Using device certificates to authenticate servers before automatic address assignment

US 6,823,454 B1
Filed: 11/08/1999
Issued: 11/23/2004
Est. Priority Date: 11/08/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A computer program product embodied on computer readable media readable by a computing system in a Computing environment, for using device certificates to authenticate servers before assignment of addresses, comprising:

computer-readable program code means for creating a public key, private key pair for a particular device that will function as a server device, said key pair adapted for use in public key cryptography systems;

computer-readable program code means for creating a first device certificate for said server device, wherein said first device certificate identifies said server device as owning said first device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said first device certificate, thereby associating said public key with said globally-unique device identifier;

computer-readable program code means for securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;

computer-readable program code means for digitally signing, by said hardware or firmware, an address assignment request using said private key of said key pair and sending said digitally-signed address assignment request from said server device to an address assignment service;

computer-readable program code means for receiving said digitally signed address assignment request at said add assignment service;

computer-readable program code means for authenticating, by said address assignment service, said server device as having sent said digitally-signed address assignment request by authenticating said server device'"'"'s digital signature thereupon;

computer-readable program code means for assigning an address to said server device, by said address assignment service, only if said computer-readable program code means for authenticating determines that said server device is authentic;

computer-readable program code means for returning an address assignment response, comprising said assigned address, from said address assignment service to said server device, only if said computer-readable program code means for authenticating determines that said server device is authentic; and

computer-readable program cod means for receiving said returned address assignment response at said server device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device certificate identifies a particular device using a globally-unique device identifier and contains a public key associated therewith. A private key stored in protected storage of the device is used to digitally sign outbound messages, enabling the message receiver to authenticate the message originator. Devices requesting address assignment from a service such as a Boot Protocol or Dynamic Host Configuration Protocol service can be authenticated by that service before an address is assigned. The device of the service providing the address assignment may also digitally sign the requested address, using its own private key, enabling the address receiver to verify that the address provider is authentic before accepting and using the assigned address. A device requesting an update to address information stored in a Domain Name System (DNS) server can be authenticated and/or can ensure that a legitimate DNS has been contacted.

311 Citations

71 Claims

1. A computer program product embodied on computer readable media readable by a computing system in a Computing environment, for using device certificates to authenticate servers before assignment of addresses, comprising:
- computer-readable program code means for creating a public key, private key pair for a particular device that will function as a server device, said key pair adapted for use in public key cryptography systems;
  
  computer-readable program code means for creating a first device certificate for said server device, wherein said first device certificate identifies said server device as owning said first device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said first device certificate, thereby associating said public key with said globally-unique device identifier;
  
  computer-readable program code means for securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
  
  computer-readable program code means for digitally signing, by said hardware or firmware, an address assignment request using said private key of said key pair and sending said digitally-signed address assignment request from said server device to an address assignment service;
  
  computer-readable program code means for receiving said digitally signed address assignment request at said add assignment service;
  
  computer-readable program code means for authenticating, by said address assignment service, said server device as having sent said digitally-signed address assignment request by authenticating said server device'"'"'s digital signature thereupon;
  
  computer-readable program code means for assigning an address to said server device, by said address assignment service, only if said computer-readable program code means for authenticating determines that said server device is authentic;
  
  computer-readable program code means for returning an address assignment response, comprising said assigned address, from said address assignment service to said server device, only if said computer-readable program code means for authenticating determines that said server device is authentic; and
  
  computer-readable program cod means for receiving said returned address assignment response at said server device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The computer program product as claimed in claim 1, wherein:
3. The computer program product as claimed in claim 2, wherein:
- said computer-readable program code means for assigning said address further comprises computer-readable program code means for digitally signing, by said address assignment service, one or more fields of said address assignment response wherein said one or more fields includes at least said assigned address, using a second private key associated with said address assignment service and resulting in creation of a third digital signature;
  
  said computer-readable program code means for returning said address assignment response further comprises computer-readable program code means for returning, along with said assigned address;
  
