公开(公告)号：WO2011130712A3

公开(公告)日：2012-02-02

申请号：PCT/US2011032788

申请日：2011-04-15

Applicant: GEN INSTRUMENT CORP ,  QIU XIN ,  MEDVINSKY ALEXANDER ,  MOSKOVICS STUART P ,  PASION JASON A ,  SPRUNK ERIC J ,  WANG FAN ,  YAO TING

Inventor： QIU XIN ,  MEDVINSKY ALEXANDER ,  MOSKOVICS STUART P ,  PASION JASON A ,  SPRUNK ERIC J ,  WANG FAN ,  YAO TING

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  G06F21/572 ,  H04L63/06 ,  H04L2463/102

Abstract: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.

Abstract translation: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。

公开(公告)号：WO2012040393A3

公开(公告)日：2012-06-14

申请号：PCT/US2011052656

申请日：2011-09-21

Applicant: GEN INSTRUMENT CORP ,  ZHENG JINSONG ,  CHAN TAT KEUNG ,  CHEN LIQIANG ,  NAKANISHI GREG N ,  PASION JASON A ,  QIU XIN ,  YAO TING

Inventor： ZHENG JINSONG ,  CHAN TAT KEUNG ,  CHEN LIQIANG ,  NAKANISHI GREG N ,  PASION JASON A ,  QIU XIN ,  YAO TING

IPC: G06F7/04

CPC classification number: G06F21/105 ,  G06Q30/06 ,  G06Q2220/18

Abstract: Disclosed is a manufacturing process and feature licensing system for provisioning personalized (device-unique) licenses to devices. The system uses a secure key wrapping mechanism to deliver the LSK to LPS. Additionally, various network communication links are secured using standard security protocol. Further, application messages, license templates, licenses are digitally signed. The system is configured to allow multiple manufacturers and to allow various feature configurations via the use of License Template. The system is scalable, as it is possible to use multiple LPS hosts to serve multiple programming stations. The system is available in that the delegation of license signing capability from CLS to LPS eliminates the dependency on unreliable Internet connections. Redundant LPS hosts provide high level of availability required for high volume license provisioning. The system is traceable in that license and device association are replicated back to the CLS to provide full license request and generation traceability.

Abstract translation: 公开了一种用于向设备提供个性化（设备唯一）许可证的制造过程和特征许可系统。 该系统使用安全的钥匙包装机构将LSK送至LPS。 另外，使用标准安全协议来保护各种网络通信链路。 此外，应用程序消息，许可证模板，许可证都经过数字签名。 该系统配置为允许多个制造商通过使用许可证模板来允许各种功能配置。 该系统是可扩展的，因为可以使用多个LPS主机来服务多个编程站。 该系统是可用的，从CLS到LPS的许可证签名功能的委派消除了对不可靠的因特网连接的依赖。 冗余LPS主机提供高容量许可证配置所需的高可用性。 该系统是可追溯的，该许可证和设备关联被复制回CLS以提供完整的许可证请求和生成可追溯性。

公开(公告)号：WO2011130713A1

公开(公告)日：2011-10-20

申请号：PCT/US2011/032789

申请日：2011-04-15

Applicant: GENERAL INSTRUMENT CORPORATION ,  QIU, Xin ,  MEDVINSKY, Alexander ,  MOSKOVICS, Stuart, P. ,  NAKANISHI, Greg, N. ,  PASION, Jason, A. ,  WANG, Fan ,  YAO, Ting

Inventor： QIU, Xin ,  MEDVINSKY, Alexander ,  MOSKOVICS, Stuart, P. ,  NAKANISHI, Greg, N. ,  PASION, Jason, A. ,  WANG, Fan ,  YAO, Ting

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L63/062 ,  H04L9/006 ,  H04L9/0825 ,  H04L9/0866 ,  H04L9/0891 ,  H04L63/0823

Abstract: A system for generating new identity data for network-enabled devices includes a whitelist reader configured to extract attributes from a whitelist. The whitelist includes, for each device specified in the whitelist, a previously assigned identifier of the first type. The previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices. A data retrieval module is configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto. A new data generation module is configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type, (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key. A data output module is configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type.

