Patents by Inventor Cheh Goh
Cheh Goh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8510789Abstract: Data to be output to a removable storage medium is encrypted for sending to an output device by an encryption process based on encryption parameters comprising public data of a trusted party and an encryption key string comprising a policy for allowing the output of the data. The trusted party provides a decryption key to the output device but only after being satisfied that the policy has been met. The decryption key is generated in dependence on the encryption key string and private data of the trusted party. The output device uses the decryption key in decrypting the data to be output. Embodiments are provided that involve multiple policies and trusted parties.Type: GrantFiled: September 16, 2003Date of Patent: August 13, 2013Assignee: Hewlett-Packard Development Company, L.P.Inventors: Cheh Goh, Liqun Chen, Stephen James Crane, Marco Casassa Mont, Keith Alexander Harrison
-
Patent number: 7650498Abstract: To control access to target data whilst relieving the data provider of policing obligations, the data provider provides the target data in encrypted form to a requesting party as part of a data set with which first and second trusted authorities are associated in a non-subvertible manner. Recovery of the target data in clear by the party requires the first trusted authority to verify that a specific individual is a professional accredited with it, the second trusted authority to verify that a particular organisation is accredited with it, the particular organisation to verify that the specific individual is engaged by it, and at least one of the particular organisation and the first trusted authority to verify that the party is the specific individual. Various ways of encrypting the target data are provided, the preferred ways being based on Identifier-Based Encryption schemas.Type: GrantFiled: April 14, 2004Date of Patent: January 19, 2010Assignee: Hewlett-Packard Development Company, L.P.Inventors: Cheh Goh, Liqun Chen
-
Patent number: 7516321Abstract: A trusted authority delegates authority to a device. This delegation of authority is effected by providing a yet-to-be completed chain of public/private cryptographic key pairs linked in a subversion-resistant manner. The chain terminates with a penultimate key pair formed by public/private data, and a link towards an end key pair to be formed by an encryption/decryption key pair of an Identifier-Based Encryption, IBE, scheme. The private data is securely stored in the device for access only by an authorized key-generation process that forms the link to the end key pair and is arranged to provide the IBE decryption key generated using the private data and encryption key. This key generation/provision is normally only effected if at least one condition, for example specified in the encryption key, is satisfied. Such a condition may be one tested against data provided by the trusted authority and stored in the device.Type: GrantFiled: March 8, 2004Date of Patent: April 7, 2009Assignee: Hewlett-Packard Development Company, L.P.Inventors: Liqun Chen, Stephen James Crane, Cheh Goh
-
Patent number: 7308572Abstract: A method of printing a document (10) stored at a home computing system (5) on a printer (9) of a remote computing system, the home and remote computing system including a home trusted print proxy (HTPP) (3) and a remote trusted print proxy (RTPP) (2), respectively, which are configured to be able to establish communication via a communications link, in which the printer (9) includes a digital identification device (1) configured to provide a printer public key of a cryptographic public key/private key pair and the RTPP (2) is configured to supply a one time token on request, the method including the steps of using a mobile device (4) to interrogate the RTPP (2) and printer (9) to obtain a one time token and the printer public key using the mobile device (4) to transmit to the home computing system (5) a print request including the one time token and printer public and identification of the document (10) to be printed establishing a secure communications channel between the home and remote computing system viaType: GrantFiled: October 15, 2002Date of Patent: December 11, 2007Assignee: Hewlett-Packard Development Company, L.P.Inventors: Cheh Goh, David A Clarke
-
Patent number: 6978379Abstract: An apparatus (22,44) is described for use in generating configuration information for a computer system (12) employing hierarchical entities. A policy template (24) is employed which contains a definition of an abstract high-level policy, for the configuration of the system, and permitted refinements to that policy, the definition referring to a plurality of the entities. An information and system model (16) contains information about the computer system and its environment including the entities referred to in the high-level policy definition, the hierarchy thereof and non-hierarchical relations between the entities. A policy authoring engine (26) refines the high-level policy definition with reference to the permitted refinements thereto and the stored information about the entities to which the high-level policy definition relates in order to produce a refined policy definition.Type: GrantFiled: May 26, 2000Date of Patent: December 20, 2005Assignee: Hewlett-Packard Development Company, L.P.Inventors: Cheh Goh, Casassa Mont Marco, Adrian John Baldwin
-
Publication number: 20050102512Abstract: Data to be output to a removable storage medium is encrypted for sending to an output device by an encryption process based on encryption parameters comprising public data of a trusted party and an encryption key string comprising a policy for allowing the output of the data. The trusted party provides a decryption key to the output device but only after being satisfied that the policy has been met. The decryption key is generated in dependence on the encryption key string and private data of the trusted party. The output device uses the decryption key in decrypting the data to be output. Embodiments are provided that involve multiple policies and trusted parties.Type: ApplicationFiled: September 16, 2003Publication date: May 12, 2005Inventors: Cheh Goh, Liqun Chen, Stephen Crane, Marco Mont, Keith Harrison
