Patents by Inventor Tse Huong Choo

Tse Huong Choo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7962950
    Abstract: In one embodiment, the present invention is related to a computer system including compartments implemented on an operating system. A database contains access rules with the access rules defining which compartments are authorized to access particular file resources. A kernel module receives a system call to access a file from a user space application belonging to a compartment. A security module determines whether the user space application is authorized to access the file utilizing access rules stored in the database.
    Type: Grant
    Filed: June 29, 2001
    Date of Patent: June 14, 2011
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Tse Huong Choo, Scott Alan Leerssen, Joubert Berger
  • Patent number: 6981140
    Abstract: A method for improving fault tolerance and data throughput rates in the transfer of data between computing entities across a virtual private network comprises the steps of: logically dividing a memory means associated with a first said communicating entity into a plurality of areas; receiving encrypted data from said second communicating entity; storing said encrypted data in the first memory area associated with said first communicating entity; writing said encrypted data stored in said first memory area into a second memory area associated with said first communicating entity; decrypting said encrypted data stored in said second memory area; and writing said decrypted data from said second memory area to said first memory area.
    Type: Grant
    Filed: August 14, 2000
    Date of Patent: December 27, 2005
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Tse Huong Choo
  • Publication number: 20030172109
    Abstract: An operating system comprising a kernel 100 incorporating mandatory access controls as a means to counter the effects posed by application compromise. The operating system uses a technique known as “containment” to at least limit the scope of damage when security breaches occur.
    Type: Application
    Filed: September 26, 2002
    Publication date: September 11, 2003
    Inventors: Christoper I. Dalton, Tse Huong Choo, Andrew Patrick Norman
  • Publication number: 20030149895
    Abstract: An operating system comprising a kernel 100 incorporating mandatory access controls as a means to counter the effects posed by application compromise. The operating system uses a technique known as “containment” to at least limit the scope of damage when security breaches occur.
    Type: Application
    Filed: September 26, 2002
    Publication date: August 7, 2003
    Inventors: Tse Huong Choo, Christopher I Dalton, Andrew Patrick Norman
  • Publication number: 20030145235
    Abstract: An operating system comprising a kernel (100) incorporating mandatory access controls as a means to counter the effects posed by application compromise. The operating system uses a technique known as “containment” to at least limit the scope of damage when security breaches occur. In a preferred embodiment, each application supported by the operating system, is assigned a tag or label, each tag or label being indicative of a logically protected computing environment or “compartment”, and applications having the same tag or label belonging to the same compartment. By default, only applications running in the same compartment can communicate with each other. Access control rules define very narrow tightly-controlled communications paths between compartments.
    Type: Application
    Filed: September 26, 2002
    Publication date: July 31, 2003
    Inventor: Tse Huong Choo
  • Publication number: 20030014466
    Abstract: A system and method are disclosed which enable management of compartments implemented by an OS for defining containment in a system. In one embodiment, a method of administering a processor-based system is disclosed, which comprises implementing at least one compartment for containing at least one process, and providing at least one command-line utility executable to manipulate the compartment(s). A system is also disclosed that comprises an operating system that implements compartment(s) to which process(es) can be associated. The system further includes at least one configuration file defines the compartment(s), and means for performing management of the compartment(s) without requiring that a user edit the configuration file(s). A computer-readable medium is also disclosed that comprises a library of software functions for managing compartment(s) implemented by an operating system. Such library includes at least one command-line utility executable to manipulate the compartment(s).
    Type: Application
    Filed: June 29, 2001
    Publication date: January 16, 2003
    Inventors: Joubert Berger, Scott A. Leerssen, Tse Huong Choo, Richard B. Stock, Christopher I. Dalton, Andrew Patrick Norman
  • Publication number: 20030009685
    Abstract: In one embodiment, the present invention is related to a computer system including compartments implemented on an operating system. A database contains access rules with said access rules defining which compartments are authorized to access particular file resources. A kernel module receives a system call to access a file from a user space application belonging to a compartment. A security module determines whether said user space application is authorized to access said file utilizing access rules stored in said database.
    Type: Application
    Filed: June 29, 2001
    Publication date: January 9, 2003
    Inventors: Tse-Huong Choo, Scott A. Leerssen, Joubert Berger
  • Patent number: 6430321
    Abstract: A method of enhancing data which is rendered as a bi-tonal bit-mapped image for subsequent printing on a printer. The method involves receiving a source bit-mapped image at a low resolution for printing on a printer at a higher resolution. The bitmap is convoluted with a gradient operator to generate horizontal and vertical gradient values for each pixel. The bitmap is then expanded by a predetermined factor to the higher resolution for sending to the printer, and finally a value is assigned to each pixel in the expanded bitmap which is dependent on the value of pixels in the source bitmap and also the horizontal and vertical gradient values.
    Type: Grant
    Filed: September 28, 1998
    Date of Patent: August 6, 2002
    Assignee: Hewlett-Packard Company
    Inventor: Tse Huong Choo
  • Publication number: 20020099939
    Abstract: The invention relates to Internet Key Exchange (IKE). IKE Main Mode generally takes a substantial and significant amount of time in which to implement and, where IKE is implemented in software, Main Mode cannot be given until full system start up has occurred, operation systems loaded etc. The method of the present invention proposes an accelerated form of IKE in which IKE Main Mode is carried out in hardware in parallel to system start up so that, once a system has started up and come fully on-line, the results of IKE Main Mode are already available and the IKE daemon may proceed directly with one or more Quick Modes.
    Type: Application
    Filed: May 17, 2001
    Publication date: July 25, 2002
    Applicant: HEWLETT-PACKARD COMPANY
    Inventor: Tse-Huong Choo