Networked device branding for secure interaction in trust webs on open networks

US 20030056114A1
Filed: 06/15/2001
Published: 03/20/2003
Est. Priority Date: 06/15/2001
Status: Active Grant

First Claim

Patent Images

1. A branding process to establish a trust web of networked computing devices on an open multi-access network, comprising:

securely networking a security-uninitialized device with a branding device via a secured network medium;

electronically imprinting the security-uninitialized device with group membership and cryptographic key data by the branding device via the secured network medium, the cryptographic key data for verifying group membership information provided by other devices on the open multi-access network to the security-uninitialized device are authenticated by the branding device; and

initializing the security-uninitialized device to use the cryptographic key data to authenticate group membership of other devices interacting with the security-uninitialized device on the open multi-access network, and to provide the security-uninitialized device'"'"'s group membership to such other devices as authentication that the security-uninitialized device is a member of the trust web, such that at least some interaction via the open multi-access network with the security-uninitialized device is cryptographically secured to only other devices in the trust web.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A branding process provides a networked computing device with initial set up information, including a name, a public/private key pair, and a set of certificates the device will need to inter-operate with other devices in the trust group. A branding device conveys the initial set-up information to the networked computing device via a limited access network interface, or alternatively via a broadcast network media with the device enclosed in a wave guide and/or Faraday cage. The networked computing device can then use the set up information to verify that other devices on the network that seek to interact with the device are also members of the trust group, with which networked computing device can interact.

117 Citations

View as Search Results

18 Claims

1. A branding process to establish a trust web of networked computing devices on an open multi-access network, comprising:
- securely networking a security-uninitialized device with a branding device via a secured network medium;
  
  electronically imprinting the security-uninitialized device with group membership and cryptographic key data by the branding device via the secured network medium, the cryptographic key data for verifying group membership information provided by other devices on the open multi-access network to the security-uninitialized device are authenticated by the branding device; and
  
  initializing the security-uninitialized device to use the cryptographic key data to authenticate group membership of other devices interacting with the security-uninitialized device on the open multi-access network, and to provide the security-uninitialized device'"'"'s group membership to such other devices as authentication that the security-uninitialized device is a member of the trust web, such that at least some interaction via the open multi-access network with the security-uninitialized device is cryptographically secured to only other devices in the trust web.

2. A branding process to establish cryptographically secured interaction among networked computing devices within a trust group on an open multi-access network, comprising:
- securely networking a security-uninitialized device with a branding device via a secured network medium;
  
  transmitting a branding certificate from the branding device to the security-uninitialized device via the secured network medium, the branding certificate instructing that the security-uninitialized device trust the branding device, the branding certificate further containing key data for verifying certificates provided by other devices on the open multi-access network to the security-uninitialized device are authenticated by the branding device;
  
  transmitting a trust group membership certificate from the branding device to the security-uninitialized device via the secured network medium, the trust group membership certificate authenticating that the security-uninitialized device is a member of the trust group; and
  
  initializing a security resolver of the security-uninitialized device to use the key data of the branding certificate to authenticate other devices interacting with the security-uninitialized device on the open multi-access network are in the trust group, and to provide the trust group membership certificate to such other devices as authentication that the security-uninitialized device is a member of the trust group, such that at least some interaction via the open multi-access network with the security-uninitialized device is cryptographically secured to only other devices in the trust group.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 3. The branding process of claim 2 wherein securely networking the security-uninitialized and branding devices comprises networking the devices via a limited access network interface of the security-uninitialized device that is separate from the security-uninitialized device'"'"'s interface to the open multi-access network.
  - 4. The branding process of claim 3 wherein the limited access network interface is of a direct device-to-device wired networking medium.
  - 5. The branding process of claim 3 wherein the limited access network interface is of a directional wireless networking medium.
  - 6. The branding process of claim 2 wherein securely networking the security-uninitialized and branding devices comprises:
    - placing transmitter/receivers of the security-uninitialized and branding devices for an omni-directional wireless networking medium into a wave guide and/or Faraday cage; and
      
      networking the devices with the wave guide and/or Faraday cage via the omni-directional wireless networking medium.
  - 7. The branding process of claim 2 further comprising:
    - transmitting a principal identifier from the branding device to the security-uninitialized device, the principal identifier providing a cryptographically secured identity to the security-uninitialized device, the principal identifier containing a public/private key pair; and
      
      using the public/private key pair to encrypt interaction of the security-uninitialized device with said other devices authenticated to be in the trust group.
  - 8. The branding process of claim 7 wherein the principal identifier further contains a name for the security-uninitialized device, the process further comprising identifying the security-uninitialized device to human operators using the name.
  - 9. The branding process of claim 8 further comprising prompting a human user of the branding device to enter the name upon performing the branding process on the security-uninitialized device.
  - 10. The branding process of claim 2 further comprising initially distributing the security-uninitialized device in a retail channel prior to having the branding process performed on the security-uninitialized device.
  - 11. The branding process of claim 10 further comprising upon completion of initializing the security resolver, disallowing the security-uninitialized device from having the branding process again performed on the security-uninitialized device until the now initialized security of the security-unitialized device is reset.
  - 12. The branding process of claim 10 further comprising upon completion of initializing the security resolver, allowing the branding process to be performed only via a limited access network interface of the security-uninitialized device.

13. A networked computing device supporting branding to establish cryptographically secured interaction with other devices within a trust group on an open-access network, the networked computing device comprising:
- a network interface for communicating on the open-access network;
  
  a security resolver operational when initialized with a branding public key to authenticate trust group membership certificates provided to the networked computing device from other devices via the network interface using the branding public key, and further operational to inhibit interaction via the network interface with other devices not authenticated as in the trust group, the security resolver being initially uninitialized; and
  
  a security initializer operational to receive the branding public key from a branding device securely networked to the networked computing device, and further operational to initialize the security resolver with the branding public key.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The networked computing device of claim 13 further comprising:
    - a limited access networking interface; and
      
      the security initializer further operational to accept the branding public key when received from the branding device only via the limited access networking interface.
  - 15. The networked computing device of claim 13 further comprising:
    - the security initializer further operational to accept the branding public key when received from the branding device via the network interface when in an initial unbranded state; and
      
      a branding reset operational upon activation to return the security initializer to the initial unbranded state.
  - 16. The networked computing device of claim 13 further comprising:
    - a branding mode activator operational to place the networked computing device in a branding mode; and
      
      the security initializer further operational to accept the branding public key when received from the branding device via the network interface when in the branding mode.
  - 17. The networked computing device of claim 13 further comprising:
    - the security resolver further operational when initialized with a trust group membership certificate to provide the trust group membership certificate to other devices via the network interface to attest to membership of the networked computing in the trust group; and
      
      the security initializer further operational to receive the trust group membership certificate from the branding device while securely networked to the networked computing device, and further operational to initialize the security resolver with the trust group membership certificate.
  - 18. The networked computing device of claim 13 further comprising:
    - the security resolver further operational when initialized with a public/private key pair to encrypt interaction via the network interface with other devices authenticated as in the trust group using the public/private key pair; and
      
      the security initializer further operational to receive the public/private key pair from the branding device while securely networked to the networked computing device, and further operational to initialize the security resolver with the public/private key pair.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Goland, Yaron

Granted Patent

US 7,500,104 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 2209/68   Special signature format, e...

H04L 2209/80   Wireless network architectu...

H04L 2463/102   applying security measure f...

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 9/3263   involving certificates, e.g...

Networked device branding for secure interaction in trust webs on open networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

117 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Networked device branding for secure interaction in trust webs on open networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

117 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links