专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09246889B2 Layered protection and validation of identity data delivered online via multiple intermediate clients 有权
标题翻译：通过多个中间客户端在线发送的身份数据的分层保护和验证
公开(公告)号：US09246889B2
公开(公告)日：2016-01-26
申请号：US12854925
申请日：2010-08-12
申请人： Chia Ling Tsai , Alexander Medvinsky , Xin Qiu , Kyle W. Stewart , Fan Wang
发明人： Chia Ling Tsai , Alexander Medvinsky , Xin Qiu , Kyle W. Stewart , Fan Wang
IPC分类号： H04L29/06 , H04L9/00 , H04L9/08 , H04L9/32 , G06F21/62 , G06F21/64
CPC分类号： H04L63/045 , G06F21/6218 , G06F21/64 , H04L9/006 , H04L9/0825 , H04L9/3234 , H04L9/3265 , H04L63/062 , H04L63/0823 , H04L63/123 , H04L2463/062
摘要： A method is provided for securely delivering identity data units over a communications network to a client device. The method includes receiving a selection from a customer identifying a final zipped package to be unpacked. The final zipped package is unpacked to obtain a common package and a digital signature file signed by an entity generating identity data requested by the customer. The digital signature in the digital signature file is verified and the common package is unpacked to obtain a plurality of outer packages and an encrypted symmetric key. The symmetric key is decrypted with a private key associated with the customer and each of the outer packages is decrypted with the symmetric key to obtain a plurality of identity data units.
摘要翻译：提供了一种用于通过通信网络将身份数据单元安全地传送到客户端设备的方法。该方法包括从客户接收标识要解包的最终压缩包的选择。最后的压缩包解包以获得由生成客户请求的身份数据的实体签名的公用包和数字签名文件。验证数字签名文件中的数字签名，并解压缩公用包以获得多个外包和加密对称密钥。对称密钥用与客户相关联的私钥解密，并且每个外部包被对称密钥解密以获得多个身份数据单元。

2. 发明申请

US20110213957A1 LAYERED PROTECTION AND VALIDATION OF IDENTITY DATA DELIVERED ONLINE VIA MULTIPLE INTERMEDIATE CLIENTS 有权
标题翻译：通过多个中间客户在线提供的身份数据的分层保护和验证
公开(公告)号：US20110213957A1
公开(公告)日：2011-09-01
申请号：US12854925
申请日：2010-08-12
申请人： Chia Ling Tsai , Alexander Medvinsky , Xin Qiu , Kyle W. Stewart , Fan Wang
发明人： Chia Ling Tsai , Alexander Medvinsky , Xin Qiu , Kyle W. Stewart , Fan Wang
IPC分类号： H04L9/14
CPC分类号： H04L63/045 , G06F21/6218 , G06F21/64 , H04L9/006 , H04L9/0825 , H04L9/3234 , H04L9/3265 , H04L63/062 , H04L63/0823 , H04L63/123 , H04L2463/062
摘要： A method is provided for securely delivering identity data units over a communications network to a client device. The method includes receiving a selection from a customer identifying a final zipped package to be unpacked. The final zipped package is unpacked to obtain a common package and a digital signature file signed by an entity generating identity data requested by the customer. The digital signature in the digital signature file is verified and the common package is unpacked to obtain a plurality of outer packages and an encrypted symmetric key. The symmetric key is decrypted with a private key associated with the customer and each of the outer packages is decrypted with the symmetric key to obtain a plurality of identity data units.
摘要翻译：提供了一种用于通过通信网络将身份数据单元安全地传送到客户端设备的方法。该方法包括从客户接收标识要解包的最终压缩包的选择。最后的压缩包解包以获得由生成客户请求的身份数据的实体签名的公用包和数字签名文件。验证数字签名文件中的数字签名，并解压缩公用包以获得多个外包和加密对称密钥。对称密钥用与客户相关联的私钥解密，并且每个外部包被对称密钥解密以获得多个身份数据单元。

3. 发明授权

US09130928B2 Online secure device provisioning framework 有权
标题翻译：在线安全设备配置框架
公开(公告)号：US09130928B2
公开(公告)日：2015-09-08
申请号：US13087847
申请日：2011-04-15
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
IPC分类号： H04L29/06 , G06F21/57
CPC分类号： H04L63/0823 , G06F21/572 , H04L63/06 , H04L2463/102
摘要： A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.
摘要翻译：用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。一个或多个新的身份数据记录被安全地传送到启用网络的设备。

