Patents by Inventor Cedric Fournet

Cedric Fournet has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10068097
    Abstract: A data center has a plurality of secure processing units; a plurality of data stores holding encrypted data records; and a network connecting the secure processing units and the data stores. The secure processing units comprise computing functionality configured to execute a data processing operation in parallel on the secure processing units by being configured to read encrypted records from the stores, process one or more of the encrypted records within the secure processing units, send one or more of the encrypted records to the stores. The data center is configured to carry out a secret shuffle of the data records to protect the privacy of data processed in the data center from an observer observing any one or more of: the reading of the records, the sending of the records, the writing of the records; the secret shuffle comprising a random permutation of the records hidden from the observer.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: September 4, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Olga Ohrimenko, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Markulf Kohlweiss, Divya Sharma
  • Patent number: 9917822
    Abstract: A processing system for distributed multi-tier applications is provided. The system includes a server component that executes a replica of a client-side application, where a client component executes the client-side application. The client component captures events from the client-side application and transmits the events to the replica to validate the computational integrity security of the application.
    Type: Grant
    Filed: April 8, 2014
    Date of Patent: March 13, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Benjamin Livshits, Henricus Johannes Maria Meijer, Cedric Fournet, Jeffrey Van Gogh, Danny van Velzen, Abhishek Prateek, Krishnaprasad Vikram
  • Patent number: 9792427
    Abstract: Methods for enforcing confidentiality and integrity of code and data while running the code over the data in a distributed computing system are described. In an embodiment each machine which processes data within the system provides a secure sub-system which is protected from other parts of the machine and which receives encrypted data and encrypted code, processes the data using the received code and outputs encrypted data. When establishing the secure sub-systems, keys are exchanged between the client and secure sub-systems and the secure sub-systems provide an attestation confirming the identity of the code running in the secure sub-systems and confirming that the code is running on genuine secure sub-systems. In another embodiment a data-flow computation system is described in which chunks of input data, each comprising an identifier, are authenticated/encrypted. The identifiers are used within the system to confirm that each chunk is processed exactly once.
    Type: Grant
    Filed: February 7, 2014
    Date of Patent: October 17, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Manuel Costa, Felix Schuster, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Antony Ian Taylor Rowstron
  • Publication number: 20170046520
    Abstract: A data center has a plurality of secure processing units; a plurality of data stores holding encrypted data records; and a network connecting the secure processing units and the data stores. The secure processing units comprise computing functionality configured to execute a data processing operation in parallel on the secure processing units by being configured to read encrypted records from the stores, process one or more of the encrypted records within the secure processing units, send one or more of the encrypted records to the stores. The data center is configured to carry out a secret shuffle of the data records to protect the privacy of data processed in the data center from an observer observing any one or more of: the reading of the records, the sending of the records, the writing of the records; the secret shuffle comprising a random permutation of the records hidden from the observer.
    Type: Application
    Filed: August 12, 2015
    Publication date: February 16, 2017
    Inventors: Olga Ohrimenko, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Markulf Kohlweiss, Divya Sharma
  • Patent number: 9282121
    Abstract: Security language constructs may be translated into logic language constructs and vice versa. Logic resolution may be effected using, for example, the logic language constructs. In an example implementation, translation of a security language assertion into at least one logic language rule is described. In another example implementation, translation of a proof graph reflecting a logic language into a proof graph reflecting a security language is described. In yet another example implementation, evaluation of a logic language program using a deterministic algorithm is described.
    Type: Grant
    Filed: February 13, 2014
    Date of Patent: March 8, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Moritz Y. Becker, Blair B. Dillaway, Cedric Fournet, Andrew D. Gordon, Jason F. Mackay
  • Publication number: 20150229619
    Abstract: Methods for enforcing confidentiality and integrity of code and data while running the code over the data in a distributed computing system are described. In an embodiment each machine which processes data within the system provides a secure sub-system which is protected from other parts of the machine and which receives encrypted data and encrypted code, processes the data using the received code and outputs encrypted data. When establishing the secure sub-systems, keys are exchanged between the client and secure sub-systems and the secure sub-systems provide an attestation confirming the identity of the code running in the secure sub-systems and confirming that the code is running on genuine secure sub-systems. In another embodiment a data-flow computation system is described in which chunks of input data, each comprising an identifier, are authenticated/encrypted. The identifiers are used within the system to confirm that each chunk is processed exactly once.
    Type: Application
    Filed: February 7, 2014
    Publication date: August 13, 2015
    Inventors: Manuel Costa, Felix Schuster, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Antony Ian Taylor Rowstron
  • Patent number: 8938783
    Abstract: A security language expresses assertions and authorization queries in a manner that facilitates logic resolution. In an example implementation, assertion syntax and authorization query syntax are described. In another example implementation, checks on the safety of assertions and authorization queries are described. In yet another example implementation, semantics rules are described.
