会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明申请
    • ONLINE SECURE DEVICE PROVISIONING WITH UPDATED OFFLINE IDENTITY DATA GENERATION AND OFFLINE DEVICE BINDING
    • 在线安全设备提供更新的离线身份数据生成和离线设备绑定
    • US20110258434A1
    • 2011-10-20
    • US13087972
    • 2011-04-15
    • Xin QiuAlexander MedvinskyStuart P. MoskovicsGreg N. NakanishiJason A. PasionFan WangTing Yao
    • Xin QiuAlexander MedvinskyStuart P. MoskovicsGreg N. NakanishiJason A. PasionFan WangTing Yao
    • H04L9/00
    • H04L63/062H04L9/006H04L9/0825H04L9/0866H04L9/0891H04L63/0823
    • A system for generating new identity data for network-enabled devices includes a whitelist reader configured to extract attributes from a whitelist. The whitelist includes, for each device specified in the whitelist, a previously assigned identifier of the first type. The previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices. A data retrieval module is configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto. A new data generation module is configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type, (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key. A data output module is configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type.
    • 用于为启用网络的设备生成新的身份数据的系统包括被配置为从白名单中提取属性的白名单阅读器。 对于白名单中指定的每个设备,白名单包括先前分配的第一类型的标识符。 先前分配的第一类型的标识符被链接到先前在每个相应设备中提供的标识数据。 数据检索模块被配置为从白名单读取器接收第一类型的标识符,并且基于每个标识符,检索与之相关联的先前提供的身份数据记录中的每一个。 新的数据生成模块被配置为(i)获得与先前在白名单上指定的设备中提供的身份数据和第一类型的相应标识符相关联的密码密钥,(ii)生成新的身份数据记录, 新标识符和(iii)使用密码密钥之一加密每个新的身份数据记录,并将每个新的身份数据记录链接到与每个相应密码密钥对应的第一类型的标识符。 数据输出模块被配置为将加密的新身份数据记录及其各自的新标识符及其各自先前分配的第一类型的标识符加载到外部源上。
    • 3. 发明授权
    • Online secure device provisioning with online device binding using whitelists
    • 使用白名单的在线安全设备配置与在线设备绑定
    • US08627083B2
    • 2014-01-07
    • US13267672
    • 2011-10-06
    • Xin QiuAlexander MedvinskyStuart P. MoskovicsJason A. PasionFan WangTing Yao
    • Xin QiuAlexander MedvinskyStuart P. MoskovicsJason A. PasionFan WangTing Yao
    • H04L9/32
    • H04L9/006H04L9/0891H04L9/14H04L9/321
    • One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
    • 提供一个或多个服务器,包括会话管理器,认证模块,授权模块,加密模块,数据库和协议处理程序。 会话管理器被配置为从网络启用的设备接收新的身份数据的请求。 通过验证请求消息的签名以及由更新服务器信任的证书链,通过其认证模块,更新服务器首先对每个请求进行认证。 授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。 数据库被配置为接收由身份数据生成系统生成的新的身份记录。 每个新的身份记录都包含一个新的标识符。 新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接,因此所有新的身份记录都是独立生成的,然后加载到更新服务器。
    • 4. 发明申请
    • ONLINE SECURE DEVICE PROVISIONING WITH ONLINE DEVICE BINDING USING WHITELISTS
    • 在线安全设备使用白名单在线设备绑定
    • US20120089839A1
    • 2012-04-12
    • US13267672
    • 2011-10-06
    • Xin QiuAlexander MedvinskyStuart P. MoskovicsJason A. PasionFan WangTing Yao
    • Xin QiuAlexander MedvinskyStuart P. MoskovicsJason A. PasionFan WangTing Yao
    • H04L9/32H04L9/30
    • H04L9/006H04L9/0891H04L9/14H04L9/321
    • One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
    • 提供一个或多个服务器,包括会话管理器,认证模块,授权模块,加密模块,数据库和协议处理程序。 会话管理器被配置为从网络启用的设备接收新的身份数据的请求。 通过验证请求消息的签名以及由更新服务器信任的证书链,通过其认证模块,更新服务器首先对每个请求进行认证。 授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。 数据库被配置为接收由身份数据生成系统生成的新的身份记录。 每个新的身份记录都包含一个新的标识符。 新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接,因此所有新的身份记录都是独立生成的,然后加载到更新服务器。
    • 8. 发明申请
    • Secure Large Volume Feature License Provisioning System
    • 安全大容量功能许可证配置系统
    • US20120143766A1
    • 2012-06-07
    • US13238850
    • 2011-09-21
    • Jinsong ZhengTat Keung ChanLiqiang ChenGreg N. NakanishiJason A. PasionXin QiuTing Yao
    • Jinsong ZhengTat Keung ChanLiqiang ChenGreg N. NakanishiJason A. PasionXin QiuTing Yao
    • G06F21/22
    • G06F21/105G06Q30/06G06Q2220/18
    • Disclosed is a manufacturing process and feature licensing system for provisioning personalized (device-unique) licenses to devices. The secure system uses a secure key wrapping mechanism to deliver the LSK to LPS. Another feature is that various network communication links are secured using standard security protocol. Application messages, license templates, licenses are digitally signed. The system is flexible, configured to allow multiple manufacturers and to allow various feature configurations via the use of License Template; scalable, as it is possible to use multiple LPS hosts to serve multiple programming stations; and available in that the delegation of license signing capability from CLS to LPS eliminates the dependency on unreliable Internet connections. Redundant LPS hosts provide high level of availability required for high volume license provisioning. The system is traceable: license and device association are replicated back to the CLS to provide full license request and generation traceability.
    • 公开了一种用于向设备提供个性化(设备唯一)许可证的制造过程和特征许可系统。 安全系统使用安全的钥匙包装机构将LSK传送到LPS。 另一个特征是使用标准安全协议来保护各种网络通信链路。 应用程序消息,许可证模板,许可证都经过数字签名。 该系统灵活,配置为允许多个制造商通过使用许可证模板来允许各种功能配置; 可扩展的,因为可以使用多个LPS主机来服务多个编程站; 并且可用于从CLS到LPS的许可证签名能力的授权消除了对不可靠的因特网连接的依赖。 冗余LPS主机为高容量许可证配置提供了高水平的可用性。 系统是可追溯的:许可证和设备关联被复制回CLS以提供完整的许可证请求和生成可追溯性。