Using device certificates to authenticate servers before automatic address assignment
First Claim
1. A computer program product embodied on computer readable media readable by a computing system in a Computing environment, for using device certificates to authenticate servers before assignment of addresses, comprising:
- computer-readable program code means for creating a public key, private key pair for a particular device that will function as a server device, said key pair adapted for use in public key cryptography systems;
computer-readable program code means for creating a first device certificate for said server device, wherein said first device certificate identifies said server device as owning said first device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said first device certificate, thereby associating said public key with said globally-unique device identifier;
computer-readable program code means for securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
computer-readable program code means for digitally signing, by said hardware or firmware, an address assignment request using said private key of said key pair and sending said digitally-signed address assignment request from said server device to an address assignment service;
computer-readable program code means for receiving said digitally signed address assignment request at said add assignment service;
computer-readable program code means for authenticating, by said address assignment service, said server device as having sent said digitally-signed address assignment request by authenticating said server device'"'"'s digital signature thereupon;
computer-readable program code means for assigning an address to said server device, by said address assignment service, only if said computer-readable program code means for authenticating determines that said server device is authentic;
computer-readable program code means for returning an address assignment response, comprising said assigned address, from said address assignment service to said server device, only if said computer-readable program code means for authenticating determines that said server device is authentic; and
computer-readable program cod means for receiving said returned address assignment response at said server device.
1 Assignment
0 Petitions
Accused Products
Abstract
A device certificate identifies a particular device using a globally-unique device identifier and contains a public key associated therewith. A private key stored in protected storage of the device is used to digitally sign outbound messages, enabling the message receiver to authenticate the message originator. Devices requesting address assignment from a service such as a Boot Protocol or Dynamic Host Configuration Protocol service can be authenticated by that service before an address is assigned. The device of the service providing the address assignment may also digitally sign the requested address, using its own private key, enabling the address receiver to verify that the address provider is authentic before accepting and using the assigned address. A device requesting an update to address information stored in a Domain Name System (DNS) server can be authenticated and/or can ensure that a legitimate DNS has been contacted.
311 Citations
71 Claims
-
1. A computer program product embodied on computer readable media readable by a computing system in a Computing environment, for using device certificates to authenticate servers before assignment of addresses, comprising:
-
computer-readable program code means for creating a public key, private key pair for a particular device that will function as a server device, said key pair adapted for use in public key cryptography systems;
computer-readable program code means for creating a first device certificate for said server device, wherein said first device certificate identifies said server device as owning said first device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said first device certificate, thereby associating said public key with said globally-unique device identifier;
computer-readable program code means for securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
computer-readable program code means for digitally signing, by said hardware or firmware, an address assignment request using said private key of said key pair and sending said digitally-signed address assignment request from said server device to an address assignment service;
computer-readable program code means for receiving said digitally signed address assignment request at said add assignment service;
computer-readable program code means for authenticating, by said address assignment service, said server device as having sent said digitally-signed address assignment request by authenticating said server device'"'"'s digital signature thereupon;
computer-readable program code means for assigning an address to said server device, by said address assignment service, only if said computer-readable program code means for authenticating determines that said server device is authentic;
computer-readable program code means for returning an address assignment response, comprising said assigned address, from said address assignment service to said server device, only if said computer-readable program code means for authenticating determines that said server device is authentic; and
computer-readable program cod means for receiving said returned address assignment response at said server device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
said computer-readable program code means for digitally signing said address assignment request creates a first digital signature over one or more fields of said address assignment request, wherein said one or more fields includes at least said globally-unique device identifier, and wherein said first device certificate is sent along with said digitally-signed address assignment request;
said computer-readable program code means for receiving said digitally-signed address assignment request further comprises computer-readable program code means for receiving said said first device certificate, in addition to said digitally-signed address assignment request; and
said computer-readable program code means for authenticating said server device further comprises;
computer-readable program code means for decrypting said first digital signature using said public key stored in said first device certificate;
computer-readable program code means for obtaining a certificate authority (CA) public key associated with a CA which created a second digital signature stored in said first device certificate;
computer-readable program code means for decrypting said second digital signature using said obtained CA public key;
computer-readable program code means for concluding that said first device certificate is authentic if said decrypted second digital signature is authentic; and
computer-readable program code means for concluding that said server device is authentic if (1) said decrypted first digital signature is authentic, (2) a device identifier value covered by said decrypted first digital signature watches a globally-unique sender identifier which identifies a sender of said address assignment request, and (3) said first device certificate is authentic.
