Method, system, and device of provisioning cryptographic data to electronic devices
First Claim
1. A method of provisioning digital assets, the method comprising:
- (a) generating a delegation message at a first provisioning apparatus,wherein the delegation message indicates provisioning rights that are delegated by the first provisioning apparatus to a second provisioning apparatus with regard to subsequent provisioning of digital assets to an electronic device,wherein generating the delegation message comprises at least one of;
(A) inserting into the delegation message an encrypted association key that was encrypted by the second provisioning apparatus using a public key of said electronic device, wherein said association key is unknown to the first provisioning apparatus, wherein said public key of said electronic device is usable to encrypt data for subsequent decrypting by said electronic device using said private encryption key of said electronic device;
(B) inserting into the delegation message a public key of the second provisioning apparatus;
enabling the electronic device to locally generate said association key unknown to the first provisioning apparatus;
wherein the association key is retrievable by the second provisioning apparatus based on the public key of the second provisioning apparatus;
(b) delivering the delegation message from the first provisioning apparatus to the electronic device;
(c) at the second provisioning apparatus, and based on said delegation message, provisioning one or more digital assets to the electronic device, using said association key;
wherein generating the delegation message comprises;
inserting into the delegation message the public key of the second provisioning apparatus, to enable execution of an identification protocol for subsequent personalized provisioning of a digital asset to said electronic device.
2 Assignments
0 Petitions
Accused Products
Abstract
System, device, and method of provisioning cryptographic assets to electronic devices. A delegation message is generated at a first provisioning server. The delegation message indicates provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device. The delegation message includes an association key unknown to the first provisioning server, encrypted using a public key of the electronic device. The delegation message further includes a public key of the second provisioning server. The electronic device locally generates the association key, which is unknown to the first provisioning server. The delegation message is delivered to the electronic device. Based on the delegation message, cryptographic assets are provisioned by the second provisioning server to the electronic device, using the association key.
60 Citations
14 Claims
-
1. A method of provisioning digital assets, the method comprising:
-
(a) generating a delegation message at a first provisioning apparatus, wherein the delegation message indicates provisioning rights that are delegated by the first provisioning apparatus to a second provisioning apparatus with regard to subsequent provisioning of digital assets to an electronic device, wherein generating the delegation message comprises at least one of; (A) inserting into the delegation message an encrypted association key that was encrypted by the second provisioning apparatus using a public key of said electronic device, wherein said association key is unknown to the first provisioning apparatus, wherein said public key of said electronic device is usable to encrypt data for subsequent decrypting by said electronic device using said private encryption key of said electronic device; (B) inserting into the delegation message a public key of the second provisioning apparatus;
enabling the electronic device to locally generate said association key unknown to the first provisioning apparatus;wherein the association key is retrievable by the second provisioning apparatus based on the public key of the second provisioning apparatus; (b) delivering the delegation message from the first provisioning apparatus to the electronic device; (c) at the second provisioning apparatus, and based on said delegation message, provisioning one or more digital assets to the electronic device, using said association key; wherein generating the delegation message comprises;
inserting into the delegation message the public key of the second provisioning apparatus, to enable execution of an identification protocol for subsequent personalized provisioning of a digital asset to said electronic device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of provisioning digital assets, the method comprising:
-
(a) generating a delegation message at a first provisioning apparatus, wherein the delegation message indicates provisioning rights that are delegated by the first provisioning apparatus to a second provisioning apparatus with regard to subsequent provisioning of digital assets to an electronic device, wherein generating the delegation message comprises at least one of; (A) inserting into the delegation message an encrypted association key that was encrypted by the second provisioning apparatus using a public key of said electronic device, wherein said association key is unknown to the first provisioning apparatus, wherein said public key of said electronic device is usable to encrypt data for subsequent decrypting by said electronic device using said private encryption key of said electronic device; (B) inserting into the delegation message a public key of the second provisioning apparatus;
enabling the electronic device to locally generate said association key unknown to the first provisioning apparatus;wherein the association key is retrievable by the second provisioning apparatus based on the public key of the second provisioning apparatus; (b) delivering the delegation message from the first provisioning apparatus to the electronic device; (c) at the second provisioning apparatus, and based on said delegation message, provisioning one or more digital assets to the electronic device, using said association key; wherein generating the delegation message comprises; inserting into the delegation message one or more flags indicating to the electronic device whether the second provisioning apparatus is authorized to provision;
(X) only personalized digital assets, or (Y) only class-wide digital assets for a class of multiple electronic devices, or (Z) both personalized and class-wide digital assets.
-
-
11. A method of provisioning digital assets, the method comprising:
-
(a) generating a delegation message at a first provisioning apparatus, wherein the delegation message indicates provisioning rights that are delegated by the first provisioning apparatus to a second provisioning apparatus with regard to subsequent provisioning of digital assets to an electronic device, wherein generating the delegation message comprises at least one of; (A) inserting into the delegation message an encrypted association key that was encrypted by the second provisioning apparatus using a public key of said electronic device, wherein said association key is unknown to the first provisioning apparatus, wherein said public key of said electronic device is usable to encrypt data for subsequent decrypting by said electronic device using said private encryption key of said electronic device; (B) inserting into the delegation message a public key of the second provisioning apparatus;
enabling the electronic device to locally generate said association key unknown to the first provisioning apparatus;wherein the association key is retrievable by the second provisioning apparatus based on the public key of the second provisioning apparatus; (b) delivering the delegation message from the first provisioning apparatus to the electronic device; (c) at the second provisioning apparatus, and based on said delegation message, provisioning one or more digital assets to the electronic device, using said association key; wherein the method comprises;
prior to provisioning a particular digital asset from the second provisioning apparatus to the electronic device, performing;acquiring by the second provisioning apparatus an authorization ticket, from an authorization apparatus, indicating that the second provisioning apparatus is authorized to provision the particular digital asset to said electronic device. - View Dependent Claims (12, 13, 14)
-
Specification