Patents by Inventor Mahesh Kallahalla
Mahesh Kallahalla has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9807004Abstract: An autonomous network and a corresponding routing method include determining routing paths by a controller, and providing the determined routing paths to a data packet processor located remotely from the controller. The data packet processor routes outgoing data packets, based on information from the controller, through a plurality of switches remotely from the data packet processor. Each switch includes a plurality of network interfaces. For an outgoing data packet, the data packet processor determines a network interface over which to transmit the data packet, and adds an indication of the determined network interface in a header of the data packet. The data packet processor forwards the modified data packet to the switch including the determined network interface. The switch identifies the network interface based on the indication, and transmits the outgoing data packet over the identified network interface.Type: GrantFiled: September 5, 2014Date of Patent: October 31, 2017Assignee: Google Inc.Inventors: Bikash Koley, Steven Padgett, Ankur Jain, Arjun Singh, Amin Vahdat, Mahesh Kallahalla, Mukarram Tariq
-
Publication number: 20150281066Abstract: An autonomous network and a corresponding routing method include determining routing paths by a controller, and providing the determined routing paths to a data packet processor located remotely from the controller. The data packet processor routes outgoing data packets, based on information from the controller, through a plurality of switches remotely from the data packet processor. Each switch includes a plurality of network interfaces. For an outgoing data packet, the data packet processor determines a network interface over which to transmit the data packet, and adds an indication of the determined network interface in a header of the data packet. The data packet processor forwards the modified data packet to the switch including the determined network interface. The switch identifies the network interface based on the indication, and transmits the outgoing data packet over the identified network interface.Type: ApplicationFiled: September 5, 2014Publication date: October 1, 2015Inventors: Bikash Koley, Steven Padgett, Ankur Jain, Arjun Singh, Amin Vahdat, Mahesh Kallahalla, Mukarram Tariq
-
Patent number: 8095928Abstract: An embodiment of a method of forming a virtual computer cluster within a shared computing environment begins with a step of placing gatekeeper software on each of a plurality of particular host computers of the shared computing environment. The method continues with a step of assigning computing platforms located on the particular host computers to the virtual computer cluster. The gatekeeper software interposes between the computing platforms and hardware resources of the particular host computers. The method concludes with a step of isolating the virtual computer cluster from a remainder of the shared computing environment using the gatekeeper software. The gatekeeper software allows communication between the computing platforms while precluding communication with other computing platforms of the shared computing environment. The gatekeeper software controls input and output operations for the virtual computer cluster.Type: GrantFiled: October 6, 2004Date of Patent: January 10, 2012Assignee: Hewlett-Packard Development Company, L.P.Inventors: Mahesh Kallahalla, Mustafa Uysal, Ram Swaminathan, Frederic Gittler
-
Patent number: 7697690Abstract: Windowed backward key rotation. A user is provided information that allows determining a limited number of previous keys in a series of keys from a later key in the series. A key in the series is generated, based at least in part on the information provided to the user. The key in the series is provided to the user. The user determines at least one key in the limited number of previous keys in the series by applying the information to the key in the series.Type: GrantFiled: July 21, 2003Date of Patent: April 13, 2010Assignee: Hewlett-Packard Development Company, L.P.Inventors: Kevin E. Fu, Mahesh Kallahalla, Ram Swaminathan
-
Patent number: 7620984Abstract: An embodiment of a method of managing a computer system begins with a step of placing a virtual machine monitor on a computer. The virtual machine monitor includes an interface for a module. The method continues with a step of forming a computing platform on the computer. The virtual machine monitor provides access control to the hardware resources for software executing on the computing platform. The method concludes with a step of adding a module to the virtual machine monitor through the interface. The module modifies the access control provided by the virtual machine monitor.Type: GrantFiled: October 6, 2004Date of Patent: November 17, 2009Assignee: Hewlett-Packard Development Company, L.P.Inventors: Mahesh Kallahalla, Mustafa Uysal, Ram Swaminathan
-
Patent number: 7313238Abstract: A method and system for relating cryptographic keys. A method includes providing to a user a private share related to a key. The method also includes generating a new key based on a previous version of the key and publishing a rotation catalyst. The new version of the key is determinable based on the key rotation catalyst and the private share. Further, former versions of the key are determinable based on the key rotation catalyst.Type: GrantFiled: January 31, 2003Date of Patent: December 25, 2007Assignee: Hewlett-Packard Development Company, L.P.Inventors: Kevin E. Fu, Mahesh Kallahalla, Ram Swaminathan
-
