Abstract: A provisioning control apparatus configured to be coupled to a provisioning equipment server, wherein the provisioning equipment server is electrically connectable with at least one electronic device for provisioning the electronic device with security sensitive provisioning data. The provisioning control apparatus includes a communication interface configured to receive information about one or more provisioning capabilities of the provisioning equipment server for provisioning the electronic device with the security sensitive provisioning data. The provisioning control apparatus further includes a processing circuitry configured to generate, based on a product configuration of the electronic device and the information about the one or more provisioning capabilities of the provisioning equipment server, a provisioning script, wherein the provisioning script defines one or more provisioning operations for provisioning the electronic device with the security sensitive provisioning data.

Abstract: A provisioning control apparatus configured to be coupled to a provisioning equipment server electrically connectable with one or more electronic devices for provisioning the electronic devices with security sensitive provisioning data. The provisioning control apparatus includes a processor configured to generate a group context for sharing the group context with a first further provisioning control apparatus for creating a group of provisioning control apparatuses. The processor is configured to assign an identity to the first further provisioning control apparatus. The identity of the first further provisioning control apparatus is indicative of the provisioning control apparatus and the first further provisioning control apparatus. The processor is configured to generate the security sensitive provisioning data based on the group context.

Abstract: A provisioning control apparatus is configured to be coupled to a provisioning equipment server electrically connectable with one or more electronic devices for provisioning the electronic devices with security sensitive provisioning data. The provisioning control apparatus includes a processor configured to generate a group context for creating a group of provisioning control apparatuses. The processor is further configured to generate the security sensitive provisioning data based on the group context. The provisioning control apparatus includes a communication interface configured to provide the security sensitive provisioning data to the provisioning equipment server. The communication interface is configured to provide the group context to a security server for generating a proxy provisioning control apparatus on the security server.

Abstract: A provisioning control apparatus coupled to a provisioning equipment server electrically connectable with electronic components each including a security enclave and a non-volatile memory. The provisioning control apparatus includes a processor configured to encrypt the security sensitive provisioning data using a secure vault encryption key for obtaining encrypted security sensitive provisioning data. The provisioning control apparatus has a communication interface configured to securely provide the secure vault encryption key to the provisioning equipment server for storing the secure vault encryption key in the security enclave of the electronic component.

Abstract: A provisioning control apparatus is configured for coupling to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The apparatus comprises: a communication interface configured to receive an electronic provisioning token including a provisioning counter indicating a total of transmissions of the program code towards the provisioning equipment server; and a processor configured to retrieve the provisioning counter from the received token. The interface can transmit the program code towards server; the processor can update a value of the counter for each transmission of the program code towards the server for an updated counter. The processor prohibits transmission of the program code towards the server if the updated counter indicates a total number of transmissions has been reached.

Abstract: A provisioning control apparatus couples to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The provisioning control apparatus has a communication interface which transmits the program code to the provisioning equipment server for provisioning the electronic device(s) with the program code and to receive an electronic provisioning token having provisioning control data. The provisioning control apparatus includes a processor that controls the transmission of the program code via the communication interface to the provisioning equipment server. The electronic provisioning token has time adjustment information for adjusting the clock, and the processor adjusts the time of the clock. A provisioning control system includes the provisioning control apparatus and a method involves provisioning the electronic device(s).

Abstract: A provisioning control apparatus is configured to be coupled to a provisioning equipment server electrically connectable with one or more electronic devices for provisioning the electronic devices with security sensitive provisioning data. The provisioning control apparatus includes a processor configured to generate a group context for creating a group of provisioning control apparatuses. The processor is further configured to generate the security sensitive provisioning data based on the group context. The provisioning control apparatus includes a communication interface configured to provide the security sensitive provisioning data to the provisioning equipment server. The communication interface is configured to provide the group context to a security server for generating a proxy provisioning control apparatus on the security server.

Abstract: A provisioning control apparatus is configured to be coupled to a provisioning equipment server, wherein the provisioning equipment server is electrically connectable with one or more electronic devices for provisioning the electronic devices with security sensitive provisioning data. The provisioning control apparatus includes a processor configured to generate a group context for sharing the group context with a first further provisioning control apparatus for creating a group of provisioning control apparatuses. The group context includes a group private key, a certificate for the group private key and a group encryption key used for encryption and/or decryption and the first further provisioning control apparatus is configured to be coupled to the provisioning equipment server. The processor is configured to generate the security sensitive provisioning data based on the group context.

Abstract: A provisioning control apparatus configured to be coupled to a provisioning equipment server electrically connectable with one or more electronic devices for provisioning the electronic devices with security sensitive provisioning data. The provisioning control apparatus includes a processor configured to generate a group context for sharing the group context with a first further provisioning control apparatus for creating a group of provisioning control apparatuses. The processor is configured to assign an identity to the first further provisioning control apparatus. The identity of the first further provisioning control apparatus is indicative of the provisioning control apparatus and the first further provisioning control apparatus. The processor is configured to generate the security sensitive provisioning data based on the group context.

