Patents by Inventor Scott Kelso

Scott Kelso has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10877533
    Abstract: Additional workloads are assigned among servers in a power-efficient manner. For each of a plurality of servers, a stored power efficiency/capacity utilization relationship is accessed, current component power consumption values are obtained, and a current power consumption efficiency is calculated. An amount of capacity utilization necessary to perform an additional workload is obtained, and a predicted power consumption efficiency is determined for each server. The predicted efficiency is determined using the current power consumption efficiency of the server and the stored relationship. The workload is then assigned to the server that would have the greatest improvement in power consumption efficiency.
    Type: Grant
    Filed: November 20, 2017
    Date of Patent: December 29, 2020
    Assignee: LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD.
    Inventors: Jason A. Matteson, John W. Nicholson, Aparna Vallury, Scott Kelso
  • Patent number: 10764321
    Abstract: Methods and systems of identifying and remediating at-risk resources in a computing environment are provided. A method includes periodically determining respective infrastructure topologies of a computing environment that changes over time, wherein the determining is performed by a computer system communicating with the computing environment. The method also includes: identifying, by the computer system, an intrusion event in the computing environment; determining, by the computer system, at-risk resources in the computing environment based on the determined intrusion event and a corresponding one of the infrastructure topologies; and performing, by the computer system, remediation action for the at-risk resources.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: September 1, 2020
    Assignee: LENOVO Enterprise Solutions (Singapore) PTE. LTD
    Inventors: Fred Allison Bower, III, Gary David Cudak, Ajay Dholakia, William Gavin Holland, Scott Kelso
  • Patent number: 10721067
    Abstract: A CPU package includes an encryption and decryption module disposed in a communication path between an instruction path of a processor core and a data register that is externally accessible through a debug port, and a key store accessible to the module. The module is configured to encrypt and store data in the data register for each of a plurality of processes being handled in the instruction path, wherein data owned by each process is encrypted and decrypted by the module using an encryption key assigned to the process. The key store is configured to store the encryption key assigned to each of a plurality of processes, wherein the key store is inaccessible outside the CPU package. The data is only decrypted for a requesting process having a process identifier that matches the process identifier stored in the processor data structure along with the requested data.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: July 21, 2020
    Assignee: LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD.
    Inventors: Fred A. Bower, III, William G. Holland, Scott Kelso, Christopher L. Wood
  • Patent number: 10417433
    Abstract: An apparatus includes one or more processor core, trusted key store, memory controller, and a memory module. The memory controller includes an encryption/decryption module that encrypts data being stored to the memory module for a guest OS being executed by the processor core(s) and that decrypts data being read from the memory module for the guest OS. Data owned by the guest OS is encrypted and decrypted by the encryption/decryption module using an encryption key stored by the trusted key store in association with the guest OS. A method encrypts data owned by the guest OS using the encryption key assigned to the guest OS and stores the encrypted data on a memory module, wherein the encrypted data is stored in association with the process identifier of the guest OS, and decrypts the encrypted data using the guest OS encryption key and provides the decrypted data to the guest OS.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: September 17, 2019
    Assignee: Lenovo Enterprise Solutions (Singapore) Pte. Ltd.
    Inventors: Scott Kelso, Fred A. Bower, III
  • Patent number: 10162397
    Abstract: For each of a plurality of servers, a method includes obtaining current component power consumption values and calculating a current power consumption efficiency. The method further includes determining, for each of the plurality of servers, the current power consumption efficiency and an associated capacity utilization before and during performance of multiple instances of an identified workload. Then, for each server, the method determines a curve of power consumption efficiency as a function of capacity utilization that is representative of the performance of the plurality of instances of the identified workload. Embodiments of the method may then use the curve of power consumption efficiency curve in order to manage the power consumption efficiency of the plurality of servers. For example, the method may assign an additional workload to the server that is identified as having the greatest predicted power consumption efficiency.
    Type: Grant
    Filed: March 3, 2016
    Date of Patent: December 25, 2018
    Assignee: Lenovo Enterprise Solutions (Singapore) Pte. Ltd.
    Inventors: Jason A. Matteson, John W. Nicholson, Aparna Vallury, Scott Kelso
  • Patent number: 10114653
    Abstract: At power on of a computing device, a baseboard management controller (BMC) of the computing device executes, a first-stage bootloader program to download a second-stage bootloader program from a first server. The BMC executes the second-stage bootloader program to download third-stage firmware of the BMC from a second server. The BMC executes the third-stage firmware to download firmware of a primary processing subsystem of the computing device from a third server, and to start the primary processing subsystem by causing the primary processing subsystem to execute the firmware of the primary processing subsystem.
    Type: Grant
    Filed: June 9, 2016
    Date of Patent: October 30, 2018
    Assignee: Lenovo Enterprise Solutions (Singapore) PTE. LTD.
