Patents by Inventor Manuel Costa

Manuel Costa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210342492
    Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.
    Type: Application
    Filed: July 13, 2021
    Publication date: November 4, 2021
    Inventors: Stavros VOLOS, David Thomas CHISNALL, Saurabh Mohan KULKARNI, Kapil VASWANI, Manuel COSTA, Samuel Alexander WEBSTER, Cédric Alain Marie FOURNET, Richard OSBORNE, Daniel John Pelham WILKINSON, Graham Bernard CUNNINGHAM
  • Patent number: 11126757
    Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.
    Type: Grant
    Filed: October 19, 2018
    Date of Patent: September 21, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stavros Volos, David Thomas Chisnall, Saurabh Mohan Kulkarni, Kapil Vaswani, Manuel Costa, Samuel Alexander Webster, Cédric Alain Marie Fournet
  • Patent number: 11036875
    Abstract: Techniques for instantiating an enclave from dependent enclave images are presented. The techniques include identifying a first set of dependent enclave indicators from a primary enclave image, identifying a first dependent enclave image corresponding to one of the first set of dependent enclave indicators, creating a secure enclave container, and copying at least a portion of the primary enclave image and at least a portion of the first dependent enclave image into the secure enclave container.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: June 15, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa
  • Patent number: 11017113
    Abstract: A database transaction is executed in a computer of a system of networked computers having secure processing enclaves. Within the secure processing enclave, a database transaction log record for the executed database transaction is generated and cryptographically secured using a private key held in secure storage of the secure processing enclave. A state of the distributed database is recorded in a series of transaction log records which is replicated in distributed computer storage accessible to the networked computers. Consensus messages are transmitted and received via secure communication links between the secure processing enclaves of the networked computers, to incorporate the database transaction log record into the series of transaction log records in accordance with a distributed consensus protocol, which is implemented based on consensus protocol logic held within the secure processing enclave.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: May 25, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Kapil Vaswani, Manuel Costa
  • Patent number: 10931652
    Abstract: Techniques for securely sealing and unsealing enclave data across platforms are presented. Enclave data from a source enclave hosted on a first computer may be securely sealed to a sealing enclave on a second computer, and may further be securely unsealed for a destination enclave on a third computer. Securely transferring an enclave workload from one computer to another is disclosed.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: February 23, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa
  • Patent number: 10911451
    Abstract: Techniques for securely sealing and unsealing enclave data across platforms are presented. Enclave data from a source enclave hosted on a first computer may be securely sealed to a sealing enclave on a second computer, and may further be securely unsealed for a destination enclave on a third computer. Securely transferring an enclave workload from one computer to another is disclosed.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: February 2, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa
  • Publication number: 20210004469
    Abstract: A computer system has a separation mechanism which enforces separation between at least two execution environments such that one execution environment is a gatekeeper which interposes on all communications of the other execution environment. The computer system has an attestation mechanism which enables the gatekeeper to attest to properties of the at least two execution environments. A first one of the execution environments runs application specific code which may contain security vulnerabilities. The gatekeeper is configured to enforce an input output policy on the first execution environment by interposing on all communication to and from the first execution environment by forwarding, modifying or dropping individual ones of the communications according to the policy. The gatekeeper provides evidence of attestation both for the application specific code and the policy.
    Type: Application
    Filed: July 3, 2019
    Publication date: January 7, 2021
    Inventors: David Thomas CHISNALL, Cédric Alain Marie FOURNET, Manuel COSTA, Samuel Alexander WEBSTER, Sylvan CLEBSCH, Kapil VASWANI
  • Patent number: 10877785
    Abstract: Abstraction programming models of enclave security platforms are described, including receiving a request from an enclave according to an enclave abstraction protocol, converting the request into a native enclave protocol, and sending the converted request to a native platform. The request may be, for example: to create an attestation report, to seal data to the enclave, a request to call a function in a client of the enclave, read a monotonic counter, to take a trusted time measurement, or to allocate memory that is shared with both the enclave and the enclave client.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: December 29, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa
  • Patent number: 10867029
    Abstract: Abstraction programming models of enclave security platforms are described, including receiving a request from an enclave client according to a client abstraction protocol, converting the request into a native enclave protocol, and sending the converted request to a native platform. The request may be, for example: a request to instantiate an enclave, verify an attestation report of an enclave, a request to call into an enclave, or a request to allocate memory that is shared with both the enclave and the enclave client.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: December 15, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa
  • Patent number: 10859463
    Abstract: The present invention relates to a method for producing a bag in the interior space of a container and for testing said bag, and to a system for this purpose, to a computer program product for execution, and to the use of the system for the methods.
    Type: Grant
    Filed: September 22, 2017
    Date of Patent: December 8, 2020
    Assignee: BOEHRINGER INGELHEIM INTERNATIONAL GMBH
    Inventors: Gerald Mathe, Carlos-Manuel Costa Pereira-Kirchwehm
  • Patent number: 10764259
    Abstract: The disclosed technology is generally directed to blockchain and other security technology. In one example of the technology, a pre-determined type of blockchain or other security protocol code is stored in a trusted execution environment (TEE) of the processor. TEE attestation is used to verify that the blockchain or other security protocol code stored in the TEE is the pre-determined type of blockchain or other security protocol code. A blockchain or other transaction is received and processed. Based on the processing of the transaction, an official state of the transaction on a consortium network is directly updated for the network. The updated official state of the processed transaction is broadcasted to the consortium network.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: September 1, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Mark Russinovich, Manuel Costa, Matthew Kerner, Thomas Moscibroda
  • Publication number: 20200125772
    Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.
