公开(公告)号：WO2011130711A3

公开(公告)日：2014-05-01

申请号：PCT/US2011032787

申请日：2011-04-15

Applicant: GEN INSTRUMENT CORP ,  QIU XIN ,  YAO TING

Inventor： QIU XIN ,  YAO TING

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/10

Abstract: A method for managing identifiers associated with network-enabled devices and used in an identity data system provisioning the network-enabled devices with identity data includes receiving a first set data that includes a previously assigned identifier for one or more of the network-enabled devices that are authorized to be provisioned with new identity data. If identity data is currently installed on the one or more network-enabled devices, each of the previously assigned identifiers in the first set of data is associated with a corresponding identifier linked to the identity data currently installed on the one or more network-enabled devices to establish a second set of data. New identity data is bound to each of the one or more network-enabled devices by assigning a new identifier linked with the new identity data to each of the one or more network-enabled devices to establish a whitelist. The whitelist specifies, for each of the one or more network-enabled devices, its previously assigned identifier, its corresponding identifier and its new identifier that is linked with the new identity data.

Abstract translation: 一种用于管理与启用网络的设备相关联并在身份数据系统中配置具有身份数据的启用网络的设备的标识符的方法包括：接收第一组数据，该第一组数据包括先前分配的一个或多个网络使能设备的标识符， 被授权提供新的身份数据。 如果身份数据当前安装在一个或多个启用网络的设备上，则第一组数据中先前分配的标识符中的每一个都与与当前安装在一个或多个启用网络的设备上的身份数据链接的对应标识符相关联 建立第二组数据。 通过将与新的身份数据链接的新标识符分配给一个或多个启用网络的设备中的每一个来建立白名单，将新的身份数据绑定到一个或多个网络启用设备中的每一个。 白名单为一个或多个网络启用设备中的每一个指定其先前分配的标识符，其对应的标识符及其与新的身份数据链接的新标识符。

公开(公告)号：WO2011097550A3

公开(公告)日：2013-04-11

申请号：PCT/US2011023860

申请日：2011-02-07

Applicant: GEN INSTRUMENT CORP ,  ZHENG JINSONG ,  BARBOUR THOMAS J ,  CHAN TAT KEUNG ,  GARDNER CHRISTOPHER P ,  GREGOTSKI MARK E ,  QIU XIN

Inventor： ZHENG JINSONG ,  BARBOUR THOMAS J ,  CHAN TAT KEUNG ,  GARDNER CHRISTOPHER P ,  GREGOTSKI MARK E ,  QIU XIN

IPC: G06Q30/00

CPC classification number: G06Q30/00 ,  G06Q30/0601 ,  G06Q30/0641

Abstract: A system enables customers to provision devices with feature licenses that enable specified features in the devices. The system includes a feature definition module configured to store product feature information associated with different products available from a plurality of different manufacturers. The system also includes a feature license management module configured to generate, update and revoke feature licenses. The feature licenses that are generated all have a common format. The system further includes a feature credit management module configured to monitor and account for feature credits available to customer organization units. A user management module is also provided in the system, which is configured to authenticate users of the system. A user interface is accessible over a communications network through which authenticated users can request and receive feature licenses.

Abstract translation: 系统使客户能够为设备提供功能许可证，从而可以实现设备中的指定功能。 该系统包括特征定义模块，其被配置为存储与多个不同制造商可用的不同产品相关联的产品特征信息。 该系统还包括功能许可证管理模块，用于生成，更新和撤销功能许可证。 生成的功能许可证都具有通用格式。 该系统还包括功能信用管理模块，其被配置为监视和考虑可用于客户组织单元的功能信用。 系统中还提供用户管理模块，该用户管理模块被配置为对系统的用户进行认证。 通过通信网络访问用户界面，通过该网络，经过身份验证的用户可以通过该网络请求和接收功能许

公开(公告)号：WO2012112273A1

公开(公告)日：2012-08-23

申请号：PCT/US2012/022725

申请日：2012-01-26

Applicant: GENERAL INSTRUMENT CORPORATION ,  MOSKOVICS, Stuart P. ,  QIU, Xin ,  VOSS, Joel D. ,  MEDVINSKY, Alexander

