Patents by Inventor Michael A. Halcrow

Michael A. Halcrow has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240364744
    Abstract: Systems and methods are disclosed for securely executing user-defined functions within a cloud data platform. A method involves receiving, via hardware processors, a request to execute a user-defined function (UDF) contained within a sandbox process. The UDF comprises code for performing specified operations that necessitate access to external resources. To facilitate this access, a secure egress path is established using an overlay network designed to isolate the UDF's network traffic from other processes. Authentication and authorization details for the UDF are managed externally to the sandbox process, ensuring that the UDF's functionality remains orthogonal to the cloud data platform's operations. This approach enables the secure and controlled execution of UDFs, allowing them to interact with external systems while maintaining the integrity and security of the cloud data platform environment.
    Type: Application
    Filed: January 31, 2024
    Publication date: October 31, 2024
    Inventors: Brandon S. Baker, Derek Denny-Brown, Michael A. Halcrow, Sven Tenzing Choden Konigsmark, Niranjan Kumar Sharma, Nitya Kumar Sharma, Haowei Yu, Andong Zhan
  • Patent number: 11930045
    Abstract: Methods, systems, and computer programs are presented for enabling any sandboxed user-defined function code to securely access the Internet via a cloud data platform. A remote procedure call is received by a cloud data platform from a user-defined function (UDF) executing within a sandbox process. The UDF includes code related to at least one operation to be performed. The cloud data platform provides an overlay network to establish a secure egress path for UDF external access. The cloud data platform enables the UDF executing in the sandbox process to initiate a network call.
    Type: Grant
    Filed: April 28, 2023
    Date of Patent: March 12, 2024
    Assignee: Snowflake Inc.
    Inventors: Brandon S. Baker, Derek Denny-Brown, Michael A. Halcrow, Sven Tenzing Choden Konigsmark, Niranjan Kumar Sharma, Nitya Kumar Sharma, Haowei Yu, Andong Zhan
  • Patent number: 10509664
    Abstract: The present disclosure relates to a distributed disk image deployment during virtual machine instance creation, and to deploying a virtual machine instances based on disk image locality. On example method includes receiving, at a first computing node, a request to create a virtual machine instance, the request identifying a disk image to be associated with the virtual machine instance; determining a set of computing nodes from which to transfer the disk image on a locality of the first computing node to each computing node in the set of computing nodes, generating a set of requests for a plurality of portions of the disk image, sending at least one request from the set of requests to each computing node in the set of computing nodes; and receiving, from at least one of the set of computing nodes, one or more portions of the disk image.
    Type: Grant
    Filed: December 8, 2016
    Date of Patent: December 17, 2019
    Assignee: Google LLC
    Inventors: Michael A. Halcrow, Brandon S. Baker, Nicholas V. Finco, Matthew Riley
  • Patent number: 9537745
    Abstract: The present disclosure relates to a distributed disk image deployment during virtual machine instance creation, and to deploying a virtual machine instances based on disk image locality. On example method includes receiving a request to create a virtual machine instance identifying a disk image; determining one or more storage devices storing the disk image; determining a distance measurement between each of a plurality of computing nodes and the one or more storage devices storing the disk image; selecting a computing node on which to create the virtual machine instance based on a locality of the computing node to a storage device from the one or more storage devices storing the disk image, the locality including the distance measurement between the computing node and the storage device; and creating the virtual machine instance on the computing node using the disk image from the storage device.
    Type: Grant
    Filed: March 7, 2014
    Date of Patent: January 3, 2017
    Assignee: Google Inc.
    Inventors: Michael A. Halcrow, Brandon S. Baker, Nicholas V. Finco, Matthew Riley
  • Patent number: 8996887
    Abstract: Methods, systems, and apparatus, including a method for providing data. The method comprises receiving a first request from a first virtual machine (VM) to store data, obtaining the data and an access control list (ACL) of authorized users, obtaining a data key that has a data key identifier, encrypting the data key and the ACL using a wrapping key to generate a wrapped blob, encrypting the data, storing the wrapped blob and the encrypted data, and providing the data key identifier to users on the ACL. The method further comprises receiving a second request from a second VM to obtain a data snapshot, obtaining an unwrapped blob, obtaining the data key and the ACL from the unwrapped blob, authenticating a user associated with the second request, authorizing the user against the ACL, decrypting the data using the data key, and providing a snapshot of the data to the second VM.
    Type: Grant
    Filed: February 24, 2012
    Date of Patent: March 31, 2015
    Assignee: Google Inc.
    Inventors: Andrew Kadatch, Michael A. Halcrow
  • Patent number: 8626786
    Abstract: Dynamic language checking includes identifying questionable language usage; creating a query in dependence upon the questionable language usage; querying a search engine with the query; receiving from the search engine search result statistics describing the search results for the query; and determining, in dependence upon search results statistics returned by the search engine, whether the questionable language usage is proper language usage.
    Type: Grant
    Filed: January 30, 2012
    Date of Patent: January 7, 2014
    Assignee: International Business Machines Corporation
    Inventors: Michael A. Halcrow, Dustin Kirkland
  • Publication number: 20130227303
    Abstract: Methods, systems, and apparatus, including a method for providing data. The method comprises receiving a first request from a first virtual machine (VM) to store data, obtaining the data and an access control list (ACL) of authorized users, obtaining a data key that has a data key identifier, encrypting the data key and the ACL using a wrapping key to generate a wrapped blob, encrypting the data, storing the wrapped blob and the encrypted data, and providing the data key identifier to users on the ACL. The method further comprises receiving a second request from a second VM to obtain a data snapshot, obtaining an unwrapped blob, obtaining the data key and the ACL from the unwrapped blob, authenticating a user associated with the second request, authorizing the user against the ACL, decrypting the data using the data key, and providing a snapshot of the data to the second VM.
    Type: Application
    Filed: February 24, 2012
    Publication date: August 29, 2013
    Applicant: GOOGLE INC.
    Inventors: Andrew Kadatch, Michael A. Halcrow
  • Patent number: 8462955
    Abstract: An online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key. A key protector for the storage media is stored, the key protector including the encrypted master key. The key protector can be subsequently accessed, and the online key obtained from the remote service. The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted.
    Type: Grant
    Filed: June 3, 2010
    Date of Patent: June 11, 2013
    Assignee: Microsoft Corporation
    Inventors: Octavian T. Ureche, Nils Dussart, Michael A. Halcrow, Charles G. Jeffries, Nathan T. Lewis, Cristian M. Ilac, Innokentiy Basmov, Magnus Bo Gustaf Nyström, Niels T. Ferguson
  • Patent number: 8239964
    Abstract: Safe deposit boxes, services, and methods for physically secure data storage are provided that include securing a network-enabled computer within a safe deposit box, receiving, in the network-enabled computer, data transmitted from a remote computer coupled for data communications with the network-enabled computer; and storing the data in the memory of the network-enabled computer. Securing a network-enabled computer within a safe deposit box may be carried out by providing a locked safe deposit box having the networked enabled computer stored within. Securing a network-enabled computer within a safe deposit box may be carried out by providing a lockable safe deposit box having the networked enabled computer integrated within.
    Type: Grant
    Filed: December 18, 2008
    Date of Patent: August 7, 2012
    Assignee: International Business Machines Corporation
    Inventors: Michael A. Halcrow, Dustin Kirkland
  • Publication number: 20120130977
    Abstract: Dynamic language checking includes identifying questionable language usage; creating a query in dependence upon the questionable language usage; querying a search engine with the query; receiving from the search engine search result statistics describing the search results for the query; and determining, in dependence upon search results statistics returned by the search engine, whether the questionable language usage is proper language usage.
    Type: Application
    Filed: January 30, 2012
    Publication date: May 24, 2012
    Applicant: International Business Machines Corporation
    Inventors: Michael A. Halcrow, Dustin Kirkland
  • Patent number: 8131746
    Abstract: Methods, systems, and computer program products are disclosed for dynamic language checking. Embodiments include identifying questionable language usage; creating a query in dependence upon the questionable language usage; querying a search engine with the query; receiving from the search engine search result statistics describing the search results for the query; and determining, in dependence upon search results statistics returned by the search engine, whether the questionable language usage is proper language usage.
    Type: Grant
    Filed: June 23, 2005
    Date of Patent: March 6, 2012
    Assignee: International Business Machines Corporation
    Inventors: Michael A. Halcrow, Dustin Kirkland
  • Publication number: 20110302398
    Abstract: An online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key. A key protector for the storage media is stored, the key protector including the encrypted master key. The key protector can be subsequently accessed, and the online key obtained from the remote service. The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted.
    Type: Application
    Filed: June 3, 2010
    Publication date: December 8, 2011
    Applicant: MICROSOFT CORPORATION
    Inventors: Octavian T. Ureche, Nils Dussart, Michael A. Halcrow, Charles G. Jeffries, Nathan T. Lewis, Cristian M. Ilac, Innokentiy Basmov, Bo Gustaf Magnus Nystr+e,uml o+ee m, Niels T. Ferguson
  • Patent number: 7996891
    Abstract: Systems, methods and computer program products for generating anonymous assertions. Exemplary embodiments include a method for generating anonymous assertions, the method comprising engaging anonymous role authentication via one or more authenticator services, generating an assertion token on a trusted assertion device that is booted into a trusted configuration, and processing the assertion and validating a right of the user to make the assertion for the event.
