公开(公告)号：US06253223B1

公开(公告)日：2001-06-26

申请号：US09455951

申请日：1999-12-07

Applicant: Eric J. Sprunk

Inventor： Eric J. Sprunk

IPC: G06F102

CPC classification number: H04L9/0861 ,  G06F7/582 ,  G06F7/588 ,  G06J1/00

Abstract: Methods and an apparatus for generating random numbers are disclosed. In a first embodiment, a method for generating random numbers involves producing a second random number. A pseudorandom number is produced from a digital random number generator and a first random number is produced from an analog random number generator. The first random number is combined with the pseudorandom number to produce a second random number that is a result of both generators' outputs

Abstract translation: 公开了生成随机数的方法和装置。 在第一实施例中，产生随机数的方法涉及产生第二随机数。 从数字随机数发生器产生伪随机数，并从模拟随机数发生器产生第一随机数。 第一个随机数与伪随机数组合，以产生作为两个发生器输出的结果的第二随机数

公开(公告)号：US09130928B2

公开(公告)日：2015-09-08

申请号：US13087847

申请日：2011-04-15

Applicant: Xin Qiu ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  Jason A. Pasion ,  Eric J. Sprunk ,  Fan Wang ,  Ting Yao

Inventor： Xin Qiu ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  Jason A. Pasion ,  Eric J. Sprunk ,  Fan Wang ,  Ting Yao

IPC: H04L29/06 ,  G06F21/57

CPC classification number: H04L63/0823 ,  G06F21/572 ,  H04L63/06 ,  H04L2463/102

Abstract: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.

Abstract translation: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。

公开(公告)号：US08589674B2

公开(公告)日：2013-11-19

申请号：US13350072

申请日：2012-01-13

Applicant: Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

Inventor： Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

IPC: H04L9/00

CPC classification number: H04L9/0891 ,  H04L9/12 ,  H04L9/3268

Abstract: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.

Abstract translation: 在一个实施例中，一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符（UID）的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表，并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。

公开(公告)号：US06839841B1

公开(公告)日：2005-01-04

申请号：US09890178

申请日：2000-01-28

Applicant: Alexander Medvinsky ,  Eric J. Sprunk

Inventor： Alexander Medvinsky ,  Eric J. Sprunk

IPC: G06F21/00 ,  H04L29/06 ,  H04L8/00

CPC classification number: H04L63/0442 ,  G06F21/33 ,  G06F21/606 ,  G06F2221/2129 ,  H04L29/06027 ,  H04L63/06 ,  H04L63/061 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/12 ,  H04L65/1043

Abstract: Devices in a telecommunications system are provided with means to self-generate public key pairs and certificates. This eliminates the need for such keys and certificates to be sent to the devices from an outside source so a single-trust approach can be maintained. A manufacturer's certificate is installed into a device it the time of manufacture. The device only issues itself certificates based on a signed request from an external outside server. The device's self-issued certificates incorporate information obtained from the server in a profile. This allows control by the server over a device's self-issued certificates. In order to prevent tampering, and breaking, of the self-issued certificates, the certificate issuing process occurs within a secure microprocessor.

Abstract translation: 电信系统中的设备具有自我生成公钥对和证书的手段。 这消除了将这些密钥和证书从外部源发送到设备的需要，因此可以维持单一信任方法。 制造商的证书安装在制造时的设备中。 设备只会根据外部外部服务器的签名请求发出证书。 设备的自颁发证书包含从配置文件中的服务器获得的信息。 这允许服务器通过设备的自颁发证书进行控制。 为了防止自发证书的篡改和破坏，证书颁发过程发生在安全微处理器内。

公开(公告)号：US08761401B2

公开(公告)日：2014-06-24

申请号：US11846045

申请日：2007-08-28

Applicant: Eric J. Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

Inventor： Eric J. Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

IPC: H04L9/08 ,  H04L9/00 ,  H04L9/32

CPC classification number: H04L9/0844 ,  H04L9/006 ,  H04L9/0822 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/166

Abstract: A system and method for securely distributing PKI data, such as one or more private keys or other confidential digital information, from a PKI data generation facility to a product in a product personalization facility that is not connected to the PKI data generation facility and is assumed to be a non-secure product personalization facility. The system includes a PKI data loader for securely transmitting the encrypted PKI data transferred from the PKI data generator to a PKI server at the product personalization facility. The PKI server then transfers the PKI data to the product of interest, typically via a PKI station acting as a proxy between the PKI server and the product. In each communication step, PKI data being transferred is encrypted multiple times and the system is designed such that if any intermediate node is compromised with all of its keys, the overall system has not yet been compromised.

Abstract translation: 用于将PKI数据（例如一个或多个私钥或其他机密数字信息）的PKI数据安全地分发到不连接到PKI数据生成设备并被假定的产品个性化设施中的产品的系统和方法 成为不安全的产品个性化设施。 该系统包括PKI数据加载器，用于将从PKI数据发生器传送的加密的PKI数据安全地发送到产品个性化设施的PKI服务器。 PKI服务器然后将PKI数据传送到感兴趣的产品，通常通过充当PKI服务器和产品之间代理的PKI站。 在每个通信步骤中，正在传送的PKI数据被加密多次，并且系统被设计成使得如果任何中间节点与其所有密钥相冲突，则整个系统尚未被破坏。

公开(公告)号：US20130185551A1

公开(公告)日：2013-07-18

申请号：US13350072

申请日：2012-01-13

Applicant: Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

Inventor： Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

IPC: H04L29/06

CPC classification number: H04L9/0891 ,  H04L9/12 ,  H04L9/3268

Abstract: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.

