-
公开(公告)号:US09130928B2
公开(公告)日:2015-09-08
申请号:US13087847
申请日:2011-04-15
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
CPC分类号: H04L63/0823 , G06F21/572 , H04L63/06 , H04L2463/102
摘要: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.
摘要翻译: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。
-
公开(公告)号:US20110258685A1
公开(公告)日:2011-10-20
申请号:US13087847
申请日:2011-04-15
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
CPC分类号: H04L63/0823 , G06F21/572 , H04L63/06 , H04L2463/102
摘要: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.
摘要翻译: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。
-
3.发明授权Online secure device provisioning with online device binding using whitelists 有权使用白名单的在线安全设备配置与在线设备绑定公开(公告)号:US08627083B2
公开(公告)日:2014-01-07
申请号:US13267672
申请日:2011-10-06
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号: H04L9/32
CPC分类号: H04L9/006 , H04L9/0891 , H04L9/14 , H04L9/321
摘要: One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
摘要翻译: 提供一个或多个服务器,包括会话管理器,认证模块,授权模块,加密模块,数据库和协议处理程序。 会话管理器被配置为从网络启用的设备接收新的身份数据的请求。 通过验证请求消息的签名以及由更新服务器信任的证书链,通过其认证模块,更新服务器首先对每个请求进行认证。 授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。 数据库被配置为接收由身份数据生成系统生成的新的身份记录。 每个新的身份记录都包含一个新的标识符。 新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接,因此所有新的身份记录都是独立生成的,然后加载到更新服务器。
-
4.发明申请公开(公告)号:US20120089839A1
公开(公告)日:2012-04-12
申请号:US13267672
申请日:2011-10-06
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
CPC分类号: H04L9/006 , H04L9/0891 , H04L9/14 , H04L9/321
摘要: One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
摘要翻译: 提供一个或多个服务器,包括会话管理器,认证模块,授权模块,加密模块,数据库和协议处理程序。 会话管理器被配置为从网络启用的设备接收新的身份数据的请求。 通过验证请求消息的签名以及由更新服务器信任的证书链,通过其认证模块,更新服务器首先对每个请求进行认证。 授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。 数据库被配置为接收由身份数据生成系统生成的新的身份记录。 每个新的身份记录都包含一个新的标识符。 新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接,因此所有新的身份记录都是独立生成的,然后加载到更新服务器。
-
5.发明申请ONLINE SECURE DEVICE PROVISIONING WITH UPDATED OFFLINE IDENTITY DATA GENERATION AND OFFLINE DEVICE BINDING 审中-公开在线安全设备提供更新的离线身份数据生成和离线设备绑定公开(公告)号:US20110258434A1
公开(公告)日:2011-10-20
申请号:US13087972
申请日:2011-04-15
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Greg N. Nakanishi , Jason A. Pasion , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Greg N. Nakanishi , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号: H04L9/00
CPC分类号: H04L63/062 , H04L9/006 , H04L9/0825 , H04L9/0866 , H04L9/0891 , H04L63/0823
摘要: A system for generating new identity data for network-enabled devices includes a whitelist reader configured to extract attributes from a whitelist. The whitelist includes, for each device specified in the whitelist, a previously assigned identifier of the first type. The previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices. A data retrieval module is configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto. A new data generation module is configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type, (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key. A data output module is configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type.
摘要翻译: 用于为启用网络的设备生成新的身份数据的系统包括被配置为从白名单中提取属性的白名单阅读器。 对于白名单中指定的每个设备,白名单包括先前分配的第一类型的标识符。 先前分配的第一类型的标识符被链接到先前在每个相应设备中提供的标识数据。 数据检索模块被配置为从白名单读取器接收第一类型的标识符,并且基于每个标识符,检索与之相关联的先前提供的身份数据记录中的每一个。 新的数据生成模块被配置为(i)获得与先前在白名单上指定的设备中提供的身份数据和第一类型的相应标识符相关联的密码密钥,(ii)生成新的身份数据记录, 新标识符和(iii)使用密码密钥之一加密每个新的身份数据记录,并将每个新的身份数据记录链接到与每个相应密码密钥对应的第一类型的标识符。 数据输出模块被配置为将加密的新身份数据记录及其各自的新标识符及其各自先前分配的第一类型的标识符加载到外部源上。
-
公开(公告)号:US08374338B2
公开(公告)日:2013-02-12
申请号:US12708171
申请日:2010-02-18
IPC分类号: H04K1/00
CPC分类号: H04L9/088 , H04L2209/60
摘要: In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.
摘要翻译: 在一种用于测试客户端设备的传输分组解密模块的方法中,使用内容解密密钥梯形图在测试加密控制字上实现传输分组解密模块的第一解密操作,以导出测试控制字,第二解密操作 的传输分组解密模块通过预定的内容解密算法使用测试控制字在一个或多个测试传输分组上实现,从解密的传输分组导出KIV,并将导出的KIV与存储在客户端中的值进行比较 设备来验证客户端设备的传输分组解密模块是否正常工作。
-
公开(公告)号:US20100215171A1
公开(公告)日:2010-08-26
申请号:US12708171
申请日:2010-02-18
IPC分类号: H04K1/00
CPC分类号: H04L9/088 , H04L2209/60
摘要: In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.
