Patents by Inventor Simon Kai-Ying Shiu
Simon Kai-Ying Shiu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10699031Abstract: In an example, transactions are secured between electronic circuits in a memory fabric. An electronic circuit may receive a transaction integrity key. The electronic circuit may compute a truncated message authentication code (MAC) using the received transaction integrity key and attach the truncated MAC to a security message header (SMH) of the transaction.Type: GrantFiled: October 30, 2014Date of Patent: June 30, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Liqun Chen, Chris I. Dalton, Fraser John Dickin, Nigel Edwards, Simon Kai-Ying Shiu
-
Patent number: 10650169Abstract: There is provided an example memory system comprising a plurality of memory modules, each memory module comprising a persistent memory to store root key information and encrypted primary data; a volatile memory to store a working key for encrypting data, the encrypted primary data stored in the persistent memory being encrypted using the working key; and a control unit to provide load and store access to the primary data. The memory system further comprises a working key recovery mechanism to retrieve first root key information from a first module and second root key information from a second module; and compute the working key for a given module based on the retrieved first root key information and the retrieved second root key information.Type: GrantFiled: September 14, 2015Date of Patent: May 12, 2020Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Liqun Chen, Chris I. Dalton, Fraser Dickin, Mark Lillibridge, Simon Kai Ying Shiu
-
Patent number: 10374807Abstract: Storing and retrieving ciphertext in data storage can include determining a first ciphertext value for a first data chunk to be saved to a client-server data storage system using an encrypted chunk hash value associated with the first data chunk as an initial value, and storing the first data chunk on a server in the client-server data storage system in response to determining that the first ciphertext value is a unique ciphertext value. Also, storing and retrieving ciphertext in data storage can include decrypting a ciphertext value for a second data chunk received from a client in the client-server data storage system and based on an encrypted chunk hash value associated with the second data chunk, and sending the second data chunk to the client in response to determining that the decrypted ciphertext value corresponds to an original data chunk saved to the server by the client.Type: GrantFiled: April 4, 2014Date of Patent: August 6, 2019Assignee: Hewlett Packard Enterprise Development LPInventors: Liqun Chen, Peter T. Camble, Jonathan P. Buckingham, Simon Pelly, Simon Kai-Ying Shiu, Joseph S. Ficara, Hendrik Radon
-
Patent number: 10192066Abstract: In one implementation, a data sharing system can comprise a trust engine to identify an environment that satisfies a level of trust, an access engine to request access to a set of data, a procedure engine to receive a procedure, a restriction engine to receive a semantic restriction associated with a semantic term of the environment, a tracker engine to track the procedure during execution, and a control engine to maintain execution of the procedure based on the restriction and trace information. In another implementation, a method for sharing a set of data can comprise validating an environment satisfies a level of trust, receiving a procedure to access the set of data, receiving a semantic restriction associated with a semantic term of the environment, tracing the procedure during execution, and providing a view of the set of data based on the restriction and a semantic mapping of trace information.Type: GrantFiled: March 14, 2014Date of Patent: January 29, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Patrick Goldsack, Marco Casassa Mont, Suksant Sae Lor, Simon Kai-Ying Shiu
-
Patent number: 10193892Abstract: In one implementation, a data sharing system can comprise a trust engine to identify an environment that satisfies a level of trust, an access engine to request access to a set of data, a procedure engine to receive a procedure, a restriction engine to receive a restriction associated with a resource of the environment, a monitor engine to maintain resource utilization information, and a control engine to limit execution of the procedure based on the restriction and the resource utilization information. In another implementation, a method for sharing a set of data can comprise validating an environment satisfies a level of trust, receiving a restriction associated with a resource of the environment, receiving a procedure to access the set of data, ascertaining resource utilization information, and providing a view of the set of data based on the restriction and the resource utilization information.Type: GrantFiled: March 14, 2014Date of Patent: January 29, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Patrick Goldsack, Marco Casassa Mont, Simon Kai-Ying Shiu, Suksant Sae Lor
-
Patent number: 10027481Abstract: An electronic device for management of cryptographic keys, and a corresponding method implemented in a computing device comprising a physical processor, transmit feature data of the device to a key generation module, wherein the feature data comprises information corresponding to an identifier or an attribute of the device, and receive, by the device from the key generation module, a digital signature of the transmitted feature data. The device installs the received digital signature as a cryptographic private key for communication, and performs a cryptographic operation using the installed digital signature as the cryptographic private key.Type: GrantFiled: June 30, 2015Date of Patent: July 17, 2018Assignee: Hewlett Packard Enterprise Development LPInventors: Liqun Chen, Fraser John Dickin, Martin Sadler, Chris I Dalton, Nigel Edwards, Simon Kai-Ying Shiu, Boris Balacheff
-
