专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20120213370A1 SECURE MANAGEMENT AND PERSONALIZATION OF UNIQUE CODE SIGNING KEYS 审中-公开
标题翻译：安全管理和个性化独特的代码签名
公开(公告)号：US20120213370A1
公开(公告)日：2012-08-23
申请号：US13150636
申请日：2011-06-01
申请人： Stuart P. Moskovics , Xin Qiu , Joel D. Voss , Alexander Medvinsky
发明人： Stuart P. Moskovics , Xin Qiu , Joel D. Voss , Alexander Medvinsky
IPC分类号： H04L9/08
CPC分类号： G06F21/57
摘要： A method and system generates and distributes unique cryptographic device keys. The method includes generating at least a first device key and encrypting the first device key with a first encrypting key to produce a first encrypted copy of the device key. The method also includes encrypting the first device key with a second encrypting key to produce a second encrypted copy of the device key. The second encrypting key is different from said first encrypting key. The first and second encrypted copies of the device keys are associated with a device ID identifying a computing device being manufactured. The second encrypted copy of the device key is loaded onto the computing device. The first encrypted copy of the device key and the device ID with which it is associated are stored onto at least one server for subsequent use after the computing device has been deployed to a customer.
摘要翻译：方法和系统生成和分发唯一的加密设备密钥。该方法包括至少生成第一设备密钥并用第一加密密钥加密第一设备密钥以产生设备密钥的第一加密副本。该方法还包括用第二加密密钥加密第一设备密钥以产生设备密钥的第二加密副本。第二加密密钥与所述第一加密密钥不同。设备密钥的第一和第二加密副本与标识正在制造的计算设备的设备ID相关联。设备密钥的第二个加密副本被加载到计算设备上。在将计算设备部署到客户之后，设备密钥的第一加密副本和与其相关联的设备ID被存储在至少一个服务器上用于随后的使用。

2. 发明授权

US08374338B2 Transport packet decryption testing in a client device 有权
标题翻译：在客户端设备中传输数据包解密测试
公开(公告)号：US08374338B2
公开(公告)日：2013-02-12
申请号：US12708171
申请日：2010-02-18
申请人： Tat Keung Chan , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Xin Qiu
发明人： Tat Keung Chan , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Xin Qiu
IPC分类号： H04K1/00
CPC分类号： H04L9/088 , H04L2209/60
摘要： In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.
摘要翻译：在一种用于测试客户端设备的传输分组解密模块的方法中，使用内容解密密钥梯形图在测试加密控制字上实现传输分组解密模块的第一解密操作，以导出测试控制字，第二解密操作的传输分组解密模块通过预定的内容解密算法使用测试控制字在一个或多个测试传输分组上实现，从解密的传输分组导出KIV，并将导出的KIV与存储在客户端中的值进行比较设备来验证客户端设备的传输分组解密模块是否正常工作。

3. 发明授权

US08627083B2 Online secure device provisioning with online device binding using whitelists 有权
标题翻译：使用白名单的在线安全设备配置与在线设备绑定
公开(公告)号：US08627083B2
公开(公告)日：2014-01-07
申请号：US13267672
申请日：2011-10-06
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号： H04L9/32
CPC分类号： H04L9/006 , H04L9/0891 , H04L9/14 , H04L9/321
摘要： One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
摘要翻译：提供一个或多个服务器，包括会话管理器，认证模块，授权模块，加密模块，数据库和协议处理程序。会话管理器被配置为从网络启用的设备接收新的身份数据的请求。通过验证请求消息的签名以及由更新服务器信任的证书链，通过其认证模块，更新服务器首先对每个请求进行认证。授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。数据库被配置为接收由身份数据生成系统生成的新的身份记录。每个新的身份记录都包含一个新的标识符。新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接，因此所有新的身份记录都是独立生成的，然后加载到更新服务器。

