公开(公告)号：US20180121494A1

公开(公告)日：2018-05-03

申请号：US15588323

申请日：2017-05-05

Applicant: Microsoft Technology Licensing, LLC

Inventor： Panagiotis ANTONOPOULOS ,  Alexander Thien TRAN

IPC: G06F17/30

Abstract: A database command is received from a user for modifying an existing data structure or creating a new data structure. The database command is used to construct a query that is provided to a query optimizer component where the query is transformed into a first query execution plan including operations that persist operation state. Some data specified in the query is received, and some of the new data structure is constructed by executing some of the first query plan. While receiving some of data specified in the query and constructing some of the new data structure, operation state of execution is persisted. When an interruption of execution of the first query plan occurs, an updated query plan is generated using persisted operation state. External updates occur, before or after the interruption, but before executing the updated query plan. The external updates are transactionally validated.

公开(公告)号：US20240406002A1

公开(公告)日：2024-12-05

申请号：US18326493

申请日：2023-05-31

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Panagiotis ANTONOPOULOS ,  Christoph BERLIN ,  Michael James ZWILLING

IPC: H04L9/32

Abstract: Data diode systems and methods are disclosed herein for enhancing data security. Encrypted data transmitted from a first node (e.g., an entity coupled to a network) is received. The data transmitted is encrypted with a public key associated with a second node (e.g., the node to which to which the encrypted data is transmitted). The encrypted data is decrypted with a private key associated with the second node to generate decrypted data. A determination is made whether a digital signature in the decrypted data corresponds to a ledger entry mapped to the first node in a first set of ledger entries. The first node is verified to be a trusted entity based on the digital signature having been determined to correspond to the ledger entry. Based on the verification, the transmission of the encrypted data from the first node is determined to be a permissible data transmission.

公开(公告)号：US20240104229A1

公开(公告)日：2024-03-28

申请号：US17934730

申请日：2022-09-23

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Srinath T. V. Setty ,  Nishanth CHANDRAN ,  Panagiotis ANTONOPOULOS

IPC: G06F21/62 ,  H04L9/00

CPC classification number: G06F21/62 ,  H04L9/50

Abstract: Verifiable attribute maps that maintain references to identities and attribute information associated with the identities are disclosed. A verifiable attribute map is maintained by a ledger database that provides tamper-resistant/evident capabilities for tables (comprising the map) thereof. For instance, when a materialized view of the database is generated, the database provides a digest representative of a state thereof to computing devices that access the map for the attribute information. When the database receives a request from a device to access the map, the digest is received along therewith. The database is validated based on the digest to determine whether the database has been tampered with since the provision of the digest. Responsive to a successful validation, the database provides access in accordance with the request. When attribute information in the map is updated, the database subsequently generates a new digest, which is provided to the computing device.

公开(公告)号：US20220253546A1

公开(公告)日：2022-08-11

申请号：US17173039

申请日：2021-02-10

Applicant: Microsoft Technology Licensing, LLC

Inventor： Panagiotis ANTONOPOULOS

IPC: G06F21/62 ,  G06F16/22 ,  G06F11/14

Abstract: Embodiments described herein are directed to generating a tree-based data structure representative of a data set and the verification thereof. As each data item of a data set is updated, a leaf node is generated that stores a hash value therefor. For every even leaf node generated, a parent node storing a hash value based on the hash values of its child nodes is generated. For each level of the tree, the hash value of the last odd node generated therefor is maintained. The foregoing process is performed recursively at each level of the tree. During verification, a new root hash value is determined for a new tree-based data structure generated for the data set to be verified. The old and new root hash values are compared. If the hash values do not match, a remediation is performed to restore the data set.

公开(公告)号：US20240056424A1

公开(公告)日：2024-02-15

申请号：US17819030

申请日：2022-08-11

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Srinath SETTY ,  Panagiotis ANTONOPOULOS ,  Satyanarayana Venkata LOKAM

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/00

CPC classification number: H04L63/0428 ,  H04L9/0822 ,  H04L9/50

Abstract: Embodiments described herein are directed to a verifiable identity map that maintains identities and public keys associated with the identities. The map is maintained by a ledger database that provides tamper-resistant/evident capabilities for tables (comprising the map) thereof. For instance, when a materialized view of the database is generated, the database provides a digest representative of a state thereof to computing devices that access the map for the keys. When the database receives a request from a device to access the map, the digest is received along therewith. The database is validated based on the digest to determine whether the database has been tampered with since the provision of the digest. Responsive to a successful validation, the database provides access in accordance with the request. When a key in the map is updated, the database subsequently generates a new digest, which is provided to the computing device.

