Technique for secure remote configuration of a system

US 7,308,718 B1
Filed: 05/09/2000
Issued: 12/11/2007
Est. Priority Date: 05/09/2000
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus for serving a plurality of devices through a communications network, the apparatus comprising:

a memory for storing a plurality of records associated with the devices, respectively;

an input element for receiving from a selected device a request that is generated only upon initial power up of the selected device for configuration of the selected device from a generic configuration to a selected or custom configuration through the communications network, the request including coded information;

a processor responsive to the request for locating a record associated with the selected device, and verifying an identity of the selected device based on the coded information, the record including stored information concerning the selected or custom configuration for the selected device, the selected or custom configuration corresponding to a predetermined feature set of the selected device; and

an output element for providing through the communication network to the selected device information objects for modifying the generic configuration to the selected or custom configuration based on the stored information when the identity of the selected device is verified.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

After a processor-controlled system having communications capabilities is delivered to a user in its generic configuration, customization of the system is realized in accordance with the invention by downloading thereto selected information objects, e.g., software components and/or data, from a server. To avoid unauthorized downloading of the selected information objects, certain information in a request for the objects by the system to the server is encrypted and/or cryptographically signed. Such information may be, e.g., a serial number identifying the system. If the server succeeds in decrypting the encrypted information and/or authenticating the digital signature, and thereby verifies the identity and legitimacy of the system, the server downloads the selected information objects to realize the customization.

29 Citations

View as Search Results

35 Claims

1. An apparatus for serving a plurality of devices through a communications network, the apparatus comprising:
- a memory for storing a plurality of records associated with the devices, respectively;
  
  an input element for receiving from a selected device a request that is generated only upon initial power up of the selected device for configuration of the selected device from a generic configuration to a selected or custom configuration through the communications network, the request including coded information;
  
  a processor responsive to the request for locating a record associated with the selected device, and verifying an identity of the selected device based on the coded information, the record including stored information concerning the selected or custom configuration for the selected device, the selected or custom configuration corresponding to a predetermined feature set of the selected device; and
  
  an output element for providing through the communication network to the selected device information objects for modifying the generic configuration to the selected or custom configuration based on the stored information when the identity of the selected device is verified.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1 wherein the coded information comprises encrypted information concerning the identity of the selected device.
  - 3. The apparatus of claim 2 wherein the coded information comprises encrypted information concerning a serial number of the selected device.
  - 4. The apparatus of claim 2 wherein the encrypted information is encrypted in accordance with a public key algorithm.
  - 5. The apparatus of claim 1 wherein the coded information comprises a digital signature resulting from cryptographically signing at least part of the request.
  - 6. The apparatus of claim 1 wherein the information objects include software components.
  - 7. The apparatus of claim 1 wherein the information objects include data.

8. An apparatus configurable by a server through a communications network, the apparatus comprising:
- a processor for generating a request that is generated only upon initial power up of the apparatus for configuration of the apparatus from a generic configuration to a selected or custom configuration which includes therein coded information for verification by the server of an identity of the apparatus, the coded information being generated using a cryptographic element;
  
  an interface for receiving information objects corresponding to a predetermined feature set of the apparatus for configuring the apparatus from the server through the communications network when the identity of the apparatus is verified by the server, the information objects modifying the generic configuration of the apparatus;
  
  a memory; and
  
  a loader for directing the information objects to be loaded in the memory in accordance with a predetermined plan.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8 wherein the cryptographic element includes a private key.
  - 10. The apparatus of claim 8 wherein the request is automatically generated on an initial power up of the apparatus.
  - 11. The apparatus of claim 8 wherein the coded information comprises a digital signature resulting from cryptographically signing at least part of the request.
  - 12. The apparatus of claim 8 comprising a franking system.
  - 13. The apparatus of claim 8 wherein the information objects include software components.
  - 14. The apparatus of claim 8 wherein the information objects include data.

15. An apparatus for serving a plurality of devices through a communications network, the apparatus comprising:
- a memory for storing a plurality of records associated with the devices, respectively;
  
  an input element for receiving from a selected device a request that is generated only upon initial power up of the selected device, for configuration of the selected device from a generic configuration to a selected or custom configuration through the communications network, the request including a cryptographic element, and first information concerning a first identifier identifying the selected device, the first information being encrypted;
  
  a processor for selecting a record based on the cryptographic element, the selected record including a second identifier and configuration information concerning the selected or custom configuration for the selected device, the selected or custom configuration corresponding to a predetermined feature set of the selected device, the processor determining whether the second identifier corresponds to the first identifier obtained by decrypting the first information using the cryptographic element; and
  
  an output element for causing the generic configuration of the selected device to be configured based on the configuration information when it is determined that the second identifier corresponds to the first identifier.
- View Dependent Claims (16, 17, 18)
- - 16. The apparatus of claim 15 wherein the cryptographic element includes a public key.
  - 17. The apparatus of claim 15 wherein the first identifier includes a serial number of the selected device.
  - 18. The apparatus of claim 15 wherein the first information is encrypted in accordance with a public key algorithm.

