Patents by Inventor Eric J. Sprunk

Eric J. Sprunk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20180219678
    Abstract: A method provides an origin certificate that can be issued as a digital certificate online. The method includes receiving an origin digital certificate and an encrypted client device private key from an offline certificate authority wherein the client device private key is encrypted according to a private key encryption key PrKEK. The method further includes receiving from the client device, a request for a client device digital certificate and the encrypted client device private key, selecting a digital certificate template for the client device, the digital certificate template having attributes that vary according to the client devices, building the client device digital certificate from the origin digital certificate and the selected digital certificate template, signing the client device digital certificate with an online certificate authority signing key, and transmitting the signed client device digital certificate and the encrypted device private key.
    Type: Application
    Filed: January 31, 2018
    Publication date: August 2, 2018
    Inventors: Alexander Medvinsky, Eric J. Sprunk, Xin Qiu, Paul Moroney
  • Patent number: 9912771
    Abstract: A method of pushing data from a client to a key collector, comprising preparing one or more SOC keys and one or more SOC IDs at a client, pushing the one or more SOC keys and one or more SOC IDs from the client to one or more key collectors, receiving an acknowledgement at the client from the one or more key collectors in response to pushing the one or more SOC keys and one or more SOC IDs to the key collectors, and installing the one or more SOC keys and one or more SOC IDs on a system-on-chip.
    Type: Grant
    Filed: April 14, 2014
    Date of Patent: March 6, 2018
    Assignee: ARRIS Enterprises LLC
    Inventors: Eric J. Sprunk, Tat Keung Chan, Xin Qiu, Jason A. Pasion, Oscar L. Jiang
  • Patent number: 9912485
    Abstract: A method and system is provided for embedding cryptographically modified versions of secret in digital certificates for use in authenticating devices and in providing services subject to conditional access conditions.
    Type: Grant
    Filed: July 29, 2015
    Date of Patent: March 6, 2018
    Assignee: ARRIS Enterprises, Inc.
    Inventors: Tat Keung Chan, Alexander Medvinsky, Eric J. Sprunk
  • Publication number: 20170346641
    Abstract: A method and system are provided for improved distributing of a complete software image to all electronic devices of a certain type or model while using encryption to limit its use to specific ones of those devices. In the method, the entire software image is encrypted with a global key and the encrypted software image is distributed to all devices which have the capability of running that software. The global software decryption key for decrypting the software image is uniquely encrypted for every device that is authorized to use the software and the encrypted global software key is distributed to those devices from a field or factory provisioning server across a point-to-point connection.
    Type: Application
    Filed: May 24, 2017
    Publication date: November 30, 2017
    Inventors: Alexander Medvinsky, Eric J. Sprunk
  • Publication number: 20170338958
    Abstract: A secure digital communications method is provided in which a Certificate Authority generates an improved RSA key pair having a modulus, a public key exponent, a public key, and a private key. The public key exponent can contain descriptive attributes and a digital signature. The digital signature can be responsive to the descriptive attributes and the modulus. A secure session can be established between a first system and a second system, within a secure digital communication protocol. The second system can verify the digital signature to authenticate the public key.
    Type: Application
    Filed: May 19, 2017
    Publication date: November 23, 2017
    Inventors: Alexander Medvinsky, Eric J. Sprunk
  • Patent number: 9485230
    Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.
    Type: Grant
    Filed: June 17, 2015
    Date of Patent: November 1, 2016
    Assignee: GOOGLE TECHNOLOGY HOLDINGS LLC
    Inventors: Madjid Nakhjiri, Tat Keung Chan, Alexander Medvinsky, Eric J. Sprunk
  • Publication number: 20160021075
    Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.
    Type: Application
    Filed: June 17, 2015
    Publication date: January 21, 2016
    Inventors: Madjid Nakhjiri, Tat Keung Chan, Alexander Medvinsky, Eric J. Sprunk
  • Patent number: 9210138
    Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.
    Type: Grant
    Filed: April 17, 2013
    Date of Patent: December 8, 2015
    Assignee: GOOGLE TECHNOLOGY HOLDINGS LLC
    Inventors: Madjid Nakhjiri, Tat Keung Chan, Alexander Medvinsky, Eric J. Sprunk
  • Patent number: 9197910
    Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that enables promulgation of licensing rights controlling Intellectual Property (IP) to multiple Actors. The handshake is a Challenge-Response protocol that includes a Challenge issued by one Actor who controls IP rights to verify a second Actor has Licensed IP rights when the second Actor Response includes use of a function IPF1. The function e.g. IPF1 is provided through the IP licensing agreement. Other Actors who wish to use software that the first Actor provides will be encouraged to acquire rights to the IP License to obtain the function IPF1 for access. Subsequent Actors who have IP rights controlled by another function IPF2 can be pulled into the same IP Licensing system, or another IP License that becomes part of the same ecosystem with the system controlled using function IPF1.