公开(公告)号：US20230269088A1

公开(公告)日：2023-08-24

申请号：US18309352

申请日：2023-04-28

Applicant: Microsoft Technology Licensing, LLC

Inventor： Panagiotis ANTONOPOULOS ,  Jakub J. SZYMASZEK ,  Raghav KAUSHIK ,  Conor J. CUNNINGHAM

IPC: H04L9/32 ,  G06F16/23 ,  G06F16/28 ,  G06F16/22

CPC classification number: H04L9/3239 ,  G06F16/2379 ,  G06F16/284 ,  G06F16/2282 ,  H04L9/50

Abstract: Methods for asynchronously determining relational data integrity using cryptographic data structures are performed by systems and devices. Changes in current tables of relational databases are reflected in associated history tables. Cryptographic hybrid blockchain ledgers are updated with transaction records, for entry changes in current and history tables, including transaction information and hash values of corresponding entry changes. Hybrid blockchain ledgers also include root hash values of Merkle trees of transaction records in current blocks, and hash values of prior blocks. A current block receipt is asynchronously generated and provided as a single hash value from which the validity states of the tables and ledger are able to be verified. Cryptographic receipts of specific transactions reflected in table entry changes are generated and provide immutable evidence of specific transaction existence for users. Ledger-enabled tables are provided for mixed database operations with ledger-disabled tables, and temporal history table database operations are enabled.

公开(公告)号：US20230014697A1

公开(公告)日：2023-01-19

申请号：US17935156

申请日：2022-09-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Craig S. FREEDMAN ,  Adrian-Leonard RADU ,  Daniel G. SCHALL ,  Hanumantha R. KODAVALLA ,  Panagiotis ANTONOPOULOS ,  Raghavendra Thallam KODANDARAMAIH ,  Alejandro Hernandez SAENZ ,  Naveen PRAKASH

IPC: G06F16/2457 ,  G06F16/2453 ,  G06F16/28 ,  G06F16/248 ,  G06F16/2455

Abstract: Methods for operation fragmentation with metadata serialization in query processing pushdowns are performed by systems and devices. A compute node receives a query directed to database data, and generates query text fragments. Portions of metadata of the database are read from different page servers, and are serialized by the compute node. Page identities of data pages in a page server that stores the data are determined from a page index at the compute node, and the compute node provides the text fragments, the serialized metadata, and the page identities to the page server storing the data. The page server compiles the text fragments based on the serialized metadata to generate an executable query plan for the query. The page server initializes and performs execution of the executable query plan against the data as a pushdown query operation, and a result of pushdown query operation is provided to the compute node.

公开(公告)号：US20190317727A1

公开(公告)日：2019-10-17

申请号：US15953000

申请日：2018-04-13

Applicant: Microsoft Technology Licensing, LLC

Inventor： Panagiotis ANTONOPOULOS ,  Nitish UPRETI ,  Alexander Thien TRAN

IPC: G06F7/16 ,  G06F3/06

Abstract: A method may include receiving a database command to sort an unsorted dataset; dividing a sort operation, for sorting the unsorted dataset, into a plurality of portions; performing a first portion of the sort operation; persisting intermediate results from the first portion of the sort operation; and persisting a state of the sort operation identifying the portions of the sort operation have been performed.

公开(公告)号：US20250156400A1

公开(公告)日：2025-05-15

申请号：US18428887

申请日：2024-01-31

Applicant: Microsoft Technology Licensing, LLC

Inventor： Noah Amin AL-SHIHABI ,  Panagiotis ANTONOPOULOS ,  Hanumantha Rao KODAVALLA ,  Nikolas Christopher OGG ,  Divyesh Rameshchandra TIKMANI ,  Wonseok KIM ,  Alexander Wai-man SWANSON ,  Rajat JAIN

IPC: G06F16/23 ,  G06F16/2453

Abstract: Relational database systems are disclosed that are enabled to operate with versioned metadata. The relational database system includes a lock manager, a transaction manager and a version aware metadata storage and cache configured to store to store and manage versions of metadata, to determine which of such versions should be visible at any given point in time, and to enable creation of the proper versions of metadata. In an aspect, the transaction manager manages transaction identifiers and their associated start times, abort times and/or commit times. Such data enables determination of transaction visibility, and consequently the metadata version visibility, for any point in time. In an aspect, such metadata versioning support enables snapshot isolation of metadata transactions.

公开(公告)号：US20240119168A1

公开(公告)日：2024-04-11

申请号：US17938711

申请日：2022-10-07

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Panagiotis ANTONOPOULOS ,  Srinath T.V. SETTY ,  Basil CHERIAN ,  Daniel John CARROLL, JR. ,  Jason Sydney BARNWELL

IPC: G06F21/62 ,  H04L9/08 ,  H04L9/32

CPC classification number: G06F21/6227 ,  H04L9/085 ,  H04L9/3263

Abstract: Embodiments described herein enable at least one of a plurality of entities to access data protected by a security policy in response to validating respective digital access requests from the entities. The respective digital access requests are received, each comprising a proof. For each request, an encrypted secret share is obtained from a respective ledger database. Each request is validated based at least on the respective encrypted secret share and the proof, without decrypting the respective encrypted secret share. In response to validating all of the requests, a verification that an access criteria of a security policy is met is made. If so, at least one of the entities is provided with access to data protected by the security policy. In an aspect, embodiments enable a blind subpoena to be performed. In another aspect, embodiments enable the at least one entity to access the data for an isolated purpose.