Abstract translation: 在一个实施例中，一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符（UID）的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表，并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。

公开(公告)号：US08166292B2

公开(公告)日：2012-04-24

申请号：US12500791

申请日：2009-07-10

Applicant: Xin Qiu ,  Eric J. Sprunk

Inventor： Xin Qiu ,  Eric J. Sprunk

IPC: H04L29/06

CPC classification number: H04N7/52 ,  H04L9/088 ,  H04N7/1675 ,  H04N21/2347 ,  H04N21/2365 ,  H04N21/4347 ,  H04N21/4405

Abstract: A system to transmit a set of programs from a transmitter to a receiver is used to accommodate different levels of security used for each program. When a high level of security is necessary for transmitting or receiving a program the transmitter and/or receiver is operable to accommodate that level of security. Thus, both transmitters and receivers are operable to be reconfigured to encrypt or decrypt, respectively, at different levels. Accordingly, differing amounts of programs can be transmitted or received based on the resource requirements needed at any level of security. Consequently, a high level of encryption/decryption requires more resources and allows the processing of fewer services, while a lower level of encryption/decryption allows more services to be transmitted/received.

Abstract translation: 用于将一组程序从发射机发射到接收机的系统被用于适应用于每个节目的不同级别的安全性。 当需要高水平的安全性来发送或接收程序时，发射器和/或接收器可操作以适应该级别的安全性。 因此，发射机和接收机都可以被重新配置以分别在不同的级别进行加密或解密。 因此，可以基于任何安全级别所需的资源要求来发送或接收不同数量的程序。 因此，高级别的加密/解密需要更多的资源并且允许处理较少的服务，而较低级别的加密/解密允许发送/接收更多的服务。

公开(公告)号：US20110258685A1

公开(公告)日：2011-10-20

申请号：US13087847

申请日：2011-04-15

Applicant: Xin Qiu ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  Jason A. Pasion ,  Eric J. Sprunk ,  Fan Wang ,  Ting Yao

Inventor： Xin Qiu ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  Jason A. Pasion ,  Eric J. Sprunk ,  Fan Wang ,  Ting Yao

IPC: H04L9/32 ,  G06F21/00

CPC classification number: H04L63/0823 ,  G06F21/572 ,  H04L63/06 ,  H04L2463/102

Abstract: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.

Abstract translation: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。

公开(公告)号：US07877600B2

公开(公告)日：2011-01-25

申请号：US11616348

申请日：2006-12-27

Applicant: Xin Qiu ,  Petr Peterka ,  Eric J. Sprunk

Inventor： Xin Qiu ,  Petr Peterka ,  Eric J. Sprunk

IPC: H04L29/06 ,  H04L9/32 ,  G06F15/16 ,  G06F7/00

CPC classification number: H04L9/3268 ,  H04L2209/603

Abstract: An apparatus and method for providing at least one root certificate are disclosed. Specifically, a plurality of root certificates is received and stored. Afterwards, a request is received from a first endpoint device for a desired root certificate, where the desired root certificate is used by the first endpoint device to verify an identity of a second endpoint device. Furthermore, the first endpoint device and the second endpoint device are associated with different certificate hierarchies. The desired root certificate is then sent to at least the first endpoint device.

Abstract translation: 公开了一种用于提供至少一个根证书的设备和方法。 具体地，接收并存储多个根证书。 之后，从第一端点设备接收针对所需根证书的请求，其中期望的根证书由第一端点设备用于验证第二端点设备的身份。 此外，第一端点设备和第二端点设备与不同的证书层级相关联。 然后将期望的根证书发送到至少第一端点设备。

公开(公告)号：US07764793B2

公开(公告)日：2010-07-27

申请号：US11255113

申请日：2005-10-20

Applicant: Xin Qiu ,  Bridget D. Kimball ,  Eric J. Sprunk ,  Lawrence W. Tang

Inventor： Xin Qiu ,  Bridget D. Kimball ,  Eric J. Sprunk ,  Lawrence W. Tang

IPC: H04L29/06 ,  H04K1/00 ,  H04N7/16 ,  H04N7/167

CPC classification number: H04L9/083 ,  H04L9/0841 ,  H04L63/0428 ,  H04L2463/062

Abstract: According to one embodiment of the invention a system is utilized to leverage the security arrangement between a first and second device to establish a secure link between the first device and a third device. One embodiment of the invention is particularly suitable for loading security data on a set top box, such as that utilized in the cable television industry.

Abstract translation: 根据本发明的一个实施例，利用系统利用第一和第二设备之间的安全布置来建立第一设备和第三设备之间的安全链路。 本发明的一个实施例特别适合于将安全数据加载在诸如有线电视工业中使用的机顶盒上。