Method and apparatus for efficiently initializing mobile wireless devices
First Claim
Patent Images
1. A method for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said method comprising the steps of:
- sending an inquiry from said server to said first device using said embedded radio modules;
returning, from said first device, a unique device identifier of said first device, to said server;
creating, at said server, a public key, private key pair for said first device;
creating, at said server, a device certificate for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device;
transmitting said private key, and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and
storing said private key in non-removable protected storage at said first device;
wherein said protected storage is write-only storage able to perform computations involving previously-written data.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for enabling wireless devices distributed throughout an enterprise to be efficiently initialized for secure communications. The method and system utilize well known public key cryptography and machine unique identifiers to establish a secure channel and initialize the wireless devices.
-
Citations
16 Claims
-
1. A method for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said method comprising the steps of:
-
sending an inquiry from said server to said first device using said embedded radio modules; returning, from said first device, a unique device identifier of said first device, to said server; creating, at said server, a public key, private key pair for said first device; creating, at said server, a device certificate for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device; transmitting said private key, and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and storing said private key in non-removable protected storage at said first device; wherein said protected storage is write-only storage able to perform computations involving previously-written data. - View Dependent Claims (2, 13)
-
-
3. A method for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said method comprising the steps of:
-
sending an inquiry from said server to said first device using said embedded radio modules; returning, from said first device, a unique device identifier of said first device, to said server; creating, at said server, a public key private key pair for said first device; creating, at said server, a device certificate for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device; transmitting said private key, and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and storing said private key in non-removable protected storage at said first device; wherein said protected storage is write-only storage able to perform computations involving previously-written data; wherein a copy of said certificate is stored in an LDAP directory.
-
-
4. A method for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said method comprising the steps of:
-
sending an inquiry from said server to said first device using said embedded radio modules; creating, at said first device, a public key, private key pair for said first device; storing, at said first device, said private key in non-removable protected storage; returning, from said first device, a unique device identifier and said public key of said first device, to said server; creating, at said server, a device certificate for said first device, said device certificate having said device identifier and said public key; and transmitting said device certificate and a public key of a Certificate Authority which signed said device certificate to said first device; wherein said protected storage is a write-only storage able to perform computations involving previously-written data.
-
-
5. A system for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said system comprising:
-
a communications mechanism for sending an inquiry from said server to said first device using said embedded radio modules, and returning, from said first device, a unique device identifier of said first device, to said server; a processor at said server for creating a public key, private key pair for said first device; and a device certificate, created at said server, for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device; wherein said communications mechanism transmits said private key, and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and
, said processor stores said private key in non-removable protected storage at said first device;wherein said protected storage is write-only storage able to perform computations involving previously-written data. - View Dependent Claims (6, 14)
-
-
7. A system for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said system comprising:
-
a communications mechanism for sending an inquiry from said server to said first device using said embedded radio modules, and returning, from said first device, a unique device identifier of said first device, to said server; a processor at said server for creating a public key, private key pair for said first device; and a device certificate, created at said server, for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device; wherein said communications mechanism transmits said private key and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and
, said processor stores said private key in non-removable protected storage at said first device;wherein said protected storage is write-only storage able to perform computations involving previously-written data; wherein a copy of said certificate is stored in an LDAP directory.
-
-
8. An initialization system, said system comprising:
-
a first device, said first device having an embedded radio module; a server, said server having an embedded radio module; a communications mechanism, said communications mechanism sending an inquiry from said server to said first device using said embedded radio modules; wherein said first device creates a public key, private key pair for said first device, stores said private key in non-removable protected storage, and returns a unique device identifier and said public key of said first device, to said server; said server creates a device certificate for said first device, said device certificate having said device identifier and said public key; and
transmits said device certificate and a public key of a Certificate Authority which signed said device certificate to said first device;wherein said protected storage is a write-only storage able to perform computations involving previously-written data.
-
-
9. A computer program product embodied in a machine readable medium for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, wherein said computer program product comprises the programming steps of:
-
sending an inquiry from said server to said first device using said embedded radio modules; returning, from said first device, a unique device identifier of said first device, to said server; creating, at said server, a public key, private key pair for said first device; creating, at said server, a device certificate for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device; transmitting said private key, and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and storing said private key in non-removable protected storage at said first device; wherein said protected storage is write-only storage able to perform computations involving previously-written data. - View Dependent Claims (10, 15)
-
-
11. A computer program product embodied in a machine readable medium for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, wherein said computer program product comprises the programming steps of:
-
sending an inquiry from said server to said first device using said embedded radio modules; returning, from said first device, a unique device identifier of said first device, to said server; creating, at said server, a public key, private key pair for said first device; creating, at said server, a device certificate for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device; transmitting said private key and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and storing said private key in non-removable protected storage at said first device; wherein said protected storage is write-only storage able to perform computations involving previously-written data; wherein a copy of said certificate is stored in an LDAP directory.
-
-
12. A computer program product embodied in a machine readable medium for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, wherein said computer program product comprises the programming steps of:
-
sending an inquiry from said server to said first device using said embedded radio modules; creating, at said first device, a public key, private key pair for said first device; storing, at said first device, said private key in non-removable protected storage; returning, from said first device, a unique device identifier and said public key of said first device, to said server; creating, at said server, a device certificate for said first device, said device certificate having said device identifier and said public key; and transmitting said device certificate and a public key of a Certificate Authority which signed said device certificate to said first device; wherein said protected storage is a write-only storage able to perform computations involving previously-written data. - View Dependent Claims (16)
-
Specification