Patents by Inventor Patrick Goldsack
Patrick Goldsack has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20150135178Abstract: In one implementation, a host platform implemented on a computing device hosting one or more virtual machines determines that a communication generated by a virtual machine and intended for another virtual machine is to be transmitted to a network appliance. Consequently, the host platform modifies the communication generated by the virtual machine.Type: ApplicationFiled: March 8, 2012Publication date: May 14, 2015Inventors: Anna Fischer, Aled Edwards, Patrick Goldsack
-
Patent number: 8990900Abstract: The application describes an attestation system (705, 707, 710) in a cloud computing environment. The authorization system is configured to allow a plurality of users (701a-d) and applications (702, 706, 708, 709) of the cloud computing environment to issue attestations regarding attributes of other users and applications. The authorization system is also configured to control access to said attestations and to allow a plurality of users and applications of the cloud computing environment to query the authorization system to determine whether a specified user or application has a specified attribute. Methods of controlling access to resources in a cloud computing environment and also of providing secure attestations are also described.Type: GrantFiled: June 23, 2010Date of Patent: March 24, 2015Assignee: Hewlett-Packard Development Company, L.P.Inventors: Nigel J Edwards, Michael J Wray, Jose Maria Alcaraz Calero, Patrick Goldsack
-
Patent number: 8627313Abstract: A data center can share processing resources using virtual networks. A hosting program 9,10 hosts one or more virtual machines 11, 12. The program has a virtual interface VIF 1 14, to the virtual machines, a network interface 19 to enable communication between the virtual machines and other nodes of a network, and an infrastructure management interface 8, invisible to the virtual machines. The program has an intercept function 7 implemented as a comparator, switch or router, arranged to intercept a status message from one of the virtual machines, or applications run by that virtual machine. The status indication is sent to a status buffer 5 and is made available to the infrastructure management interface without providing a network path between the management interface and the virtual machine. This can discriminate between VM failure and communication failure, and the invisibility maintains isolation and helps avoid vulnerability to denial of service attack.Type: GrantFiled: March 9, 2009Date of Patent: January 7, 2014Assignee: Hewlett-Packard Development Company, L.P.Inventors: Aled Edwards, Anna Fischer, Patrick Goldsack
-
Patent number: 8544002Abstract: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. Each virtual infrastructure can be passivated by suspending applications, stopping operating systems, and storing state, to enable later reactivation. This is simpler for a complete virtual infrastructure than for groups of virtual entities and physical entities. It enables cloned virtual infrastructure to be created for testing, upgrading or sharing without risk to the parent. On failure, reversion to a previous working clone is feasible.Type: GrantFiled: October 28, 2005Date of Patent: September 24, 2013Assignee: Hewlett-Packard Development Company, L.P.Inventors: Nigel Edwards, Adrian John Baldwin, Patrick Goldsack, Antonio Lain
-
Publication number: 20130191850Abstract: Disclosed herein is a technique that intercepts data transmitted from a first application executing in a first domain to a second application executing in a second domain.Type: ApplicationFiled: January 20, 2012Publication date: July 25, 2013Inventors: Anna Fischer, Aled Edwards, Patrick Goldsack
-
Publication number: 20130125217Abstract: The application describes an attestation system (705, 707, 710) in a cloud computing environment. The authorization system is configured to allow a plurality of users (701a-d) and applications (702, 706, 708, 709) of the cloud computing environment to issue attestations regarding attributes of other users and applications. The authorization system is also configured to control access to said attestations and to allow a plurality of users and applications of the cloud computing environment to query the authorization system to determine whether a specified user or application has a specified attribute. Methods of controlling access to resources in a cloud computing environment and also of providing secure attestations are also described.Type: ApplicationFiled: June 23, 2010Publication date: May 16, 2013Inventors: Nigel J. Edwards, Michael J. Wray, Jose Maria Alcaraz Calero, Patrick Goldsack
-
Patent number: 8370834Abstract: A data center can share processing resources using virtual networks. A virtual machine manager (10) hosts one or more virtual machines (11, 411), the virtual machines forming part of a segmented virtual network (34). Outgoing messages from the virtual machines have an intermediate destination address of an intermediate node in a local segment of the segmented virtual network, and the virtual machine manager has a router (18) for determining a new intermediate destination address outside the local segment, for routing the given outgoing message. By having the router as part of the virtual machine manager rather than having only a switch in the virtual machine manager, the need for virtual machines for implementing gateways is avoided. This can reduce the number of “hops” for the message between virtual entities hosted, and thus improve performance. This can help a service provider to share physical processing resources of a data center between different clients having their own virtual networks.Type: GrantFiled: March 9, 2009Date of Patent: February 5, 2013Assignee: Hewlett-Packard Development Company, L.P.Inventors: Aled Edwards, Anna Fischer, Chris I Dalton, Patrick Goldsack