  (1) a second device certificate, wherein said second device certificate comprises (a) a second globally-unique device identifier associated with a network adapter card of a second server device performing said address assignment service, thereby identifying said second server device as owning said second device certificate and (b) a second public key, said second public key associated with said second private key and adapted for use in public key cryptography systems, thereby associating said second public key with said second globally-unique device identifier and (2) said third digital signature; and
  
  said computer-readable program code means for receiving said returned address assignment response at said server device also receives said second device certificate and said third digital signature, and further comprising;
  
  computer-readable program code means for decrypting, by said server device, said received third digital signature using said second public key stored in said received second device certificate;
  
  computer-readable program code means for obtaining, by said server device, a second CA public key associated with a second CA which created a fourth digital signature stored in said second device certificate;
  
  computer-readable program code means for decrypting, by said server device, said fourth digital signature using said obtained second CA public key;
  
  computer-readable program code means for concluding that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
  
  computer-readable program code means for concluding that said address assignment service is authentic if (1) said decrypted third digital signature is authentic, (2) a second device identifier value covered by said decrypted third digital signature matches a globally-unique device identifier which identifies a sender of said address assignment response, and (3) said second device certificate is authentic; and
  
  computer-readable program code means for using said received address at said server device only if said address assignment service is authentic.
4. The computer program product as claimed in claim 2, further comprising computer able program code means for updating a Domain Name System (DNS) service mapping for at least one of (1) a host name, (2) a medium access control (MAC) address, or (3) a DNS-resident device identifier that is associated with said server device and is included in said address assignment request, wherein said update of said mapping reflects said assigned address.
5. The computer program product as claimed in claim 4, further comprising:
- computer-readable program code means for digitally signing an update request by said address assignment Service using sad second private key, resulting in creation of a fifth digital signature, wherein said update request specifies said host name and said assigned address;
  
  computer-readable program code means for sending said fifth digital signature, said update request and said second device certificate to said DNS service;
  
  computer-readable program code means for sending said fifth digital signature, said update request, and said second device certificate at said DNS service;
  
  computer-readable program code means for decrypting, by said DNS service, said received fifth digital sire using said second public key stored in said received second device certificate;
  
  computer-readable program code means for obtaining, by said DNS service, said second CA public key;
  
  computer-readable program code means for decrypting, by said EONS service, said fourth digital signature using said obtained second CA public key;
  
  computer-readable program code means for concluding, by said DNS service, that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
  
  computer-readable program code means for concluding, by said DNS service, that said address assignment service is authentic if (1) said decrypted fifth digital signature is authentic, (2) said second device identifier value covered by said decrypted fifth digital signature matches a globally-unique device identifier which identifies a sender of said update request, and (3) said DNS service concludes that said second device certificate is authentic; and
  
  computer-readable program code means for performing said update of said mapping only if said DNS service concludes that said address assignment service is authentic.
6. The computer program product as claimed in claim 5, further comprising:
- computer-readable program code means for returning a message from said DNS service to said address assignment service, said message indicating whether said update of said mapping was successfully performed; and
  
  wherein sod computer-readable program code means for assigning said address to said server device operates only if said message indicates a successful update.
7. The computer program product as claimed in claim 3, wherein said second device certificate further comprises a capability indicator indicating whether said address assignment service is authorized to assign addresses, and wherein said computer-readable program code means for using said received address does not use said received address if said capability indicator is not properly set.
8. The computer program product as claimed in claim 2, wherein:
- said computer-readable program code means for sending said address assignment request, said first digital signature and said first device certificate also sends a CA certificate containing said CA public key to said address assignment service using a copy of said CA certificate stored at said server device; and
  
  said computer-readable program code means for obtaining said CA public key uses said sent CA certificate.
9. The computer program product as claimed in claim 3, wherein:
- said computer-readable program code means for returning said assigned address, said second device certificate, and said third digital signature also returns a second CA certificate containing said second CA public key to said server device using an address assignment service copy of said second CA certificate; and
  
  said computer-readable program code means for obtaining said second CA public key uses said returned CA certificate.
10. The computer program product as claimed in claim 3, further comprising:
- computer-readable program code means for creating a handshaking message by said server device, wherein said handshaking message comprises one or more message fields and a sixth digital signature, wherein said one or more message fields include a time stamp, said sixth digital signature computed over said one or more message fields;
  
