Establishing mutual authentication and secure channels in devices without previous credentials

US 7,646,874 B2
Filed: 12/22/2005
Issued: 01/12/2010
Est. Priority Date: 12/22/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method for installing encryption keys on a printing device not having any previous security credentials, the method comprising the steps of:

by an installation authority server;

generating a security token to be used by the printing device for secure communications, and storing the generated security token for the printing device in the installation authority server;

generating an installation credential for the printing device, wherein the installation credential comprises one of a barcode or an alphanumeric code and is to be used by the printing device to obtain the security token from the installation authority server;

correlating, in a data base of the installation authority server, the installation credential generated for the printing device with the generated security token for the printing device; and

generating a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device for an initial installation of the encryption keys in the printing device;

by the printing device;

accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device;

utilizing the input installation credential as a temporary security key for secure communications, the printing device establishing a temporary secure communication channel with the installation authority server;

generating a request message to be sent to the installation authority server for requesting that the installation authority server provide the generated security token to the printing device;

encrypting the generated request message using the installation credential; and

transmitting the encrypted request message to the installation authority server over the established temporary secure communication channel,by the installation authority server;

receiving the request message encrypted with the installation credential from the printing device via the established temporary secure communication channel;

decrypting the request message and performing an authentication process to authenticate the printing device after having received the request message for provision of the security token;

in a case where the printing device is authenticated, obtaining the security token of the printing device correlated in the database with the installation credential;

encrypting the obtained security token of the printing device using the installation credential; and

transmitting the encrypted security token of the printing device to the printing device over the established temporary secure communication channel; and

by the printing device;

receiving the encrypted security token transmitted by the installation authority server;

decrypting the security token using the installation credential input into the printing device by the user;

performing an installation process to install the security token on the printing device; and

after having completed the installation process, erasing the installation credential from the printing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides for installing encryption keys on a device not having any previous security credentials. An installation authority generates a security token to be used by the device for secure communications, and an installation credential for the device, and stores them in association with one another. A user of the device is provided with the installation credential, whereby the user inputs the installation credential into the device. The device utilizes the installation credential as a temporary security key, establishes a secure communication channel with the installation authority and requests provision of the security token. The installation authority provides the security token associated with the installation credential to the device over the established secure communication channel, and the device installs the security token, after which the device erases the installation credential from the device. The installation authority may also certify the security token and provide a certified token and a root verification certificate to the device.

Citations

12 Claims

1. A method for installing encryption keys on a printing device not having any previous security credentials, the method comprising the steps of:
- by an installation authority server;
  
  generating a security token to be used by the printing device for secure communications, and storing the generated security token for the printing device in the installation authority server;
  
  generating an installation credential for the printing device, wherein the installation credential comprises one of a barcode or an alphanumeric code and is to be used by the printing device to obtain the security token from the installation authority server;
  
  correlating, in a data base of the installation authority server, the installation credential generated for the printing device with the generated security token for the printing device; and
  
  generating a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device for an initial installation of the encryption keys in the printing device;
  
  by the printing device;
  
  accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device;
  
  utilizing the input installation credential as a temporary security key for secure communications, the printing device establishing a temporary secure communication channel with the installation authority server;
  
  generating a request message to be sent to the installation authority server for requesting that the installation authority server provide the generated security token to the printing device;
  
  encrypting the generated request message using the installation credential; and
  
  transmitting the encrypted request message to the installation authority server over the established temporary secure communication channel,by the installation authority server;
  
  receiving the request message encrypted with the installation credential from the printing device via the established temporary secure communication channel;
  
  decrypting the request message and performing an authentication process to authenticate the printing device after having received the request message for provision of the security token;
  
  in a case where the printing device is authenticated, obtaining the security token of the printing device correlated in the database with the installation credential;
  
  encrypting the obtained security token of the printing device using the installation credential; and
  
  transmitting the encrypted security token of the printing device to the printing device over the established temporary secure communication channel; and
  
  by the printing device;
  
  receiving the encrypted security token transmitted by the installation authority server;
  
  decrypting the security token using the installation credential input into the printing device by the user;
  
  performing an installation process to install the security token on the printing device; and
  
  after having completed the installation process, erasing the installation credential from the printing device.
- View Dependent Claims (2, 3)
- - 2. A method according to claim 1, wherein the security token comprises one of an encryption key or an encryption keypair.
  - 3. A method according to claim 2, wherein, in a case where the security token is an encryption keypair, the installation authority server further performing the steps of:
    - certifying a public key of the keypair; and
      
      providing the certified public key and a root verification certificate of the installation authority server to the printing device.

