Secure large volume feature license provisioning system

    公开(公告)号:US09646332B2

    公开(公告)日:2017-05-09

    申请号:US13238850

    申请日:2011-09-21

    CPC classification number: G06F21/105 G06Q30/06 G06Q2220/18

    Abstract: Disclosed is a manufacturing process and feature licensing system for provisioning personalized (device-unique) licenses to devices. The secure system uses a secure key wrapping mechanism to deliver the LSK to LPS. Another feature is that various network communication links are secured using standard security protocol. Application messages, license templates, licenses are digitally signed. The system is flexible, configured to allow multiple manufacturers and to allow various feature configurations via the use of License Template; scalable, as it is possible to use multiple LPS hosts to serve multiple programming stations; and available in that the delegation of license signing capability from CLS to LPS eliminates the dependency on unreliable Internet connections. Redundant LPS hosts provide high level of availability required for high volume license provisioning. The system is traceable: license and device association are replicated back to the CLS to provide full license request and generation traceability.

    Online secure device provisioning with online device binding using whitelists
    3.
    发明授权
    Online secure device provisioning with online device binding using whitelists 有权
    使用白名单的在线安全设备配置与在线设备绑定

    公开(公告)号:US08627083B2

    公开(公告)日:2014-01-07

    申请号:US13267672

    申请日:2011-10-06

    CPC classification number: H04L9/006 H04L9/0891 H04L9/14 H04L9/321

    Abstract: One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.

    Abstract translation: 提供一个或多个服务器,包括会话管理器,认证模块,授权模块,加密模块,数据库和协议处理程序。 会话管理器被配置为从网络启用的设备接收新的身份数据的请求。 通过验证请求消息的签名以及由更新服务器信任的证书链,通过其认证模块,更新服务器首先对每个请求进行认证。 授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。 数据库被配置为接收由身份数据生成系统生成的新的身份记录。 每个新的身份记录都包含一个新的标识符。 新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接,因此所有新的身份记录都是独立生成的,然后加载到更新服务器。

    DIGITAL TRANSPORT ADAPTER REGIONALIZATION
    4.
    发明申请
    DIGITAL TRANSPORT ADAPTER REGIONALIZATION 审中-公开
    数字运输适配器区域化

    公开(公告)号:US20130139198A1

    公开(公告)日:2013-05-30

    申请号:US13305958

    申请日:2011-11-29

    Abstract: A method, a digital content consumption device, and a conditional access system are disclosed. A network interface may receive in a digital content consumption device a public key message that includes an encrypted key. A processor may decrypt the encrypted key using a secret key to produce the transmitted public key, identify a region descriptor in the public key message, and determine the secret key based on the region descriptor.

    Abstract translation: 公开了一种方法,数字内容消费装置和条件访问系统。 网络接口可以在数字内容消费设备中接收包括加密密钥的公开密钥消息。 处理器可以使用秘密密钥来解密加密的密钥,以产生所传送的公共密钥,识别公开密钥消息中的区域描述符,并且基于区域描述符确定秘密密钥。

    Wall assembly
    5.
    发明授权
    Wall assembly 有权
    墙组装

    公开(公告)号:US08268052B2

    公开(公告)日:2012-09-18

    申请号:US13240484

    申请日:2011-09-22

    CPC classification number: E01C1/005

    Abstract: A wall assembly for mixing polluted air with less polluted air to provide moderately polluted air. The wall assembly includes means for dividing air from a roadway region into a lower part and an upper part, and means for permitting at least a portion of the upper part to flow substantially in one or more flow directions toward a leeward region. The wall assembly also includes means for directing the lower part substantially upwardly in a direction substantially transverse to the flow direction to intersect with the upper part and to mix the polluted air with the less polluted air, to provide the moderately polluted air proximal to the leeward area.