  computer-readable program code means for sending said handshaking message from said server device to said address assignment service;
  
  computer-readable program code means for receiving said handshaking message at said address assignment service;
  
  computer-readable program code means for decrypting said sixth digital signature using said public key of said server device; and
  
  computer-readable program code means for completing an address assignment process initiated by said address assignment request if said decrypted sixth digital signature is valid and said time stamp is not stale.
11. The computer program product as claimed in claim 3, wherein said address assignment service is a Bootstrap Protocol (BootP) service operating at a BootP server.
12. The computer program product as claimed in claim 3, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
13. The computer program product as claimed in claim 4, wherein said address assignment service is a Bootstrap Protocol (BootP) service operating at a BootP server.
14. The computer program product as claimed in claim 4, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
15. The computer program product as claimed in claim 1, wherein said computer-readable program code means for securely storing said private key stores said private key in a write-only memory of said server device, said write-only memory having an ability to perform computations using data values previously stored therein.
16. The computer program product as claimed in claim 1, wherein said computer-readable program code means for securely storing said private key stores said private key in a read-write memory of said server device, said read-write memory being readable only by means of a shared secret key.
17. The computer program product as claimed in claim 1, wherein said globally-unique device identifier in said first device certificate is a medium access control (MAC) address of said network adapter card.
18. The computer program product as claimed in claim 3, further comprising:
- computer-readable program code means for generating, by said server device, a first challenge;
  
  computer-readable program code means for including, by said server device, said first challenge in said one or more fields of said address assignment request; and
  
  computer-readable program code means for including, by said address assignment service, said first challenge in said one or more fields of said address assignment response; and
  
  wherein said computer-readable program code means for using said received address further comprises using said received address only if said signed first challenge is valid.
19. The computer program product as claimed in claim 10, further comprising:
- computer-readable program code means for generating, by said server device, a first challenge;
  
  computer-readable program code means for including, by said server device, said first challenge in said one or more fields of said address assignment request;
  
  computer-readable program code means for generating, by said address assignment service, a second challenge;
  
  computer-readable program code means for including said first challenge and said second challenge in said one or more fields of said address assignment response; and
  
  computer-readable program code means for including, by said server device, said second challenge in said one or more message fields of said handshaking message; and
  
  wherein;
  
  said computer-readable program code means for using said received address further comprises using said received address only if said signed first challenge is valid; and
  
  said computer-readable program code means for completing said address assignment process further comprises completing said address assignment process only if said signed second challenge is valid.

20. A computer pin product embodied on computer readable media readable by a computing system in a computing environment, for using device certificates to authenticate servers, comprising:
- computer-readable program code means for creating a public key, private key pair for a device that will function as a server device, said key pair adapted for use in public key cryptography systems;
  
  computer-readable program code means for creating a device certificate for said server device, wherein said device certificate identifies said server device as owning said device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said device certificate;
  
  thereby associating said public key with said globally-unique device identifier;
  
  computer-readable program code means for securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
  
  computer-readable program code means for sending an address retrieval request from a client device to said server device;
  
  computer-readable program code means for receiving said address retrieval request at said server device;
  
  computer-readable program code means for retrieving, by said server device, an address corresponding to said address retrieval request;
  
  computer-readable program code means for digitally signing said hardware or firmware, a response message containing said retrieved address, using said private key of said key pair, and returning said digitally-signed response message to said client device;
  
  computer-readable program code means for receiving said digitally-signed response message containing said returned address at said client device;
  
  computer-readable program code means for authenticating said client device, said server device as having sent said digitally-signed response message by authenticating said server device'"'"'s digital signature thereupon; and
  
  computer-readable program code means for using said received address by said client device, only if said computer-readable program code means for authenticating determines that said server device is authentic.
- View Dependent Claims (21, 22, 23)
- - 21. The computer program product as claimed in claim 20, wherein:
22. The computer program product as claimed in claim 21, wherein said server device is executing a Dynamic Host Configuration Protocol (DHCP) service.
23. The computer program product as claimed in claim 21, wherein said server device is executing a Domain Name System (DNS) service.

