Abstract: A method and system are provided for updating an elliptic curve (EC) base point G, with the EC basepoint used in encryption and coding of video data. A candidate base point G is generated that includes additional data used for validation purposes and checked as a valid base point before transmission and use.

Abstract: A communications server apparatus for managing authentication of a user based on one or more authentication events in a session is provided, to, in one or more data records, generate, for each authentication event, data indicative of a trust score corresponding to the authentication event; and generate, data indicative of a security score based on the trust scores corresponding to the one or more authentication events in the session, and, in response to receiving request data indicative of an authentication request associated with the user corresponding to a transaction in the session, the transaction having a value indicator, authenticate the user if the security score satisfies a condition for authentication corresponding to the transaction according to the value indicator, wherein security scores for satisfying the condition are variable according to value indicators of transactions.

Abstract: A system and method for preventing use of invalid digital certificates is disclosed. The method comprises receiving, in a validation service from a requesting entity, a cryptographic asset and a request to evaluate the cryptographic asset, the cryptographic asset uniquely assigned to one of the plurality of devices by an associated one of the commercially distinct entities, the request comprising the cryptographic asset, determining an evaluation state of the cryptographic asset at least in part from a database derived from a plurality of public keys currently assigned to the plurality of devices and previously received by the validation service, determining a disposition of the cryptographic asset according to a disposition policy associated with the determined evaluation state and the device and effecting the determined disposition of the cryptographic asset.

Abstract: To address the requirements described above, this document discloses a system and method for performing an action on at least one resource node of a hierarchical organization of resource nodes is disclosed. The system utilizes an external Identity Provider that provide more flexible authentication and authorization services, and leverages such services with secure server such as an on-line data signing service to provide flexible permission management.

Abstract: A communications device for managing an authentication event is provided, which is configured to generate location data indicative of a geolocation associated with the communications device, retrieve, from a key that is obfuscated and stored in the communications device, the key, sign the location data with the retrieved key, and transmit request data to a communications server apparatus for requesting the authentication event, the request data comprising the signed location data. A method and a communications system for managing an authentication event are also provided.

Abstract: Embodiments relate to systems and methods for securely provisioning login credentials to an electronic device on a network, e.g., a consumer premises device (CPE) device, such as, among other devices, a modem. The login credential may be used, for example, for securely provisioning and configuring a CPE device.

Abstract: A method is provided for securely providing data for use in a consumer electronics device having a processor performing instructions defined in a software image. The method includes receiving the data encrypted according to a global key, further encrypting the data according to a device-unique hardware key, storing the further encrypted data in a secure memory of the consumer electronics device, providing the global key to a whitebox encoder for encoding according to a base key to generate a whitebox encoded global key, and transmitting the software image to the consumer electronics device for storage in an operating memory of the consumer electronics device, the software image having a whitebox decoder utility corresponding to the whitebox encoder and the whitebox encoded global key.

Abstract: In one embodiment, a method for secure virtualized wireless base station orchestration comprises: obtaining a node certificate and private key from a global CA defining a PKI signing certificate/private key; obtaining a sub CA certificate/private key from either an edge cloud node cluster or the global CA, using a PKI request signed using the PKI signing certificate/private key; establishing an orchestration access IPsec tunnel to a cloud comprising edge cloud orchestration functions; utilizing the orchestration functions to deploy on the node virtualized entities comprising VNFs of a wireless base station; obtaining at least one VNF certificate and private key for the VNFs from the global CA using a PKI request signed using the global certificate/private key; utilizing the VNF certificate/private key, establishing IPsec tunnels between the VNFs and a wireless network services operator network and/or to an OAM secure gateway for a DMS.

Abstract: A system and method for signing or encrypting data is disclosed. The method comprises providing, from a first device, data signing information for storage in a first database, the data signing information having at least one key comprising a signing key Ks, wherein the signing key Ks is encrypted according to a wrapping key Kw before storage in the first database; receiving a data signing request comprising a representation of the data; retrieving, in a second device communicatively coupled to an hardware security module (HSM) storing the wrapping key Kw, the stored data signing information from a second database, wherein at least a portion of the second database including the stored signing information is pushed from the first database to the second database; decrypting, in the HSM, the encrypted signing key according to the wrapping key Kw stored in the HSM to recover the signing key Ks; and signing the representation of the data according to the recovered signing key.

