公开(公告)号：US10333935B2

公开(公告)日：2019-06-25

申请号：US15174816

申请日：2016-06-06

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Chris A. Kruegel ,  Michael F. Korus ,  Katrin Reitsma

IPC: H04L9/08 ,  H04L29/06 ,  H04W4/90 ,  H04L9/32 ,  H04L12/58 ,  H04W4/10 ,  H04L29/08 ,  H04W4/08 ,  H04W12/12

Abstract: Method and management server for revoking group server identifiers of compromised group servers. One method includes determining, with a management server, an identity-based cryptographic signing key based on a group server identifier. The method also includes distributing, via the management server, the identity-based cryptographic signing key to a group server. The method further includes receiving, at the management server, a security status indicating that the security of the group server is compromised. The method also includes, responsive to receiving the security status, distributing, via the management server, a revocation of the group server identifier to a plurality of communication devices.

公开(公告)号：US20240073030A1

公开(公告)日：2024-02-29

申请号：US17822616

申请日：2022-08-26

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Chi Fai Sze ,  Andrzej Grzesik ,  Chris A. Kruegel ,  Konrad Papierz ,  Steven K. Turner

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3263 ,  H04L9/0825 ,  H04L9/0861

Abstract: Systems and methods for authenticating public key infrastructure certificate enrollment using certificate entitlement licenses. One example system includes a device manager including an electronic processor. The electronic processor is configured to receive a request for software for an electronic device including a unique electronic device identifier. The electronic processor is configured to determine, based on the request, whether the electronic device is entitled to participate in a certificate management service. The electronic processor is configured to, responsive to determining that the electronic device is entitled to participate in a certificate management service, transmit a certificate entitlement license request including the unique device identifier to a certificate entitlement license manager. The electronic processor is configured to receive, from the certificate entitlement license manager, a certificate entitlement license for the unique device identifier. The electronic processor is configured to deliver the certificate entitlement license based on the unique device identifier.

公开(公告)号：US11456881B2

公开(公告)日：2022-09-27

申请号：US16624431

申请日：2017-06-30

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Wojciech Kucharski ,  Elizeusz Musial ,  Andrzej Grzesik ,  Marcin Tomasik ,  Chris A. Kruegel

IPC: H04L9/32

Abstract: A method and apparatus is provided for updating certificates in a trust chain and managing versions of the trust chain. A first electronic processor determines that a first certificate in a first level of the trust chain is to be updated, updating the first certificate and each certificate in a lower level in the trust chain that is lower than the first level, creates a second version of the trust chain including an updated first certificate and an updated certificate at each lower level in the trust chain, and transmits the second version of the trust chain to one or more entities.

公开(公告)号：US12250326B2

公开(公告)日：2025-03-11

申请号：US17822616

申请日：2022-08-26

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Chi Fai Sze ,  Andrzej Grzesik ,  Chris A. Kruegel ,  Konrad Papierz ,  Steven K. Turner

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: Systems and methods for authenticating public key infrastructure certificate enrollment using certificate entitlement licenses. One example system includes a device manager including an electronic processor. The electronic processor is configured to receive a request for software for an electronic device including a unique electronic device identifier. The electronic processor is configured to determine, based on the request, whether the electronic device is entitled to participate in a certificate management service. The electronic processor is configured to, responsive to determining that the electronic device is entitled to participate in a certificate management service, transmit a certificate entitlement license request including the unique device identifier to a certificate entitlement license manager. The electronic processor is configured to receive, from the certificate entitlement license manager, a certificate entitlement license for the unique device identifier. The electronic processor is configured to deliver the certificate entitlement license based on the unique device identifier.

公开(公告)号：US20170353455A1

公开(公告)日：2017-12-07

申请号：US15174816

申请日：2016-06-06

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Chris A. Kruegel ,  Michael F. Korus ,  Katrin Reitsma

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04L12/58 ,  H04W4/22 ,  H04W4/10

CPC classification number: H04L63/10 ,  H04L9/0833 ,  H04L9/0847 ,  H04L9/0891 ,  H04L9/32 ,  H04L51/26 ,  H04L63/065 ,  H04L63/08 ,  H04L63/14 ,  H04L63/145 ,  H04L65/1063 ,  H04L65/4061 ,  H04L65/602 ,  H04L67/1044 ,  H04W4/08 ,  H04W4/10 ,  H04W4/90 ,  H04W12/12

Abstract: Method and management server for revoking group server identifiers of compromised group servers. One method includes determining, with a management server, an identity-based cryptographic signing key based on a group server identifier. The method also includes distributing, via the management server, the identity-based cryptographic signing key to a group server. The method further includes receiving, at the management server, a security status indicating that the security of the group server is compromised. The method also includes, responsive to receiving the security status, distributing, via the management server, a revocation of the group server identifier to a plurality of communication devices.

公开(公告)号：US11502849B2

公开(公告)日：2022-11-15

申请号：US16768088

申请日：2018-02-28

Applicant: MOTOROLA SOLUTIONS, INC. ,  Steven K Turner ,  Andrzej Grzesik ,  Chris A. Kruegel

Inventor： Steven K Turner ,  Andrzej Grzesik ,  Chris A. Kruegel

IPC: H04L29/06 ,  H04L9/32 ,  G06K7/14 ,  H04L9/00 ,  H04L9/40 ,  H04W12/069

Abstract: A mobile device and method are provided that allow for registering the mobile device using a machine readable optical label. The mobile device receives a machine readable optical label, such as a QR code or a bar code. The machine readable optical label includes authentication data and security information. The mobile device scans machine readable optical label to read the authentication data and the security information. The mobile device validates the machine readable optical label and generates certificate request, the certificate request digitally signed using the authentication data and the security information. The mobile device transmits the certificate signing request to a registration authority.

公开(公告)号：US08824681B2

公开(公告)日：2014-09-02

申请号：US13671744

申请日：2012-11-08

Applicant: Motorola Solutions, Inc.

Inventor： Thomas J. Senese ,  Chris A. Kruegel ,  Michael C. Petrie ,  Harish Natarahjan

IPC: H04K1/00 ,  H04L29/06 ,  H04W12/08 ,  H04W12/02

CPC classification number: H04L63/162 ,  H04L63/04 ,  H04W12/02 ,  H04W12/08

Abstract: Methods and systems for LLE encrypting and decrypting voice message streams (VMSs) already supporting eTe encryption are disclosed. In one example, LLE and eTe encryption initialization vectors (EIVs) are interleaved such that an LLE EIV retrieved from one of a header and a data unit is used to LLE decrypt both the header or data unit and a subsequent data unit. A recovered eTe EIV is used to eTe decrypt voice payloads in one or more subsequent data units. In another example, a base station dynamically LLE encrypts a VMS already supporting eTe encrypting by determining whether a received VMS is eTe encrypted, and ii it is not generating a new LLE EIV, and if it is, re-using the pre-existing eTe EIV for LLE encryption. The LLE encrypted (and perhaps eTe encrypted) VMS is then sent over the air to one or more mobile stations.

Abstract translation: 公开了已经支持eTe加密的LLE加密和解密语音消息流（VMS）的方法和系统。 在一个示例中，LLE和eTe加密初始化向量（EIV）被交织，使得从报头和数据单元中的一个检索的LLE EIV被用于LLE解密报头或数据单元以及随后的数据单元。 恢复的eTe EIV用于eTe在一个或多个后续数据单元中解密语音有效载荷。 在另一个例子中，基站动态LLE通过确定所接收的VMS是否被e加密来加密已经支持eTe加密的VMS，并且ii它不产生新的LLE EIV，如果是，则重新使用预先存在的eTe EIV用于LLE加密。 然后将LLE加密（以及eTe加密的）VMS通过空中发送到一个或多个移动台。

公开(公告)号：US08781132B2

公开(公告)日：2014-07-15

申请号：US13678747

申请日：2012-11-16

Applicant: Motorola Solutions, Inc.

Inventor： Chris A. Kruegel ,  Thomas J. Senese ,  Hans C. Sowa

IPC: H04L9/08 ,  H04W12/04 ,  H04L29/06

CPC classification number: H04W12/04 ,  H04L63/065 ,  H04L63/068

Abstract: Disclosed is a radio system, method, and device for a mobile station to indicate to an authentication controller, in an authentication response message, which of a plurality of group key link layer encryption keys (GKEK)s it currently has in its possession, and to work with the authentication controller to more intelligently manage multiple GKEKs. The authentication controller can use the information obtained from the authentication response message to determine which of a plurality of GKEKs to advertise in a key announcement broadcast. Furthermore, individual requests for a future LLE key (LEK) to be used for link layer encryption (LLE) encrypting and decrypting inbound and outbound group communications between base station(s) and mobile station(s) are responded to with a broadcast GKEK-encrypted transmission including the future LEK. Only the requesting mobile station transmits an acknowledgment packet in response to the broadcast.

Abstract translation: 公开了一种无线电系统，方法和装置，用于移动台向认证控制器指示认证响应消息中当前拥有的多个组密钥链路层加密密钥（GKEK）中的哪一个，以及 使用认证控制器更智能地管理多个GKEK。 认证控制器可以使用从认证响应消息获得的信息来确定在密钥通告广播中广告的多个GKEK中的哪一个。 此外，用于对基站和移动台之间的入站和出站组通信进行加密和解密的链路层加密（LLE）的未来LLE密钥（LEK）的单独请求通过广播GKEK- 加密传输，包括未来的LEK。 只有请求移动台响应于广播才发送确认分组。