-
-
3. The computer program product as claimed in claim 2, wherein:
-
said computer-readable program code means for assigning said address further comprises computer-readable program code means for digitally signing, by said address assignment service, one or more fields of said address assignment response wherein said one or more fields includes at least said assigned address, using a second private key associated with said address assignment service and resulting in creation of a third digital signature;
said computer-readable program code means for returning said address assignment response further comprises computer-readable program code means for returning, along with said assigned address;
(1) a second device certificate, wherein said second device certificate comprises (a) a second globally-unique device identifier associated with a network adapter card of a second server device performing said address assignment service, thereby identifying said second server device as owning said second device certificate and (b) a second public key, said second public key associated with said second private key and adapted for use in public key cryptography systems, thereby associating said second public key with said second globally-unique device identifier and (2) said third digital signature; and
said computer-readable program code means for receiving said returned address assignment response at said server device also receives said second device certificate and said third digital signature, and further comprising;
computer-readable program code means for decrypting, by said server device, said received third digital signature using said second public key stored in said received second device certificate;
computer-readable program code means for obtaining, by said server device, a second CA public key associated with a second CA which created a fourth digital signature stored in said second device certificate;
computer-readable program code means for decrypting, by said server device, said fourth digital signature using said obtained second CA public key;
computer-readable program code means for concluding that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
computer-readable program code means for concluding that said address assignment service is authentic if (1) said decrypted third digital signature is authentic, (2) a second device identifier value covered by said decrypted third digital signature matches a globally-unique device identifier which identifies a sender of said address assignment response, and (3) said second device certificate is authentic; and
computer-readable program code means for using said received address at said server device only if said address assignment service is authentic.
-
-
4. The computer program product as claimed in claim 2, further comprising computer able program code means for updating a Domain Name System (DNS) service mapping for at least one of (1) a host name, (2) a medium access control (MAC) address, or (3) a DNS-resident device identifier that is associated with said server device and is included in said address assignment request, wherein said update of said mapping reflects said assigned address.
-
5. The computer program product as claimed in claim 4, further comprising:
-
computer-readable program code means for digitally signing an update request by said address assignment Service using sad second private key, resulting in creation of a fifth digital signature, wherein said update request specifies said host name and said assigned address;
computer-readable program code means for sending said fifth digital signature, said update request and said second device certificate to said DNS service;
computer-readable program code means for sending said fifth digital signature, said update request, and said second device certificate at said DNS service;
computer-readable program code means for decrypting, by said DNS service, said received fifth digital sire using said second public key stored in said received second device certificate;
computer-readable program code means for obtaining, by said DNS service, said second CA public key;
computer-readable program code means for decrypting, by said EONS service, said fourth digital signature using said obtained second CA public key;
computer-readable program code means for concluding, by said DNS service, that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
computer-readable program code means for concluding, by said DNS service, that said address assignment service is authentic if (1) said decrypted fifth digital signature is authentic, (2) said second device identifier value covered by said decrypted fifth digital signature matches a globally-unique device identifier which identifies a sender of said update request, and (3) said DNS service concludes that said second device certificate is authentic; and
computer-readable program code means for performing said update of said mapping only if said DNS service concludes that said address assignment service is authentic.
-
-
6. The computer program product as claimed in claim 5, further comprising:
-
computer-readable program code means for returning a message from said DNS service to said address assignment service, said message indicating whether said update of said mapping was successfully performed; and
wherein sod computer-readable program code means for assigning said address to said server device operates only if said message indicates a successful update.
-
-
7. The computer program product as claimed in claim 3, wherein said second device certificate further comprises a capability indicator indicating whether said address assignment service is authorized to assign addresses, and wherein said computer-readable program code means for using said received address does not use said received address if said capability indicator is not properly set.
-
8. The computer program product as claimed in claim 2, wherein:
-
said computer-readable program code means for sending said address assignment request, said first digital signature and said first device certificate also sends a CA certificate containing said CA public key to said address assignment service using a copy of said CA certificate stored at said server device; and
said computer-readable program code means for obtaining said CA public key uses said sent CA certificate.
-
-
9. The computer program product as claimed in claim 3, wherein:
-
said computer-readable program code means for returning said assigned address, said second device certificate, and said third digital signature also returns a second CA certificate containing said second CA public key to said server device using an address assignment service copy of said second CA certificate; and
said computer-readable program code means for obtaining said second CA public key uses said returned CA certificate.