-
Publication number: 20050058294Abstract: A trusted authority delegates authority to a device. This delegation of authority is effected by providing a yet-to-be completed chain of public/private cryptographic key pairs linked in a subversion-resistant manner. The chain terminates with a penultimate key pair formed by public/private data, and a link towards an end key pair to be formed by an encryption/decryption key pair of an Identifier-Based Encryption, IBE, scheme. The private data is securely stored in the device for access only by an authorized key-generation process that forms the link to the end key pair and is arranged to provide the IBE decryption key generated using the private data and encryption key. This key generation/provision is normally only effected if at least one condition, for example specified in the encryption key, is satisfied. Such a condition may be one tested against data provided by the trusted authority and stored in the device.Type: ApplicationFiled: March 8, 2004Publication date: March 17, 2005Inventors: Liqun Chen, Stephen Crane, Cheh Goh
-
Publication number: 20050010760Abstract: To control access to target data whilst relieving the data provider of policing obligations, the data provider provides the target data in encrypted form to a requesting party as part of a data set with which first and second trusted authorities are associated in a non-subvertible manner. Recovery of the target data in clear by the party requires the first trusted authority to verify that a specific individual is a professional accredited with it, the second trusted authority to verify that a particular organisation is accredited with it, the particular organisation to verify that the specific individual is engaged by it, and at least one of the particular organisation and the first trusted authority to verify that the party is the specific individual. Various ways of encrypting the target data are provided, the preferred ways being based on Identifier-Based Encryption schemas.Type: ApplicationFiled: April 14, 2004Publication date: January 13, 2005Inventors: Cheh Goh, Liqun Chen
-
Patent number: 6688230Abstract: A method of printing a token by printer (5), in which the printer (5) includes a digital identification device (1) configured to generate a series of distinct print job counter numbers and to provide a public key of a cryptographic public key/private key pair. The method includes the steps of sending a printer generated print job counter number and an encryption key to a token issuer (4) the token issuer (4) sending to the printer (5) a message encrypted by the encryption key, the message including the print job counter number and information representative of the token (9) to be printed and the printer (5) decrypting the encrypted message and printing the token using the information representative of the token (9) if the print job counter number is valid.Type: GrantFiled: October 15, 2002Date of Patent: February 10, 2004Assignee: Hewlett-Packard Development Company, L.P.Inventors: Cheh Goh, Marco Casassa Mont
-
Publication number: 20040010686Abstract: A computer system comprises a computer apparatus that requests a first computer arrangement to provide data to a second computer arrangement in response to the computer apparatus determining that the second computer arrangement has a trusted device.Type: ApplicationFiled: April 18, 2003Publication date: January 15, 2004Inventors: Cheh Goh, Marco Casassa Mont
-
Publication number: 20030099353Abstract: A method of printing a document (10) stored at a home computing system (5) on a printer (9) of a remote computing system, the home and remote computing system including a home trusted print proxy (HTPP) (3) and a remote trusted print proxy (RTPP) (2), respectively, which are configured to be able to establish communication via a communications link, in which the printer (9) includes a digital identification device (1) configured to provide a printer public key of a cryptographic public key/private key pair and the RTPP (2) is configured to supply a one time token on request, the method including the steps of using a mobile device (4) to interrogate the RTPP (2) and printer (9) to obtain a one time token and the printer public key using the mobile device (4) to transmit to the home computing system (5) a print request including the one time token and printer public and identification of the document (10) to be printed establishing a secure communications channel between the home and remote computing system viaType: ApplicationFiled: October 15, 2002Publication date: May 29, 2003Inventors: Cheh Goh, David A. Clarke
-
Publication number: 20030084809Abstract: A method of printing a token by printer (5), in which the printer (5) includes a digital identification device (1) configured to generate a series of distinct print job counter numbers and to provide a public key of a cryptographic public key/private key pair. The method includes the steps of sending a printer generated print job counter number and an encryption key to a token issuer (4) the token issuer (4) sending to the printer (5) a message encrypted by the encryption key, the message including the print job counter number and information representative of the token (9) to be printed and the printer (5) decrypting the encrypted message and printing the token using the information representative of the token (9) if the print job counter number is valid.Type: ApplicationFiled: October 15, 2002Publication date: May 8, 2003Inventors: Cheh Goh, Marco Casassa Mont