Patents by Inventor Eustace Ngwa Asanghanwa
Eustace Ngwa Asanghanwa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11573778Abstract: The disclosed technology provides for packaging a secure cloud workload at a workload provisioning service. A unique device identifier is received from an edge device. The unique identifier is associated with the edge device. A unique packaging key is cryptographically generated based on the received unique device identifier, a unique workload identifier corresponding to a secure cloud workload to be executed on the edge device, and a nonce. The secure cloud workload is encrypted to generate a packaged secure cloud workload using the cryptographically generated unique packaging key. The encrypted secure cloud workload is transmitted to the edge device. The edge device is capable of independently cryptographically generating the unique packaging key using the unique device identifier, the unique workload identifier, and the nonce. The edge device is also capable of decrypting the packaged secure cloud workload using the generated unique packaging key cryptographically generated by the edge device.Type: GrantFiled: August 2, 2021Date of Patent: February 7, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Eustace Ngwa Asanghanwa, Mahesh Sham Rohera
-
Patent number: 11354175Abstract: The disclosed technology is generally directed to IoT technology. In one example of the technology, the following actions are performed for each module of a plurality of modules on a first edge device. An identification message that includes information associated with identification of the module is received. The validity of the module is then verified. After the module is verified, based at least in part on the identification message, an IoT support service is selected from a plurality of IoT support services. The module is then caused to be registered with the selected IoT support service. The plurality of modules are compositable together into an application for the first edge device. The modules of the plurality of modules are capable of being used interoperably with other modules without altering the other modules.Type: GrantFiled: August 27, 2020Date of Patent: June 7, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Elio Damaggio, Chipalo Street, Eustace Ngwa Asanghanwa, Angelo Roncalli de Novaes Pires Ribeiro, Damon Luke Barry, Arjmand Samuel, Michael R. Yagley
-
Publication number: 20210385096Abstract: A system meters execution of an application module at an edge computing device. A secure workload package is transmitted securely from a workload provisioning service to the edge computing device. The secure workload package includes the application module, a trusted metering application, and a provisioning service authentication token. The provisioning service authentication token is verified in the secure workload package based on an edge device authentication token generated at the edge computing device. The trusted metering application is executed in a trusted execution environment of the edge computing device, responsive to verifying the provisioning service authentication token. The application module of the edge computing device is executed, wherein the trusted metering application is configured to monitor execution metrics of the application module on the edge computing device. The execution of the application module is managed based on the monitored execution metrics.Type: ApplicationFiled: August 24, 2021Publication date: December 9, 2021Inventors: Eustace Ngwa ASANGHANWA, Mahesh Sham ROHERA
-
Publication number: 20210357197Abstract: The disclosed technology provides for packaging a secure cloud workload at a workload provisioning service. A unique device identifier is received from an edge device. The unique identifier is associated with the edge device. A unique packaging key is cryptographically generated based on the received unique device identifier, a unique workload identifier corresponding to a secure cloud workload to be executed on the edge device, and a nonce. The secure cloud workload is encrypted to generate a packaged secure cloud workload using the cryptographically generated unique packaging key. The encrypted secure cloud workload is transmitted to the edge device. The edge device is capable of independently cryptographically generating the unique packaging key using the unique device identifier, the unique workload identifier, and the nonce. The edge device is also capable of decrypting the packaged secure cloud workload using the generated unique packaging key cryptographically generated by the edge device.Type: ApplicationFiled: August 2, 2021Publication date: November 18, 2021Inventors: Eustace Ngwa ASANGHANWA, Mahesh Sham ROHERA
-
Patent number: 11128482Abstract: A system meters execution of an application module at an edge computing device. A secure workload package is transmitted securely from a workload provisioning service to the edge computing device. The secure workload package includes the application module, a trusted metering application, and a provisioning service authentication token. The provisioning service authentication token is verified in the secure workload package based on an edge device authentication token generated at the edge computing device. The trusted metering application is executed in a trusted execution environment of the edge computing device, responsive to verifying the provisioning service authentication token. The application module of the edge computing device is executed, wherein the trusted metering application is configured to monitor execution metrics of the application module on the edge computing device. The execution of the application module is managed based on the monitored execution metrics.Type: GrantFiled: April 19, 2019Date of Patent: September 21, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Eustace Ngwa Asanghanwa, Mahesh Sham Rohera
