Abstract: A transparent networking system for meter infrastructure within a network. The system has a single transparent meshed communication network comprising a first ZigBee network provided within a first spatial region and a second ZigBee network provided within a second spatial region. The network has a powerline carrier configured between the first ZigBee network and the second ZigBee network to facility transfer of bi-directional information packet by packet between the first ZigBee network and the second ZigBee networks.

Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.

Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.

Abstract: A system is provided for use with secure content in a first format. The system includes a conditional access device, a transcoding device and a media processor. The conditional access device is operable to receive the secure content and can generate a second secure content based on the secure content. The conditional access device can further provide the second secure content to the transcoding device.

Abstract: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.

Abstract: A system for extending the Smart Meter's range to connect to Home Area Networks for energy monitoring and demand response in a variety of locations. The system has a data concentrator with a wireless communicating module configured to transmit and receive information at one or more first frequencies ranging up to 2.4 GHz, and a power-line module configured to transmit and receive information at one or more frequencies ranging from about 100 to 30 MHz. The data concentrator receives power information from one or more Smart Meters and convert the wireless signal to a power-line carrier signal over the existing all three phases of the AC wiring. The system also includes a wireless and power-line carrier bridge that converts the power-line carrier signal back to a wireless signal to connect to various Home Area Network (HAN) devices such as programmable communicating thermostats (PCTs), smart appliances and in-home displays (IHDs).

Abstract: The invention relates to a method of authenticating a user equipment in a communications network. The method involves sending a message from a network entity to the user equipment. This message includes a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity; said options including a “shared key”-based authentication procedure. The method also involves selecting an option from the set. In the event that the “shared-key”-based authentication procedure is selected, a shared secret from a security key established in a generic bootstrapping architecture (GBA) is generated over a second interface between the user equipment and a bootstrapping service function. The shared secret is then used to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface.

Abstract: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.

Abstract: A method and apparatus for provisioning devices. One method includes authenticating a first customer as an authenticated user and receiving from a first customer a first request to establish a credit record for a specified number of upgraded feature licenses. The upgraded feature licenses are obtainable from a third party supplier and are associated with components available from the third party supplier. The credit record includes feature credits to be made available to the first customer to obtain the upgraded feature licenses from the third party supplier. A second request is received from the first customer to release the feature credits to a credit pool associated with the first customer so that the feature credits are available to the first customer. The upgraded feature licenses are generated and the credit pool associated with the first customer is debited for the number of credits needed to obtain the upgraded feature licenses.

Abstract: The invention relates to a method of authenticating a user equipment in a communications network. The method involves sending a message from a network entity to the user equipment. This message includes a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity; said options including a “shared key”-based authentication procedure. The method also involves selecting an option from the set. In the event that the “shared-key”-based authentication procedure is selected, a shared secret from a security key established in a generic bootstrapping architecture (GBA) is generated over a second interface between the user equipment and a bootstrapping service function. The shared secret is then used to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface.

Abstract: An energy management system. The system includes a coax controller apparatus comprising an exterior housing and plurality of coax modules numbered from 2 through N, where N is an integer greater than 3. In a specific embodiment, each of the coax modules comprises a powerline chip (PLC) module coupled to an analog front end, which is coupled to a coaxial connector. The system also has an electromagnetic shield configured to each of the coax modules. In a specific embodiment, the electromagnetic shield is configured to substantially maintain the coax module substantially free from interference noise or other disturbances. The system has a power meter coupled to one or more ports of the coax controller apparatus.

Abstract: In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.

Abstract: In one exemplary and non-limiting aspect thereof a method is provided that includes sending a wireless network (WN) a first message that includes a list of authentication mechanisms supported by a node and, in association with each authentication mechanism, a corresponding identity; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the node; and including information in a second message that is sent to the node, the information including the determined authentication mechanism in conjunction with a corresponding identity. The method further includes protecting at least the list of authentication mechanisms supported by the node and the corresponding identities and sending a second message to the network, the second message including at least the list of authentication mechanisms and the corresponding identities.

Abstract: A client, method and system for registering a DRM client is disclosed. The method (100) includes the steps of: initiating (110) a registration request via a DRM client with an encrypted registration message including an asymmetric key cryptographic identity, a customer identifier and an application specific information (AINFO) field including a digital signature and a device certificate chain; validating (120) information in the application specific information (AINFO) field by a DRM registration server; and receiving (130) a registration response, the registration response being encrypted and including access information, to obtain content. Advantageously, this method provides an enhanced and reliable means of authentication.

Abstract: A system for providing network infrastructure for energy management and control is disclosed. A controller integrates powerline and wireless networking technologies in order to provide an integrated network. A gateway sends and receives command and control data across the integrated network. Client devices may connect to the integrated network and perform a variety of functions. An appliance module may send and receive data across the integrated network in relation to a particular appliance. A panel meter may send and receive data across the integrated network in relation to data measured at a distribution panel. A serial bridge may connect various devices to the integrated network. Computing devices may remotely or locally connect to the integrated network and send and receive data.

Abstract: A method is provided for enhancing security of a communication session between first and second endpoints which employs a key management protocol. The method includes sending a first message to a first end point over a communications network requesting a secure communication session therewith. The message includes an identity of a second end point requesting the authenticated communication session. A digital certificate is received from the first endpoint over the communications network. The digital certificate is issued by a certifying source verifying information contained in the digital certificate. The digital certificate includes a plurality of fields, one or more of which are transformed in accordance with a transformation algorithm. A reverse transform is applied to the one or more transformed fields to obtain the one or more fields. The digital certificate is validated and a second message is sent to the first endpoint indicating that validation is complete.

Abstract: A system for providing network infrastructure for energy management and control is disclosed. A controller integrates powerline and wireless networking technologies in order to provide an integrated network. A gateway sends and receives command and control data across the integrated network. Client devices may connect to the integrated network and perform a variety of functions. An appliance module may send and receive data across the integrated network in relation to a particular appliance. A panel meter may send and receive data across the integrated network in relation to data measured at a distribution panel. A serial bridge may connect various devices to the integrated network. Computing devices may remotely or locally connect to the integrated network and send and receive data.

Abstract: A system for providing network infrastructure for energy management and control is disclosed. A controller integrates powerline and wireless networking technologies in order to provide an integrated network. A gateway sends and receives command and control data across the integrated network. Client devices may connect to the integrated network and perform a variety of functions. An appliance module may send and receive data across the integrated network in relation to a particular appliance. A panel meter may send and receive data across the integrated network in relation to data measured at a distribution panel. A serial bridge may connect various devices to the integrated network. Computing devices may remotely or locally connect to the integrated network and send and receive data.

Abstract: A method for providing a secure automated feature license update is disclosed. This method may be performed at a central license server. A license template including features for enablement on a device is generated. The license template is sent to an authorized user. A license update request is received from an entity. An updated license is generated by the central license server. A response is sent to the entity. A method for providing a secure automated feature license update is disclosed. This method may be performed at a device, e.g. an end-user device. A first feature set of a current license of a device is compared with a second feature set of a license template received by the device. A license update request is generated when there is a difference between the first feature set and the second feature set. The license update request is sent to a license server.

Abstract: Disclosed is a manufacturing process and feature licensing system for provisioning personalized (device-unique) licenses to devices. The secure system uses a secure key wrapping mechanism to deliver the LSK to LPS. Another feature is that various network communication links are secured using standard security protocol. Application messages, license templates, licenses are digitally signed. The system is flexible, configured to allow multiple manufacturers and to allow various feature configurations via the use of License Template; scalable, as it is possible to use multiple LPS hosts to serve multiple programming stations; and available in that the delegation of license signing capability from CLS to LPS eliminates the dependency on unreliable Internet connections. Redundant LPS hosts provide high level of availability required for high volume license provisioning.