19. A method for use in an apparatus for serving a plurality of devices through a communications network, the method comprising:
- storing a plurality of records associated with the devices, respectively;
  
  receiving from a selected device a request that is generated only upon initial power up of the selected device for configuration of the selected device from a generic configuration to a selected or custom configuration through the communications network, the request including coded information;
  
  in response to the request, locating a record associated with the selected device;
  
  verifying an identity of the selected device based on the coded information, the record including stored information concerning the selected or custom configuration; and
  
  providing through the communication network to the selected device information objects for modifying the generic configuration to the selected or custom configuration based on the stored information when the identity of the selected device is verified, the information objects corresponding to a predetermined feature set of the selected device.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The method of claim 19 wherein the coded information comprises encrypted information concerning the identity of the selected device.
  - 21. The method of claim 20 wherein the coded information comprises encrypted information concerning a serial number of the selected device.
  - 22. The method of claim 20 wherein the encrypted information is encrypted in accordance with a public key algorithm.
  - 23. The method of claim 19 wherein the coded information including a digital signature resulting from cryptographically signing at least part of the request.
  - 24. The method of claim 19 wherein the information objects include software components.
  - 25. The method of claim 19 wherein the information objects include data.

26. A method for use in an apparatus configurable by a server through a communications network, the apparatus including a memory, the method comprising:
- generating a request only upon an initial power up of the apparatus for configuration of the apparatus from a generic configuration to a selected or custom configuration which includes therein coded information for verification by the server of an identity of the apparatus, the coded information being generated using a cryptographic element;
  
  receiving information objects corresponding to a predetermined feature set of the apparatus for modifying the generic configuration of the apparatus to the selected or custom configuration from the server through the communications network when the identity of the apparatus is verified by the server; and
  
  loading the information objects in the memory in accordance with a predetermined plan.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The method of claim 26 wherein the cryptographic element includes a private key.
  - 28. The method of claim 26 wherein the request is automatically generated on an initial power up of the apparatus.
  - 29. The method of claim 26 wherein the coded information comprises a digital signature resulting from cryptographically signing at least part of the request.
  - 30. The method of claim 26 wherein the information objects include software components.
  - 31. The method of claim 26 wherein the information objects include data.

32. A method for use in an apparatus for serving a plurality of devices through a communications network, the method comprising:
- storing a plurality of records associated with the devices, respectively;
  
  receiving from a selected device a request that is generated only upon initial power up of the selected device for configuration of the selected device from a generic configuration to a selected or custom configuration through the communications network, the request including a cryptographic element, and first information concerning a first identifier identifying the selected device, the first information being encrypted;
  
  selecting a record based on the cryptographic element, the selected record including a second identifier and configuration information concerning the selected or custom configuration for the selected device, the selected or custom configuration corresponding to a predetermined feature set of the selected device;
  
  determining whether the second identifier corresponds to the first identifier obtained by decrypting the first information using the cryptographic element; and
  
  causing the generic configuration of the selected device to be modified from the generic configuration to the selected or custom configuration based on the configuration information when it is determined that the second identifier corresponds to the first identifier.
- View Dependent Claims (33, 34, 35)
- - 33. The method of claim 32 wherein the cryptographic element includes a public key.
  - 34. The method of claim 32 wherein the first identifier includes a serial number of the selected device.
  - 35. The method of claim 32 wherein the first information is encrypted in accordance with a public key algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Neopost Technologies S.A. (Quadient SA)
Original Assignee
Neopost Technologies S.A. (Quadient SA)
Inventors
Brookner, George M.
Primary Examiner(s)
Moazzami, Nasser
Assistant Examiner(s)
Hoffman, Brandon S

Application Number

US10/009,206
Time in Patent Office

2,772 Days
Field of Search

None
US Class Current

726/29
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/44   Program or device authentic...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2129   Authenticate client device ...

G06F 8/60   Software deployment

Technique for secure remote configuration of a system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Technique for secure remote configuration of a system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links