-
Patent number: 11106441Abstract: The disclosed technology provides for packaging a secure cloud workload at a workload provisioning service. A unique device identifier is received from an edge device. The unique identifier is associated with the edge device. A unique packaging key is cryptographically generated based on the received unique device identifier, a unique workload identifier corresponding to a secure cloud workload to be executed on the edge device, and a nonce. The secure cloud workload is encrypted to generate a packaged secure cloud workload using the cryptographically generated unique packaging key. The encrypted secure cloud workload is transmitted to the edge device. The edge device is capable of independently cryptographically generating the unique packaging key using the unique device identifier, the unique workload identifier, and the nonce. The edge device is also capable of decrypting the packaged secure cloud workload using the generated unique packaging key cryptographically generated by the edge device.Type: GrantFiled: September 14, 2018Date of Patent: August 31, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Eustace Ngwa Asanghanwa, Mahesh Sham Rohera
-
Patent number: 11038950Abstract: A digital twin may be configured to perform blockchain transactions on behalf of a device with limited memory, limited compute power, and/or limited internet connectivity. A method for performing such a blockchain transaction includes hosting a digital twin for the capability limited device that has a unique identifier matching a unique identifier of the digital twin such that actions performed by the digital twin are attributable to the capability limited device. The method further includes receiving input for a set of blockchain operations at the system capable of performing the blockchain operations, from the capability limited device. The method further includes performing the set of blockchain operations at the system capable of performing the blockchain operations using the digital twin and the unique device identifier, such that performance of the set of blockchain operations is attributed to the capability limited device.Type: GrantFiled: August 14, 2018Date of Patent: June 15, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Miriam Berhane Russom, Eustace Ngwa Asanghanwa
-
Patent number: 11038678Abstract: A root of trust is established between a cloud and an edge device that communicates with the cloud. The root of trust may be embodied as a secret device key securely stored by the edge device and the cloud. The edge device receives arbitrary cloud modules (workloads) that include guest/tenant code that may communicate with the cloud and possibly local/leaf devices connected to or included with the edge device. The edge device extends or diversifies the root of trust to the cloud modules based on the device key. New keys are derived from the device key. The new keys are used to sign credentials (e.g. tokens or certificates) for the respective cloud modules. This provides each cloud module with its own trusted unique cloud identity that can be verified by the cloud using the cloud's copy of the device key.Type: GrantFiled: November 9, 2018Date of Patent: June 15, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Eustace Ngwa Asanghanwa, Angelo Roncalli Ribeiro, Mahesh Sham Rohera, Michael Richard Yagley
-
Patent number: 11030280Abstract: Creating a certificate for a software module. A method includes obtaining a public key for a software module. The method includes obtaining a public key for a software module implemented on a hardware device. The method further includes creating a certificate using the public key by signing the public key using a hardware protected key and hardware protected compute elements. The hardware protected key is protected by a protected portion of the hardware device, and not accessible outside of the protected portion of the hardware device.Type: GrantFiled: August 1, 2018Date of Patent: June 8, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Eustace Ngwa Asanghanwa, Arjmand Samuel
-
Patent number: 10970138Abstract: The disclosed technology is generally directed to IoT technology. In one example of the technology, the following actions are performed for each module of a plurality of modules on a first edge device. An identification message that includes information associated with identification of the module is received. The validity of the module is then verified. After the module is verified, based at least in part on the identification message, an IoT support service is selected from a plurality of IoT support services. The module is then caused to be registered with the selected IoT support service. The plurality of modules are compositable together into an application for the first edge device. The modules of the plurality of modules are capable of being used interoperably with other modules without altering the other modules.Type: GrantFiled: June 30, 2017Date of Patent: April 6, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Elio Damaggio, Chipalo Street, Eustace Ngwa Asanghanwa, Angelo Roncalli de Novaes Pires Ribeiro, Damon Luke Barry, Arjmand Samuel, Michael R. Yagley
