Patents by Inventor Michael Halcrow

Michael Halcrow has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20250094205
    Abstract: A method including monitoring, using a standard level of auditing, one or more processes of a VM and, based on monitoring the process(es), detecting aberrant behavior indicating that an attack against the VM is imminent. Based on detecting aberrant behavior indicating that the attack is imminent, the method includes monitoring, using a heightened level of auditing, the process(es), the heightened level of auditing generating log data representative of memory accesses performed by the VM, and notifying a user of the VM that the imminent attack is detected. During the attack against the VM, maintaining the monitoring of the process(es) using the heightened level of auditing, the method includes determining that the attack has concluded and, based on determining that the attack has concluded, processing the log data to determine an action performed by the detected attack; and monitoring, using the standard level of auditing, the process(es).
    Type: Application
    Filed: December 1, 2024
    Publication date: March 20, 2025
    Applicant: Google LLC
    Inventors: Michael Halcrow, Thomas Garnier
  • Patent number: 12182604
    Abstract: A method for capturing VM resources for forensics includes receiving an indication of compromise (IoC). The indication of compromise indicates an attack is imminent against a virtual machine. The method also includes, in response to receiving the IoC and before the attack begins, snapshotting a memory state of memory used by the virtual machine and increasing a level of auditing of the virtual machine from a standard level of auditing to a heightened level of auditing. The heightened level of auditing generates data representative of all accesses to the memory used by the virtual machine. After the attack against the virtual machine has begun, the method includes maintaining the heightened level of auditing for a threshold period of time, notifying a user of the virtual machine of the indication of compromise, and storing the data in memory external to the virtual machine.
    Type: Grant
    Filed: October 21, 2022
    Date of Patent: December 31, 2024
    Assignee: Google LLC
    Inventors: Michael Halcrow, Thomas Garnier
  • Publication number: 20240403229
    Abstract: A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.
    Type: Application
    Filed: May 6, 2024
    Publication date: December 5, 2024
    Inventors: Joseph Richey, Michael Halcrow, Sergey Karamov
  • Patent number: 11977492
    Abstract: A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.
    Type: Grant
    Filed: May 22, 2023
    Date of Patent: May 7, 2024
    Assignee: Google LLC
    Inventors: Joseph Richey, Michael Halcrow, Sergey Karamov
  • Publication number: 20230385205
    Abstract: A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.
    Type: Application
    Filed: May 22, 2023
    Publication date: November 30, 2023
    Inventors: Joseph Richey, Michael Halcrow, Sergey Karamov
  • Patent number: 11829470
    Abstract: The technology provides for a threat detection system. In this regard, the system may be configured to output file states of a multi-layer file system. For instance, the system may determine, based on the file states for a file, one or more layers of the multi-layer file system in which one or more objects corresponding to the file can be found. Based on the one or more objects corresponding to the file, the system may detect a potential threat. The system may then take an action in response to the potential threat.
    Type: Grant
    Filed: September 21, 2022
    Date of Patent: November 28, 2023
    Assignee: Google LLC
    Inventors: Michael Halcrow, Thomas Garnier
  • Patent number: 11693792
    Abstract: A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.
    Type: Grant
    Filed: January 4, 2018
    Date of Patent: July 4, 2023
    Assignee: Google LLC
    Inventors: Joseph Richey, Michael Halcrow, Sergey Karamov
  • Publication number: 20230056426
    Abstract: A method for capturing VM resources for forensics includes receiving an indication of compromise (IoC). The indication of compromise indicates an attack is imminent against a virtual machine. The method also includes, in response to receiving the IoC and before the attack begins, snapshotting a memory state of memory used by the virtual machine and increasing a level of auditing of the virtual machine from a standard level of auditing to a heightened level of auditing. The heightened level of auditing generates data representative of all accesses to the memory used by the virtual machine. After the attack against the virtual machine has begun, the method includes maintaining the heightened level of auditing for a threshold period of time, notifying a user of the virtual machine of the indication of compromise, and storing the data in memory external to the virtual machine.
    Type: Application
    Filed: October 21, 2022
    Publication date: February 23, 2023
    Applicant: Google LLC
    Inventors: Michael Halcrow, Thomas Gamier
  • Publication number: 20230028056
    Abstract: The technology provides for a threat detection system. In this regard, the system may be configured to output file states of a multi-layer file system. For instance, the system may determine, based on the file states for a file, one or more layers of the multi-layer file system in which one or more objects corresponding to the file can be found. Based on the one or more objects corresponding to the file, the system may detect a potential threat. The system may then take an action in response to the potential threat.
