-
公开(公告)号:US09130928B2
公开(公告)日:2015-09-08
申请号:US13087847
申请日:2011-04-15
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
CPC分类号: H04L63/0823 , G06F21/572 , H04L63/06 , H04L2463/102
摘要: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.
摘要翻译: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。
-
公开(公告)号:US20110258685A1
公开(公告)日:2011-10-20
申请号:US13087847
申请日:2011-04-15
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
CPC分类号: H04L63/0823 , G06F21/572 , H04L63/06 , H04L2463/102
摘要: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.
摘要翻译: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。
-
3.发明授权Online secure device provisioning with online device binding using whitelists 有权使用白名单的在线安全设备配置与在线设备绑定公开(公告)号:US08627083B2
公开(公告)日:2014-01-07
申请号:US13267672
申请日:2011-10-06
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号: H04L9/32
CPC分类号: H04L9/006 , H04L9/0891 , H04L9/14 , H04L9/321
摘要: One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
摘要翻译: 提供一个或多个服务器,包括会话管理器,认证模块,授权模块,加密模块,数据库和协议处理程序。 会话管理器被配置为从网络启用的设备接收新的身份数据的请求。 通过验证请求消息的签名以及由更新服务器信任的证书链,通过其认证模块,更新服务器首先对每个请求进行认证。 授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。 数据库被配置为接收由身份数据生成系统生成的新的身份记录。 每个新的身份记录都包含一个新的标识符。 新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接,因此所有新的身份记录都是独立生成的,然后加载到更新服务器。
-
4.发明申请公开(公告)号:US20120089839A1
公开(公告)日:2012-04-12
申请号:US13267672
申请日:2011-10-06
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
CPC分类号: H04L9/006 , H04L9/0891 , H04L9/14 , H04L9/321
摘要: One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
摘要翻译: 提供一个或多个服务器,包括会话管理器,认证模块,授权模块,加密模块,数据库和协议处理程序。 会话管理器被配置为从网络启用的设备接收新的身份数据的请求。 通过验证请求消息的签名以及由更新服务器信任的证书链,通过其认证模块,更新服务器首先对每个请求进行认证。 授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。 数据库被配置为接收由身份数据生成系统生成的新的身份记录。 每个新的身份记录都包含一个新的标识符。 新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接,因此所有新的身份记录都是独立生成的,然后加载到更新服务器。
-
5.发明申请ONLINE SECURE DEVICE PROVISIONING WITH UPDATED OFFLINE IDENTITY DATA GENERATION AND OFFLINE DEVICE BINDING 审中-公开在线安全设备提供更新的离线身份数据生成和离线设备绑定公开(公告)号:US20110258434A1
公开(公告)日:2011-10-20
申请号:US13087972
申请日:2011-04-15
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Greg N. Nakanishi , Jason A. Pasion , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Greg N. Nakanishi , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号: H04L9/00
CPC分类号: H04L63/062 , H04L9/006 , H04L9/0825 , H04L9/0866 , H04L9/0891 , H04L63/0823
摘要: A system for generating new identity data for network-enabled devices includes a whitelist reader configured to extract attributes from a whitelist. The whitelist includes, for each device specified in the whitelist, a previously assigned identifier of the first type. The previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices. A data retrieval module is configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto. A new data generation module is configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type, (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key. A data output module is configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type.
摘要翻译: 用于为启用网络的设备生成新的身份数据的系统包括被配置为从白名单中提取属性的白名单阅读器。 对于白名单中指定的每个设备,白名单包括先前分配的第一类型的标识符。 先前分配的第一类型的标识符被链接到先前在每个相应设备中提供的标识数据。 数据检索模块被配置为从白名单读取器接收第一类型的标识符,并且基于每个标识符,检索与之相关联的先前提供的身份数据记录中的每一个。 新的数据生成模块被配置为(i)获得与先前在白名单上指定的设备中提供的身份数据和第一类型的相应标识符相关联的密码密钥,(ii)生成新的身份数据记录, 新标识符和(iii)使用密码密钥之一加密每个新的身份数据记录,并将每个新的身份数据记录链接到与每个相应密码密钥对应的第一类型的标识符。 数据输出模块被配置为将加密的新身份数据记录及其各自的新标识符及其各自先前分配的第一类型的标识符加载到外部源上。
-
公开(公告)号:US08374338B2
公开(公告)日:2013-02-12
申请号:US12708171
申请日:2010-02-18
IPC分类号: H04K1/00
CPC分类号: H04L9/088 , H04L2209/60
摘要: In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.
摘要翻译: 在一种用于测试客户端设备的传输分组解密模块的方法中,使用内容解密密钥梯形图在测试加密控制字上实现传输分组解密模块的第一解密操作,以导出测试控制字,第二解密操作 的传输分组解密模块通过预定的内容解密算法使用测试控制字在一个或多个测试传输分组上实现,从解密的传输分组导出KIV,并将导出的KIV与存储在客户端中的值进行比较 设备来验证客户端设备的传输分组解密模块是否正常工作。
-
公开(公告)号:US20100215171A1
公开(公告)日:2010-08-26
申请号:US12708171
申请日:2010-02-18
IPC分类号: H04K1/00
CPC分类号: H04L9/088 , H04L2209/60
摘要: In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.
