Establishing mutual authentication and secure channels in devices without previous credentials

US 20070150420A1
Filed: 12/22/2005
Published: 06/28/2007
Est. Priority Date: 12/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method for installing encryption keys on a device not having any previous security credentials, the method comprising the steps of:

generating, by an installation authority, a security token to be used by the device for secure communications, and storing the generated security token by the installation authority;

generating, by the installation authority, an installation credential for the device;

associating, by the installation authority, the installation credential generated for the device with the generated security token;

providing a user of the device with said installation credential;

the user inputting the installation credential into the device;

the device, utilizing the installation credential as a temporary security key for secure communications, establishing a secure communication channel with the installation authority and requesting provision of the security token by the installation authority to the device;

the installation authority providing the security token associated with the installation credential to the device over the established secure communication channel;

the device performing an installation process to install the security token on the device; and

after having completed the installation process, the device erasing the installation credential from the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides for installing encryption keys on a device not having any previous security credentials. An installation authority generates a security token to be used by the device for secure communications, and an installation credential for the device, and stores them in association with one another. A user of the device is provided with the installation credential, whereby the user inputs the installation credential into the device. The device utilizes the installation credential as a temporary security key, establishes a secure communication channel with the installation authority and requests provision of the security token. The installation authority provides the security token associated with the installation credential to the device over the established secure communication channel, and the device installs the security token, after which the device erases the installation credential from the device. The installation authority may also certify the security token and provide a certified token and a root verification certificate to the device.

Citations

20 Claims

1. A method for installing encryption keys on a device not having any previous security credentials, the method comprising the steps of:
- generating, by an installation authority, a security token to be used by the device for secure communications, and storing the generated security token by the installation authority;
  
  generating, by the installation authority, an installation credential for the device;
  
  associating, by the installation authority, the installation credential generated for the device with the generated security token;
  
  providing a user of the device with said installation credential;
  
  the user inputting the installation credential into the device;
  
  the device, utilizing the installation credential as a temporary security key for secure communications, establishing a secure communication channel with the installation authority and requesting provision of the security token by the installation authority to the device;
  
  the installation authority providing the security token associated with the installation credential to the device over the established secure communication channel;
  
  the device performing an installation process to install the security token on the device; and
  
  after having completed the installation process, the device erasing the installation credential from the device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, wherein the security token comprises one of an encryption key or an encryption keypair.
  - 3. A method according to claim 2, wherein, in a case where the security token is an encryption keypair, the installation authority further performing the steps of:
    - certifying a public key of the keypair; and
      
      providing the certified public key and a root verification certificate of the installation authority to the device.
  - 4. A method according to claim 1, further comprising the installation authority performing an authentication process to authenticate the device after having received the request for provision of the security token.
  - 5. A method according to claim 1, wherein the installation credential is provided to the user in a hardcopy format.
  - 6. A method according to claim 5, wherein the hardcopy format comprises one of a printed barcode or a printed alphanumeric code.

7. A method of establishing security credentials for a device not having any previous security credentials, the method comprising the steps of:
- generating, in the device, the security token to be used by the device for secure communications, and storing the generated security token in the device;
  
  generating, by an installation authority, an installation credential for the device;
  
  providing a user of the device with said installation credential;
  
  the user inputting the installation credential into the device;
  
  the device establishing a temporary secure communication channel with the installation authority utilizing the installation credential as a temporary security key;
  
  the device providing the generated security token to the installation authority via the temporary secure communication channel; and
  
  the device terminating the temporary secure communication channel and erasing the installation credential from the device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A method according to claim 7 further comprising the steps of:
    - the installation authority performing a process to certify the security token; and
      
      the installation authority providing a certified security token and a root verification certificate of the installation authority to the device.
  - 9. A method according to claim 7, wherein the security token comprises one of an encryption key or an encryption keypair.
  - 10. A method according to claim 9, wherein, in a case where the security token is an encryption keypair, a public key of the keypair is provided by the device to the installation authority.
  - 11. A method according to claim 7, wherein the installation credential is provided to the user in a hardcopy format.
  - 12. A method according to claim 11, wherein the hardcopy format comprises one of a barcode or a printed alphanumeric code.