摘要翻译: 在一种用于测试客户端设备的传输分组解密模块的方法中,使用内容解密密钥梯形图在测试加密控制字上实现传输分组解密模块的第一解密操作,以导出测试控制字,第二解密操作 的传输分组解密模块通过预定的内容解密算法使用测试控制字在一个或多个测试传输分组上实现,从解密的传输分组导出KIV,并将导出的KIV与存储在客户端中的值进行比较 设备来验证客户端设备的传输分组解密模块是否正常工作。
-
公开(公告)号:US20110119739A1
公开(公告)日:2011-05-19
申请号:US12622016
申请日:2009-11-19
IPC分类号: H04L29/06
CPC分类号: H04L63/108 , H04L63/0823 , H04L67/04 , H04W12/04 , H04W12/06
摘要: A method is provided for operating a consumer programming device that provisions consumer electronic devices. The method includes receiving over a communication link a first enable message that authorizes the consumer programming device to make available one or more resources which enable it to provide services to consumer electronic devices. Services are provided to consumer electronic devices up until all the resources have been exhausted. Additional consumer electronic devices are provided with services only if a second enable message is received over the communication link.
摘要翻译: 提供了一种用于操作为消费者电子设备提供消费者编程设备的方法。 该方法包括通过通信链路接收授权消费者编程设备使可用的一个或多个资源使其能够向消费者电子设备提供服务的第一启用消息。 向消费电子设备提供服务,直到所有资源耗尽。 仅当通过通信链路接收到第二启用消息时,附加消费者电子设备才被提供有服务。
-
公开(公告)号:US08887310B2
公开(公告)日:2014-11-11
申请号:US12622016
申请日:2009-11-19
CPC分类号: H04L63/108 , H04L63/0823 , H04L67/04 , H04W12/04 , H04W12/06
摘要: A method is provided for operating a consumer programming device that provisions consumer electronic devices. The method includes receiving over a communication link a first enable message that authorizes the consumer programming device to make available one or more resources which enable it to provide services to consumer electronic devices. Services are provided to consumer electronic devices up until all the resources have been exhausted. Additional consumer electronic devices are provided with services only if a second enable message is received over the communication link.
摘要翻译: 提供了一种用于操作为消费者电子设备提供消费者编程设备的方法。 该方法包括通过通信链路接收授权消费者编程设备使可用的一个或多个资源使其能够向消费者电子设备提供服务的第一启用消息。 向消费电子设备提供服务,直到所有资源耗尽。 仅当通过通信链路接收到第二启用消息时,附加消费者电子设备才被提供有服务。
-
公开(公告)号:US20120143766A1
公开(公告)日:2012-06-07
申请号:US13238850
申请日:2011-09-21
申请人: Jinsong Zheng , Tat Keung Chan , Liqiang Chen , Greg N. Nakanishi , Jason A. Pasion , Xin Qiu , Ting Yao
发明人: Jinsong Zheng , Tat Keung Chan , Liqiang Chen , Greg N. Nakanishi , Jason A. Pasion , Xin Qiu , Ting Yao
IPC分类号: G06F21/22
CPC分类号: G06F21/105 , G06Q30/06 , G06Q2220/18
摘要: Disclosed is a manufacturing process and feature licensing system for provisioning personalized (device-unique) licenses to devices. The secure system uses a secure key wrapping mechanism to deliver the LSK to LPS. Another feature is that various network communication links are secured using standard security protocol. Application messages, license templates, licenses are digitally signed. The system is flexible, configured to allow multiple manufacturers and to allow various feature configurations via the use of License Template; scalable, as it is possible to use multiple LPS hosts to serve multiple programming stations; and available in that the delegation of license signing capability from CLS to LPS eliminates the dependency on unreliable Internet connections. Redundant LPS hosts provide high level of availability required for high volume license provisioning. The system is traceable: license and device association are replicated back to the CLS to provide full license request and generation traceability.
摘要翻译: 公开了一种用于向设备提供个性化(设备唯一)许可证的制造过程和特征许可系统。 安全系统使用安全的钥匙包装机构将LSK传送到LPS。 另一个特征是使用标准安全协议来保护各种网络通信链路。 应用程序消息,许可证模板,许可证都经过数字签名。 该系统灵活,配置为允许多个制造商通过使用许可证模板来允许各种功能配置; 可扩展的,因为可以使用多个LPS主机来服务多个编程站; 并且可用于从CLS到LPS的许可证签名能力的授权消除了对不可靠的因特网连接的依赖。 冗余LPS主机为高容量许可证配置提供了高水平的可用性。 系统是可追溯的:许可证和设备关联被复制回CLS以提供完整的许可证请求和生成可追溯性。
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.028 秒)
