公开(公告)号：US20250037072A1

公开(公告)日：2025-01-30

申请号：US18474519

申请日：2023-09-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Peeyush KUMAR ,  Ananta MUKHERJEE ,  Boling YANG ,  Nishanth CHANDRAN ,  Divya GUPTA

IPC: G06Q10/087 ,  G06F21/62

Abstract: The present disclosure relates to methods and systems that preserve privacy in a secure multi-party computation (MPC) framework in multi-agent reinforcement learning (MARL). The methods and systems use a secure MPC framework that allows for direct computation on encrypted data and enables parties to learn from others while keeping their own information private. The methods and systems provide a learning mechanism that carries out floating point operations in a privacy-preserving manner.

公开(公告)号：US20240119168A1

公开(公告)日：2024-04-11

申请号：US17938711

申请日：2022-10-07

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Panagiotis ANTONOPOULOS ,  Srinath T.V. SETTY ,  Basil CHERIAN ,  Daniel John CARROLL, JR. ,  Jason Sydney BARNWELL

IPC: G06F21/62 ,  H04L9/08 ,  H04L9/32

CPC classification number: G06F21/6227 ,  H04L9/085 ,  H04L9/3263

Abstract: Embodiments described herein enable at least one of a plurality of entities to access data protected by a security policy in response to validating respective digital access requests from the entities. The respective digital access requests are received, each comprising a proof. For each request, an encrypted secret share is obtained from a respective ledger database. Each request is validated based at least on the respective encrypted secret share and the proof, without decrypting the respective encrypted secret share. In response to validating all of the requests, a verification that an access criteria of a security policy is met is made. If so, at least one of the entities is provided with access to data protected by the security policy. In an aspect, embodiments enable a blind subpoena to be performed. In another aspect, embodiments enable the at least one entity to access the data for an isolated purpose.

公开(公告)号：US20240388589A1

公开(公告)日：2024-11-21

申请号：US18319023

申请日：2023-05-17

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Srinath T. V. SETTY ,  Christoph BERLIN ,  Ulrich HOMANN ,  Michael James ZWILLING

IPC: H04L9/40

Abstract: An entity is enabled to access encrypted resources in response to verifying access criteria of a region-based security policy is met. For example, a resource request to access an encrypted resource is received from an entity. A determination that the encrypted resource is assigned to a first region and is protected by a region-based security policy is made. A proof of a region attribute indicating that the entity possesses the region attribute is received from the entity, the region attribute indicates the entity is associated with the first region. An encrypted version of the region attribute is obtained from a ledger database. The resource request is validated based at least on the encrypted attribute and the proof of the region attribute. A verification is made that an access criteria of the region-based security policy is met. The entity is provided access to the encrypted resource.

公开(公告)号：US20240056424A1

公开(公告)日：2024-02-15

申请号：US17819030

申请日：2022-08-11

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Srinath SETTY ,  Panagiotis ANTONOPOULOS ,  Satyanarayana Venkata LOKAM

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/00

CPC classification number: H04L63/0428 ,  H04L9/0822 ,  H04L9/50

Abstract: Embodiments described herein are directed to a verifiable identity map that maintains identities and public keys associated with the identities. The map is maintained by a ledger database that provides tamper-resistant/evident capabilities for tables (comprising the map) thereof. For instance, when a materialized view of the database is generated, the database provides a digest representative of a state thereof to computing devices that access the map for the keys. When the database receives a request from a device to access the map, the digest is received along therewith. The database is validated based on the digest to determine whether the database has been tampered with since the provision of the digest. Responsive to a successful validation, the database provides access in accordance with the request. When a key in the map is updated, the database subsequently generates a new digest, which is provided to the computing device.

公开(公告)号：US20240121081A1

公开(公告)日：2024-04-11

申请号：US18045335

申请日：2022-10-10

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Ganesh ANANTHANARAYANAN ,  Panagiotis ANTONOPOULOS ,  Srinath T.V. SETTY ,  Daniel John CARROLL, JR. ,  Kiran MUTHABATULLA ,  Yuanchao SHU ,  Sanjeev MEHROTRA

IPC: H04L9/08

CPC classification number: H04L9/0825 ,  H04L9/085 ,  H04L9/0866

Abstract: An access control system is disclosed for controlling access to a resource. A request is received by a location attribute policy (LAP) server to access an encrypted resource. The LAP server accesses a resource policy that identifies requirements for granting access to the encrypted resource, such as a list of attributes of the requestor that are required and a dynamic attribute requirement of the requestor. The LAP server receives a cryptographic proof from the computing device that the requestor possesses the attributes and validates the proof based at least on information obtained from a trusted ledger. Once the proof is validated, the LAP server provides a shared secret associated with the dynamic attribute requirement to a decryption algorithm. The decryption algorithm uses the dynamic attribute shared secret in combination with one or more attribute shared secrets from the requestor to generate a decryption key for the encrypted resource.

