Patents by Inventor Ramarathnam Venkatesan

Ramarathnam Venkatesan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10263775
    Abstract: A device establishes a key recovery policy and generates a key that is protected based on the key recovery policy. The key recovery policy indicates which combinations of other entities can recover the protected key. The device generates different shares of the protected key, each share being a value that, in combination with the other share(s), allows the protected key to be recovered. Each share is associated with a particular leaf agent, the device encrypts each share with the public key of the leaf agent associated with the share and provides the encrypted share to a service. When recovery of the protected key is desired, a recovering authority can generate the protected key only if the recovering authority receives decrypted shares from a sufficient one or combination of leaf agents as indicated by the recovery policy.
    Type: Grant
    Filed: June 23, 2017
    Date of Patent: April 16, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Srinath Tumkur Venkatacha Setty, Ramarathnam Venkatesan, Brant Lee Zwiefel, Nishanth Chandran, Satyanarayana V. Lokam, Jonathan David Lee, Sharmila Deva Selvis
  • Publication number: 20190018984
    Abstract: This description relates to secure, efficient, confidential, and/or outsourced blockchain networks, which can enable a group of mutually distrusting participants to securely share state and then agree on a linear history of operations on that shared state.
    Type: Application
    Filed: October 6, 2017
    Publication date: January 17, 2019
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Srinath SETTY, Lidong ZHOU, Michael Lowell ROBERTS, Ramarathnam VENKATESAN, Soumya BASU
  • Publication number: 20180375653
    Abstract: A device establishes a key recovery policy and generates a key that is protected based on the key recovery policy. The key recovery policy indicates which combinations of other entities can recover the protected key. The device generates different shares of the protected key, each share being a value that, in combination with the other share(s), allows the protected key to be recovered. Each share is associated with a particular leaf agent, the device encrypts each share with the public key of the leaf agent associated with the share and provides the encrypted share to a service. When recovery of the protected key is desired, a recovering authority can generate the protected key only if the recovering authority receives decrypted shares from a sufficient one or combination of leaf agents as indicated by the recovery policy.
    Type: Application
    Filed: June 23, 2017
    Publication date: December 27, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Srinath Tumkur Venkatacha SETTY, Ramarathnam VENKATESAN, Brant Lee ZWIEFEL, Nishanth CHANDRAN, Satyanarayana V. LOKAM, Jonathan David LEE, Sharmila Deva SELVI S
  • Publication number: 20180359078
    Abstract: Systems, methods, and computer-executable instructions for homomorphic data analysis. Encrypted data is received, from a remote system, that has been encrypted with an encryption key. A number of iterations to iterate over the encrypted data is determined. A model is iterated over by the number of iterations to create an intermediate model. Each iteration updates the model, and the model and the intermediate model encrypted with the encryption key. The intermediate model is provided to the remote system. An updated model based upon the intermediate model is received from the remote system. The updated model is iterated over until a predetermined precision is reached to create a final model. The final model is provided to the remote system. The final model is encrypted with the encryption key.
    Type: Application
    Filed: June 12, 2017
    Publication date: December 13, 2018
    Inventors: Prateek Jain, Ramarathnam Venkatesan, Jonathan Lee, Kartik Gupta
  • Publication number: 20180359084
    Abstract: Systems, methods, and computer-executable instructions for secure data analysis using encrypted data. An encryption key and a decryption key are created. The security of encryption using the encryption key and the decryption key are based upon factoring. A computation key is created based upon the encryption key. Data is encrypted using the encryption key. The encrypted data and the computation key are provided to a remote system. The remote system is requested to perform data analysis on the encrypted data. An encrypted result of the data analysis is received from the remote system. The encrypted result of the data analysis is decrypted with the decryption key.
    Type: Application
    Filed: June 12, 2017
    Publication date: December 13, 2018
    Inventors: Prateek Jain, Ramarathnam Venkatesan, Jonathan Lee, Kartik Gupta
  • Publication number: 20180288020
    Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.
    Type: Application
    Filed: June 7, 2017
    Publication date: October 4, 2018
    Inventors: Mitica MANU, Baskar SRIDHARAN, Raghunath RAMAKRISHNAN, Sriram K. RAJAMANI, Victor V. BOYKO, Pushkar Vijay CHITNIS, Shastry M.C. SHANKARA, Ramarathnam VENKATESAN
  • Publication number: 20180091524
    Abstract: A digital ledger built upon a blockchain to provide users with the ability to securely, accurately, and verifiably share state information between distrustful parties is provided herein. The Verifiable Outsourced Ledger is hosted in a networked environment, accessible by multiple parties, and maintains an immutable view of the transactions submitted by authorized parties and a continuous view of the states shared between the parties that the parties can replicate independently locally to verify the integrity of the ledger.