    Type: Grant
    Filed: September 11, 2006
    Date of Patent: January 20, 2015
    Assignee: Microsoft Corporation
    Inventors: Moritz Y. Becker, Blair B. Dillaway, Cedric Fournet, Andrew D. Gordon
  • Publication number: 20140282879
    Abstract: A processing system for distributed multi-tier applications is provided. The system includes a server component that executes a replica of a client-side application, where a client component executes the client-side application. The client component captures events from the client-side application and transmits the events to the replica to validate the computational integrity security of the application.
    Type: Application
    Filed: April 8, 2014
    Publication date: September 18, 2014
    Applicant: MICROSOFT CORPORATION
    Inventors: Benjamin Livshits, Henricus Johannes Maria Meijer, Cedric Fournet, Jeffrey Van Gogh, Danny van Velzen, Abhishek Prateek, Krishnaprasad Vikram
  • Publication number: 20140165139
    Abstract: Security language constructs may be translated into logic language constructs and vice versa. Logic resolution may be effected using, for example, the logic language constructs. In an example implementation, translation of a security language assertion into at least one logic language rule is described. In another example implementation, translation of a proof graph reflecting a logic language into a proof graph reflecting a security language is described. In yet another example implementation, evaluation of a logic language program using a deterministic algorithm is described.
    Type: Application
    Filed: February 13, 2014
    Publication date: June 12, 2014
    Applicant: Microsoft Corporation
    Inventors: Moritz Y. Becker, Blair B. Dillaway, Cedric Fournet, Andrew D. Gordon, Jason F. Mackay
  • Patent number: 8724512
    Abstract: A system and method for discovering network topology by various switch training and probing methods. Segments are discovered by having computers enter a promiscuous mode and determining from packets sent to a selected computer which computers see which other computers in the network. From the segments, various switch interconnections are determined, by having different computers train switches as to a training address and seeing which computers receive probe packets sent to that training address from another computer. Various training and probing methods are described that locate intermediate segments, deep switches, switch interconnections, and edge and singleton cases. In one implementation, a master computer coordinates the other computers (and devices) in the network to send the training and probing packets, and report on received packets, in order to determine the network topology.
    Type: Grant
    Filed: June 4, 2009
    Date of Patent: May 13, 2014
    Assignee: Microsoft Corporation
    Inventors: Richard Black, Austin Donnelly, Cedric Fournet
  • Patent number: 8677141
    Abstract: A client-side enforcement mechanism may allow application security policies to be specified at a server in a programmatic manner. Servers may specify security policies as JavaScript functions included in a page returned by the server and run before other scripts. At runtime, and during initial loading, the functions are invoked by the client on each page modification to ensure the page conforms to the security policy. As such, before a mutation takes effect, the policy may transform that mutation and the code and data of the page. Replicated code execution may take place at both the client and the server where the server runs its own shadow copy of a client-side application in a trusted execution environment so that the server may check that the method calls coming from the client correspond to a correct execution of the client-side application The redundant execution at the client can be untrusted, but serves to improve the responsiveness and performance of the Web application.
    Type: Grant
    Filed: November 23, 2007
    Date of Patent: March 18, 2014
    Assignee: Microsoft Corporation
    Inventors: Ulfar Erlingsson, Yinglian Xie, Ben Livshits, Cedric Fournet
  • Patent number: 8656503
    Abstract: Security language constructs may be translated into logic language constructs and vise versa. Logic resolution may be effected using, for example, the logic language constructs. In an example implementation, translation of a security language assertion into at least one logic language rule is described. In another example implementation, translation of a proof graph reflecting a logic language into a proof graph reflecting a security language is described. In yet another example implementation, evaluation of a logic language program using a deterministic algorithm is described.
    Type: Grant
    Filed: September 11, 2006
    Date of Patent: February 18, 2014
    Assignee: Microsoft Corporation
    Inventors: Moritz Y. Becker, Blair B. Dillaway, Cedric Fournet, Andrew D. Gordon, Jason F. Mackay
  • Patent number: 8584230
    Abstract: In an example implementation, a bifurcated security scheme has a first level that does not allow usage of negations and a second level that does permit usage of negations. In another example implementation, an authorization query table maps respective resource-specific operations to respective associated authorization queries. In yet another example implementation, authorization queries are permitted to have negations, but individual assertions are not.
