Patents by Inventor Kenneth H. Eguro
Kenneth H. Eguro has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11507371Abstract: Methods, systems, apparatuses, and computer program products are provided for generating an instruction set for an evaluation engine. An arithmetic expression that combines multiple columns of data (e.g., a first column of data, a second column of data, etc.) is received. Instructions may be generated, that, when executed by an integrated-circuit-based processor, cause the integrated-circuit-based processor to evaluate the arithmetic expression. In examples, a set of instructions may be generated for each column of data represented in the arithmetic expression. For instance, the instructions may comprise a first set of instructions associated with the first column of data, a second set of instructions associated with the second column of data, and so on. The instructions may specify one or more parameters for operations associated with each column of data, such as operations to load data from a buffer, store data into a buffer, arithmetic operations to perform on data, etc.Type: GrantFiled: December 11, 2019Date of Patent: November 22, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Kaan Kara, Kenneth H. Eguro, Haohai Yu, Chirag Varde, Blake D. Pelton
-
Patent number: 11232214Abstract: Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.Type: GrantFiled: May 13, 2020Date of Patent: January 25, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Shriraghav Kaushik, Arvind Arasu, Spyridon Blanas, Kenneth H. Eguro, Manas Rajendra Joglekar, Donald Kossmann, Ravishankar Ramamurthy, Prasang Upadhyaya, Ramarathnam Venkatesan
-
Publication number: 20210182064Abstract: Methods, systems, apparatuses, and computer program products are provided for generating an instruction set for an evaluation engine. An arithmetic expression that combines multiple columns of data (e.g., a first column of data, a second column of data, etc.) is received. Instructions may be generated, that, when executed by an integrated-circuit-based processor, cause the integrated-circuit-based processor to evaluate the arithmetic expression. In examples, a set of instructions may be generated for each column of data represented in the arithmetic expression. For instance, the instructions may comprise a first set of instructions associated with the first column of data, a second set of instructions associated with the second column of data, and so on. The instructions may specify one or more parameters for operations associated with each column of data, such as operations to load data from a buffer, store data into a buffer, arithmetic operations to perform on data, etc.Type: ApplicationFiled: December 11, 2019Publication date: June 17, 2021Inventors: Kaan Kara, Kenneth H. Eguro, Haohai Yu, Chirag Varde, Blake D. Pelton
-
Publication number: 20200272744Abstract: Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.Type: ApplicationFiled: May 13, 2020Publication date: August 27, 2020Inventors: Shriraghav Kaushik, Arvind Arasu, Spyridon Blanas, Kenneth H. Eguro, Manas Rajendra Joglekar, Donald Kossmann, Ravishankar Ramamurthy, Prasang Upadhyaya, Ramarathnam Venkatesan
-
Patent number: 10671736Abstract: Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.Type: GrantFiled: October 27, 2017Date of Patent: June 2, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Shriraghav Kaushik, Arvind Arasu, Spyridon Blanas, Kenneth H. Eguro, Manas Rajendra Joglekar, Donald Kossmann, Ravishankar Ramamurthy, Prasang Upadhyaya, Ramarathnam Venkatesan
-
Patent number: 10572442Abstract: A database management system (DBMS) run a host CPU and a hardware coprocessor accelerate traversal of a tree-type data structure by allocating reusable memory in cache to store portions of the tree-type data structure as the tree-type data structure is being requested by the host CPU. The hardware coprocessor manages the cached tree-type data structure in a manner that is transparent to the host CPU. A driver located at the host CPU or at a separate computing device can provide an interface between the host CPU and the hardware coprocessor, thus reducing communications between the host CPU and the hardware coprocessor.Type: GrantFiled: November 26, 2014Date of Patent: February 25, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Kenneth H. Eguro, Zsolt Istvan, Arvind Arasu, Ravishankar Ramamurthy, Kaushik Shriraghav
-
Publication number: 20180046812Abstract: Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.Type: ApplicationFiled: October 27, 2017Publication date: February 15, 2018Inventors: Shriraghav Kaushik, Arvind Arasu, Spyridon Blanas, Kenneth H. Eguro, Manas Rajendra Joglekar, Donald Kossmann, Ravishankar Ramamurthy, Prasang Upadhyaya, Ramarathnam Venkatesan
-
Publication number: 20160147779Abstract: A database management system (DBMS) run a host CPU and a hardware coprocessor accelerate traversal of a tree-type data structure by allocating reusable memory in cache to store portions of the tree-type data structure as the tree-type data structure is being requested by the host CPU. The hardware coprocessor manages the cached tree-type data structure in a manner that is transparent to the host CPU. A driver located at the host CPU or at a separate computing device can provide an interface between the host CPU and the hardware coprocessor, thus reducing communications between the host CPU and the hardware coprocessor.Type: ApplicationFiled: November 26, 2014Publication date: May 26, 2016Inventors: Kenneth H. Eguro, Zsolt Istvan, Arvind Arasu, Ravishankar Ramamurthy, Kaushik Shriraghav