-
Publication number: 20200394087Abstract: The disclosed technology is generally directed to IoT technology. In one example of the technology, the following actions are performed for each module of a plurality of modules on a first edge device. An identification message that includes information associated with identification of the module is received. The validity of the module is then verified. After the module is verified, based at least in part on the identification message, an IoT support service is selected from a plurality of IoT support services. The module is then caused to be registered with the selected IoT support service. The plurality of modules are compositable together into an application for the first edge device. The modules of the plurality of modules are capable of being used interoperably with other modules without altering the other modules.Type: ApplicationFiled: August 27, 2020Publication date: December 17, 2020Inventors: Elio DAMAGGIO, Chipalo STREET, Eustace Ngwa ASANGHANWA, Angelo Roncalli de Novaes Pires RIBEIRO, Damon Luke BARRY, Arjmand SAMUEL, Michael R. YAGLEY
-
Publication number: 20200336322Abstract: A system meters execution of an application module at an edge computing device. A secure workload package is transmitted securely from a workload provisioning service to the edge computing device. The secure workload package includes the application module, a trusted metering application, and a provisioning service authentication token. The provisioning service authentication token is verified in the secure workload package based on an edge device authentication token generated at the edge computing device. The trusted metering application is executed in a trusted execution environment of the edge computing device, responsive to verifying the provisioning service authentication token. The application module of the edge computing device is executed, wherein the trusted metering application is configured to monitor execution metrics of the application module on the edge computing device. The execution of the application module is managed based on the monitored execution metrics.Type: ApplicationFiled: April 19, 2019Publication date: October 22, 2020Inventors: Eustace Ngwa ASANGHANWA, Mahesh Sham ROHERA
-
Publication number: 20200153623Abstract: A root of trust is established between a cloud and an edge device that communicates with the cloud. The root of trust may be embodied as a secret device key securely stored by the edge device and the cloud. The edge device receives arbitrary cloud modules (workloads) that include guest/tenant code that may communicate with the cloud and possibly local/leaf devices connected to or included with the edge device. The edge device extends or diversifies the root of trust to the cloud modules based on the device key. New keys are derived from the device key. The new keys are used to sign credentials (e.g. tokens or certificates) for the respective cloud modules. This provides each cloud module with its own trusted unique cloud identity that can be verified by the cloud using the cloud's copy of the device key.Type: ApplicationFiled: November 9, 2018Publication date: May 14, 2020Inventors: Eustace Ngwa Asanghanwa, Angelo Roncalli Ribeiro, Mahesh Sham Rohera, Michael Richard Yagley
-
Publication number: 20200089481Abstract: The disclosed technology provides for packaging a secure cloud workload at a workload provisioning service. A unique device identifier is received from an edge device. The unique identifier is associated with the edge device. A unique packaging key is cryptographically generated based on the received unique device identifier, a unique workload identifier corresponding to a secure cloud workload to be executed on the edge device, and a nonce. The secure cloud workload is encrypted to generate a packaged secure cloud workload using the cryptographically generated unique packaging key. The encrypted secure cloud workload is transmitted to the edge device. The edge device is capable of independently cryptographically generating the unique packaging key using the unique device identifier, the unique workload identifier, and the nonce. The edge device is also capable of decrypting the packaged secure cloud workload using the generated unique packaging key cryptographically generated by the edge device.Type: ApplicationFiled: September 14, 2018Publication date: March 19, 2020Inventors: Eustace Ngwa ASANGHANWA, Mahesh Sham ROHERA
-
Publication number: 20200092263Abstract: The disclosed technology provides for processing a secure cloud workload with an associated unique workload identifier received from a workload provisioning service including one or more workload provisioning servers at an edge device. A unique device identifier is provided to the one or more workload provisioning servers. The unique device identifier is associated with the edge device. A packaged secure cloud workload is received from the one or more workload provisioning servers and is encrypted by the one more workload provisioning servers using a unique packaging key generated by the one or more workload provisioning servers based on the unique device identifier, the unique workload identifier, and a nonce. The edge device cryptographically generates the unique packaging key using the unique device identifier, the unique workload identifier, and the nonce. The packaged secure cloud workload is decrypted using the generated unique packaging key cryptographically generated by the edge device.Type: ApplicationFiled: September 14, 2018Publication date: March 19, 2020Inventors: Mahesh Sham ROHERA, Eustace Ngwa ASANGHANWA