    Abstract translation: 用于混合污染空气和较少污染空气的墙壁组件,以提供适度污染的空气。 壁组件包括用于将空气从道路区域分成下部和上部的装置,以及允许上部的至少一部分基本上沿一个或多个流动方向流向背风区域的装置。 壁组件还包括用于沿基本上横向于流动方向的方向基本向上引导下部的装置,以与上部相交并且将污染的空气与较少污染的空气混合,以在靠近背风的位置提供适度污染的空气 区。

    SOFTWARE FEATURE AUTHORIZATION THROUGH DELEGATED AGENTS
    6.
    发明申请
    SOFTWARE FEATURE AUTHORIZATION THROUGH DELEGATED AGENTS 有权
    通过代理代理软件功能授权

    公开(公告)号:US20110197077A1

    公开(公告)日:2011-08-11

    申请号:US13021384

    申请日:2011-02-04

    CPC classification number: G06F21/10 Y10S705/902 Y10S705/911

    Abstract: A method enables selected features of a software product residing on an end user electronic device with a license delivered from a licensing provider to a service provider of the end user electronic device. The method includes requesting at least one license to authorize a first service provider. An encrypted installation key uniquely associated with the first service provider is received as well as an authorization agent module for installation on one or more authorization agent devices associated with the first service provider. The encrypted installation key and the authorization agent module are installed on the authorization agent devices. A device-unique identifier (DUID) is generated for each authorization agent device based on hardware characteristics of the respective authorization agent devices. The DUID and the encrypted installation key are sent from the authorization agent device to a licensing provider to obtain the requested license. The requested license is received by the authorization agent devices if the DUID and the encrypted installation key are validated by the licensing provider. The license on authorization agent device authorizes and enables the selected features of the software product on an end user electronic device.

    Abstract translation: 一种方法使得驻留在最终用户电子设备上的软件产品的选定特征具有从许可提供者向最终用户电子设备的服务提供商提供的许可证。 该方法包括请求至少一个许可证以授权第一服务提供商。 接收与第一服务提供商唯一相关联的加密安装密钥以及用于安装在与第一服务提供商相关联的一个或多个授权代理设备上的授权代理模块。 加密安装密钥和授权代理模块安装在授权代理设备上。 基于相应的授权代理设备的硬件特性,为每个授权代理设备生成设备唯一标识符(DUID)。 DUID和加密的安装密钥从授权代理设备发送到许可提供商以获取所请求的许可证。 如果DUID和加密安装密钥由许可提供商验证,则授权代理设备将收到所请求的许可证。 授权代理设备的许可证在最终用户电子设备上授权并启用软件产品的选定功能。

    GENERIC FEATURE LICENSING FRAMEWORK
    7.
    发明申请
    GENERIC FEATURE LICENSING FRAMEWORK 审中-公开
    一般特征许可框架

    公开(公告)号:US20110196793A1

    公开(公告)日:2011-08-11

    申请号:US13021380

    申请日:2011-02-04

    CPC classification number: G06Q30/00 G06Q30/0601 G06Q30/0641

    Abstract: A system enables customers to provision devices with feature licenses that enable specified features in the devices. The system includes a feature definition module configured to store product feature information associated with different products available from a plurality of different manufacturers. The system also includes a feature license management module configured to generate, update and revoke feature licenses. The feature licenses that are generated all have a common format. The system further includes a feature credit management module configured to monitor and account for feature credits available to customer organization units. A user management module is also provided in the system, which is configured to authenticate users of the system. A user interface is accessible over a communications network through which authenticated users can request and receive feature licenses.

    Abstract translation: 系统使客户能够为设备提供功能许可证,从而实现设备中的指定功能。 该系统包括功能定义模块,其被配置为存储与多个不同制造商可用的不同产品相关联的产品特征信息。 该系统还包括功能许可证管理模块,用于生成,更新和撤销功能许可证。 生成的功能许可证都具有通用格式。 该系统还包括功能信用管理模块,其被配置为监视和考虑可用于客户组织单元的功能信用。 系统中还提供用户管理模块,该用户管理模块被配置为对系统的用户进行认证。 通过通信网络访问用户界面,通过该网络,经过身份验证的用户可以通过该网络请求和接收功能许

    TRANSPORT PACKET DECRYPTION TESTING IN A CLIENT DEVICE
    8.
    发明申请
    TRANSPORT PACKET DECRYPTION TESTING IN A CLIENT DEVICE 有权
    运输包装在客户设备中的分解测试

    公开(公告)号:US20100215171A1

    公开(公告)日:2010-08-26

    申请号:US12708171

    申请日:2010-02-18

    CPC classification number: H04L9/088 H04L2209/60

    Abstract: In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.