    Inventors: Fred Allison Bower, III, Ajay Dholakia, Scott Kelso, Gregory B. Pruett
  • Patent number: 10097571
    Abstract: A computer-implemented method includes receiving, by a computing device within a networking environment, a workload for execution within the networking environment; initiating, by the computing device, transfers of the workload to a plurality of network elements within the cloud networking environment; providing, by the computing device, tracking information of the workload as the workload traverses through the plurality of network elements; and storing or outputting, by the computing device, the tracking information regarding of the workload.
    Type: Grant
    Filed: March 23, 2016
    Date of Patent: October 9, 2018
    Assignee: LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD.
    Inventors: Fred Allison Bower, III, Gary David Cudak, Ajay Dholakia, William Gavin Holland, Scott Kelso
  • Patent number: 10063589
    Abstract: A method includes: deploying at least one shadow system in association with each of one or more components of a network environment; periodically recording a state map of each active component of the network environment and a corresponding state map of the shadow system(s) associated therewith; periodically comparing the recorded state map of each active component with the corresponding recorded state map of the shadow system(s) associated therewith; determining whether a deviation exists with respect to the recorded state map of each active component and the corresponding recorded state map of the shadow system(s) associated therewith; determining whether the deviation is greater than a predetermined deviation threshold; and declaring a security breach regarding the active component(s) for which the deviation was determined to be greater than the predetermined deviation threshold. Corresponding systems and computer program products are also disclosed.
    Type: Grant
    Filed: April 20, 2016
    Date of Patent: August 28, 2018
    Assignee: LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD.
    Inventors: Gary David Cudak, Ajay Dholakia, Scott Kelso, Fred Allison Bower, III
  • Publication number: 20180211049
    Abstract: An apparatus includes one or more processor core, trusted key store, memory controller, and a memory module. The memory controller includes an encryption/decryption module that encrypts data being stored to the memory module for a guest OS being executed by the processor core(s) and that decrypts data being read from the memory module for the guest OS. Data owned by the guest OS is encrypted and decrypted by the encryption/decryption module using an encryption key stored by the trusted key store in association with the guest OS. A method encrypts data owned by the guest OS using the encryption key assigned to the guest OS and stores the encrypted data on a memory module, wherein the encrypted data is stored in association with the process identifier of the guest OS, and decrypts the encrypted data using the guest OS encryption key and provides the decrypted data to the guest OS.
    Type: Application
    Filed: January 24, 2017
    Publication date: July 26, 2018
    Inventors: Scott Kelso, Fred A. Bower, III
  • Publication number: 20180074560
    Abstract: Additional workloads are assigned among servers in a power-efficient manner. For each of a plurality of servers, a stored power efficiency/capacity utilization relationship is accessed, current component power consumption values are obtained, and a current power consumption efficiency is calculated. An amount of capacity utilization necessary to perform an additional workload is obtained, and a predicted power consumption efficiency is determined for each server. The predicted efficiency is determined using the current power consumption efficiency of the server and the stored relationship. The workload is then assigned to the server that would have the greatest improvement in power consumption efficiency.
    Type: Application
    Filed: November 20, 2017
    Publication date: March 15, 2018
    Inventors: JASON A. MATTESON, John W. Nicholson, Aparna Vallury, Scott Kelso
  • Patent number: 9915989
    Abstract: Additional workloads are assigned among servers in a power-efficient manner. For each of a plurality of servers, a stored power efficiency/capacity utilization relationship is accessed, current component power consumption values are obtained, and a current power consumption efficiency is calculated. An amount of capacity utilization necessary to perform an additional workload is obtained, and a predicted power consumption efficiency is determined for each server. The predicted efficiency is determined using the current power consumption efficiency of the server and the stored relationship. The workload is then assigned to the server identified as having the greatest predicted power consumption efficiency. Alternatively, the workload may be assigned to the server identified as having the greatest improvement in power consumption efficiency.
    Type: Grant
    Filed: March 1, 2016
    Date of Patent: March 13, 2018
    Assignee: Lenovo Enterprise Solutions (Singapore) Pte. Ltd.
    Inventors: Jason A. Matteson, John W. Nicholson, Aparna Vallury, Scott Kelso
  • Publication number: 20180048470
    Abstract: A CPU package includes an encryption and decryption module disposed in a communication path between an instruction path of a processor core and a data register that is externally accessible through a debug port, and a key store accessible to the module. The module is configured to encrypt and store data in the data register for each of a plurality of processes being handled in the instruction path, wherein data owned by each process is encrypted and decrypted by the module using an encryption key assigned to the process. The key store is configured to store the encryption key assigned to each of a plurality of processes, wherein the key store is inaccessible outside the CPU package. The data is only decrypted for a requesting process having a process identifier that matches the process identifier stored in the processor data structure along with the requested data.
    Type: Application
    Filed: August 10, 2016
    Publication date: February 15, 2018
    Inventors: Fred A. Bower, III, William G. Holland, Scott Kelso, Christopher L. Wood
  • Publication number: 20170357522
    Abstract: A computer program embodied on a tangible computer readable medium includes computer code for identifying a stored configuration of a system, computer code for determining whether the stored configuration of the system includes digital signatures of each of a plurality of parties, and computer code for conditionally implementing a current configuration of the system, based on the determining.