    Type: Application
    Filed: September 29, 2016
    Publication date: March 29, 2018
    Applicant: Microsoft Technology Licensing, LLC.
    Inventors: Srinath Setty, Ramarathnam Venkatesan
  • Publication number: 20180089683
    Abstract: Heartbeat consensus forming for the state of a digital ledger built upon a blockchain to provide users with the ability to securely, accurately, and verifiably share state information between distrustful parties is provided herein. The digital ledger is hosted in a networked environment, accessible by multiple parties. Heartbeat transactions allow clients, who are not in direct communication with one another and may distrust one another, to verify the integrity of the digital ledger via consensus. The consensus is readily verifiable by each client on its own machine and allows the ledger to be recovered to an agreed-to state in the event of a fault initiated by a client or the host of the ledger, whether malicious or otherwise. The digital ledger is freely movable to different hosts in the event of a fault.
    Type: Application
    Filed: September 29, 2016
    Publication date: March 29, 2018
    Applicant: Microsoft Technology Licensing, LLC.
    Inventors: Srinath Setty, Ramarathnam Venkatesan, Soumya Basu
  • Publication number: 20180046812
    Abstract: Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.
    Type: Application
    Filed: October 27, 2017
    Publication date: February 15, 2018
    Inventors: Shriraghav Kaushik, Arvind Arasu, Spyridon Blanas, Kenneth H. Eguro, Manas Rajendra Joglekar, Donald Kossmann, Ravishankar Ramamurthy, Prasang Upadhyaya, Ramarathnam Venkatesan
  • Patent number: 9495552
    Abstract: The subject disclosure is directed towards encryption and deduplication integration between computing devices and a network resource. Files are partitioned into data blocks and deduplicated via removal of duplicate data blocks. Using multiple cryptographic keys, each data block is encrypted and stored at the network resource but can only be decrypted by an authorized user, such as domain entity having an appropriate deduplication domain-based cryptographic key. Another cryptographic key referred to as a content-derived cryptographic key ensures that duplicate data blocks encrypt to substantially equivalent encrypted data.
    Type: Grant
    Filed: December 31, 2012
    Date of Patent: November 15, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ahmed Moustafa El-Shimi, Paul Adrian Oltean, Ran Kalach, Sudipta Sengupta, Jin Li, Roy D'Souza, Omkant Pandey, Ramarathnam Venkatesan
  • Patent number: 9459893
    Abstract: A computer-implementable method includes providing an instruction set architecture that comprises features to generate diverse copies of a program, using the instruction set architecture to generate diverse copies of a program and providing a virtual machine for execution of one of the diverse copies of the program. Various exemplary methods, devices, systems, etc., use virtualization for diversifying code and/or virtual machines to thereby enhance software security.
    Type: Grant
    Filed: November 11, 2013
    Date of Patent: October 4, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Bertrand Anckaert, Mariusz H. Jakubowski, Ramarathnam Venkatesan
  • Patent number: 9213867
    Abstract: A cloud computing service to securely process queries on a database. A security device and method of operation are also disclosed. The security device may be provisioned with a private key of a subscriber to the cloud service and may have processing hardware that uses that key, sequestering the key and encryption processing in hardware that others, including operating personnel of the cloud service, cannot readily access. Processing within the security device may decrypt queries received from the subscriber and may encrypt responses for communication over a public network. The device may perform functions on clear text, thereby limiting the amount of clear text data processed on the cloud platform, while limiting bandwidth consumed in communicating with the subscriber. Such processing may include formatting data, including arguments in a query, in a security protocol used by the cloud platform.
    Type: Grant
    Filed: December 7, 2012
    Date of Patent: December 15, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ravishankar Ramamurthy, Kenneth H. Eguro, Ramarathnam Venkatesan
  • Patent number: 9117094
    Abstract: Programs running on an open architecture, such as a personal computer, are vulnerable to inspection and modification. This is a concern as the program may include or provide access to valuable information. As a defense, the actual location of data can be hidden throughout execution of the program by way of periodic location reordering and pointer scrambling, among other things. These techniques serve to complicate static data flow analysis and dynamic data tracking thereby at least deterring program tampering.
    Type: Grant
    Filed: October 29, 2008
    Date of Patent: August 25, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Bertrand Raphaël Anckaert, Mariusz H. Jakubowski, Ramarathnam Venkatesan, Chit Wei Saw
  • Patent number: 9053348
    Abstract: A secure cloud computing platform. The platform has a pool of secure computing devices such that each can be allocated to a customer as with other computing resources. Each secure computing device may be configured by a customer with a key and software for performing operations on sensitive data. The customer may submit data, defining a job for execution on the platform, as cyphertext. The secure computing device may perform operations on that data, which may include decrypting the data with the key and then executing the software to perform an operation on cleartext data. This operation, and the data on which it is performed, though in cleartext, may be inaccessible to the operator of the cloud computing platform. The device may operate according to a secure protocol under which the software is validated before loading and the device is provisioned with a key shared with the customer.
