公开(公告)号：WO2011019898A1

公开(公告)日：2011-02-17

申请号：PCT/US2010/045300

申请日：2010-08-12

Applicant: GENERAL INSTRUMENT CORPORATION ,  CHOU, Wie Lin ,  BARBOUR, T. j. ,  CHEN, Liqiang ,  CHEN, Ying ,  GARDNER, Chris ,  LIU, Anthony ,  OO, Oscar ,  QIU, Xin ,  STEWART, Kyle ,  TSAI, Annie ,  WANG, Fan ,  YAO, Ting

Inventor： CHOU, Wie Lin ,  BARBOUR, T. j. ,  CHEN, Liqiang ,  CHEN, Ying ,  GARDNER, Chris ,  LIU, Anthony ,  OO, Oscar ,  QIU, Xin ,  STEWART, Kyle ,  TSAI, Annie ,  WANG, Fan ,  YAO, Ting

IPC: H04L9/28

CPC classification number: H04L9/006 ,  H04L9/3265

Abstract: A method and apparatus is provided for establishing a process for provisioning a digital certificate service delivered by a PKI system. The method includes receiving a request for a digital certificate service and receiving data specifying a project that includes at least one product to be provisioned with a digital certificate. Data specifying an identification of an owner organization of the project and at least one participant organization participating in the project is also received. Attributes with which PKI data to be included in the digital certificates is to comply is received from the owner organization. Based on the received data and attributes, an account is established for each of the organizations associated with the project through which users associated with each of the organizations can respectively request digital certificates for the at least one product in accordance with the attributes received from the owner organization.

Abstract translation: 提供了一种用于建立用于提供由PKI系统提供的数字证书服务的过程的方法和装置。 该方法包括接收对数字证书服务的请求，并且接收指定项目的数据，所述项目包括至少一个要被提供数字证书的产品。 还收到了指定项目所有者组织的标识和参与该项目的至少一个参与组织的数据。 从所有者组织收到要包含在数字证书中的PKI数据符合的属性。 根据接收到的数据和属性，为与项目相关联的每个组织建立一个帐户，通过该帐户，与每个组织相关联的用户可以根据从所有者收到的属性分别为至少一个产品请求数字证书 组织。

公开(公告)号：WO2012040393A2

公开(公告)日：2012-03-29

申请号：PCT/US2011/052656

申请日：2011-09-21

Applicant: GENERAL INSTRUMENT CORPORATION ,  ZHENG, Jinsong ,  CHAN, Tat Keung ,  CHEN, Liqiang ,  NAKANISHI, Greg N. ,  PASION, Jason A. ,  QIU, Xin ,  YAO, Ting

Inventor： ZHENG, Jinsong ,  CHAN, Tat Keung ,  CHEN, Liqiang ,  NAKANISHI, Greg N. ,  PASION, Jason A. ,  QIU, Xin ,  YAO, Ting

IPC: G06Q30/06

CPC classification number: G06F21/105 ,  G06Q30/06 ,  G06Q2220/18

Abstract: Disclosed is a manufacturing process and feature licensing system for provisioning personalized (device-unique) licenses to devices, with the following characteristics. The system is secure in that it uses a secure key wrapping mechanism to deliver the LSK to LPS. Another feature is that various network communication links are secured using standard security protocol. Further, application messages, license templates, licenses are digitally signed. The system is also flexible because it is configured to allow multiple manufacturers and to allow various feature configurations via the use of License Template. The system is also scalable, as it is possible to use multiple LPS hosts to serve multiple programming stations. The system is available in that the delegation of license signing capability from CLS to LPS eliminates the dependency on unreliable Internet connections. Redundant LPS hosts provide high level of availability required for high volume license provisioning. The system is traceable in that license and device association are replicated back to the CLS to provide full license request and generation traceability, characteristics are crucial for subsequent license upgrades in the field.

