After applying the following hotfix from KB3000847, you may find the memory usage of SSO service keeps increasing and will not be released before restarting it.
FIX: Enterprise Single Sign-On triggers event 10536 and error code 0x80090005
The memory allocation is because the following Crypt API CPDeriveKey() kept being called to generate a new key. In this case, CryptDestroyKey() needs to be called to release the memory after using the generated keys. But for some reason, the keys are not properly released in the InfoCache.dll of KB3000847.
HIS team has released a new hotfix to fix the leak but its corresponding KB artcile hasn't been published yet. Please contact Microsoft Support to retrieve the hotfix if you meet the same issue.