Patents by Inventor Sriram K. Rajamani
Sriram K. Rajamani has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10917394Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.Type: GrantFiled: October 31, 2019Date of Patent: February 9, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Mitica Manu, Baskar Sridharan, Raghunath Ramakrishnan, Sriram K. Rajamani, Victor V. Boyko, Pushkar Vijay Chitnis, Shastry M. C. Shankara, Ramarathnam Venkatesan
-
Patent number: 10904231Abstract: Data may be encrypted using a derived block encryption key for each of at least one append blocks of data. A data operation associated with manipulating particular data associated with a user may be received. The particular data may comprise at least one append block of data. In response to the received data operation, for each append block of data of the at least one append block of data, parameters associated with deriving a block encryption key for a given append block of data of the at least one append block of data may be accessed. The parameters may comprise at least a data encryption key associated with the user and a nonce. A block encryption key may be derived for the given append block of data utilizing the parameters. The given append block of data may be encrypted utilizing the block encryption key.Type: GrantFiled: June 8, 2017Date of Patent: January 26, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Baskar Sridharan, Victor V. Boyko, Sriram K. Rajamani, Mitica Manu
-
Publication number: 20200067896Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope.Type: ApplicationFiled: October 31, 2019Publication date: February 27, 2020Inventors: Mitica Manu, Baskar Sridharan, Raghunath Ramakrishnan, Sriram K. Rajamani, Victor V. Boyko, Pushkar Vijay Chitnis, Shastry M.C. Shankara, Ramarathnam Venkatesan
-
Patent number: 10484352Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.Type: GrantFiled: June 7, 2017Date of Patent: November 19, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Mitica Manu, Baskar Sridharan, Raghunath Ramakrishnan, Sriram K. Rajamani, Victor V. Boyko, Pushkar Vijay Chitnis, Shastry M. C. Shankara, Ramarathnam Venkatesan
-
Publication number: 20180287789Abstract: Data may be encrypted using a derived block encryption key for each of at least one append blocks of data. A data operation associated with manipulating particular data associated with a user may be received. The particular data may comprise at least one append block of data. In response to the received data operation, for each append block of data of the at least one append block of data, parameters associated with deriving a block encryption key for a given append block of data of the at least one append block of data may be accessed. The parameters may comprise at least a data encryption key associated with the user and a nonce. A block encryption key may be derived for the given append block of data utilizing the parameters. The given append block of data may be encrypted utilizing the block encryption key.Type: ApplicationFiled: June 8, 2017Publication date: October 4, 2018Inventors: Baskar SRIDHARAN, Victor V. BOYKO, Sriram K. RAJAMANI, Mitica MANU
-
Publication number: 20180288020Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.Type: ApplicationFiled: June 7, 2017Publication date: October 4, 2018Inventors: Mitica MANU, Baskar SRIDHARAN, Raghunath RAMAKRISHNAN, Sriram K. RAJAMANI, Victor V. BOYKO, Pushkar Vijay CHITNIS, Shastry M.C. SHANKARA, Ramarathnam VENKATESAN
-
Patent number: 9383970Abstract: A platform that facilitates software application development, maintenance, and support includes a storage component that receives structured and unstructured data pertaining to at least one application subject to development, maintenance, or support and causes the structured and unstructured data to be stored in a distributed fashion over a plurality of accessible data repositories. The storage component causes the structured and unstructured data to be stored in the data repositories such that the structured and unstructured data is accessible through utilization of a common access format. An executor component executes an analytical process over the structured and unstructured data and generates a first dataset, wherein the storage component causes the first dataset to be stored in at least one of the plurality of accessible data repositories in a format that is accessible by front end analysis applications.Type: GrantFiled: August 13, 2009Date of Patent: July 5, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Joseph M. Joy, Balasubramanyan Ashok, Ganesan Ramalingam, Sriram K. Rajamani
-
Patent number: 9213843Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.Type: GrantFiled: April 15, 2014Date of Patent: December 15, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Prasad G. Naldurg, Sriram K. Rajamani, Stefan Schwoon, John Lambert
-
Publication number: 20150143525Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between the principals and the resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.Type: ApplicationFiled: April 15, 2014Publication date: May 21, 2015Inventors: Prasad G. Naldurg, Sriram K. Rajamani, Stefan Schwoon, John Lambert
-
Patent number: 8701200Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.Type: GrantFiled: September 11, 2012Date of Patent: April 15, 2014Assignee: Microsoft CorporationInventors: Prasad G. Naldurg, Sriram K. Rajamani, Stefan Schwoon, John Lambert
-
Publication number: 20130251344Abstract: Techniques for manipulation of user experience state are described. A user experience can include various types of content that a user may consume, such as video content, images, audio content, text documents, and so on. Further, a “composition” can be created using various combinations of user experiences, such as still images inset to video content, a navigable map presented with images of geographical locations associated with the map, and so on. In implementations, techniques enable user experiences included as part of a composition to interact such that behaviors associated with one user experience can affect another user experience, and vice-versa.Type: ApplicationFiled: March 23, 2012Publication date: September 26, 2013Applicant: MICROSOFT CORPORATIONInventors: Joseph M. Joy, Narendranath Datha, Tanuja Abhay Joshi, Sriram K. Rajamani, Eric J. Stollnitz
-