4. 发明申请

US20100215171A1 TRANSPORT PACKET DECRYPTION TESTING IN A CLIENT DEVICE 有权
标题翻译：运输包装在客户设备中的分解测试
公开(公告)号：US20100215171A1
公开(公告)日：2010-08-26
申请号：US12708171
申请日：2010-02-18
申请人： Tat Keung Chan , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Xin Qiu
发明人： Tat Keung Chan , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Xin Qiu
IPC分类号： H04K1/00
CPC分类号： H04L9/088 , H04L2209/60
摘要： In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.
摘要翻译：在一种用于测试客户端设备的传输分组解密模块的方法中，使用内容解密密钥梯形图在测试加密控制字上实现传输分组解密模块的第一解密操作，以导出测试控制字，第二解密操作的传输分组解密模块通过预定的内容解密算法使用测试控制字在一个或多个测试传输分组上实现，从解密的传输分组导出KIV，并将导出的KIV与存储在客户端中的值进行比较设备来验证客户端设备的传输分组解密模块是否正常工作。

5. 发明授权

US09130928B2 Online secure device provisioning framework 有权
标题翻译：在线安全设备配置框架
公开(公告)号：US09130928B2
公开(公告)日：2015-09-08
申请号：US13087847
申请日：2011-04-15
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
IPC分类号： H04L29/06 , G06F21/57
CPC分类号： H04L63/0823 , G06F21/572 , H04L63/06 , H04L2463/102
摘要： A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.
摘要翻译：用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。一个或多个新的身份数据记录被安全地传送到启用网络的设备。

6. 发明申请

US20110138177A1 ONLINE PUBLIC KEY INFRASTRUCTURE (PKI) SYSTEM 审中-公开
标题翻译：在线公钥基础设施（PKI）系统
公开(公告)号：US20110138177A1
公开(公告)日：2011-06-09
申请号：US12961455
申请日：2010-12-06
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , John H. Kim
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , John H. Kim
IPC分类号： G06F15/16 , H04L9/32
CPC分类号： H04L9/006 , H04L9/083 , H04L9/3263
摘要： A method is provided for updating network-enabled devices with new identity data. The method includes requesting new identity data for a plurality of network-enabled devices and receiving notification that the new identity data is ready to be delivered to the plurality of network-enabled devices. A software object is delivered to the plurality of network-enabled devices over a first communications network. Each of the software objects is configured to cause the network-enabled devices to download the new identity data to the respective network-enabled device over a second communications network and install the new identity data at a time based at least in part on information included with the software object.
摘要翻译：提供了一种用于使用新的身份数据更新启用网络的设备的方法。该方法包括向多个启用网络的设备请求新的身份数据，并接收新的身份数据准备好被传送到多个启用网络的设备的通知。通过第一通信网络将软件对象传送到多个启用网络的设备。每个软件对象被配置为使得网络启用的设备通过第二通信网络将新的身份数据下载到相应的启用网络的设备，并且至少部分地基于与软件对象。

7. 发明申请

US20120089839A1 ONLINE SECURE DEVICE PROVISIONING WITH ONLINE DEVICE BINDING USING WHITELISTS 有权
标题翻译：在线安全设备使用白名单在线设备绑定
公开(公告)号：US20120089839A1
公开(公告)日：2012-04-12
申请号：US13267672
申请日：2011-10-06
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号： H04L9/32 , H04L9/30
CPC分类号： H04L9/006 , H04L9/0891 , H04L9/14 , H04L9/321
摘要： One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
摘要翻译：提供一个或多个服务器，包括会话管理器，认证模块，授权模块，加密模块，数据库和协议处理程序。会话管理器被配置为从网络启用的设备接收新的身份数据的请求。通过验证请求消息的签名以及由更新服务器信任的证书链，通过其认证模块，更新服务器首先对每个请求进行认证。授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。数据库被配置为接收由身份数据生成系统生成的新的身份记录。每个新的身份记录都包含一个新的标识符。新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接，因此所有新的身份记录都是独立生成的，然后加载到更新服务器。

