Host certification method and system
First Claim
1. A method of authenticating a device, the method comprising:
- receiving a certificate from the device, the certificate including a plurality of fields, including a field holding a digital signature from a certifying authority;
verifying the digital signatures in the certificate, the verifying including at least one of;
verifying the certifying authority digital signature using the certifying authority public key; and
verifying a device digital signature using a device public key; and
receiving validation data from a source, the validation data identifying one or more data in the certificate as valid or invalid according to predetermined criteria; and
if the digital signatures are verified and validated, transmitting a session key to the device to establish a secure communication channel.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided for authenticating a device. A method includes receiving a certificate from the device, the certificate including a plurality of fields, including a field holding a digital signature from a certifying authority, verifying the digital signatures in the certificate, the verifying including at least one of verifying the certifying authority digital signature using the certifying authority public key; and verifying a device digital signature using a device public key, and receiving validation data from a source, the validation data identifying one or more data in the certificate as valid or invalid according to predetermined criteria, and if the digital signatures are verified and validated, transmitting a session key to the device to establish a secure communication channel.
-
Citations
23 Claims
-
1. A method of authenticating a device, the method comprising:
-
receiving a certificate from the device, the certificate including a plurality of fields, including a field holding a digital signature from a certifying authority;
verifying the digital signatures in the certificate, the verifying including at least one of;
verifying the certifying authority digital signature using the certifying authority public key; and
verifying a device digital signature using a device public key; and
receiving validation data from a source, the validation data identifying one or more data in the certificate as valid or invalid according to predetermined criteria; and
if the digital signatures are verified and validated, transmitting a session key to the device to establish a secure communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus for certifying a device, the apparatus comprising:
-
means for receiving a certificate request from the device, the certificate request including a plurality of fields, including a field holding a protocol public key;
means for verifying digital signatures in the certificate, the verifying including at least one of;
verifying the certifying authority digital signature using the certifying authority public key; and
verifying a device digital signature using a device public key in the certificate; and
means for receiving validation data from a source, the validation data identifying one or more data in the certificate as valid or invalid according to predetermined criteria; and
means for transmitting a session key to the device to establish a secure communication channel when the digital signatures are verified and validated.
-
-
20. An engine configured to certify a host, the engine comprising:
-
a firmware component including;
a block configured to receive a certificate from the host, the certificate including a plurality of fields, including a field holding a protocol public key;
a block configured to verify one or more digital signatures in the certificate, including at least one of;
a certifying authority digital signature using a certifying authority public key; and
a device digital signature using a device public key in the certificate; and
a block configured to receive validation data from a source, the validation data identifying one or more data in the certificate as valid or invalid according to predetermined criteria; and
a block configured to transmit a session key to the host to establish a secure communication channel when the digital signatures are verified and validated.
-
-
21. A computer program product, the computer program product comprising:
-
signal bearing media bearing digital information holding a firmware component, the firmware component including;
a block configured to receive a certificate from the device, the certificate including a plurality of fields, including a field holding a protocol public key;
a block configured to verify digital signatures in the certificate, including at least one of;
a certifying authority digital signature using the certifying authority public key and a device digital signature using a device public key in the certificate; and
a block configured to receive validation data from a source, the validation data identifying one or more data in the certificate as valid or invalid according to predetermined criteria; and
a block configured to transmit a session key to the device to establish a secure communication channel when the digital signatures are verified and validated. - View Dependent Claims (22, 23)
-
Specification