    Type: Application
    Filed: June 10, 2016
    Publication date: December 14, 2017
    Inventors: Fred Allison Bower, III, Scott Kelso
  • Publication number: 20170357515
    Abstract: At power on of a computing device, a baseboard management controller (BMC) of the computing device executes, a first-stage bootloader program to download a second-stage bootloader program from a first server. The BMC executes the second-stage bootloader program to download third-stage firmware of the BMC from a second server. The BMC executes the third-stage firmware to download firmware of a primary processing subsystem of the computing device from a third server, and to start the primary processing subsystem by causing the primary processing subsystem to execute the firmware of the primary processing subsystem.
    Type: Application
    Filed: June 9, 2016
    Publication date: December 14, 2017
    Inventors: Fred Allison Bower, III, Ajay Dholakia, Scott Kelso, Gregory B. Pruett
  • Publication number: 20170339152
    Abstract: A selected guest key for making configuration changes to a computing device in a current use period of the computing device by an end user to which the selected guest key has been provided is activated. The end user presenting the selected guest key when remotely logging onto the computing device from a remote client computing device is authenticated. Responsive to authentication of the end user, the end user is permitted to make the configuration changes to the computing device via communications from the remote client computing device that are encrypted or signed with the selected guest key. Upon expiration of the current use period, the selected guest key is deactivated, and a new selected guest key for making configuration changes in another current use period by a different end user to which the new selected guest key has been provided can be activated.
    Type: Application
    Filed: May 20, 2016
    Publication date: November 23, 2017
    Inventors: Fred Allison Bower, III, Scott Kelso, Gregory B. Pruett, Christopher Landon Wood
  • Publication number: 20170310700
    Abstract: A method includes: detecting a potential security breach associated with at least one component of a network environment; in response to detecting the potential security breach, determining a restorable state of the at least one component, wherein the restorable state is a state prior to the potential security breach; restoring the at least one component to the restorable state; and resuming operation of the at least one component of the network. Corresponding systems and computer program products are also disclosed.
    Type: Application
    Filed: April 20, 2016
    Publication date: October 26, 2017
    Inventors: Gary David Cudak, Ajay Dholakia, Scott Kelso, Fred Allison Bower, III
  • Publication number: 20170310701
    Abstract: A method includes: deploying at least one shadow system in association with each of one or more components of a network environment; periodically recording a state map of each active component of the network environment and a corresponding state map of the shadow system(S) associated therewith; periodically comparing the recorded state map of each active component with the corresponding recorded state map of the shadow system(s) associated therewith; determining whether a deviation exists with respect to the recorded state map of each active component and the corresponding recorded state map of the shadow system(s) associated therewith; determining whether the deviation is greater than a predetermined deviation threshold; and declaring a security breach regarding the active component(s) for which the deviation was determined to be greater than the predetermined deviation threshold. Corresponding systems and computer program products are also disclosed.
    Type: Application
    Filed: April 20, 2016
    Publication date: October 26, 2017
    Inventors: Gary David Cudak, Ajay Dholakia, Scott Kelso, Fred Allison Bower, III
  • Publication number: 20170289062
    Abstract: Workload distribution based on serviceability includes: generating, for each of a plurality of computing systems, a metric representing serviceability of the computing system for which the metric is generated; and distributing workload among said plurality of computing systems in dependence upon the metrics.
    Type: Application
    Filed: March 29, 2016
    Publication date: October 5, 2017
    Inventors: PAUL ARTMAN, FRED A. BOWER, III, GARY D. CUDAK, AJAY DHOLAKIA, SCOTT KELSO
  • Publication number: 20170279844
    Abstract: Methods and systems of identifying and remediating at-risk resources in a computing environment are provided. A method includes periodically determining respective infrastructure topologies of a computing environment that changes over time, wherein the determining is performed by a computer system communicating with the computing environment. The method also includes: identifying, by the computer system, an intrusion event in the computing environment; determining, by the computer system, at-risk resources in the computing environment based on the determined intrusion event and a corresponding one of the infrastructure topologies; and performing, by the computer system, remediation action for the at-risk resources.
    Type: Application
    Filed: March 24, 2016
    Publication date: September 28, 2017
    Inventors: Fred Allison BOWER, III, Gary David CUDAK, Ajay DHOLAKIA, William Gavin HOLLAND, Scott KELSO
  • Publication number: 20170279825
    Abstract: A computer-implemented method includes receiving, by a computing device within a networking environment, a workload for execution within the networking environment; initiating, by the computing device, transfers of the workload to a plurality of network elements within the cloud networking environment; providing, by the computing device, tracking information of the workload as the workload traverses through the plurality of network elements; and storing or outputting, by the computing device, the tracking information regarding of the workload.
    Type: Application
    Filed: March 23, 2016
    Publication date: September 28, 2017
    Inventors: Fred Allison BOWER, III, Gary David CUDAK, Ajay DHOLAKIA, William Gavin HOLLAND, Scott KELSO