Method for registering devices, in particular conditional access devices or payment or vending machines, on a server of a system which comprises a number of such devices

US 10,635,495 B2
Filed: 05/12/2017
Issued: 04/28/2020
Est. Priority Date: 05/12/2016
Status: Active Grant

First Claim

Patent Images

1. A method of registering conditional access devices or payment or vending machine devices, on a server (3) of a system which comprises a number of such registered devices (2), the method comprising:

generating a public and a private key with asymmetrical cryptography, via a new device (2) to be registered,requesting login details of a technician, via the new device (2) to be registered,subsequently transmitting a registration request to the server (3), via the new device (2) to be registered, by signing the registration request with the private key of the new device (2) to be registered,the registration request containing at least one device ID, the public key of the new device (2) to be registered, and the login details of the technician,authenticating the registration request via establishment of a connection between the new device (2) to be registered and the server (3) and the login details of the technician,verifying, via the server (3), the registration request using the public key of the new device (2) to be registered and, following the verification, assigning, via the server (3), the new device (2) to be registered to a ‘

device reception room’

, a virtual, waiting room within a memory of the server (3),preventing, via the server (3), operational communication by the device (2) to be registered with the server (3) from occurring as long as the new device to be registered is assigned to the ‘

device reception room,’

subsequently clearing the new device (2) to be registered in the ‘

device reception room’

to operate and for operational communication with the server, via the technician logging into the server (3), using his/her login details,assigning the new device (2) to be registered to an area of the memory of the server (3) for operationally authorized devices, andtransmitting to the new device (2) to be registered a notification of completed registration.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of registering devices (2), in particular access control devices or payment or vending machines, on a server (3) of a system where the device (2) which is to be registered generates a public and a private key with asymmetrical cryptology. The device (2) subsequently transmits a registration request, signed with the device'"'"'s private key, containing at least one device ID, the device'"'"'s public key and the login details of a technician. The server (3) verifies the registration request using the device'"'"'s public key and, after verification, assigns the device (2) to a ‘data reception room’ where no operational communication with the server (3) occurs. Subsequently, the device (2) is cleared for communication by a technician logged in to the server (3). The device is assigned to an area of the server memory for operationally cleared devices, and a notification of registration is transmitted to the device (2).

Citations

9 Claims

1. A method of registering conditional access devices or payment or vending machine devices, on a server (3) of a system which comprises a number of such registered devices (2), the method comprising:
- generating a public and a private key with asymmetrical cryptography, via a new device (2) to be registered,requesting login details of a technician, via the new device (2) to be registered,subsequently transmitting a registration request to the server (3), via the new device (2) to be registered, by signing the registration request with the private key of the new device (2) to be registered,the registration request containing at least one device ID, the public key of the new device (2) to be registered, and the login details of the technician,authenticating the registration request via establishment of a connection between the new device (2) to be registered and the server (3) and the login details of the technician,verifying, via the server (3), the registration request using the public key of the new device (2) to be registered and, following the verification, assigning, via the server (3), the new device (2) to be registered to a ‘
  
  device reception room’
  
  , a virtual, waiting room within a memory of the server (3),preventing, via the server (3), operational communication by the device (2) to be registered with the server (3) from occurring as long as the new device to be registered is assigned to the ‘
  
  device reception room,’
  
  subsequently clearing the new device (2) to be registered in the ‘
  
  device reception room’
  
  to operate and for operational communication with the server, via the technician logging into the server (3), using his/her login details,assigning the new device (2) to be registered to an area of the memory of the server (3) for operationally authorized devices, andtransmitting to the new device (2) to be registered a notification of completed registration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, further comprising transmitting the notification of registration to the new device (2) to be registered, the notification containingthe acceptance of the public key by the server (3) and the clearance to operate and the clearance for operational communications,the notification being transmitteddirectly to the new device (2) to be registered following registration, or after a reboot of the new device (2) to be registered orafter the establishment of a new connection between the new device (2) to be registered and the server (3).
  - 3. The method according to claim 1, further comprising, following registration of the new device to be registered,signing the notifications of the new device (2) to be registered to the server (3) with the private key,carrying out, via the server (3), a verification of the notification by the public key of the new device (2) to be registered, ortransmitting, via the server (3), login details for operational communication to the new device (2) to be registered with the notification of registration.
  - 4. The method according to claim 2, further comprising, following registration of the new device to be registered,signing the notifications of the new device (2) to be registered to the server (3) with the private key,carrying out, via the server (3), a verification of the notification by the public key of the new device (2) to be registered, ortransmitting, via the server (3), login details for operational communication to the new device (2) to be registered with the notification of registration.
  - 5. The method according to claim 1, further comprising, before clearance for operation and operational communication, configuring the new device (2) to be registered or assigning a new configuration using configuration templates from other devices on the system.
  - 6. The method according to claim 2, further comprising, before clearance for operation and operational communication, configuring the new device (2) to be registered or assigning a new configuration using configuration templates from other devices on the system.
  - 7. The method according to claim 3, further comprising, before clearance for operation and operational communication, configuring the new device (2) to be registered or assigning a new configuration using configuration templates from other devices on the system.
  - 8. The method according to claim 4, further comprising, before clearance for operation and operational communication, configuring the new device (2) to be registered or assigning a new configuration using configuration templates from other devices on the system.
  - 9. The method according to claim 4, further comprising generating in the new device (2) to be registered the public and private keys which are valid for a predefined time, or for security reasons are replaced by a new key pair,initiating the generation of a new key pair by the new device (2) to be registered or the server (3), whereby a new private and a new public key are generated in the new device (2) to be registered,transmitting the new public key to the server (3) and this is signed using the old private key,after verification of the signature by the server (3), replacing the old public key with the new public key generated by the new device (2) to be registered, andcarrying out operational communication using the new key pair.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SKIDATA AG (Thales SA)
Original Assignee
SKIDATA AG (Thales SA)
Inventors
Maurer, Sebastian, Ismailov, Ramiz, Grafl, Michael, Kerschbaumer, Andreas
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Ahmed, Mahabub S

Application Number

US15/593,450
Publication Number

US 20170337089A1
Time in Patent Office

1,082 Days
Field of Search

726 2
US Class Current
CPC Class Codes

G06F 9/5027   the resource being a machin...

G06Q 20/18   involving self-service term...

G06Q 20/202   Interconnection or interact...

G06Q 20/206   comprising security or oper...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G07F 9/006   Details of the software use...

Method for registering devices, in particular conditional access devices or payment or vending machines, on a server of a system which comprises a number of such devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Method for registering devices, in particular conditional access devices or payment or vending machines, on a server of a system which comprises a number of such devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links