Abstract: A provisioning control apparatus coupled to a provisioning equipment server electrically connectable with electronic components each comprising a security enclave and a non-volatile memory. The provisioning control apparatus includes a processor configured to encrypt the security sensitive provisioning data using a secure vault encryption key for obtaining encrypted security sensitive provisioning data. The provisioning control apparatus has a communication interface configured to securely provide the secure vault encryption key to the provisioning equipment server for storing the secure vault encryption key in the security enclave of the electronic component.

Abstract: A security data processing device comprising a processor and memory, the processor configured to: receive a digital document comprising a primary programming requirement for programming a programmable device; determine if there is a record stored in the memory that corresponds to the digital document; receive a programming request from a programming module of a programming machine in communication with said processor, said programming request requesting the programming of the programmable device; determine if the programming request complies with the primary programming requirement in the digital document; and wherein if said programming request complies with the primary programming requirement in the digital document and if there is no record stored in the memory that corresponds to the digital document, the processor is configured to: output programming information to the programming module for programming the programmable device; and permanently store a further record, corresponding to said digital documen

Abstract: A security data processing device comprising a processor and memory, the processor configured to: receive a script comprising at least one instruction set for provisioning a type of programmable device, the instruction set(s) defining one or more cryptographic operations, each of the cryptographic operations referring to a parameter; store the script in memory; verify a signature associated with the script using an authorization key retrieved from memory; receive a programming request from a programming module of a programming machine in communication with said processor, said programming request requesting the programming of a programmable device and identifying an instruction set of the instruction set(s) in said script; for each cryptographic operation in the identified instruction set, determine a value for the parameter and perform the cryptographic operation using the value; and in response to performing each cryptographic operation, output programming information to the programming module for programmi

Abstract: A provisioning control apparatus couples to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The provisioning control apparatus has a communication interface which transmits the program code to the provisioning equipment server for provisioning the electronic device(s) with the program code and to receive an electronic provisioning token having provisioning control data. The provisioning control apparatus includes a processor that controls the transmission of the program code via the communication interface to the provisioning equipment server. The electronic provisioning token has time adjustment information for adjusting the clock, and the processor adjusts the time of the clock. A provisioning control system includes the provisioning control apparatus and a method involves provisioning the electronic device(s).

Abstract: A provisioning control apparatus is configured for coupling to a provisioning equipment server electrically connectable with electronic device(s) for provisioning the electronic device(s) with a program code according to a first provisioning service tier of provisioning service tiers. The provisioning control apparatus comprises a communication interface for receiving an electronic provisioning token and a processor for determining the basis of the electronic provisioning token a second provisioning service tier afforded by the electronic provisioning token. The communication interface can transmit the program code towards the provisioning equipment server; the processor prohibits a transmission of the program code towards the provisioning equipment server if the second provisioning service tier afforded by the electronic provisioning token is insufficient for provisioning of the electronic device(s) by the provisioning equipment server in accordance with the first provisioning service tier.

Abstract: A provisioning control apparatus is configured to be coupled to a provisioning equipment server, which is electrically connectable with one or more electronic devices for provisioning the one or more electronic devices with first or second program codes. The provisioning control apparatus comprises: a communication interface configured to receive an electronic credit token having a credit counter; and a processor. The communication interface is configured to transmit the first and second program codes towards the provisioning equipment server. The processor is configured to update a value of the credit counter for each transmission of the first and second program codes to obtain an updated credit counter, and to prohibit a further transmission of the first or second program codes if the updated credit counter indicates that a number of transmissions is reached. A provisioning control system comprises the apparatus and a corresponding method for provisioning one or more electronic devices.

Abstract: A provisioning control apparatus is configured for coupling to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The apparatus comprises: a communication interface configured to receive an electronic provisioning token including a provisioning counter indicating a total of transmissions of the program code towards the provisioning equipment server; and a processor configured to retrieve the provisioning counter from the received token. The interface can transmit the program code towards server; the processor can update a value of the counter for each transmission of the program code towards the server for an updated counter. The processor prohibits transmission of the program code towards the server if the updated counter indicates a total number of transmissions has been reached.

Abstract: A security data processing device comprising a processor and memory, the processor configured to: receive a digital document comprising a primary programming requirement for programming a programmable device; determine if there is a record stored in the memory that corresponds to the digital document; receive a programming request from a programming module of a programming machine in communication with said processor, said programming request requesting the programming of the programmable device; determine if the programming request complies with the primary programming requirement in the digital document; and wherein if said programming request complies with the primary programming requirement in the digital document and if there is no record stored in the memory that corresponds to the digital document, the processor is configured to: output programming information to the programming module for programming the programmable device; and permanently store a further record, corresponding to said digital documen

Abstract: A security data processing device comprising a processor and memory, the processor configured to: receive a script comprising at least one instruction set for provisioning a type of programmable device, the instruction set(s) defining one or more cryptographic operations, each of the cryptographic operations referring to a parameter; store the script in memory; verify a signature associated with the script using an authorization key retrieved from memory; receive a programming request from a programming module of a programming machine in communication with said processor, said programming request requesting the programming of a programmable device and identifying an instruction set of the instruction set(s) in said script; for each cryptographic operation in the identified instruction set, determine a value for the parameter and perform the cryptographic operation using the value; and in response to performing each cryptographic operation, output programming information to the programming module for programmi