Patents by Inventor Kenneth Eguro
Kenneth Eguro has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11849045Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).Type: GrantFiled: July 10, 2019Date of Patent: December 19, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy, Pingfan Meng, Vineet Pandey
-
Patent number: 10565391Abstract: Computer systems, devices, and associated methods of evaluating an expression comprising restricted data are disclosed herein. In one embodiment, a method includes receiving a database statement from a client application and verifying the authenticity of the database statement. If the database statement is authentic, an approved expression is identified in the database statement for creating an evaluation rule. The method further includes restricting evaluation of expressions in a protected computing environment according to the created evaluation rule.Type: GrantFiled: June 2, 2017Date of Patent: February 18, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Raghav Kaushik, Aditya Nigam, Arvind Arasu, Donald Alan Kossmann, Kenneth Eguro, Nikhil Vithlani, Panagiotis Antonopoulos, Ravi Ramamurthy
-
Patent number: 10515077Abstract: Computer systems, devices, and associated methods of optimizing the execution of instructions of a database statement by a database server are disclosed herein. In one embodiment, a method includes identifying a potential execution plan for executing instructions of the database statement and estimating a cost for executing the execution plan. The cost can comprise an encrypted data processing cost associated with a operation in the execution plan of executing an operation on encrypted data in a protected computing environment. The method can include estimating the encrypted data processing cost in the protected computing environment based on statistics generated in the protected computing environment about a database table. In response to estimating the cost for executing the execution plan, comparing the cost to estimated costs of alternative execution plans, selecting the lowest-cost plan for execution, and executing the lowest-cost execution plan.Type: GrantFiled: June 14, 2017Date of Patent: December 24, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Raghav Kaushik, Aditya Nigam, Arvind Arasu, Donald Alan Kossmann, Kenneth Eguro, Nikhil Vithlani, Panagiotis Antonopoulos, Ravi Ramamurthy, Michael Zwilling, Cesar Galindo-Legaria
-
Patent number: 10496833Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.Type: GrantFiled: August 10, 2018Date of Patent: December 3, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Manas Rajendra Joglekar, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy
-
Publication number: 20190334722Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).Type: ApplicationFiled: July 10, 2019Publication date: October 31, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy, Pingfan Meng, Vineet Pandey
-
Patent number: 10396991Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).Type: GrantFiled: June 30, 2016Date of Patent: August 27, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy, Pingfan Meng, Vineet Pandey
-
Publication number: 20190005254Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.Type: ApplicationFiled: August 10, 2018Publication date: January 3, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Manas Rajendra Joglekar, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy
-
Publication number: 20180365290Abstract: Computer systems, devices, and associated methods of optimizing the execution of instructions of a database statement by a database server are disclosed herein. In one embodiment, a method includes identifying a potential execution plan for executing instructions of the database statement and estimating a cost for executing the execution plan. The cost can comprise an encrypted data processing cost associated with a operation in the execution plan of executing an operation on encrypted data in a protected computing environment. The method can include estimating the encrypted data processing cost in the protected computing environment based on statistics generated in the protected computing environment about a database table. In response to estimating the cost for executing the execution plan, comparing the cost to estimated costs of alternative execution plans, selecting the lowest-cost plan for execution, and executing the lowest-cost execution plan.Type: ApplicationFiled: June 14, 2017Publication date: December 20, 2018Inventors: Raghav Kaushik, Aditya Nigam, Arvind Arasu, Donald Alan Kossmann, Kenneth Eguro, Nikhil Vithlani, Panagiotis Antonopoulos, Ravi Ramamurthy, Michael Zwilling, Cesar Galindo-Legaria
-
Publication number: 20180349627Abstract: Computer systems, devices, and associated methods of evaluating an expression comprising restricted data are disclosed herein. In one embodiment, a method includes receiving a database statement from a client application and verifying the authenticity of the database statement. If the database statement is authentic, an approved expression is identified in the database statement for creating an evaluation rule. The method further includes restricting evaluation of expressions in a protected computing environment according to the created evaluation rule.Type: ApplicationFiled: June 2, 2017Publication date: December 6, 2018Inventors: Raghav Kaushik, Aditya Nigam, Arvind Arasu, Donald Alan Kossmann, Kenneth Eguro, Nikhil Vithlani, Panagiotis Antonopoulos, Ravi Ramamurthy
-
Patent number: 10073981Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.Type: GrantFiled: October 9, 2015Date of Patent: September 11, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Manas Rajendra Joglekar, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy
-
Publication number: 20180006820Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).Type: ApplicationFiled: June 30, 2016Publication date: January 4, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy, Pingfan Meng, Vineet Pandey
-
