公开(公告)号：US20180341674A1

公开(公告)日：2018-11-29

申请号：US16054687

申请日：2018-08-03

Applicant: Microsoft Technology Licensing, LLC

Inventor： Cristian DIACONU ,  Craig Steven FREEDMAN ,  Per-Ake LARSON ,  Michael James ZWILLING

IPC: G06F17/30 ,  G06F12/02

CPC classification number: G06F17/30377 ,  G06F12/0253 ,  G06F17/30309 ,  G06F17/30501 ,  G06F17/30575 ,  G06F2212/1044

Abstract: An in-memory database system stores the entirety of a database that is being operated on by a database system within main memory. The database includes a table that comprises a plurality of rows including a particular row. The database table comprises a first version of the particular row having a first valid time, and a second version having a second valid time. Index(es) are associated with the database table. Each index references the plurality of rows, including referencing the first and second versions of the particular row. A transaction acting on the first version of the particular row is executed. The first version of the particular row is visible to the transaction based on the first valid time and the second version of the particular row being not visible to the transaction based on the second valid time.

公开(公告)号：US20240406002A1

公开(公告)日：2024-12-05

申请号：US18326493

申请日：2023-05-31

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Panagiotis ANTONOPOULOS ,  Christoph BERLIN ,  Michael James ZWILLING

IPC: H04L9/32

Abstract: Data diode systems and methods are disclosed herein for enhancing data security. Encrypted data transmitted from a first node (e.g., an entity coupled to a network) is received. The data transmitted is encrypted with a public key associated with a second node (e.g., the node to which to which the encrypted data is transmitted). The encrypted data is decrypted with a private key associated with the second node to generate decrypted data. A determination is made whether a digital signature in the decrypted data corresponds to a ledger entry mapped to the first node in a first set of ledger entries. The first node is verified to be a trusted entity based on the digital signature having been determined to correspond to the ledger entry. Based on the verification, the transmission of the encrypted data from the first node is determined to be a permissible data transmission.

公开(公告)号：US20240388589A1

公开(公告)日：2024-11-21

申请号：US18319023

申请日：2023-05-17

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Srinath T. V. SETTY ,  Christoph BERLIN ,  Ulrich HOMANN ,  Michael James ZWILLING

IPC: H04L9/40

Abstract: An entity is enabled to access encrypted resources in response to verifying access criteria of a region-based security policy is met. For example, a resource request to access an encrypted resource is received from an entity. A determination that the encrypted resource is assigned to a first region and is protected by a region-based security policy is made. A proof of a region attribute indicating that the entity possesses the region attribute is received from the entity, the region attribute indicates the entity is associated with the first region. An encrypted version of the region attribute is obtained from a ledger database. The resource request is validated based at least on the encrypted attribute and the proof of the region attribute. A verification is made that an access criteria of the region-based security policy is met. The entity is provided access to the encrypted resource.

公开(公告)号：US20240114012A1

公开(公告)日：2024-04-04

申请号：US17937098

申请日：2022-09-30

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Michael James ZWILLING

IPC: H04L9/40

CPC classification number: H04L63/0435 ,  H04L63/105 ,  H04L63/107

Abstract: A decryption key is recovered that is utilized to decrypt an encrypted resource. For example, a determination is made as to whether a user and/or the user's computing device attempting to access an encrypted resource has the necessary attributes to access the resource and/or is in a valid location in which the user is required to be to access the resource. The attributes and/or location are defined by a policy assigned to the resource. To verify that the user has the required attributes, a proof is requested from the user that proves that the user has the required attributes. Upon validating the proof, the decryption key is generated and/or retrieved.

公开(公告)号：US20190205295A1

公开(公告)日：2019-07-04

申请号：US16298498

申请日：2019-03-11

Applicant: Microsoft Technology Licensing, LLC

Inventor： Cristian DIACONU ,  Craig Steven FREEDMAN ,  Per-Ake LARSON ,  Michael James ZWILLING

IPC: G06F16/23 ,  G06F16/2455 ,  G06F16/21 ,  G06F12/02 ,  G06F16/27

CPC classification number: G06F16/2379 ,  G06F12/0253 ,  G06F16/219 ,  G06F16/24561 ,  G06F16/27 ,  G06F2212/1044

Abstract: An in-memory database system stores an entirety of a database within main memory of the computer system. The database includes a table comprising a plurality of rows including a particular row. A first transaction updating the particular row is executed to create a first version of the particular row. A second transaction updating the particular row is executed to create a second version of the particular row. The first version is visible only to the first transaction, and the second version is visible only to the second transaction. The in-memory database system may associate an index with the database table, the index referencing the plurality of rows, including referencing the first version of the particular row and the second version of the particular row. The in-memory database system may initiate garbage collection of the first version of the particular row and/or the second version of the particular row.

公开(公告)号：US20150254273A1

公开(公告)日：2015-09-10

申请号：US14712755

申请日：2015-05-14

Applicant: Microsoft Technology Licensing, LLC

Inventor： Per-Ake LARSON ,  Michael James ZWILLING ,  Cristian DIACONU

IPC: G06F17/30

CPC classification number: G06F17/30227 ,  G06F17/30353 ,  G06F17/30371 ,  G06F17/30575 ,  G06F17/30581 ,  G06F17/30864

Abstract: The subject disclosure relates to a distributed transaction management technique that ensures synchronization between participating nodes in a global or distributed transaction. The technique leverages a commit protocol that uses local clocks at the respective participating nodes. Participants in a global transaction are configured to utilize the same commit timestamp and logical read time and can advance their respective local clocks to establish this synchronization. In one embodiment, distributed commit utilizes a modified version of two-phase commit that includes an extra phase to collect commit timestamp votes from participants. Additionally, a heartbeat mechanism can be used to establish loose synchronization between nodes. In another embodiment, a node can respond to a remote transaction request by returning a list of nodes involved in generating the result of the transaction and the types of access used by such nodes in addition to the transaction result itself.

Abstract translation: 本公开涉及分布式事务管理技术，其确保全局或分布式事务中的参与节点之间的同步。 该技术利用在相应参与节点处使用本地时钟的提交协议。 全局事务中的参与者被配置为利用相同的提交时间戳和逻辑读取时间，并且可以推进其各自的本地时钟以建立该同步。 在一个实施例中，分布式提交利用两阶段提交的修改版本，其包括从参与者收集提交时间戳投票的额外阶段。 另外，可以使用心跳机制来建立节点之间的松散同步。 在另一个实施例中，节点可以通过返回生成事务结果所涉及的节点列表以及除了事务结果本身之外由这些节点使用的访问类型来响应远程事务请求。