-
-
10. The computer program product as claimed in claim 3, further comprising:
-
computer-readable program code means for creating a handshaking message by said server device, wherein said handshaking message comprises one or more message fields and a sixth digital signature, wherein said one or more message fields include a time stamp, said sixth digital signature computed over said one or more message fields;
computer-readable program code means for sending said handshaking message from said server device to said address assignment service;
computer-readable program code means for receiving said handshaking message at said address assignment service;
computer-readable program code means for decrypting said sixth digital signature using said public key of said server device; and
computer-readable program code means for completing an address assignment process initiated by said address assignment request if said decrypted sixth digital signature is valid and said time stamp is not stale.
-
-
11. The computer program product as claimed in claim 3, wherein said address assignment service is a Bootstrap Protocol (BootP) service operating at a BootP server.
-
12. The computer program product as claimed in claim 3, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
-
13. The computer program product as claimed in claim 4, wherein said address assignment service is a Bootstrap Protocol (BootP) service operating at a BootP server.
-
14. The computer program product as claimed in claim 4, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
-
15. The computer program product as claimed in claim 1, wherein said computer-readable program code means for securely storing said private key stores said private key in a write-only memory of said server device, said write-only memory having an ability to perform computations using data values previously stored therein.
-
16. The computer program product as claimed in claim 1, wherein said computer-readable program code means for securely storing said private key stores said private key in a read-write memory of said server device, said read-write memory being readable only by means of a shared secret key.
-
17. The computer program product as claimed in claim 1, wherein said globally-unique device identifier in said first device certificate is a medium access control (MAC) address of said network adapter card.
-
18. The computer program product as claimed in claim 3, further comprising:
-
computer-readable program code means for generating, by said server device, a first challenge;
computer-readable program code means for including, by said server device, said first challenge in said one or more fields of said address assignment request; and
computer-readable program code means for including, by said address assignment service, said first challenge in said one or more fields of said address assignment response; and
wherein said computer-readable program code means for using said received address further comprises using said received address only if said signed first challenge is valid.
-
-
19. The computer program product as claimed in claim 10, further comprising:
-
computer-readable program code means for generating, by said server device, a first challenge;
computer-readable program code means for including, by said server device, said first challenge in said one or more fields of said address assignment request;
computer-readable program code means for generating, by said address assignment service, a second challenge;
computer-readable program code means for including said first challenge and said second challenge in said one or more fields of said address assignment response; and
computer-readable program code means for including, by said server device, said second challenge in said one or more message fields of said handshaking message; and
wherein;
said computer-readable program code means for using said received address further comprises using said received address only if said signed first challenge is valid; and
said computer-readable program code means for completing said address assignment process further comprises completing said address assignment process only if said signed second challenge is valid.
-
-
20. A computer pin product embodied on computer readable media readable by a computing system in a computing environment, for using device certificates to authenticate servers, comprising:
-
computer-readable program code means for creating a public key, private key pair for a device that will function as a server device, said key pair adapted for use in public key cryptography systems;
computer-readable program code means for creating a device certificate for said server device, wherein said device certificate identifies said server device as owning said device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said device certificate;
thereby associating said public key with said globally-unique device identifier;
computer-readable program code means for securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
computer-readable program code means for sending an address retrieval request from a client device to said server device;
computer-readable program code means for receiving said address retrieval request at said server device;
computer-readable program code means for retrieving, by said server device, an address corresponding to said address retrieval request;
computer-readable program code means for digitally signing said hardware or firmware, a response message containing said retrieved address, using said private key of said key pair, and returning said digitally-signed response message to said client device;
computer-readable program code means for receiving said digitally-signed response message containing said returned address at said client device;
computer-readable program code means for authenticating said client device, said server device as having sent said digitally-signed response message by authenticating said server device'"'"'s digital signature thereupon; and
computer-readable program code means for using said received address by said client device, only if said computer-readable program code means for authenticating determines that said server device is authentic. - View Dependent Claims (21, 22, 23)
said computer-readable program code means for digitally signing said response message creates a first digital signature over one or more fields of said response message, wherein said one or more fields includes at least said retrieved address, and wherein said device certificate is sent along with said digitally-signed response message; and
said computer-readable program code means for receiving said digitally-signed response message also receives said device certificate; and
said computer-readable program code means for authenticating further comprises;
computer-readable program code means for decrypting, by said client device, said first digital signature using said public key stored in said received device certificate;
computer-readable program code means for obtaining, by said client device, a certificate authority (CA) public key associated with a CA which created a second digital signature stored in said device certificate;
computer-readable program code means for decrypting, by said client device, said second digital signature using said obtained CA public key;
computer-readable program code means for concluding that said device certificate is authentic if said decrypted second digital signature is authentic; and
computer-readable program code means for concluding that said server device is authentic if (1) said decrypted first digital signature is authentic, (2) a device identifier value covered by said decrypted first digital signature matches a globally-unique device identifier which identifies a sender of said retrieved address, and (3) said device certificate is authentic.
