公开(公告)号：US20100215171A1

公开(公告)日：2010-08-26

申请号：US12708171

申请日：2010-02-18

Applicant: Tat Keung Chan ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  Jason A. Pasion ,  Xin Qiu

Inventor： Tat Keung Chan ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  Jason A. Pasion ,  Xin Qiu

IPC: H04K1/00

CPC classification number: H04L9/088 ,  H04L2209/60

Abstract: In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.

Abstract translation: 在一种用于测试客户端设备的传输分组解密模块的方法中，使用内容解密密钥梯形图在测试加密控制字上实现传输分组解密模块的第一解密操作，以导出测试控制字，第二解密操作 的传输分组解密模块通过预定的内容解密算法使用测试控制字在一个或多个测试传输分组上实现，从解密的传输分组导出KIV，并将导出的KIV与存储在客户端中的值进行比较 设备来验证客户端设备的传输分组解密模块是否正常工作。

公开(公告)号：US20090037931A1

公开(公告)日：2009-02-05

申请号：US11831347

申请日：2007-07-31

Applicant: Xin Qiu ,  Liqiang Chen ,  Fan Wang

Inventor： Xin Qiu ,  Liqiang Chen ,  Fan Wang

IPC: G06F3/00

CPC classification number: H04L67/34 ,  H04L67/36

Abstract: A process receives a personalization request to personalize a communication device. Further, the process provides the personalization request to a message controller that composes a message having personalization information with a message composer engine according to a set of rules and configures one or more communication parameters for the message with a message flow control engine according to the set of rules. The set of rules indicates a distributed environment set of files that the message composer engine and the message flow control engine utilize in a distributed environment, and a centralized environment set of files that the message composer engine and the message flow control engine utilize in a centralized environment.

Abstract translation: 进程接收个性化请求以个性化通信设备。 此外，该过程向消息控制器提供个性化请求，该消息控制器根据一组规则向消息组合器引擎组成具有个性化信息的消息，并且根据该集合向消息流控制引擎配置消息的一个或多个通信参数 的规则。 该组规则表示消息编剧引擎和消息流控制引擎在分布式环境中使用的分布式环境文件集，以及消息编剧引擎和消息流控制引擎在集中式中使用的集中式文件集 环境。

公开(公告)号：US20080133543A1

公开(公告)日：2008-06-05

申请号：US11947902

申请日：2007-11-30

Applicant: Xiaozhou Fu ,  Zaw Naing L. Oo ,  Xin Qiu

Inventor： Xiaozhou Fu ,  Zaw Naing L. Oo ,  Xin Qiu

IPC: G06F17/30

CPC classification number: G06F16/27

Abstract: A system, method and computer-readable medium of instructions for performing dynamic and on-demand data transfer between databases (116, 124) in public and secure networks (102, 104), and synchronization of those databases (116, 124), in a public key infrastructure (PKI) environment. The system, method and computer-readable medium of instructions operate to identify at least one record of information in the database (116) of the public network (102) to be updated in the database (124) of the private network (104), enter update information in at least one data transfer table (400, 600/602) based on the at least one record of information, and use the at least one data transfer table (400, 600/602) to update at least one record in the database (124) of the private network (104) in accordance with the update information without overwriting other information in the database (124).

Abstract translation: 一种用于在公共和安全网络（102,104）中的数据库（116,124）之间进行动态和按需数据传输的指令的系统，方法和计算机可读介质，以及这些数据库（116,124）的同步， 公共密钥基础设施（PKI）环境。 指令的系统，方法和计算机可读介质操作以识别要在私有网络（104）的数据库（124）中更新的公共网络（102）的数据库（116）中的信息的至少一个记录， 基于所述至少一个信息记录在至少一个数据传输表（400,600 / 602）中输入更新信息，并且使用所述至少一个数据传输表（400,600 / 602）来更新至少一个数据传输表 所述专用网络（104）的数据库（124）根据所述更新信息而不覆盖所述数据库（124）中的其他信息。

公开(公告)号：US08898469B2

公开(公告)日：2014-11-25

申请号：US13021384

申请日：2011-02-04

Applicant: Tat Keung Chan ,  Paul D. Baker ,  Christopher P. Gardner ,  Mark E. Gregotski ,  Ted R. Michaud ,  Xin Qiu ,  Jinsong Zheng

Inventor： Tat Keung Chan ,  Paul D. Baker ,  Christopher P. Gardner ,  Mark E. Gregotski ,  Ted R. Michaud ,  Xin Qiu ,  Jinsong Zheng

IPC: H04L9/32 ,  G06F21/10

CPC classification number: G06F21/10 ,  Y10S705/902 ,  Y10S705/911

Abstract: A method enables selected features of a software product residing on an end user electronic device with a license delivered from a licensing provider to a service provider of the end user electronic device. The method includes requesting at least one license to authorize a first service provider. An encrypted installation key uniquely associated with the first service provider is received as well as an authorization agent module for installation on one or more authorization agent devices associated with the first service provider. The encrypted installation key and the authorization agent module are installed on the authorization agent devices. A device-unique identifier (DUID) is generated for each authorization agent device based on hardware characteristics of the respective authorization agent devices. The DUID and the encrypted installation key are sent from the authorization agent device to a licensing provider to obtain the requested license. The requested license is received by the authorization agent devices if the DUID and the encrypted installation key are validated by the licensing provider. The license on authorization agent device authorizes and enables the selected features of the software product on an end user electronic device.

Abstract translation: 一种方法使得驻留在最终用户电子设备上的软件产品的选定特征具有从许可提供者向最终用户电子设备的服务提供商提供的许可证。 该方法包括请求至少一个许可证以授权第一服务提供商。 接收与第一服务提供商唯一相关联的加密安装密钥以及用于安装在与第一服务提供商相关联的一个或多个授权代理设备上的授权代理模块。 加密安装密钥和授权代理模块安装在授权代理设备上。 基于相应的授权代理设备的硬件特性，为每个授权代理设备生成设备唯一标识符（DUID）。 DUID和加密的安装密钥从授权代理设备发送到许可提供商以获取所请求的许可证。 如果DUID和加密安装密钥由许可提供商验证，则授权代理设备将收到所请求的许可证。 授权代理设备的许可证在最终用户电子设备上授权并启用软件产品的选定功能。

公开(公告)号：US20130227077A1

公开(公告)日：2013-08-29

申请号：US13407081

申请日：2012-02-28

Applicant: Chia Ling Tsai ,  Xin Qiu ,  Ting Yao

Inventor： Chia Ling Tsai ,  Xin Qiu ,  Ting Yao

IPC: G06F17/30 ,  G06F15/16 ,  G06F15/173

CPC classification number: G06F17/30595 ,  H04L63/0823

Abstract: A method and apparatus is provided for maintaining inventory levels of identity data to be provisioned in electronic devices. The method includes monitoring over a communications network inventory levels of identity data records stored on a plurality of identity data personalization servers that each provision electronic devices with an identity data record. Additionally, if the inventory level on at least one of the identity data personalization servers falls below a minimum specified level, a refill request is sent to an identity data management authority requesting that additional identity data records be uploaded to the identity data personalization server.

Abstract translation: 提供了一种用于维护在电子设备中提供的身份数据的库存水平的方法和装置。 该方法包括监视存储在多个身份数据个性化服务器上​​的身份数据记录的通信网络库存水平，每个身份数据记录提供具有身份数据记录的电子设备。 此外，如果至少一个身份数据个性化服务器上​​的库存级别低于最小指定级别，则向身份数据管理机构发送重新填充请求，请求将附加的身份数据记录上传到身份数据个性化服务器。