公开(公告)号：US20230032519A1

公开(公告)日：2023-02-02

申请号：US17085986

申请日：2020-10-30

Applicant: Microsoft Technology Licensing, LLC

Inventor： Nishanth CHANDRAN ,  Divya GUPTA ,  Aseem RASTOGI ,  Rahul SHARMA ,  Nishant KUMAR ,  Mayank RATHEE ,  Deevashwer RATHEE

IPC: G06N5/04 ,  G06N3/08 ,  H04L9/34

Abstract: A secure inference over Deep Neural Networks (DNNs) using secure two-party computation to perform privacy-preserving machine learning. The secure inference uses a particular type of comparison that can be used as a building block for various layers in the DNN including, for example, ReLU activations and divisions. The comparison securely computes a Boolean share of a bit representing whether input value x is less than input value y, where x is held by a user of the DNN, and where y is held by a provider of the DNN. Each party computing system parses their input into leaf strings of multiple bits. This is much more efficient than if the leaf strings were individual bits. Accordingly, the secure inference described herein is more readily adapted for using in complex DNNs.

公开(公告)号：US20240406002A1

公开(公告)日：2024-12-05

申请号：US18326493

申请日：2023-05-31

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN ,  Panagiotis ANTONOPOULOS ,  Christoph BERLIN ,  Michael James ZWILLING

IPC: H04L9/32

Abstract: Data diode systems and methods are disclosed herein for enhancing data security. Encrypted data transmitted from a first node (e.g., an entity coupled to a network) is received. The data transmitted is encrypted with a public key associated with a second node (e.g., the node to which to which the encrypted data is transmitted). The encrypted data is decrypted with a private key associated with the second node to generate decrypted data. A determination is made whether a digital signature in the decrypted data corresponds to a ledger entry mapped to the first node in a first set of ledger entries. The first node is verified to be a trusted entity based on the digital signature having been determined to correspond to the ledger entry. Based on the verification, the transmission of the encrypted data from the first node is determined to be a permissible data transmission.

公开(公告)号：US20240104229A1

公开(公告)日：2024-03-28

申请号：US17934730

申请日：2022-09-23

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Srinath T. V. Setty ,  Nishanth CHANDRAN ,  Panagiotis ANTONOPOULOS

IPC: G06F21/62 ,  H04L9/00

CPC classification number: G06F21/62 ,  H04L9/50

Abstract: Verifiable attribute maps that maintain references to identities and attribute information associated with the identities are disclosed. A verifiable attribute map is maintained by a ledger database that provides tamper-resistant/evident capabilities for tables (comprising the map) thereof. For instance, when a materialized view of the database is generated, the database provides a digest representative of a state thereof to computing devices that access the map for the attribute information. When the database receives a request from a device to access the map, the digest is received along therewith. The database is validated based on the digest to determine whether the database has been tampered with since the provision of the digest. Responsive to a successful validation, the database provides access in accordance with the request. When attribute information in the map is updated, the database subsequently generates a new digest, which is provided to the computing device.

公开(公告)号：US20240089098A1

公开(公告)日：2024-03-14

申请号：US17931733

申请日：2022-09-13

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ramarathnam VENKATESAN ,  Nishanth CHANDRAN

IPC: H04L9/08

CPC classification number: H04L9/0894 ,  H04L9/0825 ,  H04L9/085

Abstract: A decryption key is recovered that is utilized to decrypt an encrypted resource. One or more location attribute policy (LAP) servers determine whether a user attempting to access a resource has the necessary attributes to access the resource and is in a valid location in which the user is required to be to access the resource. The attributes and location are defined by a policy assigned to the resource. To verify that the user has the required attributes, the LAP server(s) request a cryptographic proof from the user that proves that the user has the required attributes. Upon validating the proof, a first portion of the decryption key is released. The LAP server(s) release a second portion of the decryption key after verifying that the user is in the required location. The LAP server(s) generate the decryption key based on the released portions.

公开(公告)号：US20180375653A1

公开(公告)日：2018-12-27

申请号：US15631563

申请日：2017-06-23

Applicant: Microsoft Technology Licensing, LLC

Inventor： Srinath Tumkur Venkatacha SETTY ,  Ramarathnam VENKATESAN ,  Brant Lee ZWIEFEL ,  Nishanth CHANDRAN ,  Satyanarayana V. LOKAM ,  Jonathan David LEE ,  Sharmila Deva SELVI S

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32

Abstract: A device establishes a key recovery policy and generates a key that is protected based on the key recovery policy. The key recovery policy indicates which combinations of other entities can recover the protected key. The device generates different shares of the protected key, each share being a value that, in combination with the other share(s), allows the protected key to be recovered. Each share is associated with a particular leaf agent, the device encrypts each share with the public key of the leaf agent associated with the share and provides the encrypted share to a service. When recovery of the protected key is desired, a recovering authority can generate the protected key only if the recovering authority receives decrypted shares from a sufficient one or combination of leaf agents as indicated by the recovery policy.