    Type: Grant
    Filed: January 30, 2008
    Date of Patent: August 9, 2011
    Assignee: International Business Machines Corporation
    Inventors: Richard J. Cardone, Michael A. Halcrow, Benjamin M. Landman, Kent E. Yoder
  • Publication number: 20090193509
    Abstract: Systems, methods and computer program products for generating anonymous assertions. Exemplary embodiments include a method for generating anonymous assertions, the method comprising engaging anonymous role authentication via one or more authenticator services, generating an assertion token on a trusted assertion device that is booted into a trusted configuration, and processing the assertion and validating a right of the user to make the assertion for the event.
    Type: Application
    Filed: January 30, 2008
    Publication date: July 30, 2009
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Richard J. Cardone, Michael A. Halcrow, Benjamin M. Landman, Kent E. Yoder
  • Patent number: 7552327
    Abstract: The present invention provides a method and apparatus for conducting a confidential search. The method comprises accessing one or more terms associated with one or more nodes of a network, encrypting the accessed one or more terms and receiving an encrypted search term from a user. The method further comprises comparing the received encrypted search term with at least a portion of the encrypted accessed terms and providing a result of the comparison to the user.
    Type: Grant
    Filed: November 13, 2003
    Date of Patent: June 23, 2009
    Assignee: International Business Machines Corporation
    Inventors: Michael A. Halcrow, Dustin C. Kirkland, David B. Kumhyr, Kylene J. Smith
  • Publication number: 20090094701
    Abstract: Safe deposit boxes, services, and methods for physically secure data storage are provided that include securing a network-enabled computer within a safe deposit box, receiving, in the network-enabled computer, data transmitted from a remote computer coupled for data communications with the network-enabled computer; and storing the data in the memory of the network-enabled computer. Securing a network-enabled computer within a safe deposit box may be carried out by providing a locked safe deposit box having the networked enabled computer stored within. Securing a network-enabled computer within a safe deposit box may be carried out by providing a lockable safe deposit box having the networked enabled computer integrated within.
    Type: Application
    Filed: December 18, 2008
    Publication date: April 9, 2009
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Michael A. Halcrow, Dustin Kirkland
  • Publication number: 20090072031
    Abstract: A method for a paper-free, verifiable, electronic voting system, the method comprising the steps of submitting votes by a voter using a direct-recording electronic voting machine, requesting a ballot summary from the direct-recording electronic voting machine, creating a ballot summary in a verification subsystem, displaying the ballot summary by the voting machine, casting a ballot by the voter, tallying votes by the electronic voting system, requesting the ballot summary be saved by the voting machine, saving the ballot summary securely by the verification subsystem, and displaying a cast ballot message on the voting machine.
    Type: Application
    Filed: September 13, 2007
    Publication date: March 19, 2009
    Inventors: Richard J. Cardone, Michael A. Halcrow, Benjamin M. Landman, Kent Yoder
  • Publication number: 20090072032
    Abstract: A method for voting in a trusted electronic voting system under the control of an election authority, the method comprising: casting a ballot having ballot information, the ballot information representing votes by a voter; receiving a request to cast the ballot by a voting machine, the voting machine running as a trusted computing platform; tallying the votes in a tally module; displaying the status of the vote tallying on the voting machine.
    Type: Application
    Filed: September 13, 2007
    Publication date: March 19, 2009
    Inventors: Richard J. Cardone, Michael A. Halcrow, Benjamin M. Landman, Kent Yoder
  • Publication number: 20090076891
    Abstract: An apparatus for executing a trusted electronic voting system under the control of an election authority comprising: at least one electronic voting machine; an election configuration for the voting machine in the electronic voting system; and a trusted computing platform for the voting machine in the electronic voting system.
    Type: Application
    Filed: September 13, 2007
    Publication date: March 19, 2009
    Inventors: Richard J. Cardone, Michael A. Halcrow, Benjamin M. Landman, Kent Yoder
  • Publication number: 20090072030
    Abstract: An apparatus for a paper-free, verifiable, electronic voting system, comprising an electronic voting machine including at least one direct recording electronic device, at least one ballot summary, where each of the ballot summaries representing selections of a voter, at least one ballot verification subsystem that creates, displays, and stores said ballot summaries, at least one ballot summary storage repository for storing said ballot summaries as saved ballot summaries, and an optional network for communication among components of the electronic voting system.
    Type: Application
    Filed: September 13, 2007
    Publication date: March 19, 2009
    Inventors: Richard J. Cardone, Michael A. Halcrow, Benjamin M. Landman, Kent Yoder