    Abstract translation: 在一种用于测试客户端设备的传输分组解密模块的方法中,使用内容解密密钥梯形图在测试加密控制字上实现传输分组解密模块的第一解密操作,以导出测试控制字,第二解密操作 的传输分组解密模块通过预定的内容解密算法使用测试控制字在一个或多个测试传输分组上实现,从解密的传输分组导出KIV,并将导出的KIV与存储在客户端中的值进行比较 设备来验证客户端设备的传输分组解密模块是否正常工作。

    Method and Apparatus for a Dynamic and Real-Time Configurable Software Architecture for Manufacturing Personalization
    9.
    发明申请
    Method and Apparatus for a Dynamic and Real-Time Configurable Software Architecture for Manufacturing Personalization 有权
    用于制造个性化的动态和实时可配置软件架构的方法和装置

    公开(公告)号:US20090037931A1

    公开(公告)日:2009-02-05

    申请号:US11831347

    申请日:2007-07-31

    CPC classification number: H04L67/34 H04L67/36

    Abstract: A process receives a personalization request to personalize a communication device. Further, the process provides the personalization request to a message controller that composes a message having personalization information with a message composer engine according to a set of rules and configures one or more communication parameters for the message with a message flow control engine according to the set of rules. The set of rules indicates a distributed environment set of files that the message composer engine and the message flow control engine utilize in a distributed environment, and a centralized environment set of files that the message composer engine and the message flow control engine utilize in a centralized environment.

    Abstract translation: 进程接收个性化请求以个性化通信设备。 此外,该过程向消息控制器提供个性化请求,该消息控制器根据一组规则向消息组合器引擎组成具有个性化信息的消息,并且根据该集合向消息流控制引擎配置消息的一个或多个通信参数 的规则。 该组规则表示消息编剧引擎和消息流控制引擎在分布式环境中使用的分布式环境文件集,以及消息编剧引擎和消息流控制引擎在集中式中使用的集中式文件集 环境。

    System and Method for Dynamic and On-Demand Data Transfer and Synchronization Between Isolated Networks
    10.
    发明申请
    System and Method for Dynamic and On-Demand Data Transfer and Synchronization Between Isolated Networks 审中-公开
    隔离网络之间动态和按需数据传输和同步的系统和方法

    公开(公告)号:US20080133543A1

    公开(公告)日:2008-06-05

    申请号:US11947902

    申请日:2007-11-30

    CPC classification number: G06F16/27

    Abstract: A system, method and computer-readable medium of instructions for performing dynamic and on-demand data transfer between databases (116, 124) in public and secure networks (102, 104), and synchronization of those databases (116, 124), in a public key infrastructure (PKI) environment. The system, method and computer-readable medium of instructions operate to identify at least one record of information in the database (116) of the public network (102) to be updated in the database (124) of the private network (104), enter update information in at least one data transfer table (400, 600/602) based on the at least one record of information, and use the at least one data transfer table (400, 600/602) to update at least one record in the database (124) of the private network (104) in accordance with the update information without overwriting other information in the database (124).

    Abstract translation: 一种用于在公共和安全网络(102,104)中的数据库(116,124)之间进行动态和按需数据传输的指令的系统,方法和计算机可读介质,以及这些数据库(116,124)的同步, 公共密钥基础设施(PKI)环境。 指令的系统,方法和计算机可读介质操作以识别要在私有网络(104)的数据库(124)中更新的公共网络(102)的数据库(116)中的信息的至少一个记录, 基于所述至少一个信息记录在至少一个数据传输表(400,600 / 602)中输入更新信息,并且使用所述至少一个数据传输表(400,600 / 602)来更新至少一个数据传输表 所述专用网络(104)的数据库(124)根据所述更新信息而不覆盖所述数据库(124)中的其他信息。

Patent Agency Ranking