Dynamically configurable online data update system
First Claim
1. A remote update server system for downloading Public Key Infrastructure (PKI) data objects to network-enabled video playing devices, the remote update server including a processor and memory, the memory storing code readable by the processor so that the processor forms components comprising:
- an identity data generator configured to generate a plurality of new downloadable PKI data objects providing specific device identifiers, the identity data generator connected to Hardware Security Modules (HSMs) in which private keys and secure data are stored for use in generation of the PKI data objects;
a whitelist or blacklist manager configured to (i) receive one or more identifiers associated with each of a plurality of network-enabled video player devices deployed for use in association with a network, (ii) consolidate various identities from white or blacklist sources for a network of devices, and (iii) produce a whitelist or blacklist relating the one or more identifiers to each of the network-enabled video player devices that are respectively authorized or unauthorized to receive new downloadable PKI data objects to enable access to videos from the network;
a data loading application in communication with the whitelist/blacklist manager and identity data manager which loads the downloadable PKI data objects to the database for access;
an update server configured to (i) receive the new downloadable PKI data objects from the data loading application, (ii) receive requests for new downloadable PKI data objects from the plurality of network-enabled video player devices (iii) authenticate each of the network-enabled video playing devices and (iv);
deliver a new downloadable PKI data object to each one of the authenticated network-enabled video playing devices that are authorized to receive a new downloadable PKI data object to enable access to videos from the network in accordance with the whitelist or blacklist; and
a configuration manager providing a user interface (UI) through which a plurality of parameters associated with new downloadable PKI data objects to be downloaded to a plurality of network-enabled video player devices are configurable, the plurality of parameters including a first parameter specifying a process configuration identifier identifying a group of configurable parameters included in the plurality of parameters which collectively specify one or more operations that are employed to process the request.
12 Assignments
0 Petitions
Accused Products
Abstract
A data object update system provides a flexible framework that can be used to upgrade, renew, replace or supplement data objects that are provisioned in a large base of network-enabled devices that been deployed in the field to end users. The system has the flexibility to configure, for example, the following items, based on different requirements received from network operators: which device key and/or certificate is to be used to authenticate request messages from network-enabled devices before a specific data object update request is accepted into the system; which device identifier is to be used to authorize data object update requests; which device identifier is to be used for generating device specific data objects; and which protection mechanism is to be used to secure the delivery of data objects to network-enabled devices.
-
Citations
10 Claims
-
1. A remote update server system for downloading Public Key Infrastructure (PKI) data objects to network-enabled video playing devices, the remote update server including a processor and memory, the memory storing code readable by the processor so that the processor forms components comprising:
-
an identity data generator configured to generate a plurality of new downloadable PKI data objects providing specific device identifiers, the identity data generator connected to Hardware Security Modules (HSMs) in which private keys and secure data are stored for use in generation of the PKI data objects; a whitelist or blacklist manager configured to (i) receive one or more identifiers associated with each of a plurality of network-enabled video player devices deployed for use in association with a network, (ii) consolidate various identities from white or blacklist sources for a network of devices, and (iii) produce a whitelist or blacklist relating the one or more identifiers to each of the network-enabled video player devices that are respectively authorized or unauthorized to receive new downloadable PKI data objects to enable access to videos from the network; a data loading application in communication with the whitelist/blacklist manager and identity data manager which loads the downloadable PKI data objects to the database for access; an update server configured to (i) receive the new downloadable PKI data objects from the data loading application, (ii) receive requests for new downloadable PKI data objects from the plurality of network-enabled video player devices (iii) authenticate each of the network-enabled video playing devices and (iv);
deliver a new downloadable PKI data object to each one of the authenticated network-enabled video playing devices that are authorized to receive a new downloadable PKI data object to enable access to videos from the network in accordance with the whitelist or blacklist; anda configuration manager providing a user interface (UI) through which a plurality of parameters associated with new downloadable PKI data objects to be downloaded to a plurality of network-enabled video player devices are configurable, the plurality of parameters including a first parameter specifying a process configuration identifier identifying a group of configurable parameters included in the plurality of parameters which collectively specify one or more operations that are employed to process the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification