Patents by Inventor Ravishankar Ramamurthy
Ravishankar Ramamurthy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11849045Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).Type: GrantFiled: July 10, 2019Date of Patent: December 19, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy, Pingfan Meng, Vineet Pandey
-
Patent number: 11232214Abstract: Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.Type: GrantFiled: May 13, 2020Date of Patent: January 25, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Shriraghav Kaushik, Arvind Arasu, Spyridon Blanas, Kenneth H. Eguro, Manas Rajendra Joglekar, Donald Kossmann, Ravishankar Ramamurthy, Prasang Upadhyaya, Ramarathnam Venkatesan
-
Publication number: 20210157682Abstract: Methods for database recovery for encrypted indexes are performed by systems and devices. A query with a decryption key is received from a client device, where the query modifies an encrypted index of a database using a secure enclave. When events requiring remedial actions for the database occur during the querying, some transactions of the query and later queries are deferred, and a remedial action is initiated that includes restarting the database. A determination of the remedial action being unsuccessful in recovering the encrypted index causes the action to be re-performed until another query having the decryption key is received whereupon the action is performed again to recover the encrypted index utilizing the decryption key. Deferred transactions are then performed with the decryption key. When a database restarts for access without secure enclaves, the encrypted index for the database is invalidated, and the remedial actions are otherwise completed or discarded.Type: ApplicationFiled: November 22, 2019Publication date: May 27, 2021Inventors: Panagiotis Antonopoulos, Arvind Arasu, Nitish Gupta, Rajat Jain, Raghav Kaushik, Hanumantha R. Kodavalla, Nikolas Ogg, Ravishankar Ramamurthy, Kunal Deep Singh, Jakub Szymaszek, Jeffrey Michael Trimmer
-
Patent number: 10838957Abstract: A relational database server may concurrently execute many relational queries, but a complex relational query may cause performance delays in the fulfillment of other relational queries. Instead, the relational database server may generate a query plan for the relational query, and may endeavor to partition the relational query between a spool operator and a scan operator into two or more query slices, where each query slice may be executed within a query slice threshold. Many alternative candidate query plans may be considered, such as inserting spool and scan operators after various operators and parameterizing operators in order to partition the records of a relation into two or more ranges based on an attribute of the relation. A large search space of candidate query plans may be reviewed in order to select a query plan that respects the query slice threshold while efficiently executing the logic of the relational query.Type: GrantFiled: June 17, 2010Date of Patent: November 17, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Nicolas Bruno, Ravishankar Ramamurthy, Surajit Chaudhuri, Vivek Ravindranath Narasayya
-
Publication number: 20200272744Abstract: Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.Type: ApplicationFiled: May 13, 2020Publication date: August 27, 2020Inventors: Shriraghav Kaushik, Arvind Arasu, Spyridon Blanas, Kenneth H. Eguro, Manas Rajendra Joglekar, Donald Kossmann, Ravishankar Ramamurthy, Prasang Upadhyaya, Ramarathnam Venkatesan
-
Patent number: 10671736Abstract: Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.Type: GrantFiled: October 27, 2017Date of Patent: June 2, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Shriraghav Kaushik, Arvind Arasu, Spyridon Blanas, Kenneth H. Eguro, Manas Rajendra Joglekar, Donald Kossmann, Ravishankar Ramamurthy, Prasang Upadhyaya, Ramarathnam Venkatesan
-
Patent number: 10572442Abstract: A database management system (DBMS) run a host CPU and a hardware coprocessor accelerate traversal of a tree-type data structure by allocating reusable memory in cache to store portions of the tree-type data structure as the tree-type data structure is being requested by the host CPU. The hardware coprocessor manages the cached tree-type data structure in a manner that is transparent to the host CPU. A driver located at the host CPU or at a separate computing device can provide an interface between the host CPU and the hardware coprocessor, thus reducing communications between the host CPU and the hardware coprocessor.Type: GrantFiled: November 26, 2014Date of Patent: February 25, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Kenneth H. Eguro, Zsolt Istvan, Arvind Arasu, Ravishankar Ramamurthy, Kaushik Shriraghav
-
Patent number: 10496833Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.Type: GrantFiled: August 10, 2018Date of Patent: December 3, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Manas Rajendra Joglekar, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy
-
Publication number: 20190334722Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).Type: ApplicationFiled: July 10, 2019Publication date: October 31, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy, Pingfan Meng, Vineet Pandey
-
Patent number: 10396991Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).Type: GrantFiled: June 30, 2016Date of Patent: August 27, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy, Pingfan Meng, Vineet Pandey
-
Publication number: 20190005254Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.Type: ApplicationFiled: August 10, 2018Publication date: January 3, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Manas Rajendra Joglekar, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy
-
