Patents by Inventor Christos Gkantsidis

Christos Gkantsidis has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20200028712
    Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.
    Type: Application
    Filed: July 2, 2019
    Publication date: January 23, 2020
    Inventors: Bozidar Radunovic, Christos Gkantsidis, Thomas Karagiannis, Parisa Jalili Marandi, Binh Quang Nguyen, Matthew John Balkwill
  • Publication number: 20190385347
    Abstract: Graph partitioning for massive scale graphs is described, such as for graphs having vertices representing people and edges representing connections between people in a social networking system; or for graphs where the vertices represent other items and the edges represent relationships between the items. In various embodiments a graph data allocator receives a graph vertex and its edges and allocates the vertex to one of a plurality of clusters each associated with one or more computing devices. In various embodiments the allocation is made by optimizing an objective function which takes into account both a cost of edges between clusters and a cost related to sizes of the clusters. In some examples the cost related to sizes of the clusters comprises a convex function applied to each of the cluster sizes. In examples, computations on the graph data are carried out with reduced runtimes and communications cost.
    Type: Application
    Filed: December 20, 2018
    Publication date: December 19, 2019
    Inventors: Milan VOJNOVIC, Charalampos E. TSOURAKAKIS, Christos GKANTSIDIS, Bozidar RADUNOVIC
  • Patent number: 10389524
    Abstract: A method of communicating over a network between first and second endpoints, one being and the other being a server. The method comprises: establishing a first secure transport layer channel between the first and second endpoints, establishing a second secure transport layer channel between the first endpoint and a middlebox to which the first endpoint is to delegate processing of the traffic sent over the first secure transport layer channel; the first endpoint validating the middlebox via the respective second secure transport layer channel, and on condition of said validation sharing the encryption key of the first channel with the middlebox via the second secure transport layer channel; and causing the traffic sent over the channel to be routed via the middlebox. The method thereby enables the middlebox to process, in the clear, content of the traffic sent over the first channel.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: August 20, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Thomas Karagiannis, Christos Gkantsidis, David Naylor, Richard Li
  • Patent number: 10374829
    Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.
    Type: Grant
    Filed: January 13, 2017
    Date of Patent: August 6, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Bozidar Radunovic, Christos Gkantsidis, Thomas Karagiannis, Parisa Jalili Marandi, Binh Quang Nguyen, Matthew John Balkwill
  • Patent number: 10198834
    Abstract: Graph partitioning for massive scale graphs is described, such as for graphs having vertices representing people and edges representing connections between people in a social networking system; or for graphs where the vertices represent other items and the edges represent relationships between the items. In various embodiments a graph data allocator receives a graph vertex and its edges and allocates the vertex to one of a plurality of clusters each associated with one or more computing devices. In various embodiments the allocation is made by optimizing an objective function which takes into account both a cost of edges between clusters and a cost related to sizes of the clusters. In some examples the cost related to sizes of the clusters comprises a convex function applied to each of the cluster sizes. In examples, computations on the graph data are carried out with reduced runtimes and communications cost.
    Type: Grant
    Filed: April 29, 2013
    Date of Patent: February 5, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Milan Vojnovic, Charalampos E. Tsourakakis, Christos Gkantsidis, Bo{hacek over (z)}idar Radunović
  • Publication number: 20180375644
    Abstract: A method of communicating over a network between first and second endpoints, one being and the other being a server. The method comprises: establishing a first secure transport layer channel between the first and second endpoints, establishing a second secure transport layer channel between the first endpoint and a middlebox to which the first endpoint is to delegate processing of the traffic sent over the first secure transport layer channel; the first endpoint validating the middlebox via the respective second secure transport layer channel, and on condition of said validation sharing the encryption key of the first channel with the middlebox via the second secure transport layer channel; and causing the traffic sent over the channel to be routed via the middlebox. The method thereby enables the middlebox to process, in the clear, content of the traffic sent over the first channel.
    Type: Application
    Filed: June 30, 2017
    Publication date: December 27, 2018
    Inventors: Thomas KARAGIANNIS, Christos GKANTSIDIS, David NAYLOR, Richard LI
  • Patent number: 10068097
    Abstract: A data center has a plurality of secure processing units; a plurality of data stores holding encrypted data records; and a network connecting the secure processing units and the data stores. The secure processing units comprise computing functionality configured to execute a data processing operation in parallel on the secure processing units by being configured to read encrypted records from the stores, process one or more of the encrypted records within the secure processing units, send one or more of the encrypted records to the stores. The data center is configured to carry out a secret shuffle of the data records to protect the privacy of data processed in the data center from an observer observing any one or more of: the reading of the records, the sending of the records, the writing of the records; the secret shuffle comprising a random permutation of the records hidden from the observer.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: September 4, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Olga Ohrimenko, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Markulf Kohlweiss, Divya Sharma
  • Publication number: 20180205574
    Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.