24. A system for using device certificates to authenticate servers before assignment of addresses in a computing environment, comprising:
- means for creating a public key, private key pair for a particular device that will function as a server device, said key pair adapted for use in public key cryptography systems;
  
  means for creating a fist device certificate for said server device, wherein said first device certificate identifies said server device as owning said first device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said first device certificate, thereby associating said public key with said globally-unique device identifier;
  
  means for securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
  
  means for digitally signing, by said hardware or firmware, an address assignment request using said private key of said key pair and sending said digitally-signed address assignment request from said server device to an address assignment service;
  
  means for receiving said digitally-signed address assignment request at said address assignment service;
  
  means for authenticating, by said address assignment service, said server device as having sent said digitally-signed address assignment request by authenticating said sever device'"'"'s digital signature thereupon;
  
  means for assigning an address to said server device said address assignment service, only if said means for authenticating determines that said server device is authentic;
  
  means for returning an address assignment response, comprising said assigned address, from said address assignment service to said server device, only if said means for authenticating determines that said server device is authentic; and
  
  means for receiving said returned address assignment response at said server device.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 25. The system as claimed in claim 24, wherein:
26. The system as claimed in claim 25, whereinsaid means for assigning said address further comprises means for digitally signing, by said address assignment service, one or more fields of said address assignment response wherein said one or more fields includes at least said assigned address, using a second private key associated with said address assignment service and resulting in creation of a third digital signature;
- said means for returning said address assignment response further comprises means for returning, along with said assigned address;
  
  (1) a second device certificate, wherein said second device certificate comprises (a) a second globally-unique device identifier associated with a network adapter card of a second server device performing said address assignment service, thereby identifying said second server device as owning said second device certificate and (b) a second public key, said second public key associated with said second private key and adapted for use in public key cryptography systems, thereby associating said second public key with said second globally-unique identifier and (2) said third digital signal; and
  
  said means for receiving said returned address assignment response at said server device also receives said second device certificate and said third digital signature; and
  
  further comprising;
  
  means for decrypting, by said server device, said received third digital signature using said second public key stored in said received second device certificate;
  
  means for obtaining, by said server device, a second CA public key associated with a second CA which created a fourth digital signature stored in said second device certificate;
  
  means for decrypting, by said server device, said fourth digital signature using said obtained second CA public key;
  
  means for concluding that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
  
  means for concluding that said address assignment service is authentic if (1) said decrypted third digital signature is authentic, (2) a second device identifier value covered by said decrypted third digital signature matches a globally-unique device identifier which identifies a sender of said address assignment response, and (3) said second device certificate is authentic; and
  
  means for using said received address at said server device only if said address assignment service is authentic.
27. The system as claimed in claim 25, further comprising means or updating a Domain Name System (DNS) service mapping for at least one of (1) a host name, (2) a medium access control (MAC) address, or (3) a DNS-resident device identifier that is associated with said server device and is included in said address assignment request, wherein said update of said mapping reflects said assigned address.
28. The system as claimed in claim 27, further comprising:
- means for digitally signing an update request by said address assignment service using said second private key, resulting in creation of a fifth digital signature, wherein said update request specifies said host name and said assigned address;
  
  means for sending said fifth digital signature, said update request, and said second device certificate to said DNS service;
  
  means for receiving said fifth digital signature, said update request, and said second device certificate at said DNS service;
  
  means for decrypting, by said DNS service, said received fifth digital signature using said second public key stored in said received second device certificate;
  
  means for obtaining, by said DNS service, said second CA public key;
  
  means for decrypting, by said DNS service, said fourth digital signature using said obtained second CA public key;
  
  means for concluding, by said DNS service, that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
  
  means for concluding, by said DNS service, that said address assignment service is authentic if (1) said decrypted fifth digital signature is authentic, (2) said second device identifier value covered by said decrypted fifth digital signature matches a globally-unique device identifier which identifies a sender of said update request, and (3) said DNS service concludes that said second device certificate is authentic; and
  
