Abstract: A system and method for receiving secure data in a client device. In one embodiment, the method comprises (a) receiving a token having a token ID and a digital certificate generated by a certificate authority (CA) having client device fingerprint data generated from client device parameters, (b) accepting a request in the client device to provide secure data to the client device, (c) regenerating the client device fingerprint data from the client device parameters, (d) determining, in the client device, differences between the client device fingerprint data of the digital certificate from the regenerated client device fingerprint data, and (e) transmitting a request to a secure data service to provide secure data based upon the determination.

Abstract: The display panel includes: a first substrate and a second substrate disposed opposite to the first substrate, wherein an electrophoresis layer and electrophoresis ions are disposed on the first substrate, the electrophoresis layer is located between the second substrate and the first substrate, the electrophoresis layer is provided with a plurality of electrophoresis tanks arranged in an array, openings of the electrophoresis tanks face the second substrate, and the electrophoresis ions are located in the electrophoresis tanks; and one of the electrophoresis layer and the second substrate is provided with a positioning groove, the other is provided with a positioning block embedded into the positioning groove, and orthographic projections of the positioning groove and the positioning block on the first substrate are at least partially located between orthographic projections of two adjacent electrophoresis tanks on the first substrate. The pressure resistance of the display panel is improved.

Abstract: A method and apparatus for distributing a software release is disclosed. The method comprises accepting, in a software distribution system, a software download configuration from a software download system administrator, the software download configuration comprising: first information defining software post processing, the software post processing identifying: a software image to be included in the software release; and a post processing operation to be performed on the software image, the post processing operation associated with a post processing configuration specifying post processing operation parameters defining how the post processing operation is performed by the post processing server; and second information defining a restriction on distribution of the software release.

Abstract: A system and method for providing secure data to a client device having a token is disclosed. In one embodiment, the method comprises (a) binding the token to the client device according to first token binding information comprising a first token identifier (ID), first client device fingerprint data, and a first timestamp, (b) receiving a request to provide secure data to the client device in a secure data service, (c) determining if the request to provide the secure data to the client device was received within an acceptable temporal range of the stored timestamp, and (d) providing the requested secure data according to the determination.

Abstract: A system and method for providing secure data to a client device having a token is disclosed. In one embodiment, the method comprises: (a) binding the token to the client device according to first token binding information comprising a first token identifier (ID), first client device fingerprint data, and a first timestamp, (b) receiving a request to provide secure data to the client device in a service, the request comprising the signed first token binding information and timestamp, (c) determining if the request to provide the secure data to the client device was received within an acceptable temporal range of the stored timestamp; and (d) providing the requested secure data according to the determination.

Abstract: A method and apparatus for revoking and replacing digital certificates issued by distributed servers is disclosed. An architecture in which issued certificates from distributed factory and field provisioning servers are gathered into a centrally managed certificate authority which manages the full certificate lifecycle. Revocation and rekey approvals are performed through this central certificate authority, while the resulting revocation status and rekey approvals are made available for consumption by those same distributed servers.

Abstract: A system is provided for distribution of device key sets over a network in a protected software environment (PSE). In the system, a client device includes a connection interface for receiving a crypto hardware (CH) token belonging to a user, untrusted software, a quoting enclave, and a PSE for generating a provisioning request for a device key set. An attestation proxy server (APS) receives the provisioning message using a first network connection, and transmits the provisioning message to an online provisioning server (OPS) using a second network connection. The OPS constructs a provisioning response and an encrypted device key set, and delivers the provisioning response to the untrusted software using the first and second network connections. The PSE decrypts the encrypted device key set to obtain the device key set, re-encrypts the device key set with a local chip-specific key, and stores the re-encrypted device key set.

Abstract: The systems and method disclosed herein provide two paradigms for managing distribution of at least one license to one or more features defined in feature categories. A first embodiment is one that uses mixed single unit monthly credits, while a second embodiment uses separate fixed term credits.

Abstract: A system and method for preventing use of invalid digital certificates is disclosed. The method comprises receiving, in a validation service from a requesting entity, a cryptographic asset and a request to evaluate the cryptographic asset, the cryptographic asset uniquely assigned to one of the plurality of devices by an associated one of the commercially distinct entities, the request comprising the cryptographic asset, determining an evaluation state of the cryptographic asset at least in part from a database derived from a plurality of public keys currently assigned to the plurality of devices and previously received by the validation service, determining a disposition of the cryptographic asset according to a disposition policy associated with the determined evaluation state and the device and effecting the determined disposition of the cryptographic asset.

Abstract: A system for generating unique digital certificates is provided that generates computed hashes public keys and compares them. The system method computes a hash of a public key, compares the computed hash of the public key with hashes of public keys previously generated, generates the digital certificate having the public key and a device identifier only if the computed hash of the public key does not match any of the hashes of public keys previously generated, and provides the digital certificate.

Abstract: A system and method for preventing use of invalid digital certificates is disclosed. The method comprises receiving, in a validation service from a requesting entity, a cryptographic asset and a request to evaluate the cryptographic asset, the cryptographic asset uniquely assigned to one of the plurality of devices by an associated one of the commercially distinct entities, the request comprising the cryptographic asset, determining an evaluation state of the cryptographic asset at least in part from a database derived from a plurality of public keys currently assigned to the plurality of devices and previously received by the validation service, determining a disposition of the cryptographic asset according to a disposition policy associated with the determined evaluation state and the device and effecting the determined disposition of the cryptographic asset.

Abstract: A method and system provide the ability to authenticate client services. A private key and a client certificate are created and delivered to a client. Based on the private key and the certificate, a client account is created for the client on a server. One or more signing or feature licensing configurations are created and authorized on the server for the client account. The client certificate and a request to perform a requested client service are received on the server from a client. The request includes configuration information for the requested client service. The server verifies the client certificate and determines whether the client is authorized to perform the requested client service. The determination is based on the configuration information and the one or more authorized client operations. Upon determining that the client is authorized to perform the requested client service, the request is processed the authorization is sent to the client.

Abstract: A system is provided for distribution of device key sets over a network in a protected software environment (PSE). In the system, a client device includes a connection interface for receiving a crypto hardware (CH) token belonging to a user, untrusted software, a quoting enclave, and a PSE for generating a provisioning request for a device key set. An attestation proxy server (APS) receives the provisioning message using a first network connection, and transmits the provisioning message to an online provisioning server (OPS) using a second network connection. The OPS constructs a provisioning response and an encrypted device key set, and delivers the provisioning response to the untrusted software using the first and second network connections. The PSE decrypts the encrypted device key set to obtain the device key set, re-encrypts the device key set with a local chip-specific key, and stores the re-encrypted device key set.

Abstract: A system and method for providing secure data to a client device having a token is disclosed. In one embodiment, the method comprises (a) binding the token to the client device according to first token binding information comprising a first token identifier (ID) , first client device fingerprint data, and a first timestamp, (b) receiving a request to provide secure data to the client device in a secure data service, (c) determining if the request to provide the secure data to the client device was received within an acceptable temporal range of the stored timestamp, and (d) providing the requested secure data according to the determination.

Abstract: A system and method for providing secure data to a client device having a token is disclosed. In one embodiment, the method comprises: (a) binding the token to the client device according to first token binding information comprising a first token identifier (ID), first client device fingerprint data, and a first timestamp, (b) receiving a request to provide secure data to the client device in a service, the request comprising the signed first token binding information and timestamp, (c) determining if the request to provide the secure data to the client device was received within an acceptable temporal range of the stored timestamp; and (d) providing the requested secure data according to the determination.

Abstract: A system and method for receiving secure data in a client device. In one embodiment, the method comprises (a) receiving a token having a token ID and a digital certificate generated by a certificate authority (CA) having client device fingerprint data generated from client device parameters, (b) accepting a request in the client device to provide secure data to the client device, (c) regenerating the client device fingerprint data from the client device parameters, (d) determining, in the client device, differences between the client device fingerprint data of the digital certificate from the regenerated client device fingerprint data, and (e) transmitting a request to a secure data service to provide secure data based upon the determination.

Abstract: A method is provided that permits user to submit a password to the private key that is to be used to decrypt files either at the time of user account setup or at the time of submitting the files. The password is stored securely in the system, permanently or temporarily, and is used later to decrypt the files right before the system is ready to process the files.

Abstract: A system is provided for distribution of device key sets over a network in a protected software environment (PSE). In the system, a client device includes a connection interface for receiving a crypto hardware (CH) token belonging to a user, untrusted software, a quoting enclave, and a PSE for generating a provisioning request for a device key set. An attestation proxy server (APS) receives the provisioning message using a first network connection, and transmits the provisioning message to an online provisioning server (OPS) using a second network connection. The OPS constructs a provisioning response and an encrypted device key set, and delivers the provisioning response to the untrusted software using the first and second network connections. The PSE decrypts the encrypted device key set to obtain the device key set, re-encrypts the device key set with a local chip-specific key, and stores the re-encrypted device key set.

Abstract: A method and system provide the ability to authenticate client services. A private key and a client certificate are created and delivered to a client. Based on the private key and the certificate, a client account is created for the client on a server. One or more signing or feature licensing configurations are created and authorized on the server for the client account. The client certificate and a request to perform a requested client service are received on the server from a client. The request includes configuration information for the requested client service. The server verifies the client certificate and determines whether the client is authorized to perform the requested client service. The determination is based on the configuration information and the one or more authorized client operations. Upon determining that the client is authorized to perform the requested client service, the request is processed the authorization is sent to the client.

Abstract: A method is provided that permits user to submit a password to the private key that is to be used to decrypt files either at the time of user account setup or at the time of submitting the files. The password is stored securely in the system, permanently or temporarily, and is used later to decrypt the files right before the system is ready to process the files.