Dynamically configurable online data update system

US 9,864,866 B2
Filed: 09/16/2013
Issued: 01/09/2018
Est. Priority Date: 09/17/2012
Status: Active Grant

First Claim

Patent Images

1. A remote update server system for downloading Public Key Infrastructure (PKI) data objects to network-enabled video playing devices, the remote update server including a processor and memory, the memory storing code readable by the processor so that the processor forms components comprising:

an identity data generator configured to generate a plurality of new downloadable PKI data objects providing specific device identifiers, the identity data generator connected to Hardware Security Modules (HSMs) in which private keys and secure data are stored for use in generation of the PKI data objects;

a whitelist or blacklist manager configured to (i) receive one or more identifiers associated with each of a plurality of network-enabled video player devices deployed for use in association with a network, (ii) consolidate various identities from white or blacklist sources for a network of devices, and (iii) produce a whitelist or blacklist relating the one or more identifiers to each of the network-enabled video player devices that are respectively authorized or unauthorized to receive new downloadable PKI data objects to enable access to videos from the network;

a data loading application in communication with the whitelist/blacklist manager and identity data manager which loads the downloadable PKI data objects to the database for access;

an update server configured to (i) receive the new downloadable PKI data objects from the data loading application, (ii) receive requests for new downloadable PKI data objects from the plurality of network-enabled video player devices (iii) authenticate each of the network-enabled video playing devices and (iv);

deliver a new downloadable PKI data object to each one of the authenticated network-enabled video playing devices that are authorized to receive a new downloadable PKI data object to enable access to videos from the network in accordance with the whitelist or blacklist; and

a configuration manager providing a user interface (UI) through which a plurality of parameters associated with new downloadable PKI data objects to be downloaded to a plurality of network-enabled video player devices are configurable, the plurality of parameters including a first parameter specifying a process configuration identifier identifying a group of configurable parameters included in the plurality of parameters which collectively specify one or more operations that are employed to process the request.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data object update system provides a flexible framework that can be used to upgrade, renew, replace or supplement data objects that are provisioned in a large base of network-enabled devices that been deployed in the field to end users. The system has the flexibility to configure, for example, the following items, based on different requirements received from network operators: which device key and/or certificate is to be used to authenticate request messages from network-enabled devices before a specific data object update request is accepted into the system; which device identifier is to be used to authorize data object update requests; which device identifier is to be used for generating device specific data objects; and which protection mechanism is to be used to secure the delivery of data objects to network-enabled devices.

Citations

10 Claims

1. A remote update server system for downloading Public Key Infrastructure (PKI) data objects to network-enabled video playing devices, the remote update server including a processor and memory, the memory storing code readable by the processor so that the processor forms components comprising:
- an identity data generator configured to generate a plurality of new downloadable PKI data objects providing specific device identifiers, the identity data generator connected to Hardware Security Modules (HSMs) in which private keys and secure data are stored for use in generation of the PKI data objects;
  
  a whitelist or blacklist manager configured to (i) receive one or more identifiers associated with each of a plurality of network-enabled video player devices deployed for use in association with a network, (ii) consolidate various identities from white or blacklist sources for a network of devices, and (iii) produce a whitelist or blacklist relating the one or more identifiers to each of the network-enabled video player devices that are respectively authorized or unauthorized to receive new downloadable PKI data objects to enable access to videos from the network;
  
  a data loading application in communication with the whitelist/blacklist manager and identity data manager which loads the downloadable PKI data objects to the database for access;
  
  an update server configured to (i) receive the new downloadable PKI data objects from the data loading application, (ii) receive requests for new downloadable PKI data objects from the plurality of network-enabled video player devices (iii) authenticate each of the network-enabled video playing devices and (iv);
  
  deliver a new downloadable PKI data object to each one of the authenticated network-enabled video playing devices that are authorized to receive a new downloadable PKI data object to enable access to videos from the network in accordance with the whitelist or blacklist; and
  
  a configuration manager providing a user interface (UI) through which a plurality of parameters associated with new downloadable PKI data objects to be downloaded to a plurality of network-enabled video player devices are configurable, the plurality of parameters including a first parameter specifying a process configuration identifier identifying a group of configurable parameters included in the plurality of parameters which collectively specify one or more operations that are employed to process the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein the group of configuration parameters includes a second parameter specifying a download process identifier associating the process configuration identifier with a particular network operator.
  - 3. The system of claim 1 wherein the group of configuration parameters further comprises:
    - a second parameter specifying PKI data object being the type of new downloadable data objects to be generated;
      
      a third parameter specifying a device identity type to be used to authorize a request for downloadable PKI data objects,a fourth parameter specifying an authentication mechanism to be used to authenticate the request,a fifth parameter specifying a device identity to be associated with a new downloadable PKI data object,a sixth parameter specifying a protection mechanism to be used for securely delivering new downloadable PKI data objects to the network-enabled video player devices,a seventh parameter specifying a number of times the network-enabled video player device is able to download a new downloadable PKI data object, andan eighth parameter specifying a time after which a new downloadable PKI data object is no longer downloadable to the network-enabled video player device.
  - 4. The system of claim 1 further comprising a second parameter specifying a network operator identifier identifying a network operator associated with a plurality of the network-enabled video player devices.
  - 5. The system of claim 1 further comprising a second parameter specifying a manner in which new downloadable objects are associated with network-enabled video player devices.
  - 6. The system of claim 5 wherein the second parameter specifies whether a particular downloadable PKI data object is generated for a particular one of the network-enabled video player devices by associating the particular downloadable PKI data object with a previously assigned identifier identifying the particular network-enabled video player device, or whether a particular downloadable PKI data object generated without being associated with the particular network-enabled video player device is associated with the particular network-enabled video player device when a request is received from the particular network-enabled video player device.
  - 7. The system of claim 6 further comprising a third parameter specifying whether the particular downloadable PKI data object is permanently bound to the particular device when a particular downloadable PKI data object is associated with the particular network-enabled video player device when a request is received.
  - 8. The system of claim 6 further comprising a third parameter specifying whether the particular downloadable PKI data object is associated with a particular network-enabled video player device without being permanently bound thereto.
  - 9. The system of claim 6 further comprising a third parameter specifying whether the particular downloadable PKI data object is unassociated with a one of the particular network-enabled video player devices.
  - 10. The system of claim 2 wherein the update server includes:
    - a session manager for communicating with the network-enabled video player devices and creating a new session for each new request that is received;
      
      a request handler for parsing and validating the new requests;
      
      a plurality of operational controllers each corresponding to a different download process identifier, the request handler being configured to select one of the operation controllers for each session that is created based on information included in the new requests respectively associated with each session, the operation controllers selecting methods for authentication, authorization and encryption to be used in processing each of the new requests based on values for parameters in the group of parameters that are specified for each new request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Original Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Inventors
Pasion, Jason A., Myint, Zeya, Qiu, Xin, Wang, Fan, Yan, Joel, Yao, Ting
Primary Examiner(s)
Dinh, Minh

Application Number

US14/028,507
Publication Number

US 20140082701A1
Time in Patent Office

1,576 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/606   by securing the transmissio...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

H04L 67/303   Terminal profiles

H04L 9/3268   using certificate validatio...

Dynamically configurable online data update system

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamically configurable online data update system

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links