公开(公告)号：US20130185173A1

公开(公告)日：2013-07-18

申请号：US13353309

申请日：2012-01-18

Applicant: Jinsong Zheng ,  Tat Keung Chan ,  David B. Prickett ,  Xin Qiu

Inventor： Jinsong Zheng ,  Tat Keung Chan ,  David B. Prickett ,  Xin Qiu

IPC: G06Q30/06

CPC classification number: G06Q30/06

Abstract: A method and apparatus for provisioning devices. One method includes authenticating a first customer as an authenticated user and receiving from a first customer a first request to establish a credit record for a specified number of upgraded feature licenses. The upgraded feature licenses are obtainable from a third party supplier and are associated with components available from the third party supplier. The credit record includes feature credits to be made available to the first customer to obtain the upgraded feature licenses from the third party supplier. A second request is received from the first customer to release the feature credits to a credit pool associated with the first customer so that the feature credits are available to the first customer. The upgraded feature licenses are generated and the credit pool associated with the first customer is debited for the number of credits needed to obtain the upgraded feature licenses.

Abstract translation: 一种供应设备的方法和装置。 一种方法包括将第一客户认证为经认证的用户，并从第一客户接收针对指定数量的升级特征许可证建立信用记录的第一请求。 升级后的功能许可证可从第三方供应商获得，并与第三方供应商提供的组件相关联。 信用记录包括要向第一客户提供的特征信用以从第三方供应商获得升级的功能许可证。 从第一客户接收到第二请求，以将特征信用释放到与第一客户相关联的信用卡，使得特征信用可用于第一客户。 生成升级的功能许可证，并且与第一个客户相关联的信用额度被扣除获得升级的功能许可证所需的信用点数。

公开(公告)号：US20120006203A1

公开(公告)日：2012-01-12

申请号：US13240484

申请日：2011-09-22

Applicant: Xin Qiu ,  Meiring Beyers ,  Michael Roth ,  Mark Vanderheyden ,  Scott Shayko

Inventor： Xin Qiu ,  Meiring Beyers ,  Michael Roth ,  Mark Vanderheyden ,  Scott Shayko

IPC: B01F13/00 ,  B01D45/04 ,  B01D47/06

CPC classification number: E01C1/005

Abstract: A wall assembly for mixing polluted air with less polluted air to provide moderately polluted air. The wall assembly includes means for dividing air from a roadway region into a lower part and an upper part, and means for permitting at least a portion of the upper part to flow substantially in one or more flow directions toward a leeward region. The wall assembly also includes means for directing the lower part substantially upwardly in a direction substantially transverse to the flow direction to intersect with the upper part and to mix the polluted air with the less polluted air, to provide the moderately polluted air proximal to the leeward area.

Abstract translation: 用于混合污染空气和较少污染空气的墙壁组件，以提供适度污染的空气。 壁组件包括用于将空气从道路区域分成下部和上部的装置，以及允许上部的至少一部分基本上沿一个或多个流动方向流向背风区域的装置。 壁组件还包括用于沿基本上横向于流动方向的方向基本向上引导下部的装置，以与上部相交并且将污染的空气与较少污染的空气混合，以在靠近背风的位置提供适度污染的空气 区。

公开(公告)号：US20110258454A1

公开(公告)日：2011-10-20

申请号：US13087843

申请日：2011-04-15

Applicant: Xin Qiu ,  Ting Yao

Inventor： Xin Qiu ,  Ting Yao

IPC: G06F15/177 ,  H04L9/32 ,  G06F21/00 ,  G06F15/173

CPC classification number: H04L63/08 ,  H04L63/10

Abstract: A method for managing identifiers associated with network-enabled devices and used in an identity data system provisioning the network-enabled devices with identity data includes receiving a first set data that includes a previously assigned identifier for one or more of the network-enabled devices that are authorized to be provisioned with new identity data. If identity data is currently installed on the one or more network-enabled devices, each of the previously assigned identifiers in the first set of data is associated with a corresponding identifier linked to the identity data currently installed on the one or more network-enabled devices to establish a second set of data. New identity data is bound to each of the one or more network-enabled devices by assigning a new identifier linked with the new identity data to each of the one or more network-enabled devices to establish a whitelist. The whitelist specifies, for each of the one or more network-enabled devices, its previously assigned identifier, its corresponding identifier and its new identifier that is linked with the new identity data.

