Patents by Inventor Roy Peter D'Souza

Roy Peter D'Souza has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10348700
    Abstract: A method may include, based on a set of capabilities, requesting access to data, metadata or both protected by a composite wrapper comprising a first wrapper and a second wrapper. The wrappers are each defined by different mathematical transformations performed by a component separate from the computing device. Based on an access privilege for the data, the metadata or both determined from the set of capabilities, visibility may be granted through at least one of the first or second wrapper based on independent evaluations of the first and second wrappers relative to the access privilege.
    Type: Grant
    Filed: December 29, 2016
    Date of Patent: July 9, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Rahul V. Auradkar, Roy Peter D'Souza
  • Patent number: 10348693
    Abstract: A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. For instance, XML tags can be applied or augmented to create trust envelopes for structured XML data. Some examples of mathematical transformations or ‘decorations’ that can be applied to the XML data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof(s) of Application, blind fingerprints, Proof(s) of Retrievability, etc.
    Type: Grant
    Filed: July 8, 2010
    Date of Patent: July 9, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Rahul V. Auradkar, Roy Peter D'Souza, Darrell J. Cannon, Venkatesh Krishnan
  • Patent number: 10348696
    Abstract: Embodiments are directed to storing encrypted data in a data store and to securely providing access to the encrypted data according to a predefined policy. A data storage system receives encrypted data. The data is encrypted using a private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption and the policy prevents the storage system from unencrypting the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system decrypting the encrypted data. The data storage system can acknowledge that the received encrypted data has been verified and successfully stored.
    Type: Grant
    Filed: May 30, 2017
    Date of Patent: July 9, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 10275603
    Abstract: A digital escrow pattern and trustworthy platform is provided for data services including mathematical transformation techniques, such as searchable encryption techniques, for obscuring data stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Using the techniques of a trustworthy platform, data (and associated metadata) is decoupled from the containers that hold the data (e.g., file systems, databases, etc.) enabling the data to act as its own custodian through imposition of a shroud of mathematical complexity that is pierced with presented capabilities, such as keys granted by a cryptographic key generator of a trust platform. Sharing of, or access to, the data or a subset of that data is facilitated in a manner that preserves and extends trust without the need for particular containers for enforcement.
    Type: Grant
    Filed: December 31, 2014
    Date of Patent: April 30, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Rahul V. Auradkar, Roy Peter D'Souza, Darrell J. Cannon
  • Patent number: 9992191
    Abstract: A data store provides access to portions of secured data. Each portion is associated with a client-defined access control and is encrypted with attribute-based encryption. This encryption associates each portion with an encryption attribute, and enables the portion to be provided, based on a request, in accordance its client-defined access control and when the request's search attribute is relevant its encryption attribute. First and second portions are provided in response to first and second requests. Each request includes the same search attribute, and the first and second portions are associated with the same encryption attribute. The first portion is provided based on a first access control granting access to a first identity access and the search attribute being relevant to the encryption attribute. The second portion is provided based on a second access control granting access to a second identity and the search attribute being relevant to the encryption attribute.
    Type: Grant
    Filed: December 2, 2016
    Date of Patent: June 5, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 9900288
    Abstract: Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored.
    Type: Grant
    Filed: November 18, 2014
    Date of Patent: February 20, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 9894040
    Abstract: Embodiments are directed to securing data in the cloud, securely encrypting data that is to be stored in the cloud and to securely decrypting data accessed from the cloud. In one scenario, an instantiated trust service receives information indicating that a trust server is to be instantiated. The trust service instantiates the trust server, which is configured to store key references and encrypted keys. The trust service receives the public key portion of a digital certificate for each publisher and subscriber that is to have access to various specified portions of encrypted data. A data access policy is then defined that specifies which encrypted data portions can be accessed by which subscribers.
    Type: Grant
    Filed: September 11, 2012
    Date of Patent: February 13, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Irina Gorbach, Venkatesh Krishnan, Andrey Shur, Dmitry Denisov, Lars Kuhtz, Sumalatha Adabala, Roy Peter D'Souza, Michael Entin, Michael Ray Clark, Gitika Aggarwal Saubhasik
  • Publication number: 20170262639
    Abstract: Embodiments are directed to storing encrypted data in a data store and to securely providing access to the encrypted data according to a predefined policy. A data storage system receives encrypted data. The data is encrypted using a private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption and the policy prevents the storage system from unencrypting the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system decrypting the encrypted data. The data storage system can acknowledge that the received encrypted data has been verified and successfully stored.
    Type: Application
    Filed: May 30, 2017
    Publication date: September 14, 2017
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 9667599
    Abstract: Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored.
    Type: Grant
    Filed: November 17, 2014
    Date of Patent: May 30, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Publication number: 20170111331
    Abstract: A method may include, based on a set of capabilities, requesting access to data, metadata or both protected by a composite wrapper comprising a first wrapper and a second wrapper. The wrappers are each defined by different mathematical transformations performed by a component separate from the computing device. Based on an access privilege for the data, the metadata or both determined from the set of capabilities, visibility may be granted through at least one of the first or second wrapper based on independent evaluations of the first and second wrappers relative to the access privilege.
    Type: Application
    Filed: December 29, 2016
    Publication date: April 20, 2017
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Rahul V. Auradkar, Roy Peter D'Souza
  • Publication number: 20170085554
    Abstract: A data store provides access to portions of secured data. Each portion is associated with a client-defined access control and is encrypted with attribute-based encryption. This encryption associates each portion with an encryption attribute, and enables the portion to be provided, based on a request, in accordance its client-defined access control and when the request's search attribute is relevant its encryption attribute. First and second portions are provided in response to first and second requests. Each request includes the same search attribute, and the first and second portions are associated with the same encryption attribute. The first portion is provided based on a first access control granting access to a first identity access and the search attribute being relevant to the encryption attribute. The second portion is provided based on a second access control granting access to a second identity and the search attribute being relevant to the encryption attribute.
    Type: Application
    Filed: December 2, 2016
    Publication date: March 23, 2017
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Publication number: 20170085536
    Abstract: Embodiments are directed to securing data using attribute-based encryption. In an embodiment, a computer system encrypts a portion of data with an attribute-based encryption, including associating the encrypted portion of data with one or more encryption attributes. The computer system sends the encrypted portion of data and the one or more encryption attributes to a data store, which stores the first portion of data along with the one or more encryption attributes. The computer system also defines one or more access controls for the portion of data that include an identity of at least one user permitted to access the portion of data. The attribute-based encryption allows the encrypted portion of data to be provided by the data store upon request by the identified user when the request includes one or more search attributes that are relevant to the one or more encryption attributes.
    Type: Application
    Filed: December 2, 2016
    Publication date: March 23, 2017
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 9558370
    Abstract: Embodiments are directed to providing attribute-based data access. In an embodiment, a data request specifies one or more search data attributes describing requested data that is to be found in a data store. The data store is configured to provide access to secured data according to access controls defined by one or more clients. The secured data includes data that is associated with a particular client and that is encrypted using attribute-based encryption, which associates the data with one or more encryption data attributes and that enables the data to be provided if conditions in the corresponding access controls are met. The particular portion of data is provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes is determined to be relevant to at least one of the encryption data attributes.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: January 31, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 9537650
    Abstract: A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. Verifiable trust is provided through families of techniques that are referred to as wrapper composition. Multiple concentric and/or lateral transform wrappers or layers can wholly or partially transform data, metadata or both to mathematical transform (e.g., encrypt, distribute across storage, obscure) or otherwise introduce lack of visibility to some or all of the data, metadata or both.
    Type: Grant
    Filed: July 8, 2010
    Date of Patent: January 3, 2017
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Rahul V. Auradkar, Roy Peter D'Souza
  • Publication number: 20160196452
    Abstract: Embodiments are directed to providing attribute-based data access. In an embodiment, a data request specifies one or more search data attributes describing requested data that is to be found in an anonymous directory. The anonymous directory is configured to provide access to secured data according to access controls defined one or more clients. The secured data includes data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption, which associates the data with one or more encryption data attributes and that enables the data to be provided if conditions in the corresponding access controls are met. The particular portion of data is provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes is determined to be relevant to at least one of the encryption data attributes.
