Technique for secure remote configuration of a system
First Claim
1. An apparatus for serving a plurality of devices through a communications network, the apparatus comprising:
- a memory for storing a plurality of records associated with the devices, respectively;
an input element for receiving from a selected device a request that is generated only upon initial power up of the selected device for configuration of the selected device from a generic configuration to a selected or custom configuration through the communications network, the request including coded information;
a processor responsive to the request for locating a record associated with the selected device, and verifying an identity of the selected device based on the coded information, the record including stored information concerning the selected or custom configuration for the selected device, the selected or custom configuration corresponding to a predetermined feature set of the selected device; and
an output element for providing through the communication network to the selected device information objects for modifying the generic configuration to the selected or custom configuration based on the stored information when the identity of the selected device is verified.
4 Assignments
0 Petitions
Accused Products
Abstract
After a processor-controlled system having communications capabilities is delivered to a user in its generic configuration, customization of the system is realized in accordance with the invention by downloading thereto selected information objects, e.g., software components and/or data, from a server. To avoid unauthorized downloading of the selected information objects, certain information in a request for the objects by the system to the server is encrypted and/or cryptographically signed. Such information may be, e.g., a serial number identifying the system. If the server succeeds in decrypting the encrypted information and/or authenticating the digital signature, and thereby verifies the identity and legitimacy of the system, the server downloads the selected information objects to realize the customization.
29 Citations
35 Claims
-
1. An apparatus for serving a plurality of devices through a communications network, the apparatus comprising:
-
a memory for storing a plurality of records associated with the devices, respectively; an input element for receiving from a selected device a request that is generated only upon initial power up of the selected device for configuration of the selected device from a generic configuration to a selected or custom configuration through the communications network, the request including coded information; a processor responsive to the request for locating a record associated with the selected device, and verifying an identity of the selected device based on the coded information, the record including stored information concerning the selected or custom configuration for the selected device, the selected or custom configuration corresponding to a predetermined feature set of the selected device; and an output element for providing through the communication network to the selected device information objects for modifying the generic configuration to the selected or custom configuration based on the stored information when the identity of the selected device is verified. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus configurable by a server through a communications network, the apparatus comprising:
-
a processor for generating a request that is generated only upon initial power up of the apparatus for configuration of the apparatus from a generic configuration to a selected or custom configuration which includes therein coded information for verification by the server of an identity of the apparatus, the coded information being generated using a cryptographic element; an interface for receiving information objects corresponding to a predetermined feature set of the apparatus for configuring the apparatus from the server through the communications network when the identity of the apparatus is verified by the server, the information objects modifying the generic configuration of the apparatus; a memory; and a loader for directing the information objects to be loaded in the memory in accordance with a predetermined plan. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for serving a plurality of devices through a communications network, the apparatus comprising:
-
a memory for storing a plurality of records associated with the devices, respectively; an input element for receiving from a selected device a request that is generated only upon initial power up of the selected device, for configuration of the selected device from a generic configuration to a selected or custom configuration through the communications network, the request including a cryptographic element, and first information concerning a first identifier identifying the selected device, the first information being encrypted; a processor for selecting a record based on the cryptographic element, the selected record including a second identifier and configuration information concerning the selected or custom configuration for the selected device, the selected or custom configuration corresponding to a predetermined feature set of the selected device, the processor determining whether the second identifier corresponds to the first identifier obtained by decrypting the first information using the cryptographic element; and an output element for causing the generic configuration of the selected device to be configured based on the configuration information when it is determined that the second identifier corresponds to the first identifier. - View Dependent Claims (16, 17, 18)
-
-
19. A method for use in an apparatus for serving a plurality of devices through a communications network, the method comprising:
-
storing a plurality of records associated with the devices, respectively; receiving from a selected device a request that is generated only upon initial power up of the selected device for configuration of the selected device from a generic configuration to a selected or custom configuration through the communications network, the request including coded information; in response to the request, locating a record associated with the selected device; verifying an identity of the selected device based on the coded information, the record including stored information concerning the selected or custom configuration; and providing through the communication network to the selected device information objects for modifying the generic configuration to the selected or custom configuration based on the stored information when the identity of the selected device is verified, the information objects corresponding to a predetermined feature set of the selected device. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
-
26. A method for use in an apparatus configurable by a server through a communications network, the apparatus including a memory, the method comprising:
-
generating a request only upon an initial power up of the apparatus for configuration of the apparatus from a generic configuration to a selected or custom configuration which includes therein coded information for verification by the server of an identity of the apparatus, the coded information being generated using a cryptographic element; receiving information objects corresponding to a predetermined feature set of the apparatus for modifying the generic configuration of the apparatus to the selected or custom configuration from the server through the communications network when the identity of the apparatus is verified by the server; and loading the information objects in the memory in accordance with a predetermined plan. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. A method for use in an apparatus for serving a plurality of devices through a communications network, the method comprising:
-
storing a plurality of records associated with the devices, respectively; receiving from a selected device a request that is generated only upon initial power up of the selected device for configuration of the selected device from a generic configuration to a selected or custom configuration through the communications network, the request including a cryptographic element, and first information concerning a first identifier identifying the selected device, the first information being encrypted; selecting a record based on the cryptographic element, the selected record including a second identifier and configuration information concerning the selected or custom configuration for the selected device, the selected or custom configuration corresponding to a predetermined feature set of the selected device; determining whether the second identifier corresponds to the first identifier obtained by decrypting the first information using the cryptographic element; and causing the generic configuration of the selected device to be modified from the generic configuration to the selected or custom configuration based on the configuration information when it is determined that the second identifier corresponds to the first identifier. - View Dependent Claims (33, 34, 35)
-
Specification