4. A method of establishing security credentials for a printing device not having any previous security credentials, the method comprising the steps of:
- by the printing device,generating a security token to be used by the printing device for secure communications; and
  
  storing the generated security token in the printing device,by an installation authority server;
  
  generating an installation credential for the printing device, wherein the installation credential comprises one of a barcode and an alphanumeric code;
  
  storing the installation credential in a database of the installation authority server in correlation with identification information of the printing device; and
  
  generating a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device,by the printing device;
  
  accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device;
  
  establishing a temporary secure communication channel with the installation authority server utilizing the installation credential as a temporary security key;
  
  encrypting the generated security token of the printing device utilizing the input installation credential; and
  
  transmitting the encrypted security token to the installation authority via the temporary secure communication channel for the installation authority server to certify the security token;
  
  by the installation authority server;
  
  receiving the encrypted security token transmitted by the printing device; and
  
  decrypting the security token using the installation credential stored in the database;
  
  performing a process to certify the security token; and
  
  providing a certified security token and a root verification certificate of the installation authority server to the printing device, andby the printing device;
  
  installing the certified security token and the root verification certificate in the printing device; and
  
  terminating the temporary secure communication channel and erasing the installation credential from the printing device.
- View Dependent Claims (5, 6)
- - 5. A method according to claim 4, wherein the security token comprises one of an encryption key or an encryption keypair.
  - 6. A method according to claim 5, wherein, in a case where the security token is an encryption keypair, a public key of the keypair is provided by the printing device to the installation authority server.

7. A computer-readable non-transitory storage medium on which is stored a computer-readable program for executing a method for installing encryption keys on a printing device not having any previous security credentials, the program comprising the steps of:
- by an installation authority server;
  
  generating a security token to be used by the printing device for secure communications, and storing the generated security token for the printing device in the installation authority server;
  
  generating an installation credential for the printing device, wherein the installation credential comprises one of a barcode or an alphanumeric code and is to be used by the printing device to obtain the security token from the installation authority server;
  
  correlating, in a database of the installation authority server, the installation credential generated for the printing device with the generated security token for the printing device; and
  
  generating a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device for an initial installation of the encryption keys in the printing device,by the printing device;
  
  accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device;
  
  utilizing the input installation credential as a temporary security key for secure communications, the printing device establishing a temporary secure communication channel with the installation authority server and;
  
  generating a request message to be sent to the installation authority server for requesting that the installation authority server provide the generated security token to the printing device;
  
  encrypting the generated request message using the installation credential; and
  
  transmitting the encrypted request message to the installation authority server over the established temporary secure communication channel,by the installation authority server;
  
  receiving the request message encrypted with the installation credential from the printing device via the established temporary secure communication channel;
  
  decrypting the request message and performing an authentication process to authenticate the printing device after having received the request for provision of the security token;
  
  in a case where the printing device is authenticated, obtaining the security token of the printing device correlated in the database with the installation credential;
  
  encrypting the obtained security token of the printing device using the installation credential; and
  
  transmitting the encrypted security token of the printing device to the printing device over the established temporary secure communication channel; and
  
  by the printing device;
  
  receiving the encrypted security token transmitted by the installation authority server;
  
  decrypting the security token using the installation credential input into the printing device by the user;
  
  performing an installation process to install the security token on the printing device; and
  
  after having completed the installation process, erasing the installation credential from the printing device.

8. A computer-readable non-transitory storage medium on which is stored a computer-readable program for executing a method of establishing security credentials for a printing device not having any previous security credentials, the program comprising the steps of:
- by the printing device,generating a security token to be used by the printing device for secure communications; and
  
  storing the generated security token in the printing device,by an installation authority server;
  
  generating an installation credential for the printing device, wherein the installation credential comprises one of a barcode and an alphanumeric code;
  
  storing the installation credential in a database of the installation authority server in correlation with identification information of the printing device; and
  
  generating a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device,by the printing device;
  
  accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device;
  
  establishing a temporary secure communication channel with the installation authority server utilizing the installation credential as a temporary security key;
  
  encrypting the security token of the printing device utilizing the input installation credential; and
  
  transmitting the encrypted security token to the installation authority via the temporary secure communication channel for the installation authority server to certify the security token,by the installation authority server;
  
  receiving the encrypted security token transmitted by the printing device;
  
  decrypting the security token using the installation credential stored in the database;
  
  performing a process to certify the security token; and
  
  providing a certified security token and a root verification certificate of the installation authority server to the printing device, andby the printing device;
  
  installing the certified security token and the root verification certificate in the printing device; and
  
  terminating the temporary secure communication channel and erasing the installation credential from the printing device.

