公开(公告)号：US20080049942A1

公开(公告)日：2008-02-28

申请号：US11846045

申请日：2007-08-28

Applicant: Eric Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

Inventor： Eric Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

IPC: H04L9/08

CPC classification number: H04L9/0844 ,  H04L9/006 ,  H04L9/0822 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/166

Abstract: A system and method for securely distributing PKI data, such as one or more private keys or other confidential digital information, from a PKI data generation facility to a product in a product personalization facility that is not connected to the PKI data generation facility and is assumed to be a non-secure product personalization facility. The system includes a PKI data loader for securely transmitting the encrypted PKI data transferred from the PKI data generator to a PKI server at the product personalization facility. The PKI server then transfers the PKI data to the product of interest, typically via a PKI station acting as a proxy between the PKI server and the product. In each communication step, PKI data being transferred is encrypted multiple times and the system is designed such that if any intermediate node is compromised with all of its keys, the overall system has not yet been compromised.

Abstract translation: 用于将PKI数据（例如一个或多个私钥或其他机密数字信息）的PKI数据安全地分发到不连接到PKI数据生成设备并被假定的产品个性化设施中的产品的系统和方法 成为不安全的产品个性化设施。 该系统包括PKI数据加载器，用于将从PKI数据发生器传送的加密的PKI数据安全地发送到产品个性化设施的PKI服务器。 PKI服务器然后将PKI数据传送到感兴趣的产品，通常通过充当PKI服务器和产品之间代理的PKI站。 在每个通信步骤中，正在传送的PKI数据被加密多次，并且系统被设计成使得如果任何中间节点与其所有密钥相冲突，则整个系统尚未被破坏。

公开(公告)号：US08761401B2

公开(公告)日：2014-06-24

申请号：US11846045

申请日：2007-08-28

Applicant: Eric J. Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

Inventor： Eric J. Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

IPC: H04L9/08 ,  H04L9/00 ,  H04L9/32

CPC classification number: H04L9/0844 ,  H04L9/006 ,  H04L9/0822 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/166

Abstract: A system and method for securely distributing PKI data, such as one or more private keys or other confidential digital information, from a PKI data generation facility to a product in a product personalization facility that is not connected to the PKI data generation facility and is assumed to be a non-secure product personalization facility. The system includes a PKI data loader for securely transmitting the encrypted PKI data transferred from the PKI data generator to a PKI server at the product personalization facility. The PKI server then transfers the PKI data to the product of interest, typically via a PKI station acting as a proxy between the PKI server and the product. In each communication step, PKI data being transferred is encrypted multiple times and the system is designed such that if any intermediate node is compromised with all of its keys, the overall system has not yet been compromised.

Abstract translation: 用于将PKI数据（例如一个或多个私钥或其他机密数字信息）的PKI数据安全地分发到不连接到PKI数据生成设备并被假定的产品个性化设施中的产品的系统和方法 成为不安全的产品个性化设施。 该系统包括PKI数据加载器，用于将从PKI数据发生器传送的加密的PKI数据安全地发送到产品个性化设施的PKI服务器。 PKI服务器然后将PKI数据传送到感兴趣的产品，通常通过充当PKI服务器和产品之间代理的PKI站。 在每个通信步骤中，正在传送的PKI数据被加密多次，并且系统被设计成使得如果任何中间节点与其所有密钥相冲突，则整个系统尚未被破坏。