Inventor： MOSKOVICS, Stuart P. ,  QIU, Xin ,  VOSS, Joel D. ,  MEDVINSKY, Alexander

IPC: G06F21/00

CPC classification number: G06F21/57

Abstract: A method and system generates and distributes unique cryptographic device keys. The method includes generating at least a first device key and encrypting the first device key with a first encrypting key to produce a first encrypted copy of the device key. The method also includes encrypting the first device key with a second encrypting key to produce a second encrypted copy of the device key. The second encrypting key is different from said first encrypting key. The first and second encrypted copies of the device keys are associated with a device ID identifying a computing device being manufactured. The second encrypted copy of the device key is loaded onto the computing device. The first encrypted copy of the device key and the device ID with which it is associated are stored onto at least one server for subsequent use after the computing device has been deployed to a customer.

Abstract translation: 方法和系统生成和分发唯一的加密设备密钥。 该方法包括至少生成第一设备密钥并用第一加密密钥加密第一设备密钥以产生设备密钥的第一加密副本。 该方法还包括用第二加密密钥加密第一设备密钥以产生设备密钥的第二加密副本。 第二加密密钥与所述第一加密密钥不同。 设备密钥的第一和第二加密副本与标识正在制造的计算设备的设备ID相关联。 设备密钥的第二个加密副本被加载到计算设备上。 在将计算设备部署到客户之后，设备密钥的第一加密副本和与其相关联的设备ID被存储在至少一个服务器上用于随后的使用。

公开(公告)号：WO2011130712A3

公开(公告)日：2012-02-02

申请号：PCT/US2011032788

申请日：2011-04-15

Applicant: GEN INSTRUMENT CORP ,  QIU XIN ,  MEDVINSKY ALEXANDER ,  MOSKOVICS STUART P ,  PASION JASON A ,  SPRUNK ERIC J ,  WANG FAN ,  YAO TING

Inventor： QIU XIN ,  MEDVINSKY ALEXANDER ,  MOSKOVICS STUART P ,  PASION JASON A ,  SPRUNK ERIC J ,  WANG FAN ,  YAO TING

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  G06F21/572 ,  H04L63/06 ,  H04L2463/102

Abstract: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.

Abstract translation: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。

公开(公告)号：WO2011019906A1

公开(公告)日：2011-02-17

申请号：PCT/US2010/045310

申请日：2010-08-12

Applicant: GENERAL INSTRUMENT CORPORATION ,  TSAI, Annie ,  MEDVINSKY, Sasha ,  QIU, Xin ,  STEWART, Kyle ,  WANG, Fan

Inventor： TSAI, Annie ,  MEDVINSKY, Sasha ,  QIU, Xin ,  STEWART, Kyle ,  WANG, Fan

IPC: H04L29/06

CPC classification number: H04L63/045 ,  G06F21/6218 ,  G06F21/64 ,  H04L9/006 ,  H04L9/0825 ,  H04L9/3234 ,  H04L9/3265 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/123 ,  H04L2463/062

Abstract: A method is provided for securely delivering identity data units over a communications network to a client device. The method includes receiving a selection from a customer identifying a final zipped package to be unpacked. The final zipped package is unpacked to obtain a common package and a digital signature file signed by an entity generating identity data requested by the customer. The digital signature in the digital signature file is verified and the common package is unpacked to obtain a plurality of outer packages and an encrypted symmetric key. The symmetric key is decrypted with a private key associated with the customer and each of the outer packages is decrypted with the symmetric key to obtain a plurality of identity data units.

Abstract translation: 提供了一种用于通过通信网络将身份数据单元安全地传送到客户端设备的方法。 该方法包括从客户接收标识要解包的最终压缩包的选择。 最后的压缩包解包以获得由生成客户请求的身份数据的实体签名的公用包和数字签名文件。 验证数字签名文件中的数字签名，并解压缩公用包以获得多个外包和加密对称密钥。 对称密钥用与客户相关联的私钥解密，并且每个外部包都用对称密钥解密以获得多个身份数据单元。

公开(公告)号：WO2008082778A2

公开(公告)日：2008-07-10

申请号：PCT/US2007/083562

申请日：2007-11-05

Applicant: GENERAL INSTRUMENT CORPORATION ,  QIU, Xin ,  PETERKA, Petr ,  SPRUNK, Eric, J.