Abstract translation: 公开了一种用于向设备提供个性化（设备唯一）许可证的制造过程和特征许可系统，具有以下特征。 该系统是安全的，因为它使用安全的钥匙包装机构将LSK传送到LPS。 另一个特征是使用标准安全协议来保护各种网络通信链路。 此外，应用程序消息，许可证模板，许可证都经过数字签名。 该系统也是灵活的，因为它被配置为允许多个制造商通过使用许可证模板来允许各种功能配置。 该系统也是可扩展的，因为可以使用多个LPS主机来服务多个编程站。 该系统是可用的，从CLS到LPS的许可证签名功能的委派消除了对不可靠的因特网连接的依赖。 冗余LPS主机提供高容量许可证配置所需的高可用性。 该系统是可跟踪的，该许可证和设备关联被复制回CLS以提供完整的许可证请求和生成可追溯性，特性对于该领域的后续许可证升级至关重要。

公开(公告)号：WO2011130712A2

公开(公告)日：2011-10-20

申请号：PCT/US2011/032788

申请日：2011-04-15

Applicant: GENERAL INSTRUMENT CORPORATION ,  QIU, Xin ,  MEDVINSKY, Alexander ,  MOSKOVICS, Stuart, P. ,  PASION, Jason, A. ,  SPRUNK, Eric, J. ,  WANG, Fan ,  YAO, Ting

Inventor： QIU, Xin ,  MEDVINSKY, Alexander ,  MOSKOVICS, Stuart, P. ,  PASION, Jason, A. ,  SPRUNK, Eric, J. ,  WANG, Fan ,  YAO, Ting

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  G06F21/572 ,  H04L63/06 ,  H04L2463/102

Abstract: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.

Abstract translation: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。

公开(公告)号：WO2011130713A1

公开(公告)日：2011-10-20

申请号：PCT/US2011/032789

申请日：2011-04-15

Applicant: GENERAL INSTRUMENT CORPORATION ,  QIU, Xin ,  MEDVINSKY, Alexander ,  MOSKOVICS, Stuart, P. ,  NAKANISHI, Greg, N. ,  PASION, Jason, A. ,  WANG, Fan ,  YAO, Ting

Inventor： QIU, Xin ,  MEDVINSKY, Alexander ,  MOSKOVICS, Stuart, P. ,  NAKANISHI, Greg, N. ,  PASION, Jason, A. ,  WANG, Fan ,  YAO, Ting

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L63/062 ,  H04L9/006 ,  H04L9/0825 ,  H04L9/0866 ,  H04L9/0891 ,  H04L63/0823

Abstract: A system for generating new identity data for network-enabled devices includes a whitelist reader configured to extract attributes from a whitelist. The whitelist includes, for each device specified in the whitelist, a previously assigned identifier of the first type. The previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices. A data retrieval module is configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto. A new data generation module is configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type, (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key. A data output module is configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type.

Abstract translation: 用于为启用网络的设备生成新的身份数据的系统包括被配置为从白名单中提取属性的白名单阅读器。 对于白名单中指定的每个设备，白名单包括先前分配的第一类型的标识符。 先前分配的第一类型的标识符被链接到先前在每个相应设备中提供的标识数据。 数据检索模块被配置为从白名单读取器接收第一类型的标识符，并且基于每个标识符检索与之相关联的之前提供的标识数据记录中的每一个。 新的数据生成模块被配置为（i）获得与先前在白名单上指定的设备中提供的身份数据和第一类型的相应标识符相关联的加密密钥，（ii）生成新的身份数据记录，每个连接到 新的标识符和（iii）使用密码密钥之一加密每个新的身份数据记录，并将每个新的身份数据记录链接到与每个相应密码密钥对应的第一类型的标识符。 数据输出模块被配置为将加密的新身份数据记录及其各自的新标识符及其各自先前分配的第一类型的标识符加载到外部源上。

公开(公告)号：WO2011130711A2

公开(公告)日：2011-10-20

申请号：PCT/US2011/032787

申请日：2011-04-15

Applicant: GENERAL INSTRUMENT CORPORATION ,  QIU, Xin ,  YAO, Ting

Inventor： QIU, Xin ,  YAO, Ting

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/10

Abstract: A method for managing identifiers associated with network-enabled devices and used in an identity data system provisioning the network-enabled devices with identity data includes receiving a first set data that includes a previously assigned identifier for one or more of the network-enabled devices that are authorized to be provisioned with new identity data. If identity data is currently installed on the one or more network-enabled devices, each of the previously assigned identifiers in the first set of data is associated with a corresponding identifier linked to the identity data currently installed on the one or more network-enabled devices to establish a second set of data. New identity data is bound to each of the one or more network-enabled devices by assigning a new identifier linked with the new identity data to each of the one or more network-enabled devices to establish a whitelist. The whitelist specifies, for each of the one or more network-enabled devices, its previously assigned identifier, its corresponding identifier and its new identifier that is linked with the new identity data.