-
Patent number: 8166171Abstract: A system is provided for disseminating resource allocation information from system resources to state-information observers comprising resource users and typically also at least one system resource manager. Each resource maintains state information about its identity and its allocation to one or more resource users. Each resource provides this information to a state-dissemination arrangement which disseminates it to each state-information observer. Each resource user uses the state information it receives from the state-dissemination arrangement to ascertain the resources allocated to it. Similarly, a system resource manager, when present, uses the state information it receives from the state-dissemination arrangement to ascertain the allocation of those resources that are of interest to the manager. A resource, resource user and resource manager for use in such a system are also provided.Type: GrantFiled: March 10, 2011Date of Patent: April 24, 2012Assignee: Hewlett-Packard Development Company, L.P.Inventors: Paul Murray, Patrick Goldsack, Julio Ceasr Guijarro
-
Publication number: 20110167146Abstract: A system is provided for disseminating resource allocation information from system resources to state-information observers comprising resource users and typically also at least one system resource manager. Each resource maintains state information about its identity and its allocation to one or more resource users. Each resource provides this information to a state-dissemination arrangement which disseminates it to each state-information observer. Each resource user uses the state information it receives from the state-dissemination arrangement to ascertain the resources allocated to it. Similarly, a system resource manager, when present, uses the state information it receives from the state-dissemination arrangement to ascertain the allocation of those resources that are of interest to the manager. A resource, resource user and resource manager for use in such a system are also provided.Type: ApplicationFiled: March 10, 2011Publication date: July 7, 2011Applicant: Hewlett-Packard CompanyInventors: Paul Murray, Patrick Goldsack, Julio Cesar Guijarro
-
Patent number: 7949753Abstract: A system is provided for disseminating resource allocation information from system resources to state-information observers comprising resource users and typically also at least one system resource manager. Each resource maintains state information about its identity and its allocation to one or more resource users. Each resource provides this information to a state-dissemination arrangement which disseminates it to each state-information observer. Each resource user uses the state information it receives from the state-dissemination arrangement to ascertain the resources allocated to it. Similarly, a system resource manager, when present, uses the state information it receives from the state-dissemination arrangement to ascertain the allocation of those resources that are of interest to the manager. A resource, resource user and resource manager for use in such a system are also provided.Type: GrantFiled: March 16, 2005Date of Patent: May 24, 2011Assignee: Hewlett-Packard Development Company, L.P.Inventors: Paul Murray, Patrick Goldsack, Julio Cesar Guijarro
-
Patent number: 7930763Abstract: A method of authorizing a computing entity comprises obtaining at the authorizing entity a delegation chain of intermediate elements through which an authorisable entity asserts authorization eligibility in the form of a sequence of locally assigned labels for the elements. The method further comparing the label sequence against a label sequence template.Type: GrantFiled: July 21, 2006Date of Patent: April 19, 2011Assignee: Hewlett-Packard Development Company, L.P.Inventors: Antonio Lain, Patrick Goldsack, Brian Quentin Monahan
-
Patent number: 7926028Abstract: A computer implemented process for identifying conflicts between policies for a method invocable by an object is described, in which the method is a member of at least one statically defined method grouping having a corresponding policy. The process comprises, for each method grouping, obtaining each method which is a member of the method grouping, associating therewith the corresponding method grouping policy, and comparing policies associated with methods which are members of two or more method groupings to identify conflicts.Type: GrantFiled: July 21, 2006Date of Patent: April 12, 2011Assignee: Hewlett-Packard Development Company, L.P.Inventors: Antonio Lain, Patrick Goldsack
-
Publication number: 20100115101Abstract: A connection policy for a communications network has a local connection policy indicating which paths between a given one of the nodes (computer A, router A, host 898) and others of the nodes (computers B, C, filters B1, B2, C1, C2, hosts 890, 892) are allowable paths, by a symbolic expression of ranges endpoint addresses and other local connection policies in respect of other nodes. It is implemented in a distributed manner by determining, for the given node, which of the allowable paths, are dual authorised as allowable by the other local connection policy relating to the other node at the other end of that path, by Boolean operations on the symbolic expressions. For a given message for a given path between two of the nodes having their own local connection policies, both of these nodes determine whether the given path is currently dual authorised. This can provide reassurance that changes in versions of the connection policy won't transiently open a risk of undetected unwanted communication.Type: ApplicationFiled: March 9, 2009Publication date: May 6, 2010Inventors: Antonio Lain, Patrick Goldsack