-
-
22. The computer program product as claimed in claim 21, wherein said server device is executing a Dynamic Host Configuration Protocol (DHCP) service.
-
23. The computer program product as claimed in claim 21, wherein said server device is executing a Domain Name System (DNS) service.
-
24. A system for using device certificates to authenticate servers before assignment of addresses in a computing environment, comprising:
-
means for creating a public key, private key pair for a particular device that will function as a server device, said key pair adapted for use in public key cryptography systems;
means for creating a fist device certificate for said server device, wherein said first device certificate identifies said server device as owning said first device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said first device certificate, thereby associating said public key with said globally-unique device identifier;
means for securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
means for digitally signing, by said hardware or firmware, an address assignment request using said private key of said key pair and sending said digitally-signed address assignment request from said server device to an address assignment service;
means for receiving said digitally-signed address assignment request at said address assignment service;
means for authenticating, by said address assignment service, said server device as having sent said digitally-signed address assignment request by authenticating said sever device'"'"'s digital signature thereupon;
means for assigning an address to said server device said address assignment service, only if said means for authenticating determines that said server device is authentic;
means for returning an address assignment response, comprising said assigned address, from said address assignment service to said server device, only if said means for authenticating determines that said server device is authentic; and
means for receiving said returned address assignment response at said server device. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
said means for digitally signing said address assignment request creates a first digital signature over one or more fields of said address assignment request, wherein said one or more fields includes at least said globally-unique device identifier, wherein said first device certificate is sent along with said digitally-signed address assignment request;
said means for receiving said digitally-signed address assignment request further comprises means for receiving said first device certificate, in addition to said digitally-signed address assignment request; and
said means for authenticating said server device further comprises;
means for decrypting said first digital signature using said public key stored in said first device certificate;
means for obtaining a certificate authority (CA) public key associated with a CA which created a second digital signature stored in said first device certificate;
means for decrypting said second digital signature using said obtained CA public key;
means for concluding that said first device certificate is authentic if said decrypted second digital signature is authentic; and
means for concluding that said server device is authentic if (1) said decrypted first digital signature is authentic, (2) a device identifier value covered by said decrypted first digital signature matches a globally-unique device identifier which identifies a sender of said address assignment request, and (3) said first device certificate is authentic.
-
-
26. The system as claimed in claim 25, wherein
said means for assigning said address further comprises means for digitally signing, by said address assignment service, one or more fields of said address assignment response wherein said one or more fields includes at least said assigned address, using a second private key associated with said address assignment service and resulting in creation of a third digital signature; -
said means for returning said address assignment response further comprises means for returning, along with said assigned address;
(1) a second device certificate, wherein said second device certificate comprises (a) a second globally-unique device identifier associated with a network adapter card of a second server device performing said address assignment service, thereby identifying said second server device as owning said second device certificate and (b) a second public key, said second public key associated with said second private key and adapted for use in public key cryptography systems, thereby associating said second public key with said second globally-unique identifier and (2) said third digital signal; and
said means for receiving said returned address assignment response at said server device also receives said second device certificate and said third digital signature; and
further comprising;
means for decrypting, by said server device, said received third digital signature using said second public key stored in said received second device certificate;
means for obtaining, by said server device, a second CA public key associated with a second CA which created a fourth digital signature stored in said second device certificate;
means for decrypting, by said server device, said fourth digital signature using said obtained second CA public key;
means for concluding that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
means for concluding that said address assignment service is authentic if (1) said decrypted third digital signature is authentic, (2) a second device identifier value covered by said decrypted third digital signature matches a globally-unique device identifier which identifies a sender of said address assignment response, and (3) said second device certificate is authentic; and
means for using said received address at said server device only if said address assignment service is authentic.
-
-
27. The system as claimed in claim 25, further comprising means or updating a Domain Name System (DNS) service mapping for at least one of (1) a host name, (2) a medium access control (MAC) address, or (3) a DNS-resident device identifier that is associated with said server device and is included in said address assignment request, wherein said update of said mapping reflects said assigned address.