    Type: Application
    Filed: January 13, 2017
    Publication date: July 19, 2018
    Inventors: Bozidar Radunovic, Christos Gkantsidis, Thomas Karagiannis, Parisa Jalili Marandi, Binh Quang Nguyen, Matthew John Balkwill
  • Patent number: 9819558
    Abstract: Streaming query resource control is described, for example, to allocate streaming queries to servers in a data center providing a streaming query platform. In various embodiments streaming queries are allocated to servers in a manner seeking to balance load between the servers and also to reduce network traffic costs between data stream sources and the servers. In various examples, query types are taken into account, where a query type is the identity of one or more data stream sources used by the query, and optionally also traffic rates of the data stream sources. In some examples, processes for allocating incoming queries in an online fashion are described and in some examples, processes for allocating queries in an offline fashion are described. In examples, a network traffic cost metric is used which takes into account an incremental network traffic cost of adding a given query at a server.
    Type: Grant
    Filed: March 3, 2014
    Date of Patent: November 14, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Milan Vojnovic, Christos Gkantsidis, Bo Zong
  • Patent number: 9817860
    Abstract: Methods of generating filters automatically from data processing jobs are described. In an embodiment, these filters are automatically generated from a compiled version of the data processing job using static analysis which is applied to a high-level representation of the job. The executable filter is arranged to suppress rows and/or columns within the data to which the job is applied and which do not affect the output of the job. The filters are generated by a filter generator and then stored and applied dynamically at a filtering proxy that may be co-located with the storage node that holds the data. In another embodiment, the filtered data may be cached close to a compute node which runs the job and data may be provided to the compute node from the local cache rather than from the filtering proxy.
    Type: Grant
    Filed: December 13, 2011
    Date of Patent: November 14, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Christos Gkantsidis, Dimitrios Vytiniotis, Orion Hodson, Dushyanth Narayanan, Antony Rowstron
  • Patent number: 9792427
    Abstract: Methods for enforcing confidentiality and integrity of code and data while running the code over the data in a distributed computing system are described. In an embodiment each machine which processes data within the system provides a secure sub-system which is protected from other parts of the machine and which receives encrypted data and encrypted code, processes the data using the received code and outputs encrypted data. When establishing the secure sub-systems, keys are exchanged between the client and secure sub-systems and the secure sub-systems provide an attestation confirming the identity of the code running in the secure sub-systems and confirming that the code is running on genuine secure sub-systems. In another embodiment a data-flow computation system is described in which chunks of input data, each comprising an identifier, are authenticated/encrypted. The identifiers are used within the system to confirm that each chunk is processed exactly once.
    Type: Grant
    Filed: February 7, 2014
    Date of Patent: October 17, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Manuel Costa, Felix Schuster, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Antony Ian Taylor Rowstron
  • Patent number: 9729624
    Abstract: The invention provides methods of encoding content for distribution over a network and methods for decoding encoded content which has been distributed over the network. In a first example in which the content is divided into a plurality of segments and each segment comprising a plurality of blocks of data, the method comprises selecting a segment from the plurality of segments and selecting at least two blocks of the selected segment from a store of blocks. A new encoded block is created from a linear combination of the selected blocks.
    Type: Grant
    Filed: December 4, 2006
    Date of Patent: August 8, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Christos Gkantsidis, John Miller, Manuel Costa, Pablo Rodriguez, Stuart Ranson
  • Publication number: 20170046520
    Abstract: A data center has a plurality of secure processing units; a plurality of data stores holding encrypted data records; and a network connecting the secure processing units and the data stores. The secure processing units comprise computing functionality configured to execute a data processing operation in parallel on the secure processing units by being configured to read encrypted records from the stores, process one or more of the encrypted records within the secure processing units, send one or more of the encrypted records to the stores. The data center is configured to carry out a secret shuffle of the data records to protect the privacy of data processed in the data center from an observer observing any one or more of: the reading of the records, the sending of the records, the writing of the records; the secret shuffle comprising a random permutation of the records hidden from the observer.
    Type: Application
    Filed: August 12, 2015
    Publication date: February 16, 2017
    Inventors: Olga Ohrimenko, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Markulf Kohlweiss, Divya Sharma
  • Publication number: 20150249583
    Abstract: Streaming query resource control is described, for example, to allocate streaming queries to servers in a data center providing a streaming query platform. In various embodiments streaming queries are allocated to servers in a manner seeking to balance load between the servers and also to reduce network traffic costs between data stream sources and the servers. In various examples, query types are taken into account, where a query type is the identity of one or more data stream sources used by the query, and optionally also traffic rates of the data stream sources. In some examples, processes for allocating incoming queries in an online fashion are described and in some examples, processes for allocating queries in an offline fashion are described. In examples, a network traffic cost metric is used which takes into account an incremental network traffic cost of adding a given query at a server.
