Method and apparatus for integrated provisioning of a network device with configuration information and identity certification
First Claim
1. A provisioning server for integrated provisioning of a network device with configuration information and identity certification, comprising:
- a configuration module that is adapted for configuring the network device; and
an identification certification module that is configured for certifying the identity of the network device;
wherein the network device comprises one or more of routers, or packet data switches, that function in a packet switched communication network and wherein the provisioning server is physically co-located with and coupled to the network device via a physically secure communication link and wherein the provisioning server is configured to read and write configuration information and parameters, key information and identity certification information to and from the network device over the link;
wherein the provisioning server is configured to read and write the configuration information, key information and identity certification information over the link without network connectivity to the network device over the link;
wherein the identification certification module is configured for obtaining certification of the network device'"'"'s identity without a network connection between the network device and an external certificate authority; and
wherein the identification module is configured to;
generate a public key and a private key that are associated with the network device.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one aspect, a provisioning server comprises a configuration module that configures a network device and an identification certification module that certifies the identity of the network device. With use of the provisioning server, the network device does not require configuration with network connectivity in order to obtain its certified identity. In one embodiment, configuration module configures the device for operation at the device'"'"'s point of deployment in a network. In one embodiment, the identity certification module is configured to generate a digital certificate for the network device and the configuration module is configured to automatically configure the network device based on its digital certificate. The provisioning server is coupled to the network device with a secure communication link. As a result, a more trusted network device is ultimately deployed into its network of operation.
59 Citations
22 Claims
-
1. A provisioning server for integrated provisioning of a network device with configuration information and identity certification, comprising:
-
a configuration module that is adapted for configuring the network device; and an identification certification module that is configured for certifying the identity of the network device; wherein the network device comprises one or more of routers, or packet data switches, that function in a packet switched communication network and wherein the provisioning server is physically co-located with and coupled to the network device via a physically secure communication link and wherein the provisioning server is configured to read and write configuration information and parameters, key information and identity certification information to and from the network device over the link; wherein the provisioning server is configured to read and write the configuration information, key information and identity certification information over the link without network connectivity to the network device over the link; wherein the identification certification module is configured for obtaining certification of the network device'"'"'s identity without a network connection between the network device and an external certificate authority; and wherein the identification module is configured to; generate a public key and a private key that are associated with the network device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for integrated provisioning of a network device, the method comprising the computer-implemented steps of:
-
in a provisioning server, configuring the network device at a provisioning location, for operation at a deployment location in a network; and in the provisioning server, certifying, from the provisioning location and without network connectivity, the identity of the network device; wherein the network device comprises one or more of routers, or packet data switches, that function in a packet switched communication network and wherein the provisioning server is physically co-located with and coupled to the network device via a physically secure communication link and wherein the provisioning server is configured to read and write configuration information and parameters, key information and identity certification information to and from the network device over the link; wherein the provisioning server is configured to read and write the configuration information, key information and identity certification information over the link without network connectivity to the network device over the link; wherein the identification certification module is configured for obtaining certification of the network device'"'"'s identity without a network connection between the network device and an external certificate authority; and wherein the identification module is configured to; generate a public key and a private key that are associated with the network device. - View Dependent Claims (14, 15, 16)
-
-
17. A computer-readable medium carrying one or more sequences of instructions for provisioning of a network device, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
configuring the network device at a provisioning location, for operation at a deployment location in a network; and certifying, from the provisioning location and without network connectivity, the identity of the network device; wherein the network device comprises one or more of routers, or packet data switches, that function in a packet switched communication network and wherein the instructions are physically co-located with and communicate with the network device via a physically secure communication link and wherein the instructions are configured to read and write configuration information and parameters, key information and identity certification information to and from the network device over the link; wherein the instructions are configured to read and write the configuration information, key information and identity certification information over the link without network connectivity to the network device over the link; wherein the identification certification module is configured for obtaining certification of the network device'"'"'s identity without a network connection between the network device and an external certificate authority; and wherein a identification module is configured to; generate a public key and a private key that are associated with the network device. - View Dependent Claims (18, 19, 20)
-
-
21. A system for integrated provisioning of a network device, the system comprising:
-
means for configuring the network device at a provisioning location, for operation at a deployment location in a network; and means for certifying, from the provisioning location and without network connectivity, the identity of the network device; wherein the network device comprises one or more of routers, or packet data switches, that function in a packet switched communication network and wherein the system is physically co-located with and coupled to the network device via a physically secure communication link and wherein the system is configured to read and write configuration information and parameters, key information and identity certification information to and from the network device over the link; wherein the system is configured to read and write the configuration information, key information and identity certification information over the link without network connectivity to the network device over the link; wherein the identification certification module is configured for obtaining certification of the network device'"'"'s identity without a network connection between the network device and an external certificate authority; and wherein the identification module is configured to; generate the public key and a private key that are associated with the network device.
-
-
22. A device that can provision a network device, the device comprising:
-
a processor; a computer-readable medium comprising one or more stored sequences which, when executed by the processor, cause the processor to carry out the steps of; configuring the network device at a provisioning location, for operation at a deployment location in a network; and certifying, from the provisioning location and without network connectivity, the identity of the network device; wherein the network device comprises one or more of routers, or packet data switches, that function in a packet switched communication network and wherein the device is physically co-located with and coupled to the network device via a physically secure communication link and wherein the device is configured to read and write configuration information and parameters, key information and identity certification information to and from the network device over the link; wherein the device is configured to read and write the configuration information, key information and identity certification information over the link without network connectivity to the network device over the link; wherein the identification certification module is configured for obtaining certification of the network device'"'"'s identity without a network connection between the network device and an external certificate authority; and wherein the identification module is configured to; generate the public key and a private key that are associated with the network device.
-
Specification