-
28. The system as claimed in claim 27, further comprising:
-
means for digitally signing an update request by said address assignment service using said second private key, resulting in creation of a fifth digital signature, wherein said update request specifies said host name and said assigned address;
means for sending said fifth digital signature, said update request, and said second device certificate to said DNS service;
means for receiving said fifth digital signature, said update request, and said second device certificate at said DNS service;
means for decrypting, by said DNS service, said received fifth digital signature using said second public key stored in said received second device certificate;
means for obtaining, by said DNS service, said second CA public key;
means for decrypting, by said DNS service, said fourth digital signature using said obtained second CA public key;
means for concluding, by said DNS service, that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
means for concluding, by said DNS service, that said address assignment service is authentic if (1) said decrypted fifth digital signature is authentic, (2) said second device identifier value covered by said decrypted fifth digital signature matches a globally-unique device identifier which identifies a sender of said update request, and (3) said DNS service concludes that said second device certificate is authentic; and
means for performing said update of said mapping only if said DNS service concludes that said address assignment service is authentic.
-
-
29. The system as claimed in claim 28, further comprising:
-
means for returning a message from said DNS service to said address assignment service, said message indicating whether said update of said mapping was successfully performed; and
wherein said means for assigning said address to said server device operates only if said message indicates a successful update.
-
-
30. The system as claimed in claim 26, wherein said second device certificate further comprises a capability indicator indicating whether said address assignment service is authorized to assign addresses, and wherein said means for using said received address does not use said received address if said capability indicator is not properly set.
-
31. The system as claimed in claim 25, wherein:
-
said means for sending said address assignment request, said first digital signature, and said first device certificate also sends a CA certificate containing said CA public key to said address assignment service using a copy of said CA certificate stored at said server device; and
said means for obtaining said CA public key uses said sent CA certificate.
-
-
32. The system as claimed in claim 26, wherein:
-
said means for returning said assigned address, said second device certificate, and said third digit signal also returns a second CA certificate containing said second CA public key to said server device using an address assignment service copy of said second CA certificate; and
said means for obtaining said second CA public key uses said returned CA certificate.
-
-
33. The system as claimed in claim 26, further comprising:
-
means for creating a handshaking message by said server device, wherein said handshaking message comprises one or more message fields and a sixth digital signature, wherein said one or more message fields include a time stamp, said sixth digital signature computed over said one or more message fields;
means for sending said handshaking message from said server device to said address assignment service;
means for receiving said handshaking message at said address assignment service;
means for decrypting said sixth digital signature using said public key of said server device; and
means for completing an address assignment process initiated by said address assignment request if said decrypted sixth digital signature is valid and said time stamp is not stale.
-
-
34. The system as claimed in claim 26, wherein said address assignment service is a Bootstrap Protocol (BootP) service operating at a BootP server.
-
35. The system as claimed in claim 26, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
-
36. The system as claimed in claim 27, wherein said address assignment service is a Bootstrap Protocol (BootP) service operating at a BootP server.
-
37. The system as claimed in claim 27, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
-
38. The system as claimed in claim 24, where in said means for securely storing said private key stores said private key in a write-only memory of said server device, said write-only memory having an ability to perform computations using data values previously stored therein.
-
39. The system as claimed in claim 24, wherein said means for securely storing said private key stores said private key in a read-write memory of said server device, said read-write memory being readable only by means of a shared secret key.
-
40. The system as claimed in claim 24, wherein said globally-unique device identifier in said first device certificate is a medium access control (MAC) address of said network adapter card.
-
41. The system as claimed in claim 26, further comprising:
-
means for generating, by said server device a first challenge;
means for including, by said server device, said first challenge in said one or more fields of said address assignment request; and
means for including, by said address assignment service, said first challenge in said one or more fields of said address assignment response; and
wherein said means for using said received address further comprises using said received address only if said signed first challenge is valid.
-
-
42. The System as claimed in claim 33, further comprising:
-
means for generating, by said server device, a first challenge;
means for including, by said server device, said first challenge in said one or more fields of said address assignment request;
means for generating by said address assignment service, a second challenge;
means for including said first challenge and said second challenge in said one or more fields of said address assignment response; and
means for including, by said server device, said second challenge in said one or more message fields of said handshaking message; and
wherein;
said means for using said received address further comprises using said received address only if said signed first challenge is valid; and
said means for completing said address assignment process further comprises completing said address assignment process only if said signed second challenge is valid.