Patent number: 9847980Abstract: To protect customer data and provide increased workflow security for processing requested by a customer, a secure communicational channel can be established between a customer and one or more hardware accelerators such that even processes executing on a host computing device hosting such hardware accelerators are excluded from the secure communicational channel. An encrypted bitstream is provided to hardware accelerators and the hardware accelerators obtain therefrom cryptographic information supporting the secure communicational channel with the customer. Such cryptographic information is stored and used exclusively from within the hardware accelerator, rendering it inaccessible to processes executing on a host computing device. The cryptographic information can be a shared secret, an appropriate one of a pair of cryptographic keys, or other like cryptographic information.Type: GrantFiled: June 17, 2015Date of Patent: December 19, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Douglas Christopher Burger, Eric S. Chung, Kenneth Eguro
-
Publication number: 20170103217Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.Type: ApplicationFiled: October 9, 2015Publication date: April 13, 2017Inventors: Arvind Arasu, Kenneth Eguro, Manas Rajendra Joglekar, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy
-
Publication number: 20160373416Abstract: To protect customer data and provide increased workflow security for processing requested by a customer, a secure communicational channel can be established between a customer and one or more hardware accelerators such that even processes executing on a host computing device hosting such hardware accelerators are excluded from the secure communicational channel. An encrypted bitstream is provided to hardware accelerators and the hardware accelerators obtain therefrom cryptographic information supporting the secure communicational channel with the customer. Such cryptographic information is stored and used exclusively from within the hardware accelerator, rendering it inaccessible to processes executing on a host computing device. The cryptographic information can be a shared secret, an appropriate one of a pair of cryptographic keys, or other like cryptographic information.Type: ApplicationFiled: June 17, 2015Publication date: December 22, 2016Inventors: Douglas Christopher Burger, Eric S. Chung, Kenneth Eguro
-
Patent number: 8896455Abstract: An intrusion detection system disclosed herein includes a detector circuit that measures a change in value of impedance of an interconnection circuitry. A decoder coupled to the detector decodes the measured value of the change in the impedance of the interconnection circuitry to determine existence of an abnormal condition. In an example implementation of the intrusion detection system, the change in the value of the impedance of the interconnection circuitry is represented by a change in the phase delay on the interconnection circuitry. An implementation of the intrusion detection circuit terminates communication using the interconnection circuitry upon detection of the abnormal condition. The intrusion detection system is further configured to interpret the abnormal condition as a communication signal to the interconnection circuitry.Type: GrantFiled: December 22, 2011Date of Patent: November 25, 2014Assignee: Microsoft CorporationInventors: Kenneth Eguro, Alessandro Forin, Ray A. Bittner, Jr., Ji Sun
-
Publication number: 20140281511Abstract: The subject disclosure is directed towards using trusted hardware to achieve secure data processing over a network. For a given set of data store operations, some operations are directed to sensitive data (e.g., encrypted data fields). These operations are compiled into a set of expressions invoking trusted hardware code configured to evaluate these expressions using corresponding data centric primitive programs. Because the trusted hardware is configured to maintain key data for encrypting/decrypting the sensitive data, the sensitive data is not accessible by an untrusted component while the sensitive data is decrypted.Type: ApplicationFiled: August 27, 2013Publication date: September 18, 2014Applicant: Microsoft CorporationInventors: Shriraghav Kaushik, Arvind Arasu, Spyridon Blanas, Kenneth Eguro, Manas Rajendra Joglekar, Donald A. Kossmann, Ravishankar Ramamurthy, Prasang Upadhyaya, Ramarathnam Venkatesan
-
Publication number: 20130044798Abstract: A side channel communications system disclosed herein includes a receiver device with an internal circuitry where the operational speed of the internal circuitry changes in response to an external signal. When the receiver device receives an external signal, the operational speed of the internal circuitry changes. A detector detects the change in the operational speed of the internal circuitry to generate an output value, which is decoded to determine the information communicated by the external signal. In one implementation of the side channel communications system, the external transmitter communicates the external signal in the form of a temperature signal. Alternatively, the external transmitter communicates the external signal in the form of a change in the supply voltage.Type: ApplicationFiled: December 22, 2011Publication date: February 21, 2013Applicant: MICROSOFT CORPORATIONInventors: Kenneth Eguro, Alessandro Forin, Ray A. Bittner, JR., Ji Sun
-
Publication number: 20130044003Abstract: An intrusion detection system disclosed herein includes a detector circuit that measures a change in value of impedance of an interconnection circuitry. A decoder coupled to the detector decodes the measured value of the change in the impedance of the interconnection circuitry to determine existence of an abnormal condition. In an example implementation of the intrusion detection system, the change in the value of the impedance of the interconnection circuitry is represented by a change in the phase delay on the interconnection circuitry. An implementation of the intrusion detection circuit terminates communication using the interconnection circuitry upon detection of the abnormal condition. The intrusion detection system is further configured to interpret the abnormal condition as a communication signal to the interconnection circuitry.Type: ApplicationFiled: December 22, 2011Publication date: February 21, 2013Applicant: MICROSOFT CORPORATIONInventors: Kenneth Eguro, Alessandro Forin, Ray A. Bittner, JR., Ji Sun