomorphic encryption. The send encrypted number component sends the encrypted number to the data store system for storage. The data storage system includes a receive and store encrypted number component 221, an encrypted number store 222, a receive query component 223, a generate encrypted aggregation component 224, and a send encrypted aggregation component 225. The receive and store encrypted number component receives encrypted numbers from data source systems and stores the encrypted numbers in the encrypted number store. The encrypted number store stores the encrypted numbers. For example, transaction table 120 is an example of an encrypted number store. The receive query component receives queries from data consumer systems and invokes the generate encrypted aggregation component to aggregate the encrypted numbers that match the query. The send encrypted aggregation component returns the aggregation of the encrypted numbers to a data consumer system. The data consumer system includes a generate query component 231, a send query component 232, a decrypt encrypted aggregation component 233, and a receive encrypted aggregation component 234. A user may interact with the generate query component to generate queries to submit to the data store system. The generate query component may be part of a conventional database system that supports the Structured Query Language ("SQL"). The send query component sends the queries to the data store system. The receive encrypted aggregation component receives the aggregations from the data store system and invokes the decrypt encrypted aggregation component to decrypt the aggregations of the encrypted numbers. Although illustrated as separate systems, a data source system and a data consumer system can be implemented on the same computing system. Also, the data storage system may be implemented on the same computing system as a data source system or a data consumer system.

[0028] The computing systems on which the systems that support the encryption system may be implemented may include a central processing unit, input devices, output devices (e.g., display devices and speakers), storage devices (e.g., memory and disk drives), network interfaces, graphics processing units, accelerometers, cellular radio link interfaces, global positioning system devices, and so on. The input devices may include keyboards, pointing devices, touch screens, gesture recognition devices (e.g., for air gestures), head and eye tracking devices, microphones for voice recognition, and so on. The computing systems of data source systems, data consumer systems, and data storage systems may include desktop computers, laptops, tablets, e-readers, personal digital assistants, smartphones, gaming devices, servers, point-of-sale terminals, and so on. The computing systems may also include servers of a data center, massively parallel systems, and so on. The computing systems may access computer-readable media that include computer-readable storage media and data transmission media. The computer-readable storage media are tangible storage means that do not include a transitory, propagating signal. Examples of computer-readable storage media include memory such as primary memory, cache memory, and secondary memory (e.g., DVD) and other storage. The computer-readable storage media may have recorded on it or may be encoded with computer-executable instructions or logic that implements the encryption system. The data transmission media is used for transmitting data via transitory, propagating signals or carrier waves (e.g., electromagnetism) via a wired or wireless connection. The computing systems may include a secure cryptoprocessor as part of a central processing unit for generating and securely storing keys and for encrypting and decrypting data using the keys.

[0029] The encryption system may be described in the general context of computer- executable instructions, such as program modules and components, executed by one or more computers, processors, or other devices. Generally, program modules or components include routines, programs, objects, data structures, and so on that perform particular tasks or implement particular data types. Typically, the functionality of the program modules may be combined or distributed as desired in various examples. Aspects of the encryption system may be implemented in hardware using, for example, an application-specific integrated circuit ("ASIC").

[0030] Figure 3 is a flow diagram that illustrates processing of an encrypt numbers component of a data source system in some embodiments. An encrypt numbers component 300 may be invoked to encrypt a sequence of numbers. In block 301, the component selects the next number in the sequence. In decision block 302, if all the numbers have already been selected, then the component completes, else the component continues at block 303. In block 303, the component generates the number identifier of the selected number. For example, in the case of a retail company, the number identifier may be a combination of the store identifier and sequential transaction identifier generated for that store. In block 304, the component invokes an encrypt number component passing an indication of the number to be encrypted. The component then loops to block 301 to select the next number in the sequence.

[0031] Figure 4 is a flow diagram that illustrates processing of an encrypt number component of a data source system in some embodiments. An encrypt number component 400 is passed an indication of a number and encrypts the number based on the number identifier of the number. In block 401, the component retrieves the number identifier of the number. In block 402, the component encrypts the number identifier, for example, using an AES algorithm. In block 403, the component encrypts the number by performing a mathematical operation with the number and the encrypted number identifier as operands. In block 404, the component directs the storing of the encrypted number, for example, at a cloud data center, and then completes.

[0032] Figure 5 is a flow diagram that illustrates processing of an encrypt number component that employs sequential encryption of a data source system in some embodiments. An encrypt number component 500 is passed a number and encrypts that number using sequential encryption. In block 501, the component retrieves the number identifier of the number. In block 502, the component retrieves the number identifier of an adjacent number. In block 503, the component encrypts the number identifier of the number. In block 504, the component encrypts the number identifier of the adjacent number. In block 505, the component generates the encrypted number by performing on the number the mathematical operation using the encrypted number identifier of the number and an inverse mathematical operation using the encrypted number identifier of the adjacent number. In block 506, the component directs the storing of the encrypted number and then completes. As used herein, the number identifiers may be considered to be sequential and the numbers themselves may be considered to be sequential. Also, the term "sequential" does not imply that the values of the number identifiers or the numbers are sequential. For example, the values of the sale amounts would be considered to be sequential in the sense, for example, that the value of one sale amount in the sequence is greater than the value of the prior sale amount in the sequence. Also, the values of the number identifiers similarly may not be sequential. For example, the first number identifier can have a value of 100, the second number identifier can have a value of 10, and the third number identifier can have a value of 120. As long as the number identifier or the encrypted number identifier for each number is available to the encryption system, the encryption system can encrypt numbers and decrypt aggregations of encrypted numbers. Also, the encryption system typically would not provide the encrypted number identifiers to a data storage system that stores the encrypted numbers.