    Type: Application
    Filed: December 2, 2015
    Publication date: July 7, 2016
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 9224005
    Abstract: Methods, systems, and computer program products for providing attribute-based data access. Embodiments include receiving a data request specifying search data attributes describing requested data that is to be found in an anonymous directory. The anonymous directory provides access to secured data of clients according to access controls, including secured data comprising a first portion that is unencrypted and readable by the anonymous directory and a second portion that is encrypted and unreadable by the anonymous directory. The second portion is encrypted using multi-authority attribute-based encryption that associates the second portion with encryption data attributes. The anonymous directory provides the first acid second portions of data f conditions in the access controls are met. The first and second portions of data are provided, based on determining that the conditions in the access controls are met, and that at least one data attribute is relevant to at least one encryption data attribute.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: December 29, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 9219730
    Abstract: Methods, systems and apparatuses for securing a secret of a user are disclosed. One method includes one or more adjudicator devices providing a plurality of public keys, wherein each of the plurality of public keys has a corresponding at least one adjudicator, and a corresponding secret key, receiving, by the one or more adjudicator devices, a plurality of encrypted shares that were generated based on a secret of the user, a policy, and the plurality of public keys, and verifying that the plurality of encrypted shares can be used to reconstitute the secret upon receiving the plurality of encrypted shares, wherein the secret can be reconstructed, without access to the secret.
    Type: Grant
    Filed: February 4, 2015
    Date of Patent: December 22, 2015
    Assignee: PivotCloud, Inc.
    Inventor: Roy Peter D'Souza
  • Patent number: 9219715
    Abstract: Methods, systems and apparatuses for a mediator enforcing policies to a resource utilizing an electronic content, are disclosed. One method includes receiving, by a mediator computing device of a mediator, a second share SKG2 from an owner server, wherein a first share SKG1 is provided to a member server of a member of a group by the owner server, wherein the owner defines policies associated with the group. The method further includes the mediator receiving a request from the member for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content, determining, by the mediator, whether the member is eligible to access the electronic content based at least in part on the policies associated with the group, if eligible, the mediator responds to the request for mediation with a member accessible header.
    Type: Grant
    Filed: March 27, 2014
    Date of Patent: December 22, 2015
    Assignee: PivotCloud, Inc.
    Inventors: James Lewis Lester, Roy Peter D'Souza
  • Patent number: 9209972
    Abstract: Methods, systems and apparatuses for a mediator controlling access to an electronic content, are disclosed. One method includes receiving, by a mediator device of a mediator, a second share SKG2 from an owner device, wherein a first share SKG1 is provided to a member device of a member of a group by the owner device. Further, the mediator receives a request from the member for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content. Further, the mediator receives a request for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content from the member. Further, the mediator determines whether the member is eligible to decrypt the electronic content, if eligible, the mediator responding to the request for mediation with a member accessible header, wherein the member accessible header includes the header after application of SKG2.
    Type: Grant
    Filed: January 31, 2015
    Date of Patent: December 8, 2015
    Assignee: PivotCloud, Inc.
    Inventors: Roy Peter D'Souza, Lars Kuhtz
  • Patent number: 9172711
    Abstract: Methods, systems and apparatuses for an originator publishing an attestation of a statement are disclosed. One method includes obtaining information, wherein the information includes the attestation of the statement, wherein the statement includes at least a portion of the information to be attested to, and wherein the attestation includes a context describing conditions of the attestation, and wherein the attestation includes a cryptographic signature of the context and the statement. The method further includes validating the information. The method further includes communicating after validating the information the information to a destination while maintaining at least one of data privacy or data provenance, including creating a new statement by transforming the statement to a form suitable for the destination, creating, by the computing device, a new attestation by signing the new statement with a new context specific to the computing device, and making available the new attestation to the destination.
    Type: Grant
    Filed: November 24, 2014
    Date of Patent: October 27, 2015
    Assignee: PivotCloud, Inc.
    Inventors: Roy Peter D'Souza, Santosh S. Shanbhag