Method and apparatus for initializing security information on a network device

US 20030149892A1
Filed: 02/01/2002
Published: 08/07/2003
Est. Priority Date: 02/01/2002
Status: Active Grant

First Claim

Patent Images

1. A method for initializing security information for a network device over a network, comprising:

creating an account having a security parameter, wherein a first protocol having no encryption capability is used to create said account and said account corresponds to a second protocol which does support encryption;

transmitting said security parameter unencrypted to a network management application over said network in accordance with said first protocol;

encrypting said security information using said security parameter;

transmitting encrypted security information over said network to said network device in accordance with said second protocol;

initializing said network device with said security information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for initializing security information for a network device. Two protocols are used. A first protocol, which has no encryption capability, is used to create an initial account. However, the initial account corresponds to a second protocol, and this second protocol does have encryption capability. A security parameter which is used to encrypt data and which corresponds to the initial account is transmitted by the network device to the network management application. The security parameter may be transmitted from the network device to the network management application openly via the first protocol. The network management application then uses this security parameter to encrypt sensitive security information needed for initially configuring the network device. The encrypted security information can now be transmitted securely over the network to the network device by means of the second protocol. Thereby, the network device can be initially configured with the requisite security information in an easy-to-use and relatively secure manner.

18 Citations

View as Search Results

25 Claims

1. A method for initializing security information for a network device over a network, comprising:
- creating an account having a security parameter, wherein a first protocol having no encryption capability is used to create said account and said account corresponds to a second protocol which does support encryption;
  
  transmitting said security parameter unencrypted to a network management application over said network in accordance with said first protocol;
  
  encrypting said security information using said security parameter;
  
  transmitting encrypted security information over said network to said network device in accordance with said second protocol;
  
  initializing said network device with said security information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - deleting said account after said network device has been initialized with said security information;
      
      clearing said security parameter after said security parameter has been sent to said network management application over said network.
  - 3. The method of claim 1, wherein said first protocol comprises SNMPv1 and said second protocol comprises SNMPv3.
  - 4. The method of claim 1, wherein said security parameter comprises an encryption key.
  - 5. The method of claim 1 further comprising:
    - authenticating transmissions over said network in accordance with said second protocol.
  - 6. The method of claim 1, wherein said security information includes an 802.11 access point key.
  - 7. The method of claim 1 further comprising:
    - creating initial account objects corresponding to said initial account.
  - 8. The method of claim 7, wherein said initial account objects comprise user, authentication key, privacy key, and context data.
  - 9. The method of claim 8 further comprising clearing said initial account objects after said initial account objects have been transmitted to said network administration application.

10. A method of configuring a network device, comprising:
- creating an account by using a first protocol, wherein said account includes a security parameter in accordance with a second protocol;
  
  encoding security information corresponding to said security parameter;
  
  configuring said network device with security information, wherein said security information is encoded according to said security parameter and transmitted to said network device in accordance with said second protocol.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, wherein said first protocol corresponds to SNMPv1 and said second protocol corresponds to SNMPv3.
  - 12. The method of claim 11 further comprising:
    - transmitting said first security parameter from said network device over said network to a management application in plain text;
      
      configuring said network device by said management application in an encoded manner.
  - 13. The method of claim 10 further comprising:
    - clearing said security parameter;
      
      destroying said account after said network device has been configured.
  - 14. The method of claim 10 further comprising:
    - creating objects corresponding to said account, wherein said objects include user, authentication key, privacy key, and context corresponding to said account;
      
      transmitting said objects over said network to said management application in plain text.
  - 15. The method of claim 10, wherein said security information includes an 802.11 access point key.

16. An apparatus for configuring a network device over a network, comprising:
- means for creating an initial account having a security parameter, wherein a first protocol is used to create said initial account and said initial account corresponds to a second protocol which supports encryption;
  
  means for transmitting said security parameter to a network management application over said network in accordance with said first protocol;
  
  means for encrypting transmissions from said network management application to said network device according to said security parameter;
  
  means for initializing said network device with said security information by said network management application over said network in an encrypted mode in accordance with said second protocol.
- View Dependent Claims (17, 18)
- - 17. The apparatus for configuring a network device of claim 16, further comprising:
    - means for authenticating transmissions from said network management application to said network device in accordance with said second protocol.
  - 18. The apparatus of claim 17, wherein said first protocol comprises SNMPv1 and said second protocol comprises SNMPv3.

19. A computer-readable medium having stored thereon instructions for configuring a network device over a network, comprising:
- creating an initial SNMPv3 account by using SNMPv1;
  
  transmitting an object corresponding to said initial SNMPv3 account over said network by using SNMPv1;
  
  encrypting a security parameter according to said object;
  
  transmitting an encrypted security parameter to said network device;
  
  configuring said network device with said security parameter by using SNMPv3.
- View Dependent Claims (20, 21)
- - 20. The computer-readable medium of claim 19 further comprising:
    - destroying said initial SNMPv3 account after said network device has been configured.
  - 21. The computer-readable medium of claim 19, wherein said security parameter comprises an 802.11 access point key.

22. A method for initializing security information on a network device over a network, comprising:
- creating a temporary user account having a security feature, wherein said temporary user account is created via a first protocol and said temporary user account corresponds to a second protocol;
  
  configuring said network device over said network in a secure manner according to said security feature via said second protocol;
  
  destroying said temporary user account after said network device has been configured.
- View Dependent Claims (23)
- - 23. The method of claim 22, wherein said first protocol corresponds to SNMPv1 and said second protocol corresponds to SNMPv3.

24. A method for configuring a network device with a security parameter over a network, comprising:
- creating a user account and an associated account object via a first protocol, wherein said user account corresponds to a second protocol;
  
  transmitting said account object to a management application over said network in accordance with said first protocol;
  
  configuring said network device with said security parameter over said network in accordance with said second protocol, wherein communications with said network device is in a secure mode provided by said account object.
- View Dependent Claims (25)
- - 25. The method of claim 24, wherein said first protocol comprises SNMPv1 and said second protocol comprises SNMPv3.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Robinson, Michael C.

Granted Patent

US 7,240,191 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/0806   for initial configuration o...

H04L 41/28   Restricting access to netwo...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

Method and apparatus for initializing security information on a network device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for initializing security information on a network device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links