Abstract: A method is provided for generating a key ladder for securely communicating between a first device and a second device using a first device symmetric key and a chip-unique private key. The method includes generating a second processor-specific first device symmetric key from a first processor-specific first device symmetric key and a first identifier (CPU_ID), generating a chip-unique first device application private key (CUAPrK) from a second identifier and the second processor-specific first device symmetric key, generating a chip-unique first device application public key (CUAPuK) from the chip-unique first device application private key (CUAPrK), and transmitting the chip-unique first device application public key (CUAPuK) and an identifier of the processor to the second device.

Abstract: A method and system are provided for updating an elliptic curve (EC) base point G, with the EC basepoint used in encryption and coding of video data. A candidate base point G is generated that includes additional data used for validation purposes and checked as a valid base point before transmission and use.

Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

Abstract: A digital rights management system is provided that includes a receiving device for receiving an encryption key request from a client device, a first database for storing a set of supported security capabilities corresponding to client device, a second database for storing a set of required security capabilities corresponding to at least one of the encryption key and content associated with the encryption key, a content management system for establishing rules to determine the set of required security capabilities corresponding to content, and a processing device. The processing device may be configured to identify the set of supported security capabilities corresponding to the client device and identify the set of required security capabilities corresponding to the content associated with the encryption key. The content management system may be configured to configure the set of supported security capabilities and configure the set of required security capabilities.

Abstract: A system and method for preventing use of invalid digital certificates is disclosed. The method comprises receiving, in a validation service from a requesting entity, a cryptographic asset and a request to evaluate the cryptographic asset, the cryptographic asset uniquely assigned to one of the plurality of devices by an associated one of the commercially distinct entities, the request comprising the cryptographic asset, determining an evaluation state of the cryptographic asset at least in part from a database derived from a plurality of public keys currently assigned to the plurality of devices and previously received by the validation service, determining a disposition of the cryptographic asset according to a disposition policy associated with the determined evaluation state and the device and effecting the determined disposition of the cryptographic asset.

Abstract: A method is provided for securely providing data for use in a consumer electronics device having a processor performing instructions defined in a software image. The method includes receiving the data encrypted according to a global key, further encrypting the data according to a device-unique hardware key, storing the further encrypted data in a secure memory of the consumer electronics device, providing the global key to a whitebox encoder for encoding according to a base key to generate a whitebox encoded global key, and transmitting the software image to the consumer electronics device for storage in an operating memory of the consumer electronics device, the software image having a whitebox decoder utility corresponding to the whitebox encoder and the whitebox encoded global key.

Abstract: A method is provided for generating a key ladder for securely communicating between a first device and a second device using a first device symmetric key and a chip-unique private key. The method includes generating a second processor-specific first device symmetric key from a first processor-specific first device symmetric key and a first identifier (CPU_ID), generating a chip-unique first device application private key (CUAPrK) from a second identifier and the second processor-specific first device symmetric key, generating a chip-unique first device application public key (CUAPuK) from the chip-unique first device application private key (CUAPrK), and transmitting the chip-unique first device application public key (CUAPuK) and an identifier of the processor to the second device.

Abstract: A method and system provide the ability to authenticate client services. A private key and a client certificate are created and delivered to a client. Based on the private key and the certificate, a client account is created for the client on a server. One or more signing or feature licensing configurations are created and authorized on the server for the client account. The client certificate and a request to perform a requested client service are received on the server from a client. The request includes configuration information for the requested client service. The server verifies the client certificate and determines whether the client is authorized to perform the requested client service. The determination is based on the configuration information and the one or more authorized client operations. Upon determining that the client is authorized to perform the requested client service, the request is processed the authorization is sent to the client.

Abstract: Embodiments relate to systems and methods for securely provisioning login credentials to an electronic device on a network, e.g., a consumer premises device (CPE) device, such as, among other devices, a modem. The login credential may be used, for example, for securely provisioning and configuring a CPE device.

Abstract: Embodiments relate to systems and methods for securely provisioning login credentials to an electronic device on a network, e.g., a consumer premises device (CPE) device, such as, among other devices, a modem. The login credential may be used, for example, for securely provisioning and configuring a CPE device.

Abstract: A system and method of provisioning personalization data of a second type to a device having personalization data of a first type, the device having a global root key GK_0, and a secure processing environment having unique information is disclosed. In one embodiment, the method comprises accepting a provisioning request from the device, the provisioning request comprising the unique information and an identifier of a second type of provisioning data requested, converting the personalization data from the first type to the second type, and transmitting the converted personalization data to the device.