4. 发明授权

US08627083B2 Online secure device provisioning with online device binding using whitelists 有权
标题翻译：使用白名单的在线安全设备配置与在线设备绑定
公开(公告)号：US08627083B2
公开(公告)日：2014-01-07
申请号：US13267672
申请日：2011-10-06
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号： H04L9/32
CPC分类号： H04L9/006 , H04L9/0891 , H04L9/14 , H04L9/321
摘要： One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
摘要翻译：提供一个或多个服务器，包括会话管理器，认证模块，授权模块，加密模块，数据库和协议处理程序。会话管理器被配置为从网络启用的设备接收新的身份数据的请求。通过验证请求消息的签名以及由更新服务器信任的证书链，通过其认证模块，更新服务器首先对每个请求进行认证。授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。数据库被配置为接收由身份数据生成系统生成的新的身份记录。每个新的身份记录都包含一个新的标识符。新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接，因此所有新的身份记录都是独立生成的，然后加载到更新服务器。

5. 发明申请

US20120089839A1 ONLINE SECURE DEVICE PROVISIONING WITH ONLINE DEVICE BINDING USING WHITELISTS 有权
标题翻译：在线安全设备使用白名单在线设备绑定
公开(公告)号：US20120089839A1
公开(公告)日：2012-04-12
申请号：US13267672
申请日：2011-10-06
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号： H04L9/32 , H04L9/30
CPC分类号： H04L9/006 , H04L9/0891 , H04L9/14 , H04L9/321
摘要： One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
摘要翻译：提供一个或多个服务器，包括会话管理器，认证模块，授权模块，加密模块，数据库和协议处理程序。会话管理器被配置为从网络启用的设备接收新的身份数据的请求。通过验证请求消息的签名以及由更新服务器信任的证书链，通过其认证模块，更新服务器首先对每个请求进行认证。授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。数据库被配置为接收由身份数据生成系统生成的新的身份记录。每个新的身份记录都包含一个新的标识符。新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接，因此所有新的身份记录都是独立生成的，然后加载到更新服务器。

6. 发明申请

US20110258685A1 ONLINE SECURE DEVICE PROVISIONING FRAMEWORK 有权
标题翻译：在线安全设备提供框架
公开(公告)号：US20110258685A1
公开(公告)日：2011-10-20
申请号：US13087847
申请日：2011-04-15
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
IPC分类号： H04L9/32 , G06F21/00
CPC分类号： H04L63/0823 , G06F21/572 , H04L63/06 , H04L2463/102
摘要： A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.
摘要翻译：用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。一个或多个新的身份数据记录被安全地传送到启用网络的设备。

7. 发明申请

US20110258434A1 ONLINE SECURE DEVICE PROVISIONING WITH UPDATED OFFLINE IDENTITY DATA GENERATION AND OFFLINE DEVICE BINDING 审中-公开
标题翻译：在线安全设备提供更新的离线身份数据生成和离线设备绑定
公开(公告)号：US20110258434A1
公开(公告)日：2011-10-20
申请号：US13087972
申请日：2011-04-15
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Greg N. Nakanishi , Jason A. Pasion , Fan Wang , Ting Yao
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Greg N. Nakanishi , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号： H04L9/00
CPC分类号： H04L63/062 , H04L9/006 , H04L9/0825 , H04L9/0866 , H04L9/0891 , H04L63/0823
摘要： A system for generating new identity data for network-enabled devices includes a whitelist reader configured to extract attributes from a whitelist. The whitelist includes, for each device specified in the whitelist, a previously assigned identifier of the first type. The previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices. A data retrieval module is configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto. A new data generation module is configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type, (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key. A data output module is configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type.
摘要翻译：用于为启用网络的设备生成新的身份数据的系统包括被配置为从白名单中提取属性的白名单阅读器。对于白名单中指定的每个设备，白名单包括先前分配的第一类型的标识符。先前分配的第一类型的标识符被链接到先前在每个相应设备中提供的标识数据。数据检索模块被配置为从白名单读取器接收第一类型的标识符，并且基于每个标识符，检索与之相关联的先前提供的身份数据记录中的每一个。新的数据生成模块被配置为（i）获得与先前在白名单上指定的设备中提供的身份数据和第一类型的相应标识符相关联的密码密钥，（ii）生成新的身份数据记录，新标识符和（iii）使用密码密钥之一加密每个新的身份数据记录，并将每个新的身份数据记录链接到与每个相应密码密钥对应的第一类型的标识符。数据输出模块被配置为将加密的新身份数据记录及其各自的新标识符及其各自先前分配的第一类型的标识符加载到外部源上。