[0033] Figure 6 is a flow diagram that illustrates processing of a generate encrypted aggregation component of a data storage system in some embodiments. A generate encrypted aggregation component 600 may be passed an indication of the query and return an aggregation of encrypted numbers that match the query. The query may be, for example, an SQL query. In block 601, the component identifies records with encrypted numbers that match the query. For example, the records may be entries of transaction table 120. In block 602, the component initializes an aggregation of the encrypted numbers. In blocks 603-606, the component loops adding each encrypted number of each identified record to the aggregation. In block 603, the component selects the next identified record. In decision block 604, if all such records have already been selected, then the component continues at block 607, else the component continues at block 605. In block 605, the component stores the number identifier of the encrypted number of the selected record. In block 606, the component adds the encrypted number of the selected record to the aggregation of the encrypted numbers and then loops to block 603 to select the next record. In block 607, the component outputs the aggregation of the encrypted numbers. In block 608, the component invokes a compress identifiers component to compress the stored number identifiers and then completes.

[0034] Figure 7 is a flow diagram that illustrates processing of a compress identifiers component of a data storage system in some embodiments. A compress identifiers component 700 compresses the number identifiers of numbers used in the aggregation of encrypted numbers using run-length encoding. In this example, the values of the number identifiers are assumed to be sequential. In block 701, the component sorts the number identifiers. In block 702, the component selects the next number identifier. In decision block 703, if all the number identifiers have already been selected, then the component completes, else the component continues at block 704. In block 704, the component initializes the start of the run to the selected number identifier. In block 705, the component sets the length of the run to one. In blocks 706-708, the component loops, choosing each sequential number identifier and incrementing the length of the run. In block 706, the component chooses the next sequential number identifier. In decision block 707, if a sequential number identifier is found, the component continues at block 708, else the component loops to block 702 to select the next number identifier for the next run. In block 708, the component increments the length of the run and then loops to block 706 to choose the next sequential number identifier.

[0035] Figure 8 is a flow diagram that illustrates processing of a pre-generate encrypted aggregation component of a data storage system in some embodiments. A pre- generate encrypted aggregation component 800 may be used to generate aggregations of encrypted numbers and store those aggregations (possibly along with the corresponding number identifiers) for later retrieval. For example, a retail company may pre-generate aggregations of store sale amounts for each day, month, quarter, and year. In this way, queries that request the pre-generated aggregations can be satisfied using the pre-generated aggregations without having to aggregate the encrypted numbers at the time of the query. In block 801, the component receives a query for which an aggregation of encrypted numbers is to be pre-generated. In block 802, the component invokes the generate encrypted aggregation component passing an indication of the query to generate an aggregation that satisfies that query. In block 803, the component stores an indication of the query. In block 804, the component stores the encrypted aggregation. In block 805, the component stores the number identifiers used to generate the encrypted aggregation in compressed form and then completes. When a query is subsequently received that matches the stored query, the stored encrypted aggregation and the stored compressed number identifiers can be returned as a result of that query.

[0036] Figure 9 is a flow diagram that illustrates processing of a decrypt aggregation component of a data consumer system in some embodiments. A decrypt aggregation component 900 receives an aggregation of encrypted numbers and generates the corresponding aggregation of the numbers. In block 901, the component receives the aggregation of the encrypted numbers. In block 902, the component invokes a separate aggregation of numbers component. In block 903, the component outputs the aggregation of the numbers and then completes.

[0037] Figure 10 is a flow diagram that illustrates processing of a separate aggregation of numbers component of a data consumer system in some embodiments. A separate aggregation of numbers component 1000 is invoked to separate the aggregation of the numbers from the aggregation of the encrypted numbers. In block 1001, the component initializes the aggregation of the numbers to the aggregation of the encrypted numbers. In block 1002, the component selects the next number identifier of a number used in the aggregation. In decision block 1003, if all the number identifiers have already been selected, then the component continues at block 1006, else the component continues at block 1004. In block 1004, the component encrypts the selected number identifier. In block 1005, the component applies the reverse operation of the encrypted number identifier to the aggregation of the numbers. The component then loops to block 1002 to select the next identifier. In block 1006, the component outputs the aggregation of the numbers and then completes.

[0038] Figure 11 is a flow diagram that illustrates processing of a separate aggregation component that employs sequential encryption of a data consumer system in some embodiments. A separate aggregation component 1100 may be passed an aggregation of encrypted numbers along with the number identifier of the first number and last number in a sequence. In block 1101, the component encrypts the number identifier of the last number in the sequence. In block 1102, the component encrypts the number identifier of the number before the first number in the sequence. In block 1103, the component performs both the inverse mathematical operation of the encryption of the last number identifier in the sequence and the mathematical operation of the number before the first number in the sequence on the aggregation of the encrypted numbers and completes. The result is the aggregation of the numbers that is not encrypted.

[0039] Although the subject matter has been described in language specific to structural features and/or acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims. Accordingly, the invention is not limited except as by the appended claims.