Publication number: 20180165479Abstract: There is provided an example memory system comprising a plurality of memory modules, each memory module comprising a persistent memory to store root key information and encrypted primary data; a volatile memory to store a working key for encrypting data, the encrypted primary data stored in the persistent memory being encrypted using the working key; and a control unit to provide load and store access to the primary data. The memory system further comprises a working key recovery mechanism to retrieve first root key information from a first module and second root key information from a second module; and compute the working key for a given module based on the retrieved first root key information and the retrieved second root key information.Type: ApplicationFiled: September 14, 2015Publication date: June 14, 2018Inventors: Liqun Chen, Chris I. Dalton, Fraser Dickin, Mark Lillibridge, Simon Kai Ying Shiu
-
Publication number: 20170262546Abstract: Implementations are directed, for example, to a method that includes receiving, at a data storage system from a client, a key search token that has not been used to encrypt data records or keywords associated with the data records. The key search token is independent of an encryption key used to encrypt the data records associated with the key search token. The method further includes determining an encrypted data record associated with the key search token, and transmitting the determined encrypted data record to the client. Implementations of the client are also provided.Type: ApplicationFiled: July 30, 2014Publication date: September 14, 2017Inventors: Liqun Chen, Stuart Haber Haber, Kate Mallichan, Simon Kai-Ying Shiu
-
Publication number: 20170213054Abstract: In an example, transactions are secured between electronic circuits in a memory fabric. An electronic circuit may receive a transaction integrity key. The electronic circuit may compute a truncated message authentication code (MAC) using the received transaction integrity key and attach the truncated MAC to a security message header (SMH) of the transaction.Type: ApplicationFiled: October 30, 2014Publication date: July 27, 2017Inventors: Liqun Chen, Chris I. Dalton, Fraser John Dickin, Nigel Edwards, Simon Kai-Ying Shiu
-
Patent number: 9633231Abstract: A data processing system supporting a secure domain and a non-secure domain comprises a hardware component, and a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain. The hardware component has a property having a secure state. The property of the hardware component in the secure state may only be reconfigured responsive to instructions received from the secure domain. The secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application.Type: GrantFiled: June 30, 2015Date of Patent: April 25, 2017Assignee: Hewlett-Packard Development Company, L.P.Inventors: Maugan Villatel, Boris Balacheff, Chris I Dalton, David Plaquin, Adrian Shaw, Simon Kai-Ying Shiu
-
Publication number: 20170004319Abstract: In one implementation, a data sharing system can comprise a trust engine to identify an environment that satisfies a level of trust, an access engine to request access to a set of data, a procedure engine to receive a procedure, a restriction engine to receive a semantic restriction associated with a semantic term of the environment, a tracker engine to track the procedure during execution, and a control engine to maintain execution of the procedure based on the restriction and trace information. In another implementation, a method for sharing a set of data can comprise validating an environment satisfies a level of trust, receiving a procedure to access the set of data, receiving a semantic restriction associated with a semantic term of the environment, tracing the procedure during execution, and providing a view of the set of data based on the restriction and a semantic mapping of trace information.Type: ApplicationFiled: March 14, 2014Publication date: January 5, 2017Inventors: Patrick GOLDSACK, Marco CASASSA MONT, Suksant SAE LOR, Simon Kai-Ying SHIU
-
Publication number: 20160381036Abstract: In one implementation, a data sharing system can comprise a trust engine to identify an environment that satisfies a level of trust, an access engine to request access to a set of data, a procedure engine to receive a procedure, a restriction engine to receive a restriction associated with a resource of the environment, a monitor engine to maintain resource utilization information, and a control engine to limit execution of the procedure based on the restriction and the resource utilization information. In another implementation, a method for sharing a set of data can comprise validating an environment satisfies a level of trust, receiving a restriction associated with a resource of the environment, receiving a procedure to access the set of data, ascertaining resource utilization information, and providing a view of the set of data based on the restriction and the resource utilization information.Type: ApplicationFiled: March 14, 2014Publication date: December 29, 2016Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Patrick Goldsack, Marco CASASSA MONT, Simon Kai-Ying SHIU, Suksant SAE LOR
-
Publication number: 20160344553Abstract: Storing and retrieving ciphertext in data storage can include determining a first ciphertext value for a first data chunk to be saved to a client-server data storage system using an encrypted chunk hash value associated with the first data chunk as an initial value, and storing the first data chunk on a server in the client-server data storage system in response to determining that the first ciphertext value is a unique ciphertext value. Also, storing and retrieving ciphertext in data storage can include decrypting a ciphertext value for a second data chunk received from a client in the client-server data storage system and based on an encrypted chunk hash value associated with the second data chunk, and sending the second data chunk to the client in response to determining that the decrypted ciphertext value corresponds to an original data chunk saved to the server by the client.Type: ApplicationFiled: April 4, 2014Publication date: November 24, 2016Inventors: Liqun Chen, Peter T. Camble, Jonathan P. Bucklngham, Simon Pelly, Simon Kai-Ying Shiu, Joseph S. Ficara, Hendrik Radon