-
Publication number: 20100107162Abstract: A data center can share processing resources using virtual networks. A virtual machine manager (10) hosts one or more virtual machines (11, 411), the virtual machines forming part of a segmented virtual network (34). Outgoing messages from the virtual machines have an intermediate destination address of an intermediate node in a local segment of the segmented virtual network, and the virtual machine manager has a router (18) for determining a new intermediate destination address outside the local segment, for routing the given outgoing message. By having the router as part of the virtual machine manager rather than having only a switch in the virtual machine manager, the need for virtual machines for implementing gateways is avoided. This can reduce the number of “hops” for the message between virtual entities hosted, and thus improve performance. This can help a service provider to share physical processing resources of a data center between different clients having their own virtual networks.Type: ApplicationFiled: March 9, 2009Publication date: April 29, 2010Inventors: Aled Edwards, Anna Fischer, Chris Ian Dalton, Patrick Goldsack
-
Publication number: 20100077395Abstract: A data center can share processing resources using virtual networks. A hosting program 9,10 hosts one or more virtual machines 11, 12. The program has a virtual interface VIF 1 14, to the virtual machines, a network interface 19 to enable communication between the virtual machines and other nodes of a network, and an infrastructure management interface 8, invisible to the virtual machines. The program has an intercept function 7 implemented as a comparator, switch or router, arranged to intercept a status message from one of the virtual machines, or applications run by that virtual machine. The status indication is sent to a status buffer 5 and is made available to the infrastructure management interface without providing a network path between the management interface and the virtual machine. This can discriminate between VM failure and communication failure, and the invisibility maintains isolation and helps avoid vulnerability to denial of service attack.Type: ApplicationFiled: March 9, 2009Publication date: March 25, 2010Inventors: Aled Edwards, Anna Fischer, Patrick Goldsack
-
Publication number: 20090300605Abstract: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. Each virtual infrastructure can be passivated by suspending applications, stopping operating systems, and storing state, to enable later reactivation. This is simpler for a complete virtual infrastructure than for groups of virtual entities and physical entities. It enables cloned virtual infrastructure to be created for testing, upgrading or sharing without risk to the parent. On failure, reversion to a previous working clone is feasible.Type: ApplicationFiled: October 28, 2005Publication date: December 3, 2009Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.Inventors: Nigel John Edwards, Adrian Baldwin, Patrick Goldsack, Antonio Lain
-
Publication number: 20090241108Abstract: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. Virtual infrastructures of different users share physical resources but are isolated. Each infrastructure has its own infrastructure controller to create and configure the infrastructure. It has a user accessible part (CFC) for configuration of that user's infrastructure, and a user inaccessible part (UFC) able to access the mapping and the physical resources. This increases user control to ease system administration, while maintaining security by limiting access to the mapping.Type: ApplicationFiled: October 28, 2005Publication date: September 24, 2009Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.Inventors: Nigel John Edwards, Patrick Goldsack, Antonio Lain, Adrian John Baldwin
-
Publication number: 20090199177Abstract: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. The system has a mapping manager to dynamically alter the mapping for balancing, performance, and redundancy. There can be more independence from the underlying physical configuration, compared to known methods of virtualizing only some of the entities. The mapping manager can be distributed across a number of entities on different physical servers arranged to cooperate with each other.Type: ApplicationFiled: October 28, 2005Publication date: August 6, 2009Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.Inventors: Nigel Edwards, Chris I. Dalton, Adrian John Baldwin, Patrick Goldsack, Antonio Lain
-
Patent number: 7363312Abstract: A method embodied in a computer program product for combining first and second attribute sets each comprising at least one attribute and value pair by which a named attribute is assigned a value that comprises one of a end value and a further attribute set involves carrying out a merge operation that combines the attribute and value pairs of the first and second attribute sets according to their levels in respective attribute trees with conflicts arising between attributes having the same path in each tree being resolved, on a top-down basis, according to predetermined rules.Type: GrantFiled: July 3, 2003Date of Patent: April 22, 2008Assignee: Hewlett-Packard Development Company, L.P.Inventor: Patrick Goldsack
-
Publication number: 20070101125Abstract: A method of authorizing a computing entity comprises obtaining at the authorizing entity a delegation chain of intermediate elements through which an authorisable entity asserts authorization eligibility in the form of a sequence of locally assigned labels for the elements. The method further comparing the label sequence against a label sequence template.Type: ApplicationFiled: July 21, 2006Publication date: May 3, 2007Inventors: Antonio Lain, Patrick Goldsack, Brian Monahan