Publication number: 20130254282Abstract: Techniques for propagating user experience state information are described. A user experience can include various types of content that a user may consume, such as video content, images, audio content, text documents, and so on. Further, a “composition” can be created using various combinations of user experiences, such as still images inset to video content, a navigable map presented with images of geographical locations associated with the map, and so on. In implementations, techniques enable user experiences included as part of a composition to interact such that behaviors associated with one user experience can affect another user experience, and vice-versa.Type: ApplicationFiled: March 23, 2012Publication date: September 26, 2013Applicant: MICROSOFT CORPORATIONInventors: Joseph M. Joy, Narendranath Datha, Tanuja A. Joshi, Sriram K. Rajamani, Eric J. Stollnitz
-
Publication number: 20130239093Abstract: Technologies pertaining to top-down interprocedural analysis of a computer program are described herein. A query is received for processing over a root procedure in the computer program. Responsive to the query being received, the root procedure is explored, and calls to sub-procedures are located. Sub-queries are generated upon encountering the calls to the sub-procedures, and execution of the sub-queries is performed in parallel across multiple computing nodes.Type: ApplicationFiled: March 9, 2012Publication date: September 12, 2013Applicant: Microsoft CorporationInventors: Aditya V. Nori, Sriram K. Rajamani, Rahul Kumar, Aws Albarghouthi
-
Publication number: 20130067583Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.Type: ApplicationFiled: September 11, 2012Publication date: March 14, 2013Applicant: Microsoft CorporationInventors: Prasad G. Naldurg, Sriram K. Rajamani, Stefan Schwoon, John Lambert
-
Patent number: 8266702Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between the principals and the resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.Type: GrantFiled: October 31, 2006Date of Patent: September 11, 2012Assignee: Microsoft CorporationInventors: Prasad G. Naldurg, Sriram K. Rajamani, Stefan Schwoon, John Lambert
-
Publication number: 20120197829Abstract: A quantified belief propagation (QBP) algorithm receives as input an existentially quantified boolean formula (QBF) of existentially quantified boolean variables, universally quantified variables, and boolean operators. A tripartite graph is constructed, and includes (i) there-exists nodes that correspond to and represent the existentially quantified variables, (ii) for-all nodes that correspond to and represent the universally quantified variables, and (iii) sub-formula nodes that correspond to and represent sub-formulas of the QBF. A set of boolean values of the existentially quantified variables is found by (i) passing a first message from an arbitrary sub-formula node to an arbitrary for-all node, and (ii) in response, passing a second message from the arbitrary for-all node to the arbitrary sub-formula node.Type: ApplicationFiled: February 1, 2011Publication date: August 2, 2012Applicant: MICROSOFT CORPORATIONInventors: Aditya V. Nori, Sriram K. Rajamani, Rahul Srinivasan, Sumit Gulwani
-
Patent number: 7917900Abstract: A source code clarification system is described. In various embodiments, the source code clarification system receives clarified source code and transforms the clarified source code into standard source code or object code that implements asynchronous components. The standard software source code can contain expressions for enabling asynchronous communications. The clarified code can be software source code that is expressed in an imperative language and is capable of static analysis. The clarified source code can contain a coordination primitive that encapsulates interactions between asynchronous components. By using the coordination primitives and events, the clarified source code can express interactions between asynchronous components so that the clarified source code is easier for developers to understand and for static analysis tools to analyze.Type: GrantFiled: March 30, 2007Date of Patent: March 29, 2011Assignee: Microsoft CorporationInventors: Sriram K. Rajamani, Prakash Chandrasekharan, Christopher L. Conway, Joseph Joy
-
Publication number: 20110040808Abstract: A platform that facilitates software application development, maintenance, and support includes a storage component that receives structured and unstructured data pertaining to at least one application subject to development, maintenance, or support and causes the structured and unstructured data to be stored in a distributed fashion over a plurality of accessible data repositories. The storage component causes the structured and unstructured data to be stored in the data repositories such that the structured and unstructured data is accessible through utilization of a common access format. An executor component executes an analytical process over the structured and unstructured data and generates a first dataset, wherein the storage component causes the first dataset to be stored in at least one of the plurality of accessible data repositories in a format that is accessible by front end analysis applications.Type: ApplicationFiled: August 13, 2009Publication date: February 17, 2011Applicant: Microsoft CorporationInventors: Joseph M. Joy, Balasubramanyan Ashok, Ganesan Ramalingam, Sriram K. Rajamani
-
Patent number: 7797669Abstract: A distributed software system of communicating software components can be tested for undesirable behavior. A specification of a component can be substituted in place of the component when testing a model of the distributed software system. Thus, the system can be checked to see if it exhibits undesirable behavior without having code for all components of the system. Also, a component can be checked to see if it is in conformance with its specification. If models built with respective components and substituted specifications indicate that the system does not exhibit undesirable behavior, and the components conform to their specifications, then a system assembled from the components will not exhibit the undesirable behavior. Thus, collaborative testing can be achieved, even if no one entity has access to code for the entire distributed system.Type: GrantFiled: February 13, 2004Date of Patent: September 14, 2010Assignee: Microsoft CorporationInventors: Niels Jakob Rehof, Anthony D. Andrews, Sriram K. Rajamani, Charles Antony Richard Hoare, Cédric Fournet
-
Patent number: 7757219Abstract: Methods are discussed that enhance program analysis. One aspect of the invention includes a method for checking a model of a program. The method includes a control-flow graph having vertices from the model, applying a transfer function to each vertex to form a set of path edges, and analyzing the set of path edges of a vertex. The set of path edges includes valuations that are implicitly represented so as to inhibit an undesired explosion in the valuations that would hinder the act of analyzing.Type: GrantFiled: November 1, 2004Date of Patent: July 13, 2010Assignee: Microsoft CorporationInventors: Thomas J. Ball, Sriram K. Rajamani