-
-
43. A system for using device certificates to authenticate servers in a computing environment, comprising:
-
means for creating a public key, private key pair for a device that will fiction as a server device, said key pair adapted for use in public key cryptography systems;
means for creating a device certificate for said server device, wherein said device certificate identifies said server device as owning said device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said device certificate, thereby associating said public key with said globally-unique device identifier;
means for securely storing sad private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
means for sending an address retrieval request from a client device to said server device;
mean for receiving said address retrieval request at said server device;
means for retrieving, by said server device, an address corresponding to said address retrieval request;
means for digitally signing, by said hardware or firmware a response message containing said retrieved address, using said private key of said key pair, and returning said digitally-signed response message to said client device;
means for receiving said digitally-signed response message containing said returned address at said client device;
means for authenticating, by said client device, said server device as having sent said digitally-signed response message by authenticating said server device'"'"'s digital signature thereupon; and
means for using said received address, by said client device, only if said means for authenticating determines that said server device is authentic. - View Dependent Claims (44, 45, 46)
said means for digitally signing said response message creates a first digital signature over one or more fields of said response message, wherein said one or more fields includes at least said retrieved address, and wherein said device certificate is sent along with said digitally-signed response message; and
said means for receiving said digitally-signed response message also receives said device certificate; and
said means for authenticating further comprises;
means for decrypting, by said client device, said first digital signature using said public key stored in said received device certificate;
means or obtaining, by said client device, a certificate authority (CA) public key associated with a CA which created a second digital signature stored in said device certificate;
means for decrypting, by said client device, said second digital signature using said obtained CA public key;
means for concluding that said device certificate is authentic if said decrypted second digital signature is authentic; and
means for concluding that said server device is authentic if (1) said decrypted first digital signature is authentic, (2) a device identifier value covered by said decrypted first digital signature matches a globally-unique device identifier which identifies a sender of said retrieved address, and (3) said device certificate is authentic.
-
-
45. The system as claimed in claim 44, wherein said server device is executing a Dynamic Host Configuration Protocol (DHCP) service.
-
46. The system as claimed in claim 44, wherein said server device is executing a Domain Name System (DNS) service.
-
47. A method for using device certificates to authenticate servers before assignment of addresses in a computing environment, comprising, the steps of:
-
creating a public key, private key pair for a particular device that will function as a server device, said key pair adapted for use in public key cryptography systems;
creating a first device certificate for said server device, wherein said first device certificate identifies said server device as owning said first device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said first device certificate, thereby associating said public key with said globally unique device identifier;
securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
digitally signing, by said hardware or firmware, an address assignment request using said private key of said key pair and sending said digitally-signed address assignment request from said server device to an address assignment service;
receiving said digitally-signed address assignment request at said address assignment service;
authenticating, by said address assignment service, said server device as having sent said digitally-signed address assignment request by authenticating said service device'"'"'s digital signature thereupon;
assigning an address to said server device, by said address assignment service, only if said authenticating step determines that said server device is authentic;
returning an address assignment response, comprising sad assigned address, from said address assignment service to said server device, only if said authenticating step determines that said server device is authentic; and
receiving said returned address assignment response at said server device. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
said step of digitally signing said address assignment request creates a first digital signature over one or more fields of said address assignment request, wherein said one or more fields includes at least said globally-unique device identifier, and wherein said first device certificate is sent along with said digitally-signed address assignment request;
said step of receiving said digitally-signed address assignment request further comprises the step of receiving said first device certificate, in addition to said digitally-signed address assignment request; and
said step of authenticating said server device further comprises the steps of;
decrypting said first digital signature using said public key stored in said first device certificate;
obtaining a certificate authority (CA) public key associated with a CA which created a second digital signature stored in said first device certificate;
decrypting said second digital signature using said obtained CA public key;
concluding that said first device certificate is authentic if said decrypted second digital signature is authentic; and
concluding that said server device is authentic if (1) said decrypted first digital signature is authentic, (2) a device identifier value covered by said decrypted first digital signature matches a globally-unique device identifier which identifies a sender of said address assignment request, and (3) said first device certificate is authentic.
-
-
49. The method as claimed in claim 48, wherein:
-
said step of assigning id address further comprises the step of digitally signing, by said address assignment service, one or more fields of said address assignment response wherein said one or more fields includes at least said assigned address, using a second private key associated with said address assignment service and resulting in creation of a third digital signature;
said step of returning said address assignment response further comprises the step of returning, along with said assigned address;
(1) a second device certificate, wherein said second device certificate comprises (a) a second globally-unique device identifier associated with a network adapter card of a second server device performing said address assignment service, thereby identifying said second server device as owning said second device certificate and (b) a second public key, sad second public key associated with said second private key and adapted for use in public key cryptography systems, thereby associating said second public key with said second globally-unique identifier and (2) said third digital signature; and
said step of receiving said returned address assignment response at said server device also receives said second device certificate and said third digital signature; and
further comprising the steps of;
decrypting, by said server device, said received third digital signature using said second public key stored in said received second device certificate;
obtaining, by said server device, a second CA public key associated with a second CA which created a fourth digital signature stored in said second device certificate;
decrypting, by said server device, said fourth digital signature using said obtained second CA public key;
concluding that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
concluding that said address assignment service is authentic if (1) said decrypted third digital signature is authentic, (2) a second device identifier value covered by said decrypted third digital signature matches a globally-unique device identifier which identifies a sender of said address assignment response, and (3) said second device certificate is authentic; and
using said received address at said server device only if said address assignment service is authentic.