8. 发明申请

US20110258685A1 ONLINE SECURE DEVICE PROVISIONING FRAMEWORK 有权
标题翻译：在线安全设备提供框架
公开(公告)号：US20110258685A1
公开(公告)日：2011-10-20
申请号：US13087847
申请日：2011-04-15
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Eric J. Sprunk , Fan Wang , Ting Yao
IPC分类号： H04L9/32 , G06F21/00
CPC分类号： H04L63/0823 , G06F21/572 , H04L63/06 , H04L2463/102
摘要： A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.
摘要翻译：用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。一个或多个新的身份数据记录被安全地传送到启用网络的设备。

9. 发明申请

US20110258434A1 ONLINE SECURE DEVICE PROVISIONING WITH UPDATED OFFLINE IDENTITY DATA GENERATION AND OFFLINE DEVICE BINDING 审中-公开
标题翻译：在线安全设备提供更新的离线身份数据生成和离线设备绑定
公开(公告)号：US20110258434A1
公开(公告)日：2011-10-20
申请号：US13087972
申请日：2011-04-15
申请人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Greg N. Nakanishi , Jason A. Pasion , Fan Wang , Ting Yao
发明人： Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Greg N. Nakanishi , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号： H04L9/00
CPC分类号： H04L63/062 , H04L9/006 , H04L9/0825 , H04L9/0866 , H04L9/0891 , H04L63/0823
摘要： A system for generating new identity data for network-enabled devices includes a whitelist reader configured to extract attributes from a whitelist. The whitelist includes, for each device specified in the whitelist, a previously assigned identifier of the first type. The previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices. A data retrieval module is configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto. A new data generation module is configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type, (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key. A data output module is configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type.
摘要翻译：用于为启用网络的设备生成新的身份数据的系统包括被配置为从白名单中提取属性的白名单阅读器。对于白名单中指定的每个设备，白名单包括先前分配的第一类型的标识符。先前分配的第一类型的标识符被链接到先前在每个相应设备中提供的标识数据。数据检索模块被配置为从白名单读取器接收第一类型的标识符，并且基于每个标识符，检索与之相关联的先前提供的身份数据记录中的每一个。新的数据生成模块被配置为（i）获得与先前在白名单上指定的设备中提供的身份数据和第一类型的相应标识符相关联的密码密钥，（ii）生成新的身份数据记录，新标识符和（iii）使用密码密钥之一加密每个新的身份数据记录，并将每个新的身份数据记录链接到与每个相应密码密钥对应的第一类型的标识符。数据输出模块被配置为将加密的新身份数据记录及其各自的新标识符及其各自先前分配的第一类型的标识符加载到外部源上。

10. 发明授权

US08887310B2 Secure consumer programming device 有权
标题翻译：安全的消费者编程设备
公开(公告)号：US08887310B2
公开(公告)日：2014-11-11
申请号：US12622016
申请日：2009-11-19
申请人： Alexander Medvinsky , Stuart P. Moskovics , Madjid F. Nakhjiri , Jason A. Pasion
发明人： Alexander Medvinsky , Stuart P. Moskovics , Madjid F. Nakhjiri , Jason A. Pasion
IPC分类号： G06F21/00 , H04W12/04 , H04L29/08 , H04L29/06 , H04W12/06
CPC分类号： H04L63/108 , H04L63/0823 , H04L67/04 , H04W12/04 , H04W12/06
摘要： A method is provided for operating a consumer programming device that provisions consumer electronic devices. The method includes receiving over a communication link a first enable message that authorizes the consumer programming device to make available one or more resources which enable it to provide services to consumer electronic devices. Services are provided to consumer electronic devices up until all the resources have been exhausted. Additional consumer electronic devices are provided with services only if a second enable message is received over the communication link.
摘要翻译：提供了一种用于操作为消费者电子设备提供消费者编程设备的方法。该方法包括通过通信链路接收授权消费者编程设备使可用的一个或多个资源使其能够向消费者电子设备提供服务的第一启用消息。向消费电子设备提供服务，直到所有资源耗尽。仅当通过通信链路接收到第二启用消息时，附加消费者电子设备才被提供有服务。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式