    Type: Application
    Filed: September 21, 2022
    Publication date: January 26, 2023
    Inventors: Michael Halcrow, Thomas Garnier
  • Patent number: 11494216
    Abstract: A method for capturing VM resources for forensics includes receiving an indication of compromise (IoC). The indication of compromise indicates an attack is imminent against a virtual machine. The method also includes, in response to receiving the IoC and before the attack begins, snapshotting a memory state of memory used by the virtual machine and increasing a level of auditing of the virtual machine from a standard level of auditing to a heightened level of auditing. The heightened level of auditing generates data representative of all accesses to the memory used by the virtual machine. After the attack against the virtual machine has begun, the method includes maintaining the heightened level of auditing for a threshold period of time, notifying a user of the virtual machine of the indication of compromise, and storing the data in memory external to the virtual machine.
    Type: Grant
    Filed: August 16, 2019
    Date of Patent: November 8, 2022
    Assignee: Google LLC
    Inventors: Michael Halcrow, Thomas Garnier
  • Patent number: 11481487
    Abstract: The technology provides for a threat detection system. In this regard, the system may be configured to output file states of a multi-layer file system. For instance, the system may determine, based on the file states for a file, one or more layers of the multi-layer file system in which one or more objects corresponding to the file can be found. Based on the one or more objects corresponding to the file, the system may detect a potential threat. The system may then take an action in response to the potential threat.
    Type: Grant
    Filed: July 8, 2019
    Date of Patent: October 25, 2022
    Assignee: Google LLC
    Inventors: Michael Halcrow, Thomas Garnier
  • Publication number: 20210049031
    Abstract: A method for capturing VM resources for forensics includes receiving an indication of compromise (IoC). The indication of compromise indicates an attack is imminent against a virtual machine. The method also includes, in response to receiving the IoC and before the attack begins, snapshotting a memory state of memory used by the virtual machine and increasing a level of auditing of the virtual machine from a standard level of auditing to a heightened level of auditing. The heightened level of auditing generates data representative of all accesses to the memory used by the virtual machine. After the attack against the virtual machine has begun, the method includes maintaining the heightened level of auditing for a threshold period of time, notifying a user of the virtual machine of the indication of compromise, and storing the data in memory external to the virtual machine.
    Type: Application
    Filed: August 16, 2019
    Publication date: February 18, 2021
    Applicant: Google LLC
    Inventors: Michael Halcrow, Thomas Garnier
  • Publication number: 20210012000
    Abstract: The technology provides for a threat detection system. In this regard, the system may be configured to output file states of a multi-layer file system. For instance, the system may determine, based on the file states for a file, one or more layers of the multi-layer file system in which one or more objects corresponding to the file can be found. Based on the one or more objects corresponding to the file, the system may detect a potential threat. The system may then take an action in response to the potential threat.
    Type: Application
    Filed: July 8, 2019
    Publication date: January 14, 2021
    Inventors: Michael Halcrow, Thomas Garnier
  • Publication number: 20190205267
    Abstract: A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.
    Type: Application
    Filed: January 4, 2018
    Publication date: July 4, 2019
    Inventors: Joseph Richey, Michael Halcrow, Sergey Karamov
  • Patent number: 10164955
    Abstract: A method of operating a distributed storage system includes receiving, at data processing hardware of the distributed storage system, a customer-supplied encryption key from a customer device (i.e., a client). The customer-supplied encryption key is associated with wrapped persistent encryption keys for encrypted resources of the distributed storage system. The wrapped persistent encryption keys are stored on one or more non-volatile memory hosts of the distributed storage system. The method also includes unwrapping, by the data processing hardware, a wrapped persistent encryption key that corresponds to a requested encrypted resource using the customer-supplied encryption key. The unwrapped persistent encryption key is configured to decrypt the requested encrypted resource. The method further includes decrypting, by the data processing hardware, the requested encrypted resource using the corresponding unwrapped persistent encryption key.