-
-
50. The method as claimed in claim 48, further comprising the step of updating a Domain Name System (DNS) service mapping for at least one of (1) a host name, (2) a medium access control (MAC) address, or (3) a DNS-resident device identifier that is associated with said server device and is included in said address assignment request, wherein said update of said mapping reflects said assigned address.
-
51. The method as claimed in claim 50, further comprising the steps of:
-
digitally signing an update request by said address assignment service using said second private key, resulting in creation of a fifth digital signature, wherein said update request specifies said host name and said assigned address;
sending said fifth digital signature, said update request, and said second device certificate to said DNS service;
receiving said fifth digital signature, said update request, and said second device certificate at said DNS service;
decrypting by said DNS service, said received fifth digital signature using said second public key stored in said received second device certificate;
obtaining, by said DNS service, said second CA public key;
decrypting, by said DNS service, said fourth digital signature using said obtained second CA public key;
concluding, by said DNS service, that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
concluding, by said DNS service, that said address assignment service is authentic if (1) said decrypted fifth digital signature is authentic, (2) said second device identifier value covered by said decrypted filth digital signature matches a globally-unique device identifier which identifies a sender of said update request, and (3) said DNS service concludes that said second device certificate is authentic; and
performing said update of said mapping only if said DNS service concludes that said address assignment service is authentic.
-
-
52. The method as claimed in claim 51, further comprising the step of:
-
returning a message from said DNS service to said address assignment service, said message indicating whether said update of said mapping was successfully performed; and
wherein said step of assigning said address to said server device operates only if said message indicates a successful update.
-
-
53. The method as claimed in claim 49, wherein said second device certificate further comprises a capability indicator indicating whether said address assignment service is authorized to assign addresses, and wherein said step of using said received address does not use said received address if said capability indicator is not properly set.
-
54. The method as claimed in claim 48, wherein:
-
said step of sending said address assignment request, said first digital signature, and said first device certificate also sends a CA certificate containing said CA public key to said address assignment service using a copy of said CA certificate stored at said server device; and
said step of obtaining said CA public key uses said sent CA certificate.
-
-
55. The method as claimed in claim 49, wherein:
-
said step of returning said assigned address, said second device certificate, and said third digital signature also returns a second CA certificate containing said second CA public key to said server device using an address assignment service copy of said second CA certificate; and
said step of obtaining said second CA public key uses said returned CA certificate.
-
-
56. The method as claimed in claim 49, further comprising the steps of:
-
creating a handshaking message by said server device, wherein said handshaking message comprises one or more message fields and a sixth digital signature, wherein said one or more message fields include a time stamp, said sixth digital signature computed over said one or more message fields;
sending said handshaking message from said server device to said address assignment service;
receiving said handshaking message at said address assignment service;
decrypting said sixth digital signature using said public key of said server device; and
completing an address assignment process initiated by said address assignment request if said decrypted sixth digital signature is valid and said time stamp is not stale.
-
-
57. The method as claimed in claim 49, wherein said address assignment service is a Bootstrap protocol (BootP) service operating at a BootP server.
-
58. The method as claimed in claim 49, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
-
59. The method as claimed in claim 50, wherein said address assignment service is a Bootstrap Protocol (BootP) service operating at a BootP server.
-
60. The method as claimed in claim 50, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
-
61. The method as claimed in claim 47, wherein said step of securely storing said private key stores said private key in a write-only memory of said server device, said write-only memory having an ability to perform computations using data values previously stored therein.
-
62. The method as claimed in claim 47, wherein said step of securely storing said private key stores said private key in a read-write memory of said server device, said read-write memory being readable only by means of a shared secret key.
-
63. The method as claimed in claim 47, wherein aid globally-unique device identifier in said first device certificate is a medium access control (MAC) address of said network adapter card.
-
64. The method as claimed in claim 49, further comprising the steps of;
-
generating, by said server device, a first challenge;
including, by said server device, said first challenge in said one or more fields of said address assignment request; and
including, by said address assignment service, said first challenge in said one or more fields of said address assignment response; and
wherein said step of using said received address further comprises using said received address only if said signed first challenge is valid.