Patent number: 10073981Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.Type: GrantFiled: October 9, 2015Date of Patent: September 11, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Manas Rajendra Joglekar, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy
-
Patent number: 9953184Abstract: The techniques discussed herein facilitate the transmission, storage, and manipulation of data in an encrypted database management system (EDBMS). An untrusted machine is connected to a data store having encrypted records, a client machine that sends encrypted queries, and a trusted machine that receives and decrypts the encrypted records and encrypted queries. The trusted machine processes the query using semantically secure query operators to produce a query result. The trusted machine ensures the size of the query result conforms to an upper bound on the number or records in the query result and returns the query result.Type: GrantFiled: April 17, 2015Date of Patent: April 24, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Hiroshi Eguro, Ravishankar Ramamurthy, Kaushik Shriraghav
-
Publication number: 20180046812Abstract: Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.Type: ApplicationFiled: October 27, 2017Publication date: February 15, 2018Inventors: Shriraghav Kaushik, Arvind Arasu, Spyridon Blanas, Kenneth H. Eguro, Manas Rajendra Joglekar, Donald Kossmann, Ravishankar Ramamurthy, Prasang Upadhyaya, Ramarathnam Venkatesan
-
Publication number: 20180006820Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).Type: ApplicationFiled: June 30, 2016Publication date: January 4, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Kenneth Eguro, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy, Pingfan Meng, Vineet Pandey
-
Patent number: 9747456Abstract: The subject disclosure is directed towards secure query processing over encrypted database records without disclosing information to an adversary except for permitted information. In order to adapting semantic security to a database encryption scheme, a security model for all query processing is specified by a client and used to determine which information is permitted to be disclosed and which information is not permitted. Based upon the security model, a trusted, secure query processor transforms each query and an encrypted database into secure query results. Even though the adversary can view the secure query results during communication to the client, the adversary cannot determine any reliable information regarding the secure query results or the encrypted database.Type: GrantFiled: March 15, 2013Date of Patent: August 29, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Arvind Arasu, Shriraghav Kaushik, Ravishankar Ramamurthy
-
Publication number: 20170103217Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.Type: ApplicationFiled: October 9, 2015Publication date: April 13, 2017Inventors: Arvind Arasu, Kenneth Eguro, Manas Rajendra Joglekar, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy
-
Publication number: 20160306995Abstract: The techniques discussed herein facilitate the transmission, storage, and manipulation of data in an encrypted database management system (EDBMS). An untrusted machine is connected to a data store having encrypted records, a client machine that sends encrypted queries, and a trusted machine that receives and decrypts the encrypted records and encrypted queries. The trusted machine processes the query using semantically secure query operators to produce a query result. The trusted machine ensures the size of the query result conforms to an upper bound on the number or records in the query result and returns the query result.Type: ApplicationFiled: April 17, 2015Publication date: October 20, 2016Inventors: Arvind Arasu, Kenneth Hiroshi Eguro, Ravishankar Ramamurthy, Kaushik Shriraghav
-
Publication number: 20160147779Abstract: A database management system (DBMS) run a host CPU and a hardware coprocessor accelerate traversal of a tree-type data structure by allocating reusable memory in cache to store portions of the tree-type data structure as the tree-type data structure is being requested by the host CPU. The hardware coprocessor manages the cached tree-type data structure in a manner that is transparent to the host CPU. A driver located at the host CPU or at a separate computing device can provide an interface between the host CPU and the hardware coprocessor, thus reducing communications between the host CPU and the hardware coprocessor.Type: ApplicationFiled: November 26, 2014Publication date: May 26, 2016Inventors: Kenneth H. Eguro, Zsolt Istvan, Arvind Arasu, Ravishankar Ramamurthy, Kaushik Shriraghav
-
Patent number: 9213867Abstract: A cloud computing service to securely process queries on a database. A security device and method of operation are also disclosed. The security device may be provisioned with a private key of a subscriber to the cloud service and may have processing hardware that uses that key, sequestering the key and encryption processing in hardware that others, including operating personnel of the cloud service, cannot readily access. Processing within the security device may decrypt queries received from the subscriber and may encrypt responses for communication over a public network. The device may perform functions on clear text, thereby limiting the amount of clear text data processed on the cloud platform, while limiting bandwidth consumed in communicating with the subscriber. Such processing may include formatting data, including arguments in a query, in a security protocol used by the cloud platform.Type: GrantFiled: December 7, 2012Date of Patent: December 15, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Ravishankar Ramamurthy, Kenneth H. Eguro, Ramarathnam Venkatesan