    Type: Application
    Filed: October 19, 2018
    Publication date: April 23, 2020
    Inventors: Stavros VOLOS, David Thomas CHISNALL, Saurabh Mohan KULKARNI, Kapil VASWANI, Manuel COSTA, Samuel Alexander WEBSTER, Cédric Alain Marie FOURNET
  • Publication number: 20200117730
    Abstract: A database management system (DBMS) comprises one or more transaction processing engines (such as SQL engines) configured to execute a series of database transactions, each being executed according to one or more commands received in at least one transaction execution message so as to cause a change of state of the database from a previous state to a new state. The DBMS is configured to generate a series of transaction log records and provide the series of transaction log records to a blockchain network for storing in a blockchain secured by the blockchain network. Each transaction log record corresponds to one of the database transactions and comprises (i) the one or more commands according to which it was executed and (ii) results of its execution. The series of transaction log records constitutes an immutable audit log from which database is fully recoverable for auditing purposes.
    Type: Application
    Filed: October 16, 2018
    Publication date: April 16, 2020
    Inventors: Kapil VASWANI, Manuel COSTA, Mark RUSSINOVICH
  • Publication number: 20200117825
    Abstract: A database transaction is executed in a computer of a system of networked computers having secure processing enclaves. Within the secure processing enclave, a database transaction log record for the executed database transaction is generated and cryptographically secured using a private key held in secure storage of the secure processing enclave. A state of the distributed database is recorded in a series of transaction log records which is replicated in distributed computer storage accessible to the networked computers. Consensus messages are transmitted and received via secure communication links between the secure processing enclaves of the networked computers, to incorporate the database transaction log record into the series of transaction log records in accordance with a distributed consensus protocol, which is implemented based on consensus protocol logic held within the secure processing enclave.
    Type: Application
    Filed: November 26, 2018
    Publication date: April 16, 2020
    Inventors: Kapil VASWANI, Manuel COSTA
  • Patent number: 10601596
    Abstract: Techniques to secure computation data in a computing environment from untrusted code. These techniques involve an isolated environment within the computing environment and an application programming interface (API) component to execute a key exchange protocol that ensures data integrity and data confidentiality for data communicated out of the isolated environment. The isolated environment includes an isolated memory region to store a code package. The key exchange protocol further involves a verification process for the code package stored in the isolated environment to determine whether the one or more exchanged encryption keys have been compromised. If the signature successfully authenticates the one or more keys, a secure communication channel is established to the isolated environment and access to the code package's functionality is enabled. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 12, 2019
    Date of Patent: March 24, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Manuel Costa, Orion Tamlin Hodson, Sriram Kottarakurichi Rajamani, Marcus Peinado, Mark Eugene Russinovich, Kapil Vaswani
  • Publication number: 20200084189
    Abstract: The disclosed technology is generally directed to blockchain and other security technology. In one example of the technology, a first node is endorsed. During endorsement of a first node, a pre-determined type of blockchain or other security protocol code to be authorized and a pre-determined membership list are stored in a trusted execution environment (TEE) of the first node. A determination is made as to whether the membership lists and pre-determined blockchain or other security protocol code to be authorized from the proposed members match. If so, TEE attestation is used to verify that nodes associated with prospective members of the consortium store the pre-determined type of blockchain or other security protocol code to be authorized. Upon TEE attestation being successful, a consortium network is bootstrapped such that the prospective members become members of the consortium network.
    Type: Application
    Filed: November 17, 2019
    Publication date: March 12, 2020
    Inventors: Mark RUSSINOVICH, Manuel COSTA, Matthew KERNER, Thomas MOSCIBRODA
  • Patent number: 10530777
    Abstract: Techniques for securely sealing and unsealing enclave data across platforms are presented. Enclave data from a source enclave hosted on a first computer may be securely sealed to a sealing enclave on a second computer, and may further be securely unsealed for a destination enclave on a third computer. Securely transferring an enclave workload from one computer to another is disclosed.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: January 7, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa
  • Patent number: 10484346
    Abstract: The disclosed technology is generally directed to blockchain and other security technology. In one example of the technology, a first node is endorsed. During endorsement of a first node, a pre-determined type of blockchain or other security protocol code to be authorized and a pre-determined membership list are stored in a trusted execution environment (TEE) of the first node. A determination is made as to whether the membership lists and pre-determined blockchain or other security protocol code to be authorized from the proposed members match. If so, TEE attestation is used to verify that nodes associated with prospective members of the consortium store the pre-determined type of blockchain or other security protocol code to be authorized. Upon TEE attestation being successful, a consortium network is bootstrapped such that the prospective members become members of the consortium network.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: November 19, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Mark Russinovich, Manuel Costa, Matthew Kerner, Thomas Moscibroda
  • Publication number: 20190285508
    Abstract: The present invention relates to a method for producing a bag in the interior space of a container and for testing said bag, and to a system for this purpose, to a computer program product for execution, and to the use of the system for the methods.
    Type: Application
    Filed: September 22, 2017
    Publication date: September 19, 2019
    Applicant: Boehringer lngelheim International GmbH
    Inventors: Gerald Mathe, Carlos-Manuel Costa Pereira-Kirchwehm
  • Patent number: 10372945
    Abstract: An abstract enclave identity is presented. An abstract identity may be a secure identity that may be the same for multiple related, but not identical, enclave instantiations. An enclave identity value may be determined from an abstract enclave identity type with respect to a instantiated enclave. An abstract identity value may be used to determine equivalence of two enclave instantiations that are not identical, such as two similar enclaves hosted on different computers, two enclaves hosted on different native enclave platforms, and two enclaves instantiated from different versions of the same enclave binary images.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: August 6, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa