Automated provisioning of a network appliance

US 10,129,254 B2
Filed: 06/01/2016
Issued: 11/13/2018
Est. Priority Date: 07/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method of provisioning security services for a domain or set of domains, the method comprising:

sending an electronic message to the domain or set of domains, the electronic message comprising a secret message, the secret message encrypted using a public key that a certificate server associates with the domain or set of domains;

receiving a response from the domain or set of domains, the response comprising data derived by decrypting the secret message using a private key of the domain or set of domains; and

determining whether the received data corresponds to the secret message sent in the electronic message, wherein;

in response to determining that the received data corresponds to the secret message sent in the electronic message, the method further comprises automatically initiating the provisioning of the security services for the domain or set of domains, wherein the provisioning of the security services comprises activating and/or issuing a certificate for the domain or set of domains to provide encryption services; and

in response to determining that the received data does not correspond to the secret message sent in the electronic message, the method further comprises notifying a domain or set of domains administrator and not initiating the provisioning of the security services.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Certain embodiments disclose a method of provisioning security services for a domain or set of domains. The method comprises sending an electronic message to the domain or set of domains. The electronic message comprising a secret message. The secret message is encrypted using a public key that a certificate server associates with the domain or set of domains. The method further comprises receiving a response from the domain or set of domains. The response comprises data derived by decrypting the secret message using a private key of the domain or set of domains. In response to a determination that the received data corresponds to the secret message sent in the electronic message, the method initiates the provisioning of the security services for the domain or set of domains.

47 Citations

18 Claims

1. A method of provisioning security services for a domain or set of domains, the method comprising:
- sending an electronic message to the domain or set of domains, the electronic message comprising a secret message, the secret message encrypted using a public key that a certificate server associates with the domain or set of domains;
  
  receiving a response from the domain or set of domains, the response comprising data derived by decrypting the secret message using a private key of the domain or set of domains; and
  
  determining whether the received data corresponds to the secret message sent in the electronic message, wherein;
  
  in response to determining that the received data corresponds to the secret message sent in the electronic message, the method further comprises automatically initiating the provisioning of the security services for the domain or set of domains, wherein the provisioning of the security services comprises activating and/or issuing a certificate for the domain or set of domains to provide encryption services; and
  
  in response to determining that the received data does not correspond to the secret message sent in the electronic message, the method further comprises notifying a domain or set of domains administrator and not initiating the provisioning of the security services.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the data derived by decrypting the secret message comprises the decrypted secret message.
  - 3. The method of claim 1, wherein the data derived by decrypting the secret message comprises a hash value determined from the decrypted secret message.
  - 4. The method of claim 1, wherein the domain or set of domains comprises an appliance to which the electronic message is sent.
  - 5. The method of claim 4, wherein the electronic message is sent to the appliance in response to receiving the public key from a device other than the appliance to which the electronic message is sent.

6. A system comprising one or more processors and one or more non-transitory computer-readable storage media having stored therein instructions that, when executed by the one or more processors, cause the system to:
- send an electronic message from a certificate server, the electronic message sent to an appliance associated with a domain or set of domains, the electronic message comprising a secret message, the secret message encrypted using a public key that a certificate server associates with the domain or set of domains;
  
  receive a response at the certificate server, the response received from the appliance associated with the domain or set of domains, the response comprising data derived by decrypting the secret message using a private key of the domain or set of domains; and
  
  determine, by the certificate server, whether the received data corresponds to the secret message sent in the electronic message, wherein;
  
  in response to a determination that the received data corresponds to the secret message sent in the electronic message, the certificate server automatically initiates the provisioning of security services for the domain or set of domain, wherein the provisioning of the security services comprises activating and/or issuing a certificate for the domain or set of domains to provide encryption services; and
  
  in response to a determination that the received data does not correspond to the secret message sent in the electronic message, the certificate server notifies a domain or set of domains administrator and does not initiate the provisioning of the security services.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The system of claim 6, wherein the data derived by decrypting the secret message comprises the decrypted secret message.
  - 8. The system of claim 6, wherein the data derived by decrypting the secret message comprises a hash value determined from the decrypted secret message.
  - 9. The system of claim 6, wherein the certificate server sends the electronic message to the appliance via a mail server and receives the response from the appliance via the mail server.
  - 10. The system of claim 6, wherein the system comprises the certificate server, the domain or set of domains comprises an appliance, the electronic message is sent from the certificate server to the appliance, the data derived by decrypting the secret message is received from the appliance by the certificate server, and the provisioning provisions the appliance.
  - 11. The system of claim 10, wherein the electronic message is sent in response to the one or more processors receiving the public key from a device other than the appliance to which the electronic message is sent.

12. A method of provisioning security services for a domain or set of domains, the method comprising:
- receiving an electronic message at the domain or set of domains, the electronic message comprising a secret message, the secret message encrypted using a public key that a certificate server associates with the domain or set of domains;
  
  determining that the electronic message includes a predetermined set of symbols, the predetermined set of symbols indicating the presence of the secret message;
  
  decrypting the secret message using a private key of the domain or set of domains;
  
  sending a response from the domain or set of domains, the response comprising data derived by decrypting the secret message using the private key of the domain or set of domains;
  
  determining whether the data derived by decrypting the secret message corresponds to the secret message received in the electronic message based on whether provisioning has been received, wherein;
  
  in response to receiving the provisioning, the method further comprises provisioning the security services for the domain or set of domains based on the received provisioning, wherein the provisioning comprises providing encryption services based on a certificate activated and/or issued for the domain or set of domains; and
  
  in response to not receiving the provisioning, the method further comprises notifying a domain or set of domains administrator and not initiating the provisioning of the security services.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, wherein the data derived by decrypting the secret message comprises the decrypted secret message.
  - 14. The method of claim 12, wherein the data derived by decrypting the secret message comprises a hash value determined from the decrypted secret message.

15. A system comprising one or more processors, the one or more processors associated with a domain or set of domains, and one or more non-transitory computer-readable storage media having stored therein instructions that, when executed by the one or more processors, cause the system to:
- receive an electronic message at an appliance associated with the domain or set of domains, the electronic message received from a certificate server, the electronic message comprising a secret message, the secret message encrypted using a public key that the certificate server associates with the domain or set of domains;
  
  determine, by the appliance, that the electronic message includes a predetermined set of symbols, the predetermined set of symbols indicating the presence of the secret message;
  
  decrypt, by the appliance, the secret message using a private key of the domain or set of domains;
  
  send a response from the appliance associated with the domain or set of domains, the response sent to the certificate server, the response comprising data derived by decrypting the secret message using a private key of the domain or set of domains;
  
  determine, by the appliance, whether the data derived by decrypting the secret message corresponds to the secret message received in the electronic message, the determination based on whether the appliance has received provisioning from the certificate server, wherein;
  
  in response to receiving the provisioning from the certificate server, the appliance provisions the security services for the domain or set of domains based on the received provisioning, wherein the provisioning comprises providing encryption services based on a certificate activated and/or issued for the domain or set of domains; and
  
  in response to not receiving the provisioning from the certificate server, the appliance notifies a domain or set of domains administrator and does not initiate the provisioning of the security services.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15, wherein the data derived by decrypting the secret message comprises the decrypted secret message.
  - 17. The system of claim 15, wherein the data derived by decrypting the secret message comprises a hash value determined from the decrypted secret message.
  - 18. The system of claim 15, wherein the appliance receives the electronic message from the certificate server via a mail server and sends the response to the certificate server via the mail server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZixCorp Systems, Inc. (Open Text Corporation)
Original Assignee
ZixCorp Systems, Inc. (Open Text Corporation)
Inventors
Kalan, John, Rego, Charles A.
Primary Examiner(s)
Pham, Luu T
Assistant Examiner(s)
Jackson, Jenise

Application Number

US15/170,074
Publication Number

US 20160277403A1
Time in Patent Office

895 Days
Field of Search

713156
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

Automated provisioning of a network appliance

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Automated provisioning of a network appliance

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others