    Type: Application
    Filed: March 3, 2014
    Publication date: September 3, 2015
    Applicant: Microsoft Corporation
    Inventors: Milan Vojnovic, Christos Gkantsidis, Bo Zong
  • Publication number: 20150229619
    Abstract: Methods for enforcing confidentiality and integrity of code and data while running the code over the data in a distributed computing system are described. In an embodiment each machine which processes data within the system provides a secure sub-system which is protected from other parts of the machine and which receives encrypted data and encrypted code, processes the data using the received code and outputs encrypted data. When establishing the secure sub-systems, keys are exchanged between the client and secure sub-systems and the secure sub-systems provide an attestation confirming the identity of the code running in the secure sub-systems and confirming that the code is running on genuine secure sub-systems. In another embodiment a data-flow computation system is described in which chunks of input data, each comprising an identifier, are authenticated/encrypted. The identifiers are used within the system to confirm that each chunk is processed exactly once.
    Type: Application
    Filed: February 7, 2014
    Publication date: August 13, 2015
    Inventors: Manuel Costa, Felix Schuster, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Antony Ian Taylor Rowstron
  • Publication number: 20140320497
    Abstract: Graph partitioning for massive scale graphs is described, such as for graphs having vertices representing people and edges representing connections between people in a social networking system; or for graphs where the vertices represent other items and the edges represent relationships between the items. In various embodiments a graph data allocator receives a graph vertex and its edges and allocates the vertex to one of a plurality of clusters each associated with one or more computing devices. In various embodiments the allocation is made by optimizing an objective function which takes into account both a cost of edges between clusters and a cost related to sizes of the clusters. In some examples the cost related to sizes of the clusters comprises a convex function applied to each of the cluster sizes. In examples, computations on the graph data are carried out with reduced runtimes and communications cost.
    Type: Application
    Filed: April 29, 2013
    Publication date: October 30, 2014
    Applicant: Microsoft Corporation
    Inventors: Milan Vojnovic, Charalampos E. Tsourakakis, Christos Gkantsidis, Bozidar Radunovic
  • Patent number: 8819236
    Abstract: Resource optimization for online services is described. In one example, objects (such as mailboxes or other data associated with an online service) are assigned to network elements (such as servers) by inferring a relationship graph from log data relating to usage of the online service. The graph has a node for each object, and connections between each pair of objects having data items in common. Each connection has a weight relating to the number of common data items. The graph is partitioned into a set of clusters, such that each cluster has nodes joined by connections with a high weight relative to the weight of connections between nodes in different clusters. The objects are then distributed to the network elements such that objects corresponding to nodes in the same cluster are located on the same network element.
    Type: Grant
    Filed: December 16, 2010
    Date of Patent: August 26, 2014
    Assignee: Microsoft Corporation
    Inventors: Christos Gkantsidis, Thomas Karagiannis, Dushyanth Narayanan, Antony Rowstron
  • Publication number: 20130152088
    Abstract: Methods of generating filters automatically from data processing jobs are described. In an embodiment, these filters are automatically generated from a compiled version of the data processing job using static analysis which is applied to a high-level representation of the job. The executable filter is arranged to suppress rows and/or columns within the data to which the job is applied and which do not affect the output of the job. The filters are generated by a filter generator and then stored and applied dynamically at a filtering proxy that may be co-located with the storage node that holds the data. In another embodiment, the filtered data may be cached close to a compute node which runs the job and data may be provided to the compute node from the local cache rather than from the filtering proxy.
    Type: Application
    Filed: December 13, 2011
    Publication date: June 13, 2013
    Applicant: Microsoft Corporation
    Inventors: Christos Gkantsidis, Dimitrios Vytiniotis, Orion Hodson, Dushyanth Narayanan, Antony Rowstron
  • Patent number: 8364758
    Abstract: A topology management process is implemented in peer-to-peer content distribution clouds using tracker nodes. Tracker nodes have information about available peers and assist peers in finding other peers to connect to. Various algorithms for use at the tracker nodes are described for selecting which peers to return as potentials for forming connections to. In addition, architectures and algorithms to allow efficient scaling of tracker nodes in peer-to-peer clouds are described.
    Type: Grant
    Filed: January 26, 2007
    Date of Patent: January 29, 2013
    Assignee: Microsoft Corporation
    Inventors: Aamer Hydrie, Anders E. Klemets, Christos Gkantsidis, John Miller, Pablo Rodriguez Rodriguez, Rebecca C. Weiss
  • Patent number: 8351331
    Abstract: A resource allocation framework for wireless/wired networks is described. In an embodiment, methods of end host based traffic management are described which operate separately from the underlying access control protocol within the network (e.g. wireless MAC protocol or TCP). The rate limits for each flow are set based on per-flow weights, which may be user specified, and based on an estimate of the utilization of the shared resource and the rate limits are adjusted periodically so that the resource is not underutilized or saturated. Some embodiments compute a virtual capacity of the resource which is adjusted to optimize the value of the utilization and then the virtual capacity is shared between flows according to the per-flow weights. Methods for estimating the utilization of a wireless network and the capacity of a broadband access link are also described.
    Type: Grant
    Filed: June 22, 2010
    Date of Patent: January 8, 2013
    Assignee: Microsoft Corporation
    Inventors: Thomas Karagiannis, Christos Gkantsidis, Peter Bernard Key, Richard Harper, Abigail Sellen, Timothy Regan, Richard M. Banks, Ilias Raftopoulos, Dharmaiah Manjunath, Bozidar Radunovic