-
Publication number: 20160217295Abstract: According to an example, trusted function based data access security control may include determining a restriction set by a first entity and related to access to and/or analysis related to data under the control of the first entity. A trusted function including meta-data that describes a transformation of the data may be ascertained. A determination may be made as to whether the meta-data of the trusted function matches the restriction related to the access to and/or analysis related to the data. In response to a determination that the meta-data of the trusted function matches the restriction, the trusted function may be executed to allow controlled access to the data by a second entity. In response to a determination that the meta-data of the trusted function does not match the restriction, execution of the trusted function may be prevented to prevent access to the data by the second entity.Type: ApplicationFiled: October 31, 2013Publication date: July 28, 2016Inventors: Patrick Goldsack, Marco Casassa Mont, Suksant Sae Lor, Simon Kai-Ying Shiu
-
Publication number: 20160125201Abstract: A data processing system supporting a secure domain and a non-secure domain comprises a hardware component, and a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain. The hardware component has a property having a secure state. The property of the hardware component in the secure state may only be reconfigured responsive to instructions received from the secure domain. The secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application.Type: ApplicationFiled: June 30, 2015Publication date: May 5, 2016Inventors: Maugan Villatel, Boris Balacheff, Chris I. Dalton, David Plaquin, Adrian Shaw, Simon Kai-Ying Shiu
-
Publication number: 20160127128Abstract: An electronic device for management of cryptographic keys, and a corresponding method implemented in a computing device comprising a physical processor, transmit feature data of the device to a key generation module, wherein the feature data comprises information corresponding to an identifier or an attribute of the device, and receive, by the device from the key generation module, a digital signature of the transmitted feature data. The device installs the received digital signature as a cryptographic private key for communication, and performs a cryptographic operation using the installed digital signature as the cryptographic private key.Type: ApplicationFiled: June 30, 2015Publication date: May 5, 2016Inventors: Liqun Chen, Fraser John Dickin, Martin Sadler, Chris I. Dalton, Nigel Edwards, Simon Kai-Ying Shiu, Boris Balacheff
-
Patent number: 9083748Abstract: A method of assessing a network uses a model (450) having nodes (100, 110) to represent parts of the network infrastructure and the application services, and having links to represent how the nodes influence each other. Dependencies or effects of the application services are found by determining paths through the nodes and links of the model (530). Such assessment can be useful for design, test, operations, and diagnosis, and for assessment of which parts of the infrastructure are critical to given services, or which services are dependent on, or could have an effect on a given part of the infrastructure. The dependencies or effects can encompass reachability information. The use of a model having links and nodes can enable more efficient processing, to enable larger or richer models. What changes in the dependencies or effects result from a given change in the network can be determined (830).Type: GrantFiled: December 14, 2005Date of Patent: July 14, 2015Assignee: Hewlett-Packard Development Company, L.P.Inventors: Brian Quentin Monahan, Adrian John Baldwin, Simon Kai-Ying Shiu
-
Patent number: 8397302Abstract: A system for analyzing a process, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and including components representing a process for provisioning and de-provisioning of access credentials for an individual in the environment and a risk analyzer to calculate multiple randomized instances of an outcome for the environment using multiple values for parameters of the elements of the model selected from within respective predefined ranges for the parameters, and to use a results plan to provide data for identifying the security risk using the multiple instances.Type: GrantFiled: October 29, 2010Date of Patent: March 12, 2013Assignee: Hewlett-Packard Development Company, L.P.Inventors: Marco Casassa Mont, Yolanta Beresnevichiene, Simon Kai-Ying Shiu
-
Publication number: 20120179501Abstract: Information relating to an entity's objectives is received, a utility function based on the received objectives is derived, the utility function is compared with results from a number of simulated investment options, and the comparisons are presented to a user associated with the entity.Type: ApplicationFiled: January 7, 2011Publication date: July 12, 2012Inventors: Yolanta Beresnevichiene, Marco Casassa Mont, David Pym, Simon Kai-Ying Shiu
-
Publication number: 20120110670Abstract: A system for analyzing a process, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and including components representing a process for provisioning and de-provisioning of access credentials for an individual in the environment and a risk analyzer to calculate multiple randomized instances of an outcome for the environment using multiple values for parameters of the elements of the model selected from within respective predefined ranges for the parameters, and to use a results plan to provide data for identifying the security risk using the multiple instances.Type: ApplicationFiled: October 29, 2010Publication date: May 3, 2012Inventors: Marco Casassa Mont, Yolanta Beresnevichiene, Simon Kai-Ying Shiu