  means for performing said update of said mapping only if said DNS service concludes that said address assignment service is authentic.
29. The system as claimed in claim 28, further comprising:
- means for returning a message from said DNS service to said address assignment service, said message indicating whether said update of said mapping was successfully performed; and
  
  wherein said means for assigning said address to said server device operates only if said message indicates a successful update.
30. The system as claimed in claim 26, wherein said second device certificate further comprises a capability indicator indicating whether said address assignment service is authorized to assign addresses, and wherein said means for using said received address does not use said received address if said capability indicator is not properly set.
31. The system as claimed in claim 25, wherein:
- said means for sending said address assignment request, said first digital signature, and said first device certificate also sends a CA certificate containing said CA public key to said address assignment service using a copy of said CA certificate stored at said server device; and
  
  said means for obtaining said CA public key uses said sent CA certificate.
32. The system as claimed in claim 26, wherein:
- said means for returning said assigned address, said second device certificate, and said third digit signal also returns a second CA certificate containing said second CA public key to said server device using an address assignment service copy of said second CA certificate; and
  
  said means for obtaining said second CA public key uses said returned CA certificate.
33. The system as claimed in claim 26, further comprising:
- means for creating a handshaking message by said server device, wherein said handshaking message comprises one or more message fields and a sixth digital signature, wherein said one or more message fields include a time stamp, said sixth digital signature computed over said one or more message fields;
  
  means for sending said handshaking message from said server device to said address assignment service;
  
  means for receiving said handshaking message at said address assignment service;
  
  means for decrypting said sixth digital signature using said public key of said server device; and
  
  means for completing an address assignment process initiated by said address assignment request if said decrypted sixth digital signature is valid and said time stamp is not stale.
34. The system as claimed in claim 26, wherein said address assignment service is a Bootstrap Protocol (BootP) service operating at a BootP server.
35. The system as claimed in claim 26, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
36. The system as claimed in claim 27, wherein said address assignment service is a Bootstrap Protocol (BootP) service operating at a BootP server.
37. The system as claimed in claim 27, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
38. The system as claimed in claim 24, where in said means for securely storing said private key stores said private key in a write-only memory of said server device, said write-only memory having an ability to perform computations using data values previously stored therein.
39. The system as claimed in claim 24, wherein said means for securely storing said private key stores said private key in a read-write memory of said server device, said read-write memory being readable only by means of a shared secret key.
40. The system as claimed in claim 24, wherein said globally-unique device identifier in said first device certificate is a medium access control (MAC) address of said network adapter card.
41. The system as claimed in claim 26, further comprising:
- means for generating, by said server device a first challenge;
  
  means for including, by said server device, said first challenge in said one or more fields of said address assignment request; and
  
  means for including, by said address assignment service, said first challenge in said one or more fields of said address assignment response; and
  
  wherein said means for using said received address further comprises using said received address only if said signed first challenge is valid.
42. The System as claimed in claim 33, further comprising:
- means for generating, by said server device, a first challenge;
  
  means for including, by said server device, said first challenge in said one or more fields of said address assignment request;
  
  means for generating by said address assignment service, a second challenge;
  
  means for including said first challenge and said second challenge in said one or more fields of said address assignment response; and
  
  means for including, by said server device, said second challenge in said one or more message fields of said handshaking message; and
  
  wherein;
  
  said means for using said received address further comprises using said received address only if said signed first challenge is valid; and
  
  said means for completing said address assignment process further comprises completing said address assignment process only if said signed second challenge is valid.

43. A system for using device certificates to authenticate servers in a computing environment, comprising:
- means for creating a public key, private key pair for a device that will fiction as a server device, said key pair adapted for use in public key cryptography systems;
  
  means for creating a device certificate for said server device, wherein said device certificate identifies said server device as owning said device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said device certificate, thereby associating said public key with said globally-unique device identifier;
  
  means for securely storing sad private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
  
  means for sending an address retrieval request from a client device to said server device;
  
  mean for receiving said address retrieval request at said server device;
  
  means for retrieving, by said server device, an address corresponding to said address retrieval request;
  
  means for digitally signing, by said hardware or firmware a response message containing said retrieved address, using said private key of said key pair, and returning said digitally-signed response message to said client device;
  