9. A system for installing encryption keys on a printing device not having any previous security credentials, comprising:
- an installation authority server, comprising;
  
  a security token generator that generates a security token to be used by the printing device for secure communications;
  
  an installation credential generator that generates an installation credential for the printing device, wherein the installation credential comprises one of a barcode or an alphanumeric code and is to be used by the printing device to obtain the security token from the installation authority server;
  
  a storage unit that stores the security token generated for the printing device and the installation credential generated for the printing device in a database, wherein the installation credential and security token are stored in the database in correlation with one another;
  
  a hardcopy format generator that generates a hardcopy format of the installation credential, the generated hardcopy format being provided to a user of the printing device for an initial installation of the encryption keys in the printing device,the printing device, comprising;
  
  an input unit for accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device;
  
  a secure communication unit that establishes a temporary secure communication channel with the installation authority server utilizing the input installation credential as a temporary security key;
  
  a security token requesting unit that generates a request message to be sent to the installation authority server for requesting that the installation authority server provide the generated security token to the printing device via the established temporary secure communication channel;
  
  a message encryption unit that encrypts the generated request message using the input installation credential; and
  
  a transmitting unit that transmits the encrypted request message to the installation authority server over the established temporary secure communication channel,wherein the installation authority server further comprises;
  
  an installation credential a receiving unit that receives the request message encrypted with the installation credential from the printing device via the established temporary secure communication channel;
  
  a decryption unit that decrypts the received request message;
  
  an authentication unit that performs an authentication process to authenticate the printing device after having received the request for provision of the security token;
  
  an obtaining unit that, in a case where the printing device is authenticated, obtains the security token of the printing device correlated in the database with the installation credential;
  
  an encryption unit that encrypts the obtained security token of the printing device using the installation credential; and
  
  a transmitting unit that transmits the encrypted security token of the printing device to the printing device over the established temporary secure communication channel,and wherein the printing device further comprises;
  
  a receiving unit that receives the encrypted security token transmitted by the installation authority server;
  
  a decryption unit that decrypts the security token using the installation credential input into the printing device by the user;
  
  an installation unit that installs the received security token on the printing device; and
  
  an erasing unit that, after the installation unit installs the security token, erases the input installation credential from the printing device.
- View Dependent Claims (10, 11)
- - 10. A system according to claim 9, wherein the security token comprises one of an encryption key or an encryption keypair.
  - 11. A system according to claim 10, wherein the installation authority server further comprises:
    - certifying unit that certifies the security token,wherein the providing unit further provides the certified security token and a root verification certificate of the installation authority server to the printing device.

12. A system for establishing security credentials for a printing device not having any previous security credentials, comprising:
- an installation authority server, comprising;
  
  an installation credential generator that generates an installation credential for the printing device, wherein the installation credential comprises one of a barcode or an alphanumeric code;
  
  a storing unit that stores, in a database, the installation credential in correlation with identification information of the printing device; and
  
  a hardcopy format generator that generates a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device, andthe printing device, comprising;
  
  a security token generator that generates a security token to be used by the printing device for secure communications;
  
  a storing unit for storing the generated security token in the printing device;
  
  an input unit for accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device;
  
  a secure communication unit that establishes a temporary secure communication channel with the installation authority server utilizing the input installation credential as a temporary security key;
  
  an encryption unit that encrypts the generated security token utilizing the input installation credential; and
  
  a security token transmitting unit that transmits the encrypted security token to the installation authority server via the established temporary secure communication channel,wherein the installation authority server further comprises;
  
  a receiving unit that receives the encrypted security token transmitted by the transmitting unit of the printing device;
  
  a decryption unit that decrypts the security token using the installation credential stored in the database;
  
  a certifying unit that performs a certification process to certify the security token; and
  
  a transmitting unit that transmits a certified security token and a root verification certificate of the installation authority server to the printing device,and wherein the printing device further comprises;
  
  an installation unit that installs the certified security token and the root verification certificate in the printing device; and
  
  an erasing unit that erases the input installation credential from the printing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Martinez, Martin, Mazzagatte, Craig, Iwamoto, Neil Y., Slick, Royce E.
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
VU, PHY ANH TRAN

Application Number

US11/314,089
Publication Number

US 20070150420A1
Time in Patent Office

1,482 Days
Field of Search

713/155, 713/171, 380/277, 380/278, 705/64, 705/71
US Class Current

380/278
CPC Class Codes

G06F 21/608   Secure printing

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

Establishing mutual authentication and secure channels in devices without previous credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing mutual authentication and secure channels in devices without previous credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links