    Type: Grant
    Filed: October 29, 2013
    Date of Patent: November 24, 2015
    Assignee: ARRIS Technology, Inc.
    Inventors: Eric J. Sprunk, Mark G. Depietro
  • Publication number: 20150333915
    Abstract: A method and system is provided for embedding cryptographically modified versions of secret in digital certificates for use in authenticating devices and in providing services subject to conditional access conditions.
    Type: Application
    Filed: July 29, 2015
    Publication date: November 19, 2015
    Inventors: Tat Keung Chan, Alexander Medvinsky, Eric J. Sprunk
  • Patent number: 9172981
    Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol provided between a Conditional Access System (CAS) and Middleware running on a Set-Top-Box. The handshake is a Challenge-Response protocol that includes several steps. The CAS or the Middleware can either act as a Claimant or Verifier in Challenge-Response process. First, a Claimant sends a request to a Verifier requesting access to a function F through the API. The Verifier reacts to the request by outputting a Challenge that is sent to the Claimant The Challenge is also retained by the Verifier for use in its internal calculation to verify the Claimant's response. The Claimant next processes the Challenge using components under a patent License Agreement, known as Hook IP, and issues a Response to the Verifier. The Verifier can then verify the Response to allow the Claimant access to the API.
    Type: Grant
    Filed: October 29, 2013
    Date of Patent: October 27, 2015
    Assignee: ARRIS Technology, Inc.
    Inventors: Eric J. Sprunk, Mark G. Depietro, Alexander Medvinsky, Paul Moroney, Xin Qiu
  • Publication number: 20150296035
    Abstract: A method of pushing data from a client to a key collector, comprising preparing one or more SOC keys and one or more SOC IDs at a client, pushing the one or more SOC keys and one or more SOC IDs from the client to one or more key collectors, receiving an acknowledgement at the client from the one or more key collectors in response to pushing the one or more SOC keys and one or more SOC IDs to the key collectors, and installing the one or more SOC keys and one or more SOC IDs on a system-on-chip.
    Type: Application
    Filed: April 14, 2014
    Publication date: October 15, 2015
    Applicant: ARRIS ENTERPRISES, INC.
    Inventors: Eric J. Sprunk, Tat Keung Chan, Xin Qiu, Jason A. Pasion, Oscar L. Jiang
  • Patent number: 9130928
    Abstract: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.
    Type: Grant
    Filed: April 15, 2011
    Date of Patent: September 8, 2015
    Assignee: Google Technology Holdings LLC
    Inventors: Xin Qiu, Alexander Medvinsky, Stuart P. Moskovics, Jason A. Pasion, Eric J. Sprunk, Fan Wang, Ting Yao
  • Patent number: 9027159
    Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that enables promulgation of licensing rights controlling Intellectual Property (IP) to multiple Actors. The Actors include components of a cable system that can include a Conditional Access System, Middleware, a Browser for a Set-Top-Box, a Guide and a Guide Data Provider. The handshake is a Challenge-Response protocol that includes a Challenge issued by one Actor who controls IP rights to verify a second Actor has Licensed IP rights when the second Actor Response includes a Hook IP function IPF1. Other Actors who wish to use software functions F that the first Actor provides will be encouraged to acquire rights to the IP License to obtain the function IPF1 for access. Subsequent Actors who have IP rights controlled by another function IPF2 can be pulled into the same IP Licensing system, or another IP License that becomes part of the same ecosystem with the system controlled using function IPF1.
    Type: Grant
    Filed: October 29, 2013
    Date of Patent: May 5, 2015
    Assignee: ARRIS Technology, Inc.
    Inventors: Eric J. Sprunk, Mark G. Depietro
  • Patent number: 8904424
    Abstract: According to the invention, a method for securing a plaintext object within a content receiver is disclosed. In one step, a secure portion of a secure object and a plaintext remainder of the secure object are received. Which portion of the secure object is the secure portion is determined. The secure portion is decrypted to provide a plaintext portion. The plaintext object that comprises the plaintext portion and the plaintext remainder is formed. The plaintext object is stored including authentication and authorization.
    Type: Grant
    Filed: December 13, 2012
    Date of Patent: December 2, 2014
    Assignee: Motorola Mobility, LLC
    Inventor: Eric J. Sprunk
  • Publication number: 20140281502
    Abstract: A method and system is provided for embedding cryptographically modified versions of secret in digital certificates for use in authenticating devices and in providing services subject to conditional access conditions.
    Type: Application
    Filed: March 15, 2013
    Publication date: September 18, 2014
    Applicant: GENERAL INSTRUMENT CORPORATION
    Inventors: Tat Keung Chan, Alexander Medvinsky, Eric J Sprunk
  • Patent number: 8761401
    Abstract: A system and method for securely distributing PKI data, such as one or more private keys or other confidential digital information, from a PKI data generation facility to a product in a product personalization facility that is not connected to the PKI data generation facility and is assumed to be a non-secure product personalization facility. The system includes a PKI data loader for securely transmitting the encrypted PKI data transferred from the PKI data generator to a PKI server at the product personalization facility. The PKI server then transfers the PKI data to the product of interest, typically via a PKI station acting as a proxy between the PKI server and the product. In each communication step, PKI data being transferred is encrypted multiple times and the system is designed such that if any intermediate node is compromised with all of its keys, the overall system has not yet been compromised.
    Type: Grant
    Filed: August 28, 2007
    Date of Patent: June 24, 2014
    Assignee: Motorola Mobility LLC
    Inventors: Eric J. Sprunk, Alexander Medvinsky, Xin Qiu, Stuart Moskovics, Liqiang Chen
  • Publication number: 20140123172
    Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol provided between a Conditional Access System (CAS) and Middleware running on a Set-Top-Box. The handshake is a Challenge-Response protocol that includes several steps. The CAS or the Middleware can either act as a Claimant or Verifier in Challenge-Response process. First, a Claimant sends a request to a Verifier requesting access to a function F through the API. The Verifier reacts to the request by outputting a Challenge that is sent to the Claimant The Challenge is also retained by the Verifier for use in its internal calculation to verify the Claimant's response. The Claimant next processes the Challenge using components under a patent License Agreement, known as Hook IP, and issues a Response to the Verifier. The Verifier can then verify the Response to allow the Claimant access to the API.
    Type: Application
    Filed: October 29, 2013
    Publication date: May 1, 2014
    Applicant: General Instrument Corporation
    Inventors: Eric J. Sprunk, Mark G. Depietro, Alexander Medvinsky, Paul Moroney, Xin Qiu
  • Publication number: 20140123220
    Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that is provided to validate whether the parties involved are licensed to use the system which includes rights to Intellectual Property (IP) and corresponding obligations. The handshake is a Challenge-Response protocol that includes several steps. First, a Claimant sends a request to a Verifier requesting access to a function through an API. The Verifier reacts to the request by outputting a Challenge that is sent to the Claimant. The Challenge is also retained by the Verifier for use in its internal calculation to verify the Claimant's response. The Claimant next processes the Challenge using components under the license, known as Hook IP, and issues a Response to the Verifier. The Verifier compares the possibly-correct Candidate Response from the Claimant to the known-correct Target Response and if a match occurs the Verifier allows the Claimant access to the API.
    Type: Application
    Filed: October 29, 2013
    Publication date: May 1, 2014
    Applicant: General Instrument Corporation
    Inventors: Eric J. Sprunk, Mark G. Depietro, Alexander Medvinsky, Paul Moroney, Xin Qiu
  • Publication number: 20140123242
    Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that enables promulgation of licensing rights controlling Intellectual Property (IP) to multiple Actors. The handshake is a Challenge-Response protocol that includes a Challenge issued by one Actor who controls IP rights to verify a second Actor has Licensed IP rights when the second Actor Response includes use of a function IPF1. The function e.g. IPF1 is provided through the IP licensing agreement. Other Actors who wish to use software that the first Actor provides will be encouraged to acquire rights to the IP License to obtain the function IPF1 for access. Subsequent Actors who have IP rights controlled by another function IPF2 can be pulled into the same IP Licensing system, or another IP License that becomes part of the same ecosystem with the system controlled using function IPF1.
    Type: Application
    Filed: October 29, 2013
    Publication date: May 1, 2014
    Applicant: General Instrument Corporation
    Inventors: Eric J. Sprunk, Mark G. Depietro