Abstract translation: 一种用于管理与启用网络的设备相关联并在身份数据系统中配置具有身份数据的启用网络的设备的标识符的方法包括：接收第一组数据，该第一组数据包括先前分配的一个或多个网络使能设备的标识符， 被授权提供新的身份数据。 如果身份数据当前安装在一个或多个启用网络的设备上，则第一组数据中先前分配的标识符中的每一个都与与当前安装在一个或多个启用网络的设备上的身份数据链接的对应标识符相关联 建立第二组数据。 通过将与新的身份数据链接的新标识符分配给一个或多个启用网络的设备中的每一个来建立白名单，将新的身份数据绑定到一个或多个网络启用设备中的每一个。 白名单为一个或多个网络启用设备中的每一个指定其先前分配的标识符，其对应的标识符及其与新的身份数据链接的新标识符。

公开(公告)号：WO2014164034A1

公开(公告)日：2014-10-09

申请号：PCT/US2014/020074

申请日：2014-03-04

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： MEDVINSKY, Alexander ,  QUI, Xin ,  VOSS, Joel D. ,  YAO, Ting

IPC: H04L29/06 ,  H04L9/00 ,  H04L9/08

CPC classification number: H04L9/006 ,  H04L9/0825 ,  H04L9/0866 ,  H04L9/3268 ,  H04L63/062 ,  H04L63/0823

Abstract: A method is provided for updating identity data on network-enabled devices (124). The method provides for providing certificate signing requests and/or device identifiers to an external trust authority ((120), (218)), which in response generates digital certificates and/or key pairs (218). The generated digital certificates and/or key pairs can be provided to a network-enabled device ((124), (226)) in response to an update request (224).

Abstract translation: 提供了一种用于在启用网络的设备（124）上更新身份数据的方法。 该方法提供向外部信任机构（（120），（218））提供证书签发请求和/或设备标识符，其响应于生成数字证书和/或密钥对（218）。 响应于更新请求（224），生成的数字证书和/或密钥对可以被提供给启用网络的设备（（124），（226））。

公开(公告)号：WO2014120436A2

公开(公告)日：2014-08-07

申请号：PCT/US2014/011540

申请日：2014-01-14

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： YAO, Ting ,  QIU, Xin ,  MEDVINSKY, Alexander

IPC: H04L29/06

CPC classification number: H04L63/062 ,  H04L9/0891

Abstract: A method is provided for updating identity data on devices. The method provides for acquiring a device comprising a component associated with a component identifier and having a One Time Programmable Key installed on the component, submitting the component identifier and the One Time Programmable Key to an External Trust Authority, receiving new identity data tied to the component identifier from the External Trust Authority that is encrypted with the One Time Programmable Key, loading the new identity data onto an Update Server, receiving a request at the Update Server from the device that requests new identity data, and providing the new identity data upon receipt of the request, upon which the device decrypts and installs the identity data using the One Time Programmable Key installed on the component within the device.

Abstract translation: 提供了一种用于更新设备上的身份数据的方法。 该方法提供用于获取包括与组件标识符相关联的组件并且具有安装在组件上的一次性可编程密钥的组件的设备，将组件标识符和一次性可编程密钥提交给外部信任机构，接收与 来自外部信任机构的组件标识符，其使用一次性可编程密钥加密，将新的身份数据加载到更新服务器上，从请求新身份数据的设备在更新服务器处接收请求，以及提供新的身份数据 接收请求，设备使用安装在设备中的组件上的一次性可编程密钥解密并安装身份数据。

公开(公告)号：WO2013130222A2

公开(公告)日：2013-09-06

申请号：PCT/US2013/024624

申请日：2013-02-04

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： TSAI, Chia Ling ,  QIU, Xin ,  YAO, Ting

CPC classification number: G06F17/30595 ,  H04L63/0823

Abstract: A method and apparatus is provided for maintaining inventory levels of identity data to be provisioned in electronic devices. The method includes monitoring over a communications network inventory levels of identity data records stored on a plurality of identity data personalization servers that each provision electronic devices with an identity data record. Additionally, if the inventory level on at least one of the identity data personalization servers falls below a minimum specified level, a refill request is sent to an identity data management authority requesting that additional identity data records be uploaded to the identity data personalization server.

Abstract translation: 提供了一种用于维护在电子设备中提供的身份数据的库存水平的方法和装置。 该方法包括监视存储在多个身份数据个性化服务器上​​的身份数据记录的通信网络库存水平，每个身份数据记录提供具有身份数据记录的电子设备。 此外，如果至少一个身份数据个性化服务器上​​的库存级别低于最小指定级别，则向身份数据管理机构发送重新填充请求，请求将附加的身份数据记录上传到身份数据个性化服务器。