Manas Rajendra Joglekar

US Patent:

20200272744, Aug 27, 2020

Filed:

May 13, 2020

Appl. No.:

15/931010

Inventors:

- Redmond WA, US
Arvind Arasu - Mountain View CA, US
Spyridon Blanas - Madison WI, US
Kenneth H. Eguro - Redmond WA, US
Manas Rajendra Joglekar - Stanford CA, US
Donald Kossmann - Kirkland WA, US
Ravishankar Ramamurthy - Redmond WA, US
Prasang Upadhyaya - Seattle WA, US
Ramarathnam Venkatesan - Redmond WA, US

International Classification:

G06F 21/60
H04L 29/06
G06F 21/62

Abstract:

Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.

US Patent:

20190005254, Jan 3, 2019

Filed:

Aug 10, 2018

Appl. No.:

16/100787

Inventors:

- Redmond WA, US
Kenneth Eguro - Seattle WA, US
Manas Rajendra Joglekar - Stanford CA, US
Raghav Kaushik - Kirkland WA, US
Donald Kossmann - Kirkland WA, US
Ravishankar Ramamurthy - Redmond WA, US

Assignee:

Microsoft Technology Licensing, LLC - Redmond WA

International Classification:

G06F 21/60
H04L 29/06
H04L 9/08
H04L 9/06

Abstract:

A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.

US Patent:

20180046812, Feb 15, 2018

Filed:

Oct 27, 2017

Appl. No.:

15/796236

Inventors:

- Redmond WA, US
Arvind Arasu - Mountain View CA, US
Spyridon Blanas - Madison WI, US
Kenneth H. Eguro - Redmond WA, US
Manas Rajendra Joglekar - Stanford CA, US
Donald Kossmann - Kirkland WA, US
Ravishankar Ramamurthy - Redmond WA, US
Prasang Upadhyaya - Seattle WA, US
Ramarathnam Venkatesan - Redmond WA, US

International Classification:

G06F 21/60
H04L 29/06
G06F 21/62

Abstract:

Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.

US Patent:

20170103217, Apr 13, 2017

Filed:

Oct 9, 2015

Appl. No.:

14/880186

Inventors:

- Redmond WA, US
Kenneth Eguro - Seattle WA, US
Manas Rajendra Joglekar - Stanford CA, US
Raghav Kaushik - Kirkland WA, US
Donald Kossmann - Kirkland WA, US
Ravishankar Ramamurthy - Redmond WA, US

International Classification:

G06F 21/60
H04L 29/06
G06F 17/30
H04L 9/08

Abstract:

A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.

US Patent:

20140281511, Sep 18, 2014

Filed:

Aug 27, 2013

Appl. No.:

14/011241

Inventors:

- Redmond WA, US
Arvind Arasu - Redmond WA, US
Spyridon Blanas - Madison WI, US
Kenneth Eguro - Seattle WA, US
Manas Rajendra Joglekar - Stanford CA, US
Donald A. Kossmann - Zurich, CH
Ravishankar Ramamurthy - Redmond WA, US
Prasang Upadhyaya - Seattle WA, US
Ramarathnam Venkatesan - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/60

US Classification:

713164

Abstract:

The subject disclosure is directed towards using trusted hardware to achieve secure data processing over a network. For a given set of data store operations, some operations are directed to sensitive data (e.g., encrypted data fields). These operations are compiled into a set of expressions invoking trusted hardware code configured to evaluate these expressions using corresponding data centric primitive programs. Because the trusted hardware is configured to maintain key data for encrypting/decrypting the sensitive data, the sensitive data is not accessible by an untrusted component while the sensitive data is decrypted.