-
Publication number: 20200059510Abstract: Performing blockchain operations on behalf of a capability limited device that is unable to perform the blockchain operations. The method includes hosting a digital twin for the capability limited device on a system capable of performing the blockchain operations. The capability limited device includes a unique device identifier. The digital twin also includes the unique device identifier, such that actions performed by the digital twin are attributable to the capability limited device. The method further includes receiving input for a set of blockchain operations at the system capable of performing the blockchain operations, from the capability limited device. The method further includes performing the set of blockchain operations at the system capable of performing the blockchain operations using the digital twin and the unique device identifier, such that performance of the set of blockchain operations is attributed to the capability limited device.Type: ApplicationFiled: August 14, 2018Publication date: February 20, 2020Inventors: Miriam Berhane Russom, Eustace Ngwa Asanghanwa
-
Publication number: 20200042675Abstract: Creating a certificate for a software module. A method includes obtaining a public key for a software module. The method includes obtaining a public key for a software module implemented on a hardware device. The method further includes creating a certificate using the public key by signing the public key using a hardware protected key and hardware protected compute elements. The hardware protected key is protected by a protected portion of the hardware device, and not accessible outside of the protected portion of the hardware device.Type: ApplicationFiled: August 1, 2018Publication date: February 6, 2020Inventors: Eustace Ngwa Asanghanwa, Arjmand Samuel
-
Publication number: 20180331916Abstract: The disclosed technology is generally directed to IoT technology. In one example of the technology, the following actions are performed for each module of a plurality of modules on a first edge device. An identification message that includes information associated with identification of the module is received. The validity of the module is then verified. After the module is verified, based at least in part on the identification message, an IoT support service is selected from a plurality of IoT support services. The module is then caused to be registered with the selected IoT support service. The plurality of modules are compositable together into an application for the first edge device. The modules of the plurality of modules are capable of being used interoperably with other modules without altering the other modules.Type: ApplicationFiled: June 30, 2017Publication date: November 15, 2018Inventors: Elio DAMAGGIO, Chipalo STREET, Eustace Ngwa ASANGHANWA, Angelo Roncalli de Novaes Pires RIBEIRO, Damon Luke BARRY, Arjmand SAMUEL, Michael R. YAGLEY
-
Patent number: 9652431Abstract: Systems and techniques for single-wire communications are described. A described system includes a host device, and a slave device coupled with the host device via a single-wire bus. The host device can be configured to transmit synchronization information based on transitions over the single-wire bus. The slave device can be configured to detect the transitions on the single-wire bus, determine timing information of the host device based on a first transition of the transitions and a second transition of the transitions, determine a predicted start time of a host sampling window based on the timing information, and determine, based on a predicted charging duration, whether to perform a charge operation before the predicted start time or after a predicted end time of the host sampling window. The charge operation can include drawing power from the single-wire bus to charge the device.Type: GrantFiled: January 26, 2015Date of Patent: May 16, 2017Assignee: Atmel CorporationInventor: Eustace Ngwa Asanghanwa
-
Publication number: 20160217100Abstract: Systems and techniques for single-wire communications are described. A described system includes a host device, and a slave device coupled with the host device via a single-wire bus. The host device can be configured to transmit synchronization information based on transitions over the single-wire bus. The slave device can be configured to detect the transitions on the single-wire bus, determine timing information of the host device based on a first transition of the transitions and a second transition of the transitions, determine a predicted start time of a host sampling window based on the timing information, and determine, based on a predicted charging duration, whether to perform a charge operation before the predicted start time or after a predicted end time of the host sampling window. The charge operation can include drawing power from the single-wire bus to charge the device.Type: ApplicationFiled: January 26, 2015Publication date: July 28, 2016Inventor: Eustace Ngwa Asanghanwa