-
Patent number: 9213867Abstract: A cloud computing service to securely process queries on a database. A security device and method of operation are also disclosed. The security device may be provisioned with a private key of a subscriber to the cloud service and may have processing hardware that uses that key, sequestering the key and encryption processing in hardware that others, including operating personnel of the cloud service, cannot readily access. Processing within the security device may decrypt queries received from the subscriber and may encrypt responses for communication over a public network. The device may perform functions on clear text, thereby limiting the amount of clear text data processed on the cloud platform, while limiting bandwidth consumed in communicating with the subscriber. Such processing may include formatting data, including arguments in a query, in a security protocol used by the cloud platform.Type: GrantFiled: December 7, 2012Date of Patent: December 15, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Ravishankar Ramamurthy, Kenneth H. Eguro, Ramarathnam Venkatesan
-
Patent number: 9053348Abstract: A secure cloud computing platform. The platform has a pool of secure computing devices such that each can be allocated to a customer as with other computing resources. Each secure computing device may be configured by a customer with a key and software for performing operations on sensitive data. The customer may submit data, defining a job for execution on the platform, as cyphertext. The secure computing device may perform operations on that data, which may include decrypting the data with the key and then executing the software to perform an operation on cleartext data. This operation, and the data on which it is performed, though in cleartext, may be inaccessible to the operator of the cloud computing platform. The device may operate according to a secure protocol under which the software is validated before loading and the device is provisioned with a key shared with the customer.Type: GrantFiled: March 26, 2012Date of Patent: June 9, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Ramarathnam Venkatesan, Kenneth H. Eguro, Roy Peter D'Souza
-
Publication number: 20140164758Abstract: A cloud computing service to securely process queries on a database. A security device and method of operation are also disclosed. The security device may be provisioned with a private key of a subscriber to the cloud service and may have processing hardware that uses that key, sequestering the key and encryption processing in hardware that others, including operating personnel of the cloud service, cannot readily access. Processing within the security device may decrypt queries received from the subscriber and may encrypt responses for communication over a public network. The device may perform functions on clear text, thereby limiting the amount of clear text data processed on the cloud platform, while limiting bandwidth consumed in communicating with the subscriber. Such processing may include formatting data, including arguments in a query, in a security protocol used by the cloud platform.Type: ApplicationFiled: December 7, 2012Publication date: June 12, 2014Applicant: MICROSOFT CORPORATIONInventors: Ravishankar Ramamurthy, Kenneth H. Eguro, Ramarathnam Venkatesan
-
Publication number: 20130254841Abstract: A secure cloud computing platform. The platform has a pool of secure computing devices such that each can be allocated to a customer as with other computing resources. Each secure computing device may be configured by a customer with a key and software for performing operations on sensitive data. The customer may submit data, defining a job for execution on the platform, as cyphertext. The secure computing device may perform operations on that data, which may include decrypting the data with the key and then executing the software to perform an operation on cleartext data. This operation, and the data on which it is performed, though in cleartext, may be inaccessible to the operator of the cloud computing platform. The device may operate according to a secure protocol under which the software is validated before loading and the device is provisioned with a key shared with the customer.Type: ApplicationFiled: March 26, 2012Publication date: September 26, 2013Applicant: MICROSOFT CORPORATIONInventors: Ramarathnam Venkatesan, Kenneth H. Eguro, Roy Peter D'Souza
-
Publication number: 20100325633Abstract: Logic and state information suitable for execution on a programmable hardware device may be generated from a task, such as evaluating a regular expression against a corpus. Hardware capacity requirements of the logic and state information on the programmable hardware device may be estimated. Once estimated, a plurality of the logic and state information generated from a plurality of tasks may be distributed into sets such that the logic and state information of each set fits within the hardware capacity of the programmable hardware device. The tasks within each set may be configured to execute in parallel on the programmable hardware device. Sets may then be executed in series, permitting virtualization of the resources.Type: ApplicationFiled: September 2, 2009Publication date: December 23, 2010Applicant: Microsoft CorporationInventors: Kenneth H. Eguro, Alessandro Forin