Patent number: 7313694Abstract: A technique for secure file access control via directory encryption. Filenames of data files stored by a network server are encrypted so as to protect them in the event the server is untrustworthy, such as in a distributed computing environment. Two encryption keys are employed so as to provide different access capabilities. For example, clients of the server that are authorized to perform read-only operations on the files may be prevented from modifying the files, while client that are authorized to perform write operations, may modify the files or even delete the files. In a preferred embodiment, encrypted filenames replace plaintext files in a directory structure without otherwise changing the directory structure. Because the directory structure is otherwise unchanged, the server may still have adequate information to perform file management and space management functions.Type: GrantFiled: October 5, 2001Date of Patent: December 25, 2007Assignee: Hewlett-Packard Development Company, L.P.Inventors: Erik Riedel, Mahesh Kallahalla, Ram Swaminathan
-
Patent number: 7225118Abstract: A method of global data placement. The method includes assigning one or more workloads to one or more compute servers such that each workload flows to one compute server, assigning the data chunks that the workloads accesses to one or more storage servers, and determining how the workloads access the data.Type: GrantFiled: October 31, 2002Date of Patent: May 29, 2007Assignee: Hewlett-Packard Development Company, L.P.Inventors: Qian Wang, Arif Merchant, Nina Mishra, Mahesh Kallahalla, Ram Swaminathan
-
Patent number: 7219230Abstract: A plurality of file encryption groups are created for a plurality of files based on attributes of each file. An event is detected and a selected file encryption group is divided into a plurality of sub-groups in response to the event. The division is based on an access pattern for each file in the selected file encryption group.Type: GrantFiled: May 8, 2002Date of Patent: May 15, 2007Assignee: Hewlett-Packard Development Company, L.P.Inventors: Erik Riedel, Mahesh Kallahalla, Ram Swaminathan
-
Patent number: 7203317Abstract: A plurality of users may have access to a file. The file is encrypted with a key. Access for a user to the file is revoked. A new key is generated from the current key of the file in response to said revocation, and the file is encrypted with the new key.Type: GrantFiled: October 31, 2001Date of Patent: April 10, 2007Assignee: Hewlett-Packard Development Company, L.P.Inventors: Mahesh Kallahalla, Erik Riedel, Ram Swaminathan
-
Patent number: 7200747Abstract: A security module is configured to provide an owner the capability to differentiate between users. In particular, the security module is configured to generate an asymmetric read/write key pair for respectively decrypting/encrypting data for storage on a disk. The owner of the file may distribute the read key of the asymmetric key pair to a group of users that the owner has assigned read-permission for the encrypted data.Type: GrantFiled: October 31, 2001Date of Patent: April 3, 2007Assignee: Hewlett-Packard Development Company, L.P.Inventors: Erik Riedel, Christos Karamanolis, Mahesh Kallahalla, Ram Swaminathan
-
Patent number: 7171557Abstract: A group manager module may provide the capability to segregate or associate files into file encryption groups. A file may be placed into a file encryption group based on the attributes of the file. The attributes may be characteristics/parameters that describe who has access to a file such as UNIX permission/mode bits (group-read/write/executable bit, owner-read/write/executable bits, users-read/write/executable bits) or other system for access control lists (ACLs). Once associated with a file encryption group, the file may be encrypted with the encryption (or write) key of the selected file encryption group, and thus, decrypted with the decryption (or read) key of the file encryption group. A user may have membership into multiple file encryption groups as long as the user possesses the appropriate read/write key pairs.Type: GrantFiled: October 31, 2001Date of Patent: January 30, 2007Assignee: Hewlett-Packard Development Company, L.P.Inventors: Mahesh Kallahalla, Erik Riedel, Ram Swaminathan
-
Patent number: 7043621Abstract: A method and apparatus is used to divide a storage volume into shards. The division is made using a directed graph having a vertex for each block in the storage volume and directed-edges between pairs of vertices representing a shard of blocks, associating a weight with each directed edge that represents the dissimilarity for the shard of blocks between the corresponding pair of vertices, selecting a maximum number of shards (K) for dividing the storage volume, identifying a minimum aggregate weight associated with a current vertex for a combination of no more than K shards, performing the identification of the minimum aggregate weight for vertices in the directed graph, and picking the smallest aggregated weight associated with the last vertex to determine a sharding that spans the storage volume and provides a minimal dissimilarity among no more than K shards of blocks.Type: GrantFiled: May 15, 2003Date of Patent: May 9, 2006Assignee: Hewlett-Packard Development Company, L.P.Inventors: Arif Merchant, Mahesh Kallahalla, Ram Swaminathan
-
Publication number: 20060075199Abstract: An embodiment of a method of providing storage to a virtual computer cluster within a shared computing environment begins with a first step of combining storage resources within the shared computing environment into a virtual storage pool. The virtual storage pool comprises at least portions of storage devices in which at least one of the storage devices is not directly accessible by all computers which directly access any of the storage devices. The method continues with a second step of partitioning a virtual storage volume from the virtual storage pool. In a third step, the method assigns the virtual storage volume to the virtual computer cluster. The method concludes with a fourth step of making the virtual storage volume accessible to computing platforms of the virtual computer cluster using software. The software allows access to the virtual storage volume by the computing platforms while precluding access to remaining storage within the shared computing environment by the computing platforms.Type: ApplicationFiled: October 6, 2004Publication date: April 6, 2006Inventors: Mahesh Kallahalla, Mustafa Uysal, Ram Swaminathan