    Type: Grant
    Filed: September 27, 2011
    Date of Patent: November 12, 2013
    Assignee: Microsoft Corporation
    Inventors: Blair B. Dillaway, Moritz Y. Becker, Andrew D. Gordon, Cedric Fournet
  • Patent number: 8201215
    Abstract: The delegation of rights may be controlled in a number of manners. In an example implementation, a delegation authority assertion is formulated with a delegator principle, a delegatee principal, a verb phrase, a resource, and a delagation-directive verb. In another example implementation, a delegation mechanism involving an assertor, a first principal, and a second principal enables a delegation to be specifically controlled. In yet another example implementation, a chained delegation mechanism enables explicit control of a permitted transitive chaining depth.
    Type: Grant
    Filed: September 8, 2006
    Date of Patent: June 12, 2012
    Assignee: Microsoft Corporation
    Inventors: Blair B. Dillaway, Moritz Y. Becker, Andrew D. Gordon, Cedric Fournet
  • Publication number: 20120017263
    Abstract: In an example implementation, a bifurcated security scheme has a first level that does not allow usage of negations and a second level that does permit usage of negations. In another example implementation, an authorization query table maps respective resource-specific operations to respective associated authorization queries. In yet another example implementation, authorization queries are permitted to have negations, but individual assertions are not.
    Type: Application
    Filed: September 27, 2011
    Publication date: January 19, 2012
    Applicant: MICROSOFT CORPORATION
    Inventors: Blair B. Dillaway, Moritz Y. Becker, Andrew D. Gordon, Cedric Fournet
  • Patent number: 8095969
    Abstract: Security assertion revocation enables a revocation granularity in a security scheme down to the level of individual assertions. In an example implementation, a security token includes multiple respective assertions that are associated with multiple respective assertion identifiers. More specifically, each individual assertion is associated with at least one individual assertion identifier.
    Type: Grant
    Filed: September 8, 2006
    Date of Patent: January 10, 2012
    Assignee: Microsoft Corporation
    Inventors: Blair B. Dillaway, Moritz Y. Becker, Andrew D. Gordon, Cedric Fournet, Brian A. LaMacchia
  • Patent number: 8060931
    Abstract: In an example implementation, a bifurcated security scheme has a first level that does not allow usage of negations and a second level that does permit usage of negations. In another example implementation, an authorization query table maps respective resource-specific operations to respective associated authorization queries. In yet another example implementation, authorization queries are permitted to have negations, but individual assertions are not.
    Type: Grant
    Filed: September 8, 2006
    Date of Patent: November 15, 2011
    Assignee: Microsoft Corporation
    Inventors: Blair B. Dillaway, Moritz Y. Becker, Andrew D. Gordon, Cedric Fournet
  • Patent number: 7797669
    Abstract: A distributed software system of communicating software components can be tested for undesirable behavior. A specification of a component can be substituted in place of the component when testing a model of the distributed software system. Thus, the system can be checked to see if it exhibits undesirable behavior without having code for all components of the system. Also, a component can be checked to see if it is in conformance with its specification. If models built with respective components and substituted specifications indicate that the system does not exhibit undesirable behavior, and the components conform to their specifications, then a system assembled from the components will not exhibit the undesirable behavior. Thus, collaborative testing can be achieved, even if no one entity has access to code for the entire distributed system.
    Type: Grant
    Filed: February 13, 2004
    Date of Patent: September 14, 2010
    Assignee: Microsoft Corporation
    Inventors: Niels Jakob Rehof, Anthony D. Andrews, Sriram K. Rajamani, Charles Antony Richard Hoare, C├ędric Fournet
  • Publication number: 20100106767
    Abstract: A processing system for distributed multi-tier applications is provided. The system includes a server component that executes a replica of a client-side application, where a client component executes the client-side application. The client component captures events from the client-side application and transmits the events to the replica to validate the computational integrity security of the application.
    Type: Application
    Filed: October 24, 2008
    Publication date: April 29, 2010
    Applicant: MICROSOFT CORPORATION
    Inventors: Benjamin Livshits, Henricus Johannes Maria Meijer, Cedric Fournet, Jeffrey Van Gogh, Danny Van Velzen, Krishnaprasad Vikram, Abhishek Prateek
  • Publication number: 20090285127
    Abstract: A system and method for discovering network topology by various switch training and probing methods. Segments are discovered by having computers enter a promiscuous mode and determining from packets sent to a selected computer which computers see which other computers in the network. From the segments, various switch interconnections are determined, by having different computers train switches as to a training address and seeing which computers receive probe packets sent to that training address from another computer. Various training and probing methods are described that locate intermediate segments, deep switches, switch interconnections, and edge and singleton cases. In one implementation, a master computer coordinates the other computers (and devices) in the network to send the training and probing packets, and report on received packets, in order to determine the network topology.
    Type: Application
    Filed: June 4, 2009
    Publication date: November 19, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Richard Black, Austin Donnelly, Cedric Fournet