  means for receiving said digitally-signed response message containing said returned address at said client device;
  
  means for authenticating, by said client device, said server device as having sent said digitally-signed response message by authenticating said server device'"'"'s digital signature thereupon; and
  
  means for using said received address, by said client device, only if said means for authenticating determines that said server device is authentic.
- View Dependent Claims (44, 45, 46)
- - 44. The system as claimed in claim 43, wherein:
45. The system as claimed in claim 44, wherein said server device is executing a Dynamic Host Configuration Protocol (DHCP) service.
46. The system as claimed in claim 44, wherein said server device is executing a Domain Name System (DNS) service.

47. A method for using device certificates to authenticate servers before assignment of addresses in a computing environment, comprising, the steps of:
- creating a public key, private key pair for a particular device that will function as a server device, said key pair adapted for use in public key cryptography systems;
  
  creating a first device certificate for said server device, wherein said first device certificate identifies said server device as owning said first device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said first device certificate, thereby associating said public key with said globally unique device identifier;
  
  securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
  
  digitally signing, by said hardware or firmware, an address assignment request using said private key of said key pair and sending said digitally-signed address assignment request from said server device to an address assignment service;
  
  receiving said digitally-signed address assignment request at said address assignment service;
  
  authenticating, by said address assignment service, said server device as having sent said digitally-signed address assignment request by authenticating said service device'"'"'s digital signature thereupon;
  
  assigning an address to said server device, by said address assignment service, only if said authenticating step determines that said server device is authentic;
  
  returning an address assignment response, comprising sad assigned address, from said address assignment service to said server device, only if said authenticating step determines that said server device is authentic; and
  
  receiving said returned address assignment response at said server device.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
- - 48. The method as claim in claim 47, wherein:
49. The method as claimed in claim 48, wherein:
- said step of assigning id address further comprises the step of digitally signing, by said address assignment service, one or more fields of said address assignment response wherein said one or more fields includes at least said assigned address, using a second private key associated with said address assignment service and resulting in creation of a third digital signature;
  
  said step of returning said address assignment response further comprises the step of returning, along with said assigned address;
  
  (1) a second device certificate, wherein said second device certificate comprises (a) a second globally-unique device identifier associated with a network adapter card of a second server device performing said address assignment service, thereby identifying said second server device as owning said second device certificate and (b) a second public key, sad second public key associated with said second private key and adapted for use in public key cryptography systems, thereby associating said second public key with said second globally-unique identifier and (2) said third digital signature; and
  
  said step of receiving said returned address assignment response at said server device also receives said second device certificate and said third digital signature; and
  
  further comprising the steps of;
  
  decrypting, by said server device, said received third digital signature using said second public key stored in said received second device certificate;
  
  obtaining, by said server device, a second CA public key associated with a second CA which created a fourth digital signature stored in said second device certificate;
  
  decrypting, by said server device, said fourth digital signature using said obtained second CA public key;
  
  concluding that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
  
  concluding that said address assignment service is authentic if (1) said decrypted third digital signature is authentic, (2) a second device identifier value covered by said decrypted third digital signature matches a globally-unique device identifier which identifies a sender of said address assignment response, and (3) said second device certificate is authentic; and
  
  using said received address at said server device only if said address assignment service is authentic.
50. The method as claimed in claim 48, further comprising the step of updating a Domain Name System (DNS) service mapping for at least one of (1) a host name, (2) a medium access control (MAC) address, or (3) a DNS-resident device identifier that is associated with said server device and is included in said address assignment request, wherein said update of said mapping reflects said assigned address.
51. The method as claimed in claim 50, further comprising the steps of:
- digitally signing an update request by said address assignment service using said second private key, resulting in creation of a fifth digital signature, wherein said update request specifies said host name and said assigned address;
  
  sending said fifth digital signature, said update request, and said second device certificate to said DNS service;
  
  receiving said fifth digital signature, said update request, and said second device certificate at said DNS service;
  
  decrypting by said DNS service, said received fifth digital signature using said second public key stored in said received second device certificate;
  
  obtaining, by said DNS service, said second CA public key;
  