8. 发明申请

US20110138177A1 ONLINE PUBLIC KEY INFRASTRUCTURE (PKI) SYSTEM 审中-公开
标题翻译：在线公钥基础设施（PKI）系统
公开(公告)号：US20110138177A1
公开(公告)日：2011-06-09
申请号：US12961455
申请日：2010-12-06
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , John H. Kim
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , John H. Kim
IPC分类号： G06F15/16 , H04L9/32
CPC分类号： H04L9/006 , H04L9/083 , H04L9/3263
摘要： A method is provided for updating network-enabled devices with new identity data. The method includes requesting new identity data for a plurality of network-enabled devices and receiving notification that the new identity data is ready to be delivered to the plurality of network-enabled devices. A software object is delivered to the plurality of network-enabled devices over a first communications network. Each of the software objects is configured to cause the network-enabled devices to download the new identity data to the respective network-enabled device over a second communications network and install the new identity data at a time based at least in part on information included with the software object.
摘要翻译：提供了一种用于使用新的身份数据更新启用网络的设备的方法。该方法包括向多个启用网络的设备请求新的身份数据，并接收新的身份数据准备好被传送到多个启用网络的设备的通知。通过第一通信网络将软件对象传送到多个启用网络的设备。每个软件对象被配置为使得网络启用的设备通过第二通信网络将新的身份数据下载到相应的启用网络的设备，并且至少部分地基于与软件对象。

9. 发明申请

US20080049942A1 SYSTEM AND METHOD FOR SECURE KEY DISTRIBUTION TO MANUFACTURED PRODUCTS 有权
标题翻译：系统和方法，用于安全地分配到制造产品上
公开(公告)号：US20080049942A1
公开(公告)日：2008-02-28
申请号：US11846045
申请日：2007-08-28
申请人： Eric Sprunk , Alexander Medvinsky , Xin Qiu , Stuart Moskovics , Liqiang Chen
发明人： Eric Sprunk , Alexander Medvinsky , Xin Qiu , Stuart Moskovics , Liqiang Chen
IPC分类号： H04L9/08
CPC分类号： H04L9/0844 , H04L9/006 , H04L9/0822 , H04L63/0428 , H04L63/062 , H04L63/0823 , H04L63/166
摘要： A system and method for securely distributing PKI data, such as one or more private keys or other confidential digital information, from a PKI data generation facility to a product in a product personalization facility that is not connected to the PKI data generation facility and is assumed to be a non-secure product personalization facility. The system includes a PKI data loader for securely transmitting the encrypted PKI data transferred from the PKI data generator to a PKI server at the product personalization facility. The PKI server then transfers the PKI data to the product of interest, typically via a PKI station acting as a proxy between the PKI server and the product. In each communication step, PKI data being transferred is encrypted multiple times and the system is designed such that if any intermediate node is compromised with all of its keys, the overall system has not yet been compromised.
摘要翻译：用于将PKI数据（例如一个或多个私钥或其他机密数字信息）的PKI数据安全地分发到不连接到PKI数据生成设备并被假定的产品个性化设施中的产品的系统和方法成为不安全的产品个性化设施。该系统包括PKI数据加载器，用于将从PKI数据发生器传送的加密的PKI数据安全地发送到产品个性化设施的PKI服务器。 PKI服务器然后将PKI数据传送到感兴趣的产品，通常通过充当PKI服务器和产品之间代理的PKI站。在每个通信步骤中，正在传送的PKI数据被加密多次，并且系统被设计成使得如果任何中间节点与其所有密钥相冲突，则整个系统尚未被破坏。

10. 发明申请

US20130139198A1 DIGITAL TRANSPORT ADAPTER REGIONALIZATION 审中-公开
标题翻译：数字运输适配器区域化
公开(公告)号：US20130139198A1
公开(公告)日：2013-05-30
申请号：US13305958
申请日：2011-11-29
申请人： John I. Okimoto , Alexander Medvinsky , Xin Qiu
发明人： John I. Okimoto , Alexander Medvinsky , Xin Qiu
IPC分类号： H04N21/2347
CPC分类号： H04N21/25841 , H04N21/25816 , H04N21/26613 , H04N21/4623
摘要： A method, a digital content consumption device, and a conditional access system are disclosed. A network interface may receive in a digital content consumption device a public key message that includes an encrypted key. A processor may decrypt the encrypted key using a secret key to produce the transmitted public key, identify a region descriptor in the public key message, and determine the secret key based on the region descriptor.
摘要翻译：公开了一种方法，数字内容消费装置和条件访问系统。网络接口可以在数字内容消费设备中接收包括加密密钥的公开密钥消息。处理器可以使用秘密密钥来解密加密的密钥，以产生所传送的公共密钥，识别公开密钥消息中的区域描述符，并且基于区域描述符确定秘密密钥。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式