Abstract translation: 一种用于管理与启用网络的设备相关联并在身份数据系统中配置具有身份数据的启用网络的设备的标识符的方法包括：接收第一组数据，该第一组数据包括先前分配的一个或多个网络使能设备的标识符， 被授权提供新的身份数据。 如果身份数据当前安装在一个或多个启用网络的设备上，则第一组数据中先前分配的标识符中的每一个都与与当前安装在一个或多个启用网络的设备上的身份数据链接的对应标识符相关联 建立第二组数据。 通过将与新的身份数据链接的新标识符分配给一个或多个启用网络的设备中的每一个来建立白名单，将新的身份数据绑定到一个或多个网络启用设备中的每一个。 白名单为一个或多个网络启用设备中的每一个指定其先前分配的标识符，其对应的标识符及其与新的身份数据链接的新标识符。

公开(公告)号：US20110138177A1

公开(公告)日：2011-06-09

申请号：US12961455

申请日：2010-12-06

Applicant: Xin Qiu ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  John H. Kim

Inventor： Xin Qiu ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  John H. Kim

IPC: G06F15/16 ,  H04L9/32

CPC classification number: H04L9/006 ,  H04L9/083 ,  H04L9/3263

Abstract: A method is provided for updating network-enabled devices with new identity data. The method includes requesting new identity data for a plurality of network-enabled devices and receiving notification that the new identity data is ready to be delivered to the plurality of network-enabled devices. A software object is delivered to the plurality of network-enabled devices over a first communications network. Each of the software objects is configured to cause the network-enabled devices to download the new identity data to the respective network-enabled device over a second communications network and install the new identity data at a time based at least in part on information included with the software object.

Abstract translation: 提供了一种用于使用新的身份数据更新启用网络的设备的方法。 该方法包括向多个启用网络的设备请求新的身份数据，并接收新的身份数据准备好被传送到多个启用网络的设备的通知。 通过第一通信网络将软件对象传送到多个启用网络的设备。 每个软件对象被配置为使得网络启用的设备通过第二通信网络将新的身份数据下载到相应的启用网络的设备，并且至少部分地基于与 软件对象。

公开(公告)号：US20080049942A1

公开(公告)日：2008-02-28

申请号：US11846045

申请日：2007-08-28

Applicant: Eric Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

Inventor： Eric Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

IPC: H04L9/08

CPC classification number: H04L9/0844 ,  H04L9/006 ,  H04L9/0822 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/166

Abstract: A system and method for securely distributing PKI data, such as one or more private keys or other confidential digital information, from a PKI data generation facility to a product in a product personalization facility that is not connected to the PKI data generation facility and is assumed to be a non-secure product personalization facility. The system includes a PKI data loader for securely transmitting the encrypted PKI data transferred from the PKI data generator to a PKI server at the product personalization facility. The PKI server then transfers the PKI data to the product of interest, typically via a PKI station acting as a proxy between the PKI server and the product. In each communication step, PKI data being transferred is encrypted multiple times and the system is designed such that if any intermediate node is compromised with all of its keys, the overall system has not yet been compromised.

Abstract translation: 用于将PKI数据（例如一个或多个私钥或其他机密数字信息）的PKI数据安全地分发到不连接到PKI数据生成设备并被假定的产品个性化设施中的产品的系统和方法 成为不安全的产品个性化设施。 该系统包括PKI数据加载器，用于将从PKI数据发生器传送的加密的PKI数据安全地发送到产品个性化设施的PKI服务器。 PKI服务器然后将PKI数据传送到感兴趣的产品，通常通过充当PKI服务器和产品之间代理的PKI站。 在每个通信步骤中，正在传送的PKI数据被加密多次，并且系统被设计成使得如果任何中间节点与其所有密钥相冲突，则整个系统尚未被破坏。