  decrypting, by said DNS service, said fourth digital signature using said obtained second CA public key;
  
  concluding, by said DNS service, that said second device certificate is authentic if said decrypted fourth digital signature is authentic;
  
  concluding, by said DNS service, that said address assignment service is authentic if (1) said decrypted fifth digital signature is authentic, (2) said second device identifier value covered by said decrypted filth digital signature matches a globally-unique device identifier which identifies a sender of said update request, and (3) said DNS service concludes that said second device certificate is authentic; and
  
  performing said update of said mapping only if said DNS service concludes that said address assignment service is authentic.
52. The method as claimed in claim 51, further comprising the step of:
- returning a message from said DNS service to said address assignment service, said message indicating whether said update of said mapping was successfully performed; and
  
  wherein said step of assigning said address to said server device operates only if said message indicates a successful update.
53. The method as claimed in claim 49, wherein said second device certificate further comprises a capability indicator indicating whether said address assignment service is authorized to assign addresses, and wherein said step of using said received address does not use said received address if said capability indicator is not properly set.
54. The method as claimed in claim 48, wherein:
- said step of sending said address assignment request, said first digital signature, and said first device certificate also sends a CA certificate containing said CA public key to said address assignment service using a copy of said CA certificate stored at said server device; and
  
  said step of obtaining said CA public key uses said sent CA certificate.
55. The method as claimed in claim 49, wherein:
- said step of returning said assigned address, said second device certificate, and said third digital signature also returns a second CA certificate containing said second CA public key to said server device using an address assignment service copy of said second CA certificate; and
  
  said step of obtaining said second CA public key uses said returned CA certificate.
56. The method as claimed in claim 49, further comprising the steps of:
- creating a handshaking message by said server device, wherein said handshaking message comprises one or more message fields and a sixth digital signature, wherein said one or more message fields include a time stamp, said sixth digital signature computed over said one or more message fields;
  
  sending said handshaking message from said server device to said address assignment service;
  
  receiving said handshaking message at said address assignment service;
  
  decrypting said sixth digital signature using said public key of said server device; and
  
  completing an address assignment process initiated by said address assignment request if said decrypted sixth digital signature is valid and said time stamp is not stale.
57. The method as claimed in claim 49, wherein said address assignment service is a Bootstrap protocol (BootP) service operating at a BootP server.
58. The method as claimed in claim 49, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
59. The method as claimed in claim 50, wherein said address assignment service is a Bootstrap Protocol (BootP) service operating at a BootP server.
60. The method as claimed in claim 50, wherein said address assignment service is a Dynamic Host Configuration Protocol (DHCP) service operating at a DHCP server.
61. The method as claimed in claim 47, wherein said step of securely storing said private key stores said private key in a write-only memory of said server device, said write-only memory having an ability to perform computations using data values previously stored therein.
62. The method as claimed in claim 47, wherein said step of securely storing said private key stores said private key in a read-write memory of said server device, said read-write memory being readable only by means of a shared secret key.
63. The method as claimed in claim 47, wherein aid globally-unique device identifier in said first device certificate is a medium access control (MAC) address of said network adapter card.
64. The method as claimed in claim 49, further comprising the steps of;
- generating, by said server device, a first challenge;
  
  including, by said server device, said first challenge in said one or more fields of said address assignment request; and
  
  including, by said address assignment service, said first challenge in said one or more fields of said address assignment response; and
  
  wherein said step of using said received address further comprises using said received address only if said signed first challenge is valid.
65. The method as claimed in claim 56, further comprising the steps of:
- generating, by said server device, a first challenge;
  
  including, by said server device, said first challenge in said one or more fields of said address assignment requests generating, by said address assignment service, a second challenge;
  
  including said first challenge and said second challenge in said one or more fields of said address assignment response; and
  
  including, by said server device, said second challenge in said one or more message fields of said handshaking message; and
  
  wherein;
  
  said step of using said received address further comprises using said received address only if said signed first challenge is valid; and
  
  said step of completing said address assignment process further comprises completing said address assignment process only if said signed second challenge is valid.