-
Publication number: 20060075252Abstract: An embodiment of a method of managing a computer system begins with a step of placing a virtual machine monitor on a computer. The virtual machine monitor includes an interface for a module. The method continues with a step of forming a computing platform on the computer. The virtual machine monitor provides access control to the hardware resources for software executing on the computing platform. The method concludes with a step of adding a module to the virtual machine monitor through the interface. The module modifies the access control provided by the virtual machine monitor.Type: ApplicationFiled: October 6, 2004Publication date: April 6, 2006Inventors: Mahesh Kallahalla, Mustafa Uysal, Ram Swaminathan
-
Publication number: 20060075278Abstract: An embodiment of a method of forming a virtual computer cluster within a shared computing environment begins with a step of placing gatekeeper software on each of a plurality of particular host computers of the shared computing environment. The method continues with a step of assigning computing platforms located on the particular host computers to the virtual computer cluster. The gatekeeper software interposes between the computing platforms and hardware resources of the particular host computers. The method concludes with a step of isolating the virtual computer cluster from a remainder of the shared computing environment using the gatekeeper software. The gatekeeper software allows communication between the computing platforms while precluding communication with other computing platforms of the shared computing environment. The gatekeeper software controls input and output operations for the virtual computer cluster.Type: ApplicationFiled: October 6, 2004Publication date: April 6, 2006Inventors: Mahesh Kallahalla, Mustafa Uysal, Ram Swaminathan, Frederic Gittler
-
Patent number: 7003116Abstract: A key management module is utilized to improve efficiency in cryptographic systems. The key management module may monitor file usage and recommend (and/or implement) key pair changes. In particular, the key management module may be configured to periodically examine (or analyze) performance parameters (e.g., number of times written, number of times read, etc.) associated with a user's files. A network monitor module may be configured to gather and maintain records of the associated performance parameters. The key management module may be further configured to compare the performance parameters of a given file with a table of key level ranges. The table of key lengths may be configured to provide a listing of multiple key lengths, each key length corresponding to an activity level of a performance parameter, e.g., relative read/write access frequency.Type: GrantFiled: October 31, 2001Date of Patent: February 21, 2006Assignee: Hewlett-Packard Development Company, L.P.Inventors: Erik Riedel, Mahesh Kallahalla, Ram Swaminathan
-
Publication number: 20050018842Abstract: Windowed backward key rotation. A user is provided information that allows determining a limited number of previous keys in a series of keys from a later key in the series. A key in the series is generated, based at least in part on the information provided to the user. The key in the series is provided to the user. The user determines at least one key in the limited number of previous keys in the series by applying the information to the key in the series.Type: ApplicationFiled: July 21, 2003Publication date: January 27, 2005Inventors: Kevin Fu, Mahesh Kallahalla, Ram Swaminathan
-
Publication number: 20040230764Abstract: A method and apparatus is used to divide a storage volume into shards. The division is made using a directed graph having a vertex for each block in the storage volume and directed-edges between pairs of vertices representing a shard of blocks, associating a weight with each directed edge that represents the dissimilarity for the shard of blocks between the corresponding pair of vertices, selecting a maximum number of shards (K) for dividing the storage volume, identifying a minimum aggregate weight associated with a current vertex for a combination of no more than K shards, performing the identification of the minimum aggregate weight for vertices in the directed graph, and picking the smallest aggregated weight associated with the last vertex to determine a sharding that spans the storage volume and provides a minimal dissimilarity among no more than K shards of blocks.Type: ApplicationFiled: May 15, 2003Publication date: November 18, 2004Inventors: Arif Merchant, Mahesh Kallahalla, Ram Swaminathan
-
Publication number: 20040151310Abstract: A method and system for relating cryptographic keys. A method includes providing to a user a private share related to a key. The method also includes generating a new key based on a previous version of the key and publishing a rotation catalyst. The new version of the key is determinable based on the key rotation catalyst and the private share. Further, former versions of the key are determinable based on the key rotation catalyst.Type: ApplicationFiled: January 31, 2003Publication date: August 5, 2004Inventors: Kevin E. Fu, Mahesh Kallahalla, Ram Swaminathan