SECURE NETWORK DEPLOYMENT

US 20080046735A1
Filed: 08/18/2006
Published: 02/21/2008
Est. Priority Date: 08/18/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

creating a profile for a network device and associating the created profile with a locally stored Personal Identification Number (PIN);

comparing a submitted PIN included in a received message to the locally stored PIN;

identifying a manufacturer installed certificate located in the received message when the submitted PIN corresponds to the locally stored PIN;

extracting a Media Access Control (MAC) address for the network device from the manufacturer installed certificate included in the received message;

formatting the created profile with the MAC address; and

providing the formatted profile to the network device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a Manufacturer Installed Certificate (MIC) and a personal identification number are sent to a call controller to request a configuration profile. When the configuration file is received, the IP phone is provisioned according to the configuration profile.

125 Citations

View as Search Results

23 Claims

1. A method comprising:
- creating a profile for a network device and associating the created profile with a locally stored Personal Identification Number (PIN);
  
  comparing a submitted PIN included in a received message to the locally stored PIN;
  
  identifying a manufacturer installed certificate located in the received message when the submitted PIN corresponds to the locally stored PIN;
  
  extracting a Media Access Control (MAC) address for the network device from the manufacturer installed certificate included in the received message;
  
  formatting the created profile with the MAC address; and
  
  providing the formatted profile to the network device.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the manufacturer installed certificate corresponds to a manufacturer-installed unique value stored in a non-volatile memory for the network device by a manufacturer of the network device during manufacture of the network device.
  - 3. The method of claim 1 wherein creating the profile for the network device further comprises:
    - logging into a uniform resource locator (URL) addressed web page using authentication credentials;
      
      selecting a base profile using a menu;
      
      selecting a phone model based on the selected profile;
      
      specifying one or more services associated with the selected phone model to configure the selected profile, the services including ring tone selections or speed dial values;
      
      assigning a phone number based on a pool associated with the selected and configured profile; and
      
      generating the locally stored PIN for associating with the selected and configured profile.
  - 4. The method of claim 1 wherein the manufacturer installed certificate is located in an eXtensible Markup Language (XML) signature of the received message.

5. An apparatus comprising:
- means for creating a profile for a network device and associating the created profile with a locally stored Personal Identification Number (PIN);
  
  means for comparing a submitted PIN included in a received message to the locally stored PIN;
  
  means for identifying a unique identifier located in the received message when the submitted PIN corresponds to the locally stored PIN;
  
  means for extracting a Media Access Control (MAC) address for the network device from the unique identifier; and
  
  means for updating the created profile with the MAC address.
- View Dependent Claims (6, 7, 8)
- - 6. The apparatus of claim 5 wherein the unique identifier corresponds to a manufacturer-installed unique value inserted into a memory of the network device by a manufacturer of the network device.
  - 7. The apparatus of claim 5 further comprising:
    - means for selecting a template;
      
      means for selecting a phone model based on the selected template; and
      
      means for assigning a phone number based on a pool associated with the selected template and the selected phone model to create the profile.
  - 8. The apparatus of claim 5 further comprising means for exchanging communications with a Trivial File Transfer Protocol (TFTP) server to provide a representation of the updated profile to the network device.

9. An apparatus comprising:
- a non-volatile memory containing a manufacturer installed certificate that includes an address for the apparatus; and
  
  logic encoded in one or more tangible media for execution and when executed operable to;
  
  generate a message including a unique identification number;
  
  digitally sign the message using the manufacturer installed certificate that contains the address for the apparatus;
  
  receive a configuration profile for the apparatus, the configuration profile containing a locally significant certificate; and
  
  configure the apparatus with the configuration profile.
- View Dependent Claims (10, 11)
- - 10. The apparatus of claim 9 wherein the logic is further operable to automatically request the unique identification number in response to the apparatus being connected to a packet switched network.
  - 11. The apparatus of claim 9 wherein the logic is further operable to create an XML signature using a private key corresponding to a public key located in the manufacturer installed certificate.

12. A system comprising:
- an endpoint including a manufacturer installed certificate containing an address for the endpoint;
  
  a call controller to create a profile for an endpoint and to associate the created profile with a locally stored identifier;
  
  the call controller to provide the locally stored identifier to the endpoint or to a user for the endpoint;
  
  the endpoint to send a message including a submitted unique identifier and the manufacturer installed certificate to the call controller;
  
  the call controller to compare the submitted unique identifier to the locally stored identifier; and
  
  the call controller to extract the address from the manufacturer installed certificate and to format the profile with the address when the submitted unique identifier corresponds to the locally stored identifier.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12, wherein the endpoint further comprises circuitry to digitally sign the message using a locally stored first key corresponding to a second key contained included in the digitally signed message.
  - 14. The system of claim 12, wherein the call controller is configured to provide a representation of the formatted profile that contains a Locally Significant Certificate (LSC) to the endpoint.

15. An apparatus comprising:
- means for storing a manufacturer installed unique value containing a local address;
  
  means for generating a message including a user-entered unique identifier;
  
  means for attaching the manufacturer installed unique value containing the local address to the generated message;
  
  means for receiving a configuration profile for the apparatus; and
  
  means for configuring the apparatus with the configuration profile.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The apparatus of claim 15 wherein the manufacturer installed unique value contains a field identifying a manufacturer of the apparatus.
  - 17. The apparatus of claim 15 wherein the manufacturer installed unique value contains an algorithm field that identifies an algorithm for validating the manufacturer installed unique value.
  - 18. The apparatus of claim 15 wherein the manufacturer installed unique value contains a model number for the apparatus.
  - 19. The apparatus of claim 15 wherein the manufacturer installed unique value includes a valid from field.

20. A method comprising:
- providing a form requesting a user entered unique identifier in response to receiving default configuration instructions;
  
  including an address for an Internet Protocol (IP) phone in the form;
  
  sending the form including the address and the user entered unique identifier over a packet switched network to elicit customized configuration instructions; and
  
  configuring the IP phone according to the elicited and customized configuration instructions.
- View Dependent Claims (21, 22, 23)
- - 21. The method of claim 20 further comprising identifying a phone number for the IP phone in response to receiving the elicited and customized configuration instructions.
  - 22. The method of claim 20 further comprising receiving the default configuration instructions after sending a configuration request to a Trivial File Transfer Protocol (TFTP) server in response to connecting to the packet switched network.
  - 23. The method of claim 20 further comprising configuring speed dial values and ring tones according to the elicited and customized configuration instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bell, Robert T., Pritikin, Max, Nedeltchev, Plamen

Granted Patent

US 8,732,279 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/173
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/0892   by using authentication-aut...

H04L 67/303   Terminal profiles

SECURE NETWORK DEPLOYMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

125 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE NETWORK DEPLOYMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links