Abstract translation: 用于为启用网络的设备生成新的身份数据的系统包括被配置为从白名单中提取属性的白名单阅读器。 对于白名单中指定的每个设备，白名单包括先前分配的第一类型的标识符。 先前分配的第一类型的标识符被链接到先前在每个相应设备中提供的标识数据。 数据检索模块被配置为从白名单读取器接收第一类型的标识符，并且基于每个标识符检索与之相关联的之前提供的标识数据记录中的每一个。 新的数据生成模块被配置为（i）获得与先前在白名单上指定的设备中提供的身份数据和第一类型的相应标识符相关联的加密密钥，（ii）生成新的身份数据记录，每个连接到 新的标识符和（iii）使用密码密钥之一加密每个新的身份数据记录，并将每个新的身份数据记录链接到与每个相应密码密钥对应的第一类型的标识符。 数据输出模块被配置为将加密的新身份数据记录及其各自的新标识符及其各自先前分配的第一类型的标识符加载到外部源上。

公开(公告)号：WO2012040393A2

公开(公告)日：2012-03-29

申请号：PCT/US2011/052656

申请日：2011-09-21

Applicant: GENERAL INSTRUMENT CORPORATION ,  ZHENG, Jinsong ,  CHAN, Tat Keung ,  CHEN, Liqiang ,  NAKANISHI, Greg N. ,  PASION, Jason A. ,  QIU, Xin ,  YAO, Ting

Inventor： ZHENG, Jinsong ,  CHAN, Tat Keung ,  CHEN, Liqiang ,  NAKANISHI, Greg N. ,  PASION, Jason A. ,  QIU, Xin ,  YAO, Ting

IPC: G06Q30/06

CPC classification number: G06F21/105 ,  G06Q30/06 ,  G06Q2220/18

Abstract: Disclosed is a manufacturing process and feature licensing system for provisioning personalized (device-unique) licenses to devices, with the following characteristics. The system is secure in that it uses a secure key wrapping mechanism to deliver the LSK to LPS. Another feature is that various network communication links are secured using standard security protocol. Further, application messages, license templates, licenses are digitally signed. The system is also flexible because it is configured to allow multiple manufacturers and to allow various feature configurations via the use of License Template. The system is also scalable, as it is possible to use multiple LPS hosts to serve multiple programming stations. The system is available in that the delegation of license signing capability from CLS to LPS eliminates the dependency on unreliable Internet connections. Redundant LPS hosts provide high level of availability required for high volume license provisioning. The system is traceable in that license and device association are replicated back to the CLS to provide full license request and generation traceability, characteristics are crucial for subsequent license upgrades in the field.

Abstract translation: 公开了一种用于向设备提供个性化（设备唯一）许可证的制造过程和特征许可系统，具有以下特征。 该系统是安全的，因为它使用安全的钥匙包装机构将LSK传送到LPS。 另一个特征是使用标准安全协议来保护各种网络通信链路。 此外，应用程序消息，许可证模板，许可证都经过数字签名。 该系统也是灵活的，因为它被配置为允许多个制造商通过使用许可证模板来允许各种功能配置。 该系统也是可扩展的，因为可以使用多个LPS主机来服务多个编程站。 该系统是可用的，从CLS到LPS的许可证签名功能的委派消除了对不可靠的因特网连接的依赖。 冗余LPS主机提供高容量许可证配置所需的高可用性。 该系统是可跟踪的，该许可证和设备关联被复制回CLS以提供完整的许可证请求和生成可追溯性，特性对于该领域的后续许可证升级至关重要。

公开(公告)号：WO2011130712A2

公开(公告)日：2011-10-20

申请号：PCT/US2011/032788

申请日：2011-04-15

Applicant: GENERAL INSTRUMENT CORPORATION ,  QIU, Xin ,  MEDVINSKY, Alexander ,  MOSKOVICS, Stuart, P. ,  PASION, Jason, A. ,  SPRUNK, Eric, J. ,  WANG, Fan ,  YAO, Ting

Inventor： QIU, Xin ,  MEDVINSKY, Alexander ,  MOSKOVICS, Stuart, P. ,  PASION, Jason, A. ,  SPRUNK, Eric, J. ,  WANG, Fan ,  YAO, Ting

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  G06F21/572 ,  H04L63/06 ,  H04L2463/102

Abstract: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.

Abstract translation: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。