66. A method for using device certificates to authenticate servers in a computing environment, comprising the steps of:
- creating a public key, private key pair for a device that will function as a server device, said key pair adapted for use in public key cryptography systems;
  
  creating a device certificate for said server device, wherein said device certificate identifies said server device as owning said device certificate using a globally-unique device identifier associated with a network adapter card directly attached to said server device and wherein said public key is stored in said device certificate, thereby associating said public key with said globally-unique device identifier;
  
  securely storing said private key on said server device in protected storage that is readable only by hardware or firmware of said server device and not by software of said server device;
  
  sending an address retrieval request from a client device to said server device;
  
  receiving said address retrieval request at said server device;
  
  retrieving, by said server device, an address corresponding to said address retrieval request;
  
  digitally signing, by said hardware or firmware, a response message containing said retrieved address, using said private key of said key pair, and returning said digitally-signed response message to said client device;
  
  receiving said digitally-signed response message containing said returned address at said client device;
  
  authenticating, by said client device, said server device as having sent said digitally-signed response message by authenticating said server device'"'"'s digital signature thereupon; and
  
  using said received address by said client device, only if said authenticating step determines that said server device is authentic.
- View Dependent Claims (67, 68, 69)
- - 67. The method as claimed in claim 66, wherein:
68. The method as claimed in claim 67, wherein said server device is executing a Dynamic Host Configuration Protocol (DHCP) service.
69. The method as claimed in claim 67, wherein said server device is executing a Domain Name System (DNS) service.

70. A computer-implemented method of using device certificates to authenticate address requesters before address assignment, comprising steps of:
- digitally signing an address assignment request, by a first device which is requesting an address assignment, using a private key from a public key cryptography public/private key pair of the first device, thereby creating a digital signature for the address assignment request, wherein (1) a globally-unique identifier associated with a network adapter card of the first device is stored in a device certificate that is associated with the first a device, thereby identifying the first device as an owner of the device certificate, (2) the public key is stored in the device certificate, thereby associating the public key with the globally-unique identifier; and
  
  (3) the private key is stored in device-resident, access-protected storage of the first device; and
  
  authenticating the first device, by a receiver of the digitally-signed address assignment request, before the receiver will assign the requested address to the first device, further comprising steps of;
  
  authenticating the first device as having created the digital signature on the digitally-signed address assignment request, by the receiver, using the public key of the first device; and
  
  ensuring that the globally-unique identifier stored in the digitally-signed device certificate matches a device identifier that identifies a sender of the digitally-signed address assignment request.

71. A computer-implemented method of using device certificates to authenticate message senders, comprising steps of:
- digitally signing a message, by a first device which creates the message, using a private key from a public key cryptography public/private key pair of the fist device, thereby creating a digital signature for the message, wherein (1) a globally-unique identifier associated with a network adapter card of the first device is stored in a device certificate that is associated with the first device, thereby identifying the first device as an owner of the device certificate;
  
  (2) the public key is stored in the device certificate, thereby associating the public key with the globally-unique identifier;
  
  (3) the private key is stored in device-resident, access protected storage of the first device; and
  
  (4) the message includes the digitally-signed device certificate, such that the digital signature covers the public key and the globally-unique identifier of the first device;
  
  authenticating the first device as having created the digital signature on the digitally-signed message, by a receiver thereof, using the public key of the first device; and
  
  ensuring that the message was sent to the receiver by the first device by comparing the globally-unique identifier stored in the digitally-signed device certificate to a device identifier that identifies a sender of the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Peters, Marcia L., Hind, John R.
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
LAFORGIA, CHRISTIAN A

Application Number

US09/435,415
Time in Patent Office

1,842 Days
Field of Search

713/161, 713/169, 713/173, 713/155, 713/202, 713/200, 713/201, 709/201, 709/223, 709/225, 370/252
US Class Current

713/168
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5076   Update or notification mech...

H04L 63/0823   using certificates cryptogr...

Using device certificates to authenticate servers before automatic address assignment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

311 Citations

71 Claims

Specification

Solutions

Use Cases

Quick Links

Using device certificates to authenticate servers before automatic address assignment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

311 Citations

71 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links