Method and apparatus for efficiently initializing mobile wireless devices

US 6,980,660 B1
Filed: 05/21/1999
Issued: 12/27/2005
Est. Priority Date: 05/21/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said method comprising the steps of:

sending an inquiry from said server to said first device using said embedded radio modules;

returning, from said first device, a unique device identifier of said first device, to said server;

creating, at said server, a public key, private key pair for said first device;

creating, at said server, a device certificate for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device;

transmitting said private key, and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and

storing said private key in non-removable protected storage at said first device;

wherein said protected storage is write-only storage able to perform computations involving previously-written data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for enabling wireless devices distributed throughout an enterprise to be efficiently initialized for secure communications. The method and system utilize well known public key cryptography and machine unique identifiers to establish a secure channel and initialize the wireless devices.

Citations

16 Claims

1. A method for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said method comprising the steps of:
- sending an inquiry from said server to said first device using said embedded radio modules;
  
  returning, from said first device, a unique device identifier of said first device, to said server;
  
  creating, at said server, a public key, private key pair for said first device;
  
  creating, at said server, a device certificate for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device;
  
  transmitting said private key, and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and
  
  storing said private key in non-removable protected storage at said first device;
  
  wherein said protected storage is write-only storage able to perform computations involving previously-written data.
- View Dependent Claims (2, 13)
- - 2. A method as claimed in claim 1 wherein a copy of said certificate is stored in an enterprise database.
  - 13. The method as recited in claim 1, wherein communication between said first device and said server is performed in a wireless manner.

3. A method for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said method comprising the steps of:
- sending an inquiry from said server to said first device using said embedded radio modules;
  
  returning, from said first device, a unique device identifier of said first device, to said server;
  
  creating, at said server, a public key private key pair for said first device;
  
  creating, at said server, a device certificate for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device;
  
  transmitting said private key, and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and
  
  storing said private key in non-removable protected storage at said first device;
  
  wherein said protected storage is write-only storage able to perform computations involving previously-written data;
  
  wherein a copy of said certificate is stored in an LDAP directory.

4. A method for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said method comprising the steps of:
- sending an inquiry from said server to said first device using said embedded radio modules;
  
  creating, at said first device, a public key, private key pair for said first device;
  
  storing, at said first device, said private key in non-removable protected storage;
  
  returning, from said first device, a unique device identifier and said public key of said first device, to said server;
  
  creating, at said server, a device certificate for said first device, said device certificate having said device identifier and said public key; and
  
  transmitting said device certificate and a public key of a Certificate Authority which signed said device certificate to said first device;
  
  wherein said protected storage is a write-only storage able to perform computations involving previously-written data.

5. A system for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said system comprising:
- a communications mechanism for sending an inquiry from said server to said first device using said embedded radio modules, and returning, from said first device, a unique device identifier of said first device, to said server;
  
  a processor at said server for creating a public key, private key pair for said first device; and
  
  a device certificate, created at said server, for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device;
  
  wherein said communications mechanism transmits said private key, and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and
  
  , said processor stores said private key in non-removable protected storage at said first device;
  
  wherein said protected storage is write-only storage able to perform computations involving previously-written data.
- View Dependent Claims (6, 14)
- - 6. A system as claimed in claim 5 wherein a copy of said certificate is stored in an enterprise database.
  - 14. The system as recited in claim 5, wherein communication between said first device and said server is performed in a wireless manner.

7. A system for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, said system comprising:
- a communications mechanism for sending an inquiry from said server to said first device using said embedded radio modules, and returning, from said first device, a unique device identifier of said first device, to said server;
  
  a processor at said server for creating a public key, private key pair for said first device; and
  
  a device certificate, created at said server, for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device;
  
  wherein said communications mechanism transmits said private key and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and
  
  , said processor stores said private key in non-removable protected storage at said first device;
  
  wherein said protected storage is write-only storage able to perform computations involving previously-written data;
  
  wherein a copy of said certificate is stored in an LDAP directory.

8. An initialization system, said system comprising:
- a first device, said first device having an embedded radio module;
  
  a server, said server having an embedded radio module;
  
  a communications mechanism, said communications mechanism sending an inquiry from said server to said first device using said embedded radio modules;
  
  wherein said first device creates a public key, private key pair for said first device, stores said private key in non-removable protected storage, and returns a unique device identifier and said public key of said first device, to said server;
  
  said server creates a device certificate for said first device, said device certificate having said device identifier and said public key; and
  
  transmits said device certificate and a public key of a Certificate Authority which signed said device certificate to said first device;
  
  wherein said protected storage is a write-only storage able to perform computations involving previously-written data.

9. A computer program product embodied in a machine readable medium for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, wherein said computer program product comprises the programming steps of:
- sending an inquiry from said server to said first device using said embedded radio modules;
  
  returning, from said first device, a unique device identifier of said first device, to said server;
  
  creating, at said server, a public key, private key pair for said first device;
  
  creating, at said server, a device certificate for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device;
  
  transmitting said private key, and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and
  
  storing said private key in non-removable protected storage at said first device;
  
  wherein said protected storage is write-only storage able to perform computations involving previously-written data.
- View Dependent Claims (10, 15)
- - 10. The computer program product as claimed in claim 9 wherein a copy of said certificate is stored in an enterprise database.
  - 15. The computer program product as recited in claim 9, wherein communication between said first device and said server is performed in a wireless manner.

11. A computer program product embodied in a machine readable medium for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, wherein said computer program product comprises the programming steps of:
- sending an inquiry from said server to said first device using said embedded radio modules;
  
  returning, from said first device, a unique device identifier of said first device, to said server;
  
  creating, at said server, a public key, private key pair for said first device;
  
  creating, at said server, a device certificate for said first device, said device certificate having a unique hardware identifier associated with said first device and a public key associated with said first device;
  
  transmitting said private key and said device certificate, and a public key of a Certificate Authority which signed said device certificate, to said first device; and
  
  storing said private key in non-removable protected storage at said first device;
  
  wherein said protected storage is write-only storage able to perform computations involving previously-written data;
  
  wherein a copy of said certificate is stored in an LDAP directory.

12. A computer program product embodied in a machine readable medium for initializing a first device distributed with an embedded radio module using a server, said server having an embedded radio module, wherein said computer program product comprises the programming steps of:
- sending an inquiry from said server to said first device using said embedded radio modules;
  
  creating, at said first device, a public key, private key pair for said first device;
  
  storing, at said first device, said private key in non-removable protected storage;
  
  returning, from said first device, a unique device identifier and said public key of said first device, to said server;
  
  creating, at said server, a device certificate for said first device, said device certificate having said device identifier and said public key; and
  
  transmitting said device certificate and a public key of a Certificate Authority which signed said device certificate to said first device;
  
  wherein said protected storage is a write-only storage able to perform computations involving previously-written data.
- View Dependent Claims (16)
- - 16. The computer program product as recited in claim 12, wherein communication between said first device and said server is performed in a wireless manner.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hind, John Raithel, Peters, Marcia Lambert
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Baum, Ronald

Application Number

US09/316,804
Time in Patent Office

2,412 Days
Field of Search

713168-175, 713155-159, 713200-201, 380247-285
US Class Current

380/282
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04W 12/069 using certificates or pre-s...

Method and apparatus for efficiently initializing mobile wireless devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for efficiently initializing mobile wireless devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links