ONLINE SECURE DEVICE PROVISIONING WITH UPDATED OFFLINE IDENTITY DATA GENERATION AND OFFLINE DEVICE BINDING
First Claim
1. A system for generating new identity data for network-enabled devices, comprising:
- a whitelist reader configured to extract attributes from a whitelist that includes, for each device specified in the whitelist, a previously assigned identifier of the first type, wherein the previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices;
a data retrieval module configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto;
a new data generation module configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type and (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key; and
a data output module configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type.
4 Assignments
0 Petitions
Accused Products
Abstract
A system for generating new identity data for network-enabled devices includes a whitelist reader configured to extract attributes from a whitelist. The whitelist includes, for each device specified in the whitelist, a previously assigned identifier of the first type. The previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices. A data retrieval module is configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto. A new data generation module is configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type, (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key. A data output module is configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type.
38 Citations
20 Claims
-
1. A system for generating new identity data for network-enabled devices, comprising:
-
a whitelist reader configured to extract attributes from a whitelist that includes, for each device specified in the whitelist, a previously assigned identifier of the first type, wherein the previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices; a data retrieval module configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto; a new data generation module configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type and (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key; and a data output module configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for generating new identity data for network-enabled devices, comprising:
-
receiving a whitelist that specifies a plurality of network-enabled devices to be provisioned with new identity data wherein, for each device, the whitelist includes a previously assigned identifier of the first type, wherein the previously assigned identifiers of the first type are linked to identity data records previously provisioned in each of the respective devices; extracting the identifiers of the first type from the whitelist and, based on each of the identifiers, retrieving each of the previously provisioned identity data records linked thereto; obtaining a cryptographic key associated with the identity data records previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type; generating new identity data records each linked to a new identifier; encrypting each of the new identity records with one of the cryptographic keys and linking each new identity record to the previously assigned identifier of the first type corresponding to each respective cryptographic key; and providing an output that includes, for each of the devices specified on the whitelist, the encrypted new identity records along with their respective new identifiers and their respective previously assigned identifiers of the first type. - View Dependent Claims (10, 11)
-
-
12. A method for updating network-enabled devices with new identity data, comprising:
-
receiving a request for new identity data from a plurality of network-enabled devices, said request including a previous identifier linked to previous identity data previously provisioned in the network-enabled devices; receiving a plurality of new identity records that each include new identity data and new identifiers respectively linked to the new identity data, and a previous identifier linked to previous identity data previously provisioned in network-enabled devices authorized to receive new identity data; determining that each of the plurality of network-enabled devices specified in the request for new identity data are authorized to receive new identity data; retrieving a first of the new identity records that includes a first previous identifier of a first of the network-enabled devices; and sending the new identity data included in the first new identity record to the network-enabled device identified by the first previous identifier. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A server, comprising:
-
a session manager configured to receive requests for new identity data from network-enabled devices, each of said requests including a previously assigned identifier identifying the respective network-enabled device sending the request, the previously assigned identifier being linked to identity data records previously provisioned in the respective network-enabled device; an authorization module configured to determine if the network-enabled devices specified on the whitelist are authorized to be provisioned with new identity data; a database configured to receive new identity records generated by an identity data generation system, wherein the new identity records include pairing information associating one of the previously assigned identifiers with a new identifier of one of the new identity records; and a protocol handler configured to deliver a data response message to each of the network-enabled devices requesting new identity data, each of the data response messages including a new identity record that is selected based at least in part on the previously assigned identifier of the network-enabled device to which the data response message is sent. - View Dependent Claims (19, 20)
-
Specification