    Type: Grant
    Filed: May 25, 2016
    Date of Patent: December 25, 2018
    Assignee: Google LLC
    Inventors: Michael Halcrow, Timothy Dierks
  • Patent number: 9639708
    Abstract: An electronic device implements a method of encrypting directories of a file system. A processor receives a request to access a directory entry of a file system, and identifies a user who is logged into the electronic device. The processor determines whether the user has access to a directory encryption key associated with the directory entry and, if not, identifies an encrypted file name stored in the directory entry, and determines whether the encrypted file name complies with one or more naming rules. If the encrypted file name does not comply with one or more naming rules, the processor applies one or more functions to a file name associated with the encrypted file name to generate an encoded encrypted file name that complies with the one or more naming rules, and causes the encoded encrypted file name to be displayed as a representation of the directory entry.
    Type: Grant
    Filed: August 18, 2015
    Date of Patent: May 2, 2017
    Assignee: GOOGLE INC.
    Inventors: Uday Ramesh Savagaonkar, Michael Halcrow, Theodore Yue Tak Ts'o, Ildar Muslukhov
  • Publication number: 20170053125
    Abstract: An electronic device implements a method of encrypting directories of a file system. A processor receives a request to access a directory entry of a file system, and identifies a user who is logged into the electronic device. The processor determines whether the user has access to a directory encryption key associated with the directory entry and, if not, identifies an encrypted file name stored in the directory entry, and determines whether the encrypted file name complies with one or more naming rules. If the encrypted file name does not comply with one or more naming rules, the processor applies one or more functions to a file name associated with the encrypted file name to generate an encoded encrypted file name that complies with the one or more naming rules, and causes the encoded encrypted file name to be displayed as a representation of the directory entry.
    Type: Application
    Filed: August 18, 2015
    Publication date: February 23, 2017
    Inventors: Uday Ramesh Savagaonkar, Michael Halcrow, Theodore Yue Tak Ts'o, Ildar Muslukhov
  • Publication number: 20070167173
    Abstract: A method, system, and computer program product for efficiently generating a substantially accurate list of available hotspots in geographic locations. A computer system configured with a hotspot location utility operates as a Provider. The Provider receives from a mobile device a hotspot operability/ayailability transmission (HOT), which includes an identification of a currently operating and available hotspot. The Provider concurrently receives a current GPS coordinate of the device transmitting the HOT. Then, the provider stores the HOT and associated GPS coordinate within a hotspot locator database. When the Provider later receives a request from a user searching for hotpots within a particular geographic location, the Provider determines which acceptable entries of the multiple entries are in geographic locations in proximity to the particular geographic location and then provides an output of the acceptable entries to the user.
    Type: Application
    Filed: January 19, 2006
    Publication date: July 19, 2007
    Inventors: Michael Halcrow, Dustin Kirkland
  • Publication number: 20070167174
    Abstract: A WIFI-enabled and GPS-enabled user device executes a hotspot location utility, which enables the device to detect WIFI hotspots and update a locally-stored hotspot location database (LHLD) containing geographically-mapped hotspots. When a hotspot is detected, the device accesses the hotspot, retrieves identification information and usage terms from the hotspot, and measures performance metrics of the hotspot. The utility stores the identified hotspot with the current GPS coordinate as an entry within the LHLD. When a user later desires to locate hotspots within a particular geographic location, the user enters the physical address of the location, and hotspots with matching (or proximate) GPS coordinates of the entered address are presented to the user. The user may specify certain preferences for usage terms, performance metrics, and location criteria, and the utility filters all geographic hits and returns only hotspots in the geographic location that also satisfy these preferences.
    Type: Application
    Filed: January 19, 2006
    Publication date: July 19, 2007
    Inventors: Michael Halcrow, Dustin Kirkland
  • Publication number: 20070016964
    Abstract: Safe deposit boxes, services, and methods for physically secure data storage are provided that include securing a network-enabled computer within a safe deposit box, receiving, in the network-enabled computer, data transmitted from a remote computer coupled for data communications with the network-enabled computer; and storing the data in the memory of the network-enabled computer. Securing a network-enabled computer within a safe deposit box may be carried out by providing a locked safe deposit box having the networked enabled computer stored within. Securing a network-enabled computer within a safe deposit box may be carried out by providing a lockable safe deposit box having the networked enabled computer integrated within.
    Type: Application
    Filed: July 14, 2005
    Publication date: January 18, 2007
    Inventors: Michael Halcrow, Dustin Kirkland