Patent application number | Description | Published |
20090037931 | Method and Apparatus for a Dynamic and Real-Time Configurable Software Architecture for Manufacturing Personalization - A process receives a personalization request to personalize a communication device. Further, the process provides the personalization request to a message controller that composes a message having personalization information with a message composer engine according to a set of rules and configures one or more communication parameters for the message with a message flow control engine according to the set of rules. The set of rules indicates a distributed environment set of files that the message composer engine and the message flow control engine utilize in a distributed environment, and a centralized environment set of files that the message composer engine and the message flow control engine utilize in a centralized environment. | 02-05-2009 |
20110197061 | CONFIGURABLE ONLINE PUBLIC KEY INFRASTRUCTURE (PKI) MANAGEMENT FRAMEWORK - A method and apparatus is provided for establishing a process for provisioning a digital certificate service delivered by a PKI system. The method includes receiving a request for a digital certificate service and receiving data specifying a project that includes at least one product to be provisioned with a digital certificate. Data specifying an identification of an owner organization of the project and at least one participant organization participating in the project is also received. Attributes with which PKI data to be included in the digital certificates is to comply is received from the owner organization. Based on the received data and attributes, an account is established for each of the organizations associated with the project through which users associated with each of the organizations can respectively request digital certificates for the at least one product in accordance with the attributes received from the owner organization. | 08-11-2011 |
20110213957 | LAYERED PROTECTION AND VALIDATION OF IDENTITY DATA DELIVERED ONLINE VIA MULTIPLE INTERMEDIATE CLIENTS - A method is provided for securely delivering identity data units over a communications network to a client device. The method includes receiving a selection from a customer identifying a final zipped package to be unpacked. The final zipped package is unpacked to obtain a common package and a digital signature file signed by an entity generating identity data requested by the customer. The digital signature in the digital signature file is verified and the common package is unpacked to obtain a plurality of outer packages and an encrypted symmetric key. The symmetric key is decrypted with a private key associated with the customer and each of the outer packages is decrypted with the symmetric key to obtain a plurality of identity data units. | 09-01-2011 |
20110258434 | ONLINE SECURE DEVICE PROVISIONING WITH UPDATED OFFLINE IDENTITY DATA GENERATION AND OFFLINE DEVICE BINDING - A system for generating new identity data for network-enabled devices includes a whitelist reader configured to extract attributes from a whitelist. The whitelist includes, for each device specified in the whitelist, a previously assigned identifier of the first type. The previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices. A data retrieval module is configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto. A new data generation module is configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type, (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key. A data output module is configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type. | 10-20-2011 |
20110258685 | ONLINE SECURE DEVICE PROVISIONING FRAMEWORK - A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device. | 10-20-2011 |
20120089839 | ONLINE SECURE DEVICE PROVISIONING WITH ONLINE DEVICE BINDING USING WHITELISTS - One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server. | 04-12-2012 |
20140082701 | DYNAMICALLY CONFIGURABLE ONLINE DATA UPDATE SYSTEM - A data object update system provides a flexible framework that can be used to upgrade, renew, replace or supplement data objects that are provisioned in a large base of network-enabled devices that been deployed in the field to end users. The system has the flexibility to configure, for example, the following items, based on different requirements received from network operators: which device key and/or certificate is to be used to authenticate request messages from network-enabled devices before a specific data object update request is accepted into the system; which device identifier is to be used to authorize data object update requests; which device identifier is to be used for generating device specific data objects; and which protection mechanism is to be used to secure the delivery of data objects to network-enabled devices. | 03-20-2014 |
20140215011 | MESSAGE EXCHANGE VIA GENERIC TLV GENERATOR AND PARSER - A system and methods are provided for processing Type-Length-Value (TLV) Messages with TLV Engines in any TLV-based protocol by using configuration files associated with the protocol. One method provides for generating a TLV message by receiving output from a sender at a message engine, loading one or more configuration files associated with a TLV-based protocol onto the message engine, wherein the configuration files describe information about one more message elements, generating a TLV message at the message engine by creating and ordering the message elements into a TLV message according to the configurations files, and transmitting the TLV message over a network from the message engine. | 07-31-2014 |