Inventor： QIU, Xin ,  PETERKA, Petr ,  SPRUNK, Eric, J.

IPC: H04L9/00

CPC classification number: H04L9/3268 ,  H04L2209/603

Abstract: An apparatus and method for providing at least one root certificate are disclosed. Specifically, a plurality of root certificates is received and stored. Afterwards, a request is received from a first endpoint device for a desired root certificate, where the desired root certificate is used by the first endpoint device to verify an identity of a second endpoint device. Furthermore, the first endpoint device and the second endpoint device are associated with different certificate hierarchies. The desired root certificate is then sent to at least the first endpoint device.

Abstract translation: 公开了一种用于提供至少一个根证书的装置和方法。 具体而言，接收并存储多个根证书。 之后，从第一端点设备接收针对期望的根证书的请求，其中期望的根证书由第一端点设备用来验证第二端点设备的标识。 此外，第一端点设备和第二端点设备与不同的证书层次关联。 然后将所需的根证书发送到至少第一个端点设备。

公开(公告)号：WO0077973A2

公开(公告)日：2000-12-21

申请号：PCT/US0015958

申请日：2000-06-09

Applicant: GEN INSTRUMENT CORP ,  QIU XIN ,  SPRUNK ERIC J ,  SIMON DANIEL Z ,  TANG LAWRENCE W ,  COOK LAWRENCE R

Inventor： QIU XIN ,  SPRUNK ERIC J ,  SIMON DANIEL Z ,  TANG LAWRENCE W ,  COOK LAWRENCE R

IPC: H04L9/10 ,  G06F9/302 ,  H04L9/08 ,  H04L9/30 ,  H04L9/00

CPC classification number: G06F9/3001 ,  G06F2207/7219 ,  H04L9/003 ,  H04L9/005 ,  H04L9/3013 ,  H04L9/302

Abstract: A cryptography circuit provides secure processing of data by utilizing countermeasures that combat timing and power attacks. Superfluous operations such as multiplication operations, modular reductions by an integer, storage of data to memory are available for use by a processor to disguise the amount of power usage and the amount of time required to perform a cryptographic operation. A cryptographic key is available for use in order to trigger when these emulated operations occur. The occurrences of the emulated operations in controlled by the user to provide the preferred tradeoff between security and use of resources.

Abstract translation: 加密电路通过利用对抗定时和电源攻击的对策来提供对数据的安全处理。 多余的操作（如乘法运算，整数模块化缩减，数据存储到存储器）可供处理器使用，以掩盖功率使用量和进行加密操作所需的时间。 可以使用加密密钥来在这些仿真操作发生时触发。 仿真操作的出现由用户控制，以提供资源的安全性和使用之间的首选权衡。

公开(公告)号：WO2021035364A1

公开(公告)日：2021-03-04

申请号：PCT/CA2020/051184

申请日：2020-08-28

Applicant: WOOD, David J. ,  ROTH, Stephanie D. ,  SHAKYO, Scott A. ,  VAN HEYST, William ,  QIU, Xin

Inventor： WOOD, David J. ,  ROTH, Stephanie D. ,  SHAKYO, Scott A. ,  VAN HEYST, William ,  QIU, Xin

IPC: B01D53/86

Abstract: Gaseous pollution control devices and methods of removing pollutants from air are described herein. The devices include a body having a first end, a second end opposed to the first end, an upper wall and a lower wall opposed to the upper wall that all co-operate to define a cavity of the body. The device also includes one or more barriers within the body that form one or more channels within the body. At least one barrier has a flow disruptor to disrupt the flow of gas through the one or more channels. The device also includes a light source arranged within the body to direct light into the one or more channels. At least a portion of an inner surface of the device is at least partially coated with a photocatalytic composite material and the light source is configured to illuminate the coated inner surface to activate the photocatalytic composite material to remove the gaseous pollutants.