13. A computer-readable storage medium on which is stored a computer-readable program for executing a method for installing encryption keys on a device not having any previous security credentials, the program comprising the steps of:
- generating, by an installation authority, a security token to be used by the device for secure communications, and storing the generated security token by the installation authority;
  
  generating, by the installation authority, an installation credential for the device;
  
  associating, by the installation authority, the installation credential generated for the device with the generated security token;
  
  providing a user of the device with said installation credential;
  
  the user inputting the installation credential into the device;
  
  the device, utilizing the installation credential as a temporary security key for secure communications, establishing a secure communication channel with the installation authority and requesting provision of the security token by the installation authority to the device;
  
  the installation authority providing the security token associated with the installation credential to the device over the established secure communication channel;
  
  the device performing an installation process to install the security token on the device; and
  
  after having completed the installation process, the device erasing the installation credential from the device.

14. A computer-readable storage medium on which is stored a computer-readable program for executing a method of establishing security credentials for a device not having any previous security credentials, the program comprising the steps of:
- generating, in the device, the security token to be used by the device for secure communications, and storing the generated security token in the device;
  
  generating, by an installation authority, an installation credential for the device;
  
  providing a user of the device with said installation credential;
  
  the user inputting the installation credential into the device;
  
  the device establishing a temporary secure communication channel with the installation authority utilizing the installation credential as a temporary security key;
  
  the device providing the generated security token to the installation authority via the temporary secure communication channel; and
  
  the device terminating the temporary secure communication channel and erasing the installation credential from the device.
- View Dependent Claims (15)
- - 15. A computer-readable storage medium according to claim 14, wherein the program further comprising the steps of:
    - the installation authority performing a process to certify the security token; and
      
      the installation authority providing a certified security token and a root verification certificate of the installation authority to the device.

16. A system for installing encryption keys on a device not having any previous security credentials, comprising:
- a server, comprising;
  
  a security token generator that generates a security token to be used by the device for secure communications;
  
  an installation credential generator that generates an installation credential for the device;
  
  a storage unit that stores the generated security token and the generated installation credential, wherein the installation credential and security token are stored in association with one another;
  
  aid an installation credential providing unit that provides a user of the device with said installation credential, and the device, comprising;
  
  an input unit for the user to input the installation credential into the device;
  
  a secure communication unit that establishes a secure communication channel with the server utilizing the input installation credential as a temporary security key; and
  
  a security token requesting unit that requests provision of the security token by the server to the device via the established secure communication channel, wherein the server further comprises;
  
  an installation credential receiving unit that receives the installation credential from the device via the established secure communication channel; and
  
  a providing unit that provides the requested security token associated with the installation credential to the device over the established secure communication channel, and wherein the device further comprises;
  
  a receiving unit that receives the security token provided by the providing unit of the server;
  
  an installation unit that installs the received security token on the device; and
  
  an erasing unit that, after the installation unit installs the security token, erases the input installation credential from the device.
- View Dependent Claims (17, 18)
- - 17. A system according to claim 16, wherein the security token comprises one of an encryption key or an encryption keypair.
  - 18. A system according to claim 17, wherein the server further comprises:
    - certifying unit that certifies the security token, wherein the providing unit further provides the certified security token and a root verification certificate of the server to the device.

19. A system for establishing security credentials for a device not having any previous security credentials, comprising:
- a server, comprising;
  
  an installation credential generator that generates an installation credential for the device; and
  
  an installation credential providing unit that provides a user of the device with said installation credential, and the device, comprising;
  
  a security token generator that generates a security token to be used by the device for secure communications;
  
  an input unit for the user to input the installation credential into the device;
  
  a secure communication unit that establishes a secure communication channel with the server utilizing the input installation credential as a temporary security key; and
  
  a security token transmitting unit that transmits the security token to the server via the established secure communication channel, wherein the server further comprises;
  
  a receiving unit that receives the security token transmitted by the transmitting unit of the device, and wherein the device further comprises;
  
  an erasing unit that erases the input installation credential from the device.
- View Dependent Claims (20)
- - 20. A system according to claim 19, wherein the server further comprises:
    - a certifying unit that certifies the security token; and
      
      a transmitting unit that transmits the certified security token and a root verification certificate of the server to the device via the established secure communication channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Martinez, Martin, Mazzagatte, Craig, Slick, Royce, Iwamoto, Neil

Granted Patent

US 7,646,874 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06F 21/608   Secure printing

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

Establishing mutual authentication and secure channels in devices without previous credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing mutual authentication and secure channels in devices without previous credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links