    Type: Grant
    Filed: March 26, 2012
    Date of Patent: June 9, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ramarathnam Venkatesan, Kenneth H. Eguro, Roy Peter D'Souza
  • Patent number: 8989706
    Abstract: Systems, methods, and/or techniques (“tools”) are described herein that relate to automated secure pairing for devices, and that relate to parallel downloads of content using devices. The tools for pairing the devices may perform authentication protocols that are based on addresses and on keys. The address-based authentication protocol may operate on address book entries maintained by the devices. The key-based authentication protocol may operate using a key exchange between the devices.
    Type: Grant
    Filed: December 22, 2011
    Date of Patent: March 24, 2015
    Assignee: Microsoft Corporation
    Inventors: Ganesh Ananthanarayanan, Ramarathnam Venkatesan, Sean Blagsvedt
  • Publication number: 20140281511
    Abstract: The subject disclosure is directed towards using trusted hardware to achieve secure data processing over a network. For a given set of data store operations, some operations are directed to sensitive data (e.g., encrypted data fields). These operations are compiled into a set of expressions invoking trusted hardware code configured to evaluate these expressions using corresponding data centric primitive programs. Because the trusted hardware is configured to maintain key data for encrypting/decrypting the sensitive data, the sensitive data is not accessible by an untrusted component while the sensitive data is decrypted.
    Type: Application
    Filed: August 27, 2013
    Publication date: September 18, 2014
    Applicant: Microsoft Corporation
    Inventors: Shriraghav Kaushik, Arvind Arasu, Spyridon Blanas, Kenneth Eguro, Manas Rajendra Joglekar, Donald A. Kossmann, Ravishankar Ramamurthy, Prasang Upadhyaya, Ramarathnam Venkatesan
  • Publication number: 20140189348
    Abstract: The subject disclosure is directed towards encryption and deduplication integration between computing devices and a network resource. Files are partitioned into data blocks and deduplicated via removal of duplicate data blocks. Using multiple cryptographic keys, each data block is encrypted and stored at the network resource but can only be decrypted by an authorized user, such as domain entity having an appropriate deduplication domain-based cryptographic key. Another cryptographic key referred to as a content-derived cryptographic key ensures that duplicate data blocks encrypt to substantially equivalent encrypted data.
    Type: Application
    Filed: December 31, 2012
    Publication date: July 3, 2014
    Applicant: MICROSOFT CORPORATION
    Inventors: Ahmed Moustafa El-Shimi, Paul Adrian Oltean, Ran Kalach, Sudipta Sengupta, Jin Li, Roy D'Souza, Omkant Pandey, Ramarathnam Venkatesan
  • Publication number: 20140164758
    Abstract: A cloud computing service to securely process queries on a database. A security device and method of operation are also disclosed. The security device may be provisioned with a private key of a subscriber to the cloud service and may have processing hardware that uses that key, sequestering the key and encryption processing in hardware that others, including operating personnel of the cloud service, cannot readily access. Processing within the security device may decrypt queries received from the subscriber and may encrypt responses for communication over a public network. The device may perform functions on clear text, thereby limiting the amount of clear text data processed on the cloud platform, while limiting bandwidth consumed in communicating with the subscriber. Such processing may include formatting data, including arguments in a query, in a security protocol used by the cloud platform.
    Type: Application
    Filed: December 7, 2012
    Publication date: June 12, 2014
    Applicant: MICROSOFT CORPORATION
    Inventors: Ravishankar Ramamurthy, Kenneth H. Eguro, Ramarathnam Venkatesan
  • Publication number: 20140068580
    Abstract: A computer-implementable method includes providing an instruction set architecture that comprises features to generate diverse copies of a program, using the instruction set architecture to generate diverse copies of a program and providing a virtual machine for execution of one of the diverse copies of the program. Various exemplary methods, devices, systems, etc., use virtualization for diversifying code and/or virtual machines to thereby enhance software security.
    Type: Application
    Filed: November 11, 2013
    Publication date: March 6, 2014
    Applicant: Microsoft Corporation
    Inventors: Bertrand Anckaert, Mariusz H. Jakubowski, Ramarathnam Venkatesan
  • Patent number: 8595276
    Abstract: Techniques are disclosed to provide randomized signal transforms and/or their applications. More particularly, a signal (e.g., an audio signal, an image, or a video signal) is transformed by applying randomly-selected basis functions to the signal. The applications of the randomized signal transforms include, but are not limited to, compression, denoising, hashing, identification, authentication, and data embedding (e.g., watermarking).
    Type: Grant
    Filed: May 18, 2010
    Date of Patent: November 26, 2013
    Assignee: Microsoft Corporation
    Inventors: Ramarathnam Venkatesan, Michael T. Malkin