摘要翻译: 在一种用于测试客户端设备的传输分组解密模块的方法中,使用内容解密密钥梯形图在测试加密控制字上实现传输分组解密模块的第一解密操作,以导出测试控制字,第二解密操作 的传输分组解密模块通过预定的内容解密算法使用测试控制字在一个或多个测试传输分组上实现,从解密的传输分组导出KIV,并将导出的KIV与存储在客户端中的值进行比较 设备来验证客户端设备的传输分组解密模块是否正常工作。
-
公开(公告)号:US20110138177A1
公开(公告)日:2011-06-09
申请号:US12961455
申请日:2010-12-06
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , John H. Kim
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , John H. Kim
CPC分类号: H04L9/006 , H04L9/083 , H04L9/3263
摘要: A method is provided for updating network-enabled devices with new identity data. The method includes requesting new identity data for a plurality of network-enabled devices and receiving notification that the new identity data is ready to be delivered to the plurality of network-enabled devices. A software object is delivered to the plurality of network-enabled devices over a first communications network. Each of the software objects is configured to cause the network-enabled devices to download the new identity data to the respective network-enabled device over a second communications network and install the new identity data at a time based at least in part on information included with the software object.
摘要翻译: 提供了一种用于使用新的身份数据更新启用网络的设备的方法。 该方法包括向多个启用网络的设备请求新的身份数据,并接收新的身份数据准备好被传送到多个启用网络的设备的通知。 通过第一通信网络将软件对象传送到多个启用网络的设备。 每个软件对象被配置为使得网络启用的设备通过第二通信网络将新的身份数据下载到相应的启用网络的设备,并且至少部分地基于与 软件对象。
-
公开(公告)号:US20120213370A1
公开(公告)日:2012-08-23
申请号:US13150636
申请日:2011-06-01
IPC分类号: H04L9/08
CPC分类号: G06F21/57
摘要: A method and system generates and distributes unique cryptographic device keys. The method includes generating at least a first device key and encrypting the first device key with a first encrypting key to produce a first encrypted copy of the device key. The method also includes encrypting the first device key with a second encrypting key to produce a second encrypted copy of the device key. The second encrypting key is different from said first encrypting key. The first and second encrypted copies of the device keys are associated with a device ID identifying a computing device being manufactured. The second encrypted copy of the device key is loaded onto the computing device. The first encrypted copy of the device key and the device ID with which it is associated are stored onto at least one server for subsequent use after the computing device has been deployed to a customer.
摘要翻译: 方法和系统生成和分发唯一的加密设备密钥。 该方法包括至少生成第一设备密钥并用第一加密密钥加密第一设备密钥以产生设备密钥的第一加密副本。 该方法还包括用第二加密密钥加密第一设备密钥以产生设备密钥的第二加密副本。 第二加密密钥与所述第一加密密钥不同。 设备密钥的第一和第二加密副本与标识正在制造的计算设备的设备ID相关联。 设备密钥的第二个加密副本被加载到计算设备上。 在将计算设备部署到客户之后,设备密钥的第一加密副本和与其相关联的设备ID被存储在至少一个服务器上用于随后的使用。
-
10.发明授权Method and apparatus for a configurable online public key infrastructure (PKI) management system 有权可配置在线公钥基础设施(PKI)管理系统的方法和装置公开(公告)号:US08370626B2
公开(公告)日:2013-02-05
申请号:US12854922
申请日:2010-08-12
申请人: Jiajing Liu , Thomas J. Barbour , Liqiang Chen , Ying Chen , Wei Lin Chou , Christopher P. Gardner , Stuart P. Moskovics , Xin Qiu , Chia Ling Tsai , Ting Yao
发明人: Jiajing Liu , Thomas J. Barbour , Liqiang Chen , Ying Chen , Wei Lin Chou , Christopher P. Gardner , Stuart P. Moskovics , Xin Qiu , Chia Ling Tsai , Ting Yao
IPC分类号: H04L9/00
CPC分类号: H04L9/3265 , H04L9/007
摘要: A method and apparatus are provided for generating identity data to be provisioned in product devices that are a part of a project. The method includes establishing a template associated with each CA in a hierarchical chain of CAs having a root CA at a highest level in the chain and a signing CA at a lowest level in the chain. The template associated with the signing CA inherits mandatory attribute fields specified in the root CA and any intermediate CA in the hierarchical chain. The mandatory attribute fields are user-specifiable fields to be populated with PKI data. A configuration file is generated upon receipt of an order for digital certificates using PKI data provided by a user to populate the mandatory attribute fields of the template associated with the signing CA. The digital certificates requested in the order are generated using the PKI data in the configuration file.
摘要翻译: 提供了一种用于生成作为项目的一部分的产品设备中提供的身份数据的方法和装置。 该方法包括在具有链中最高级别的根CA的CA的分级链中建立与每个CA相关联的模板以及链中最低级的签名CA。 与签名CA相关联的模板继承根CA中指定的强制属性字段和层级链中的任何中间CA。 强制属性字段是要填充PKI数据的用户指定字段。 使用由用户提供的PKI数据接收到数字证书的订单时,生成配置文件来填充与签名CA相关联的模板的强制属性字段。 使用配置文件中的PKI数据生成订单中请求的数字证书。
-
-
-
-
-
-
-
-
-
搜索结果
54 条记录 (耗时 0.037 秒)
