Establishing mutual authentication and secure channels in devices without previous credentials
First Claim
1. A method for installing encryption keys on a device not having any previous security credentials, the method comprising the steps of:
- generating, by an installation authority, a security token to be used by the device for secure communications, and storing the generated security token by the installation authority;
generating, by the installation authority, an installation credential for the device;
associating, by the installation authority, the installation credential generated for the device with the generated security token;
providing a user of the device with said installation credential;
the user inputting the installation credential into the device;
the device, utilizing the installation credential as a temporary security key for secure communications, establishing a secure communication channel with the installation authority and requesting provision of the security token by the installation authority to the device;
the installation authority providing the security token associated with the installation credential to the device over the established secure communication channel;
the device performing an installation process to install the security token on the device; and
after having completed the installation process, the device erasing the installation credential from the device.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides for installing encryption keys on a device not having any previous security credentials. An installation authority generates a security token to be used by the device for secure communications, and an installation credential for the device, and stores them in association with one another. A user of the device is provided with the installation credential, whereby the user inputs the installation credential into the device. The device utilizes the installation credential as a temporary security key, establishes a secure communication channel with the installation authority and requests provision of the security token. The installation authority provides the security token associated with the installation credential to the device over the established secure communication channel, and the device installs the security token, after which the device erases the installation credential from the device. The installation authority may also certify the security token and provide a certified token and a root verification certificate to the device.
-
Citations
20 Claims
-
1. A method for installing encryption keys on a device not having any previous security credentials, the method comprising the steps of:
-
generating, by an installation authority, a security token to be used by the device for secure communications, and storing the generated security token by the installation authority;
generating, by the installation authority, an installation credential for the device;
associating, by the installation authority, the installation credential generated for the device with the generated security token;
providing a user of the device with said installation credential;
the user inputting the installation credential into the device;
the device, utilizing the installation credential as a temporary security key for secure communications, establishing a secure communication channel with the installation authority and requesting provision of the security token by the installation authority to the device;
the installation authority providing the security token associated with the installation credential to the device over the established secure communication channel;
the device performing an installation process to install the security token on the device; and
after having completed the installation process, the device erasing the installation credential from the device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of establishing security credentials for a device not having any previous security credentials, the method comprising the steps of:
-
generating, in the device, the security token to be used by the device for secure communications, and storing the generated security token in the device;
generating, by an installation authority, an installation credential for the device;
providing a user of the device with said installation credential;
the user inputting the installation credential into the device;
the device establishing a temporary secure communication channel with the installation authority utilizing the installation credential as a temporary security key;
the device providing the generated security token to the installation authority via the temporary secure communication channel; and
the device terminating the temporary secure communication channel and erasing the installation credential from the device. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-readable storage medium on which is stored a computer-readable program for executing a method for installing encryption keys on a device not having any previous security credentials, the program comprising the steps of:
-
generating, by an installation authority, a security token to be used by the device for secure communications, and storing the generated security token by the installation authority;
generating, by the installation authority, an installation credential for the device;
associating, by the installation authority, the installation credential generated for the device with the generated security token;
providing a user of the device with said installation credential;
the user inputting the installation credential into the device;
the device, utilizing the installation credential as a temporary security key for secure communications, establishing a secure communication channel with the installation authority and requesting provision of the security token by the installation authority to the device;
the installation authority providing the security token associated with the installation credential to the device over the established secure communication channel;
the device performing an installation process to install the security token on the device; and
after having completed the installation process, the device erasing the installation credential from the device.
-
-
14. A computer-readable storage medium on which is stored a computer-readable program for executing a method of establishing security credentials for a device not having any previous security credentials, the program comprising the steps of:
-
generating, in the device, the security token to be used by the device for secure communications, and storing the generated security token in the device;
generating, by an installation authority, an installation credential for the device;
providing a user of the device with said installation credential;
the user inputting the installation credential into the device;
the device establishing a temporary secure communication channel with the installation authority utilizing the installation credential as a temporary security key;
the device providing the generated security token to the installation authority via the temporary secure communication channel; and
the device terminating the temporary secure communication channel and erasing the installation credential from the device. - View Dependent Claims (15)
-
-
16. A system for installing encryption keys on a device not having any previous security credentials, comprising:
-
a server, comprising;
a security token generator that generates a security token to be used by the device for secure communications;
an installation credential generator that generates an installation credential for the device;
a storage unit that stores the generated security token and the generated installation credential, wherein the installation credential and security token are stored in association with one another;
aidan installation credential providing unit that provides a user of the device with said installation credential, and the device, comprising;
an input unit for the user to input the installation credential into the device;
a secure communication unit that establishes a secure communication channel with the server utilizing the input installation credential as a temporary security key; and
a security token requesting unit that requests provision of the security token by the server to the device via the established secure communication channel, wherein the server further comprises;
an installation credential receiving unit that receives the installation credential from the device via the established secure communication channel; and
a providing unit that provides the requested security token associated with the installation credential to the device over the established secure communication channel, and wherein the device further comprises;
a receiving unit that receives the security token provided by the providing unit of the server;
an installation unit that installs the received security token on the device; and
an erasing unit that, after the installation unit installs the security token, erases the input installation credential from the device. - View Dependent Claims (17, 18)
-
-
19. A system for establishing security credentials for a device not having any previous security credentials, comprising:
-
a server, comprising;
an installation credential generator that generates an installation credential for the device; and
an installation credential providing unit that provides a user of the device with said installation credential, and the device, comprising;
a security token generator that generates a security token to be used by the device for secure communications;
an input unit for the user to input the installation credential into the device;
a secure communication unit that establishes a secure communication channel with the server utilizing the input installation credential as a temporary security key; and
a security token transmitting unit that transmits the security token to the server via the established secure communication channel, wherein the server further comprises;
a receiving unit that receives the security token transmitted by the transmitting unit of the device, and wherein the device further comprises;
an erasing unit that erases the input installation credential from the device. - View Dependent Claims (20)
-
Specification