公开(公告)号：WO2011130711A2

公开(公告)日：2011-10-20

申请号：PCT/US2011/032787

申请日：2011-04-15

Applicant: GENERAL INSTRUMENT CORPORATION ,  QIU, Xin ,  YAO, Ting

Inventor： QIU, Xin ,  YAO, Ting

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/10

Abstract: A method for managing identifiers associated with network-enabled devices and used in an identity data system provisioning the network-enabled devices with identity data includes receiving a first set data that includes a previously assigned identifier for one or more of the network-enabled devices that are authorized to be provisioned with new identity data. If identity data is currently installed on the one or more network-enabled devices, each of the previously assigned identifiers in the first set of data is associated with a corresponding identifier linked to the identity data currently installed on the one or more network-enabled devices to establish a second set of data. New identity data is bound to each of the one or more network-enabled devices by assigning a new identifier linked with the new identity data to each of the one or more network-enabled devices to establish a whitelist. The whitelist specifies, for each of the one or more network-enabled devices, its previously assigned identifier, its corresponding identifier and its new identifier that is linked with the new identity data.

Abstract translation: 一种用于管理与启用网络的设备相关联并在身份数据系统中配置具有身份数据的启用网络的设备的标识符的方法包括：接收第一组数据，该第一组数据包括先前分配的一个或多个网络使能设备的标识符， 被授权提供新的身份数据。 如果身份数据当前安装在一个或多个启用网络的设备上，则第一组数据中先前分配的标识符中的每一个都与与当前安装在一个或多个启用网络的设备上的身份数据链接的对应标识符相关联 建立第二组数据。 通过将与新的身份数据链接的新标识符分配给一个或多个启用网络的设备中的每一个来建立白名单，将新的身份数据绑定到一个或多个网络启用设备中的每一个。 白名单为一个或多个网络启用设备中的每一个指定其先前分配的标识符，其对应的标识符及其与新的身份数据链接的新标识符。

公开(公告)号：WO2012106576A1

公开(公告)日：2012-08-09

申请号：PCT/US2012/023728

申请日：2012-02-03

Applicant: GENERAL INSTRUMENT CORPORATION ,  GARDNER, Christopher P. ,  BAKER, Paul D. ,  CHAN, Tat Keung ,  MICHAUD, Ted R. ,  QIU, Xin ,  ZHENG, Jinsong

Inventor： GARDNER, Christopher P. ,  BAKER, Paul D. ,  CHAN, Tat Keung ,  MICHAUD, Ted R. ,  QIU, Xin ,  ZHENG, Jinsong

IPC: G06F21/00

CPC classification number: G06F21/10 ,  G06F2221/0768 ,  G06F2221/2105

Abstract: A method for providing a secure automated feature license update is disclosed. This method may be performed at a central license server. A license template including features for enablement on a device is generated. The license template is sent to an authorized user. A license update request is received from an entity. An updated license is generated by the central license server. A response is sent to the entity. A method for providing a secure automated feature license update is disclosed. This method may be performed at a device, e.g. an end-user device. A first feature set of a current license of a device is compared with a second feature set of a license template received by the device. A license update request is generated when there is a difference between the first feature set and the second feature set. The license update request is sent to a license server.

Abstract translation: 公开了一种用于提供安全的自动功能许可证更新的方法。 该方法可以在中央许可证服务器上执行。 生成包含设备启用功能的许可证模板。 许可证模板发送给授权用户。 从实体收到许可证更新请求。 更新的许可证由中央许可证服务器生成。 响应发送到实体。 公开了一种用于提供安全的自动功能许可证更新的方法。 该方法可以在设备，例如， 终端用户设备。 将设备的当前许可证的第一特征集与由设备接收的许可证模板的第二特征集进行比较。 当第一特征集和第二特征集之间存在差异时，生成许可更新请求。 许可证更新请求被发送到许可证服务器。