-
-
65. The method as claimed in claim 56, further comprising the steps of:
-
generating, by said server device, a first challenge;
including, by said server device, said first challenge in said one or more fields of said address assignment requests generating, by said address assignment service, a second challenge;
including said first challenge and said second challenge in said one or more fields of said address assignment response; and
including, by said server device, said second challenge in said one or more message fields of said handshaking message; and
wherein;
said step of using said received address further comprises using said received address only if said signed first challenge is valid; and
said step of completing said address assignment process further comprises completing said address assignment process only if said signed second challenge is valid.
-
-
66. A method for using device certificates to authenticate servers in a computing environment, comprising the steps of:
-
creating a public key, private key pair for a device that will function as a server device, said key pair adapted for use in public key cryptography systems;
creating a device certificate for said server device, wherein said device certificate identifies said server device as owning said device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said device certificate, thereby associating said public key with said globally-unique device identifier;
securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
sending an address retrieval request from a client device to said server device;
receiving said address retrieval request at said server device;
retrieving, by said server device, an address corresponding to said address retrieval request;
digitally signing, by said hardware or firmware, a response message containing said retrieved address, using said private key of said key pair, and returning said digitally-signed response message to said client device;
receiving said digitally-signed response message containing said returned address at said client device;
authenticating, by said client device, said server device as having sent said digitally-signed response message by authenticating said server device'"'"'s digital signature thereupon; and
using said received address by said client device, only if said authenticating step determines that said server device is authentic. - View Dependent Claims (67, 68, 69)
said step of digitally signing said response message creates a first digital signature over one or more fields of said response message, wherein said one or more fields includes at least said retrieved address, and wherein said device certificate is sent along with said digitally-signed response message; and
said step of receiving said digital-signed response message also receives said device certificate; and
said step of authenticating further comprises the steps of;
decrypting, by said client device, said first digital signature using said public key stored in said received device certificate;
obtaining, by said client device, a certificate authority (CA) public key associated with a CA which created a second digital signature stored in said device certificate;
decrypting, by said client device, said second digital signature using said obtained CA public key;
concluding that said device certificate is authentic if said decrypted second digital signature is authentic; and
concluding that said server device is authentic if (1) said decrypted first digital signature is authentic, (2) a device identifier value covered by said decrypted first digital signature matches a globally-unique device identifier of a sender of said retrieved address, and (3) said device certificate is authentic.
-
-
68. The method as claimed in claim 67, wherein said server device is executing a Dynamic Host Configuration Protocol (DHCP) service.
-
69. The method as claimed in claim 67, wherein said server device is executing a Domain Name System (DNS) service.
-
70. A computer-implemented method of using device certificates to authenticate address requesters before address assignment, comprising steps of:
-
digitally signing an address assignment request, by a first device which is requesting an address assignment, using a private key from a public key cryptography public/private key pair of the first device, thereby creating a digital signature for the address assignment request, wherein (1) a globally-unique identifier associated with a network adapter card of the first device is stored in a device certificate that is associated with the first a device, thereby identifying the first device as an owner of the device certificate, (2) the public key is stored in the device certificate, thereby associating the public key with the globally-unique identifier; and
(3) the private key is stored in device-resident, access-protected storage of the first device; and
authenticating the first device, by a receiver of the digitally-signed address assignment request, before the receiver will assign the requested address to the first device, further comprising steps of;
authenticating the first device as having created the digital signature on the digitally-signed address assignment request, by the receiver, using the public key of the first device; and
ensuring that the globally-unique identifier stored in the digitally-signed device certificate matches a device identifier that identifies a sender of the digitally-signed address assignment request.
-
-
71. A computer-implemented method of using device certificates to authenticate message senders, comprising steps of:
-
digitally signing a message, by a first device which creates the message, using a private key from a public key cryptography public/private key pair of the fist device, thereby creating a digital signature for the message, wherein (1) a globally-unique identifier associated with a network adapter card of the first device is stored in a device certificate that is associated with the first device, thereby identifying the first device as an owner of the device certificate;
(2) the public key is stored in the device certificate, thereby associating the public key with the globally-unique identifier;
(3) the private key is stored in device-resident, access protected storage of the first device; and
(4) the message includes the digitally-signed device certificate, such that the digital signature covers the public key and the globally-unique identifier of the first device;
authenticating the first device as having created the digital signature on the digitally-signed message, by a receiver thereof, using the public key of the first device; and
ensuring that the message was sent to the receiver by the first device by comparing the globally-unique identifier stored in the digitally-signed device certificate to a device identifier that identifies a sender of the message.
-
Specification