Establishing mutual authentication and secure channels in devices without previous credentials
First Claim
1. A method for installing encryption keys on a printing device not having any previous security credentials, the method comprising the steps of:
- by an installation authority server;
generating a security token to be used by the printing device for secure communications, and storing the generated security token for the printing device in the installation authority server;
generating an installation credential for the printing device, wherein the installation credential comprises one of a barcode or an alphanumeric code and is to be used by the printing device to obtain the security token from the installation authority server;
correlating, in a data base of the installation authority server, the installation credential generated for the printing device with the generated security token for the printing device; and
generating a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device for an initial installation of the encryption keys in the printing device;
by the printing device;
accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device;
utilizing the input installation credential as a temporary security key for secure communications, the printing device establishing a temporary secure communication channel with the installation authority server;
generating a request message to be sent to the installation authority server for requesting that the installation authority server provide the generated security token to the printing device;
encrypting the generated request message using the installation credential; and
transmitting the encrypted request message to the installation authority server over the established temporary secure communication channel,by the installation authority server;
receiving the request message encrypted with the installation credential from the printing device via the established temporary secure communication channel;
decrypting the request message and performing an authentication process to authenticate the printing device after having received the request message for provision of the security token;
in a case where the printing device is authenticated, obtaining the security token of the printing device correlated in the database with the installation credential;
encrypting the obtained security token of the printing device using the installation credential; and
transmitting the encrypted security token of the printing device to the printing device over the established temporary secure communication channel; and
by the printing device;
receiving the encrypted security token transmitted by the installation authority server;
decrypting the security token using the installation credential input into the printing device by the user;
performing an installation process to install the security token on the printing device; and
after having completed the installation process, erasing the installation credential from the printing device.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides for installing encryption keys on a device not having any previous security credentials. An installation authority generates a security token to be used by the device for secure communications, and an installation credential for the device, and stores them in association with one another. A user of the device is provided with the installation credential, whereby the user inputs the installation credential into the device. The device utilizes the installation credential as a temporary security key, establishes a secure communication channel with the installation authority and requests provision of the security token. The installation authority provides the security token associated with the installation credential to the device over the established secure communication channel, and the device installs the security token, after which the device erases the installation credential from the device. The installation authority may also certify the security token and provide a certified token and a root verification certificate to the device.
-
Citations
12 Claims
-
1. A method for installing encryption keys on a printing device not having any previous security credentials, the method comprising the steps of:
-
by an installation authority server; generating a security token to be used by the printing device for secure communications, and storing the generated security token for the printing device in the installation authority server; generating an installation credential for the printing device, wherein the installation credential comprises one of a barcode or an alphanumeric code and is to be used by the printing device to obtain the security token from the installation authority server; correlating, in a data base of the installation authority server, the installation credential generated for the printing device with the generated security token for the printing device; and generating a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device for an initial installation of the encryption keys in the printing device; by the printing device; accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device; utilizing the input installation credential as a temporary security key for secure communications, the printing device establishing a temporary secure communication channel with the installation authority server; generating a request message to be sent to the installation authority server for requesting that the installation authority server provide the generated security token to the printing device; encrypting the generated request message using the installation credential; and transmitting the encrypted request message to the installation authority server over the established temporary secure communication channel, by the installation authority server; receiving the request message encrypted with the installation credential from the printing device via the established temporary secure communication channel; decrypting the request message and performing an authentication process to authenticate the printing device after having received the request message for provision of the security token; in a case where the printing device is authenticated, obtaining the security token of the printing device correlated in the database with the installation credential; encrypting the obtained security token of the printing device using the installation credential; and transmitting the encrypted security token of the printing device to the printing device over the established temporary secure communication channel; and by the printing device; receiving the encrypted security token transmitted by the installation authority server; decrypting the security token using the installation credential input into the printing device by the user; performing an installation process to install the security token on the printing device; and after having completed the installation process, erasing the installation credential from the printing device. - View Dependent Claims (2, 3)
-
-
4. A method of establishing security credentials for a printing device not having any previous security credentials, the method comprising the steps of:
-
by the printing device, generating a security token to be used by the printing device for secure communications; and storing the generated security token in the printing device, by an installation authority server; generating an installation credential for the printing device, wherein the installation credential comprises one of a barcode and an alphanumeric code; storing the installation credential in a database of the installation authority server in correlation with identification information of the printing device; and generating a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device, by the printing device; accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device; establishing a temporary secure communication channel with the installation authority server utilizing the installation credential as a temporary security key; encrypting the generated security token of the printing device utilizing the input installation credential; and transmitting the encrypted security token to the installation authority via the temporary secure communication channel for the installation authority server to certify the security token; by the installation authority server; receiving the encrypted security token transmitted by the printing device; and decrypting the security token using the installation credential stored in the database; performing a process to certify the security token; and providing a certified security token and a root verification certificate of the installation authority server to the printing device, and by the printing device; installing the certified security token and the root verification certificate in the printing device; and terminating the temporary secure communication channel and erasing the installation credential from the printing device. - View Dependent Claims (5, 6)
-
-
7. A computer-readable non-transitory storage medium on which is stored a computer-readable program for executing a method for installing encryption keys on a printing device not having any previous security credentials, the program comprising the steps of:
-
by an installation authority server; generating a security token to be used by the printing device for secure communications, and storing the generated security token for the printing device in the installation authority server; generating an installation credential for the printing device, wherein the installation credential comprises one of a barcode or an alphanumeric code and is to be used by the printing device to obtain the security token from the installation authority server; correlating, in a database of the installation authority server, the installation credential generated for the printing device with the generated security token for the printing device; and generating a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device for an initial installation of the encryption keys in the printing device, by the printing device; accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device; utilizing the input installation credential as a temporary security key for secure communications, the printing device establishing a temporary secure communication channel with the installation authority server and; generating a request message to be sent to the installation authority server for requesting that the installation authority server provide the generated security token to the printing device; encrypting the generated request message using the installation credential; and transmitting the encrypted request message to the installation authority server over the established temporary secure communication channel, by the installation authority server; receiving the request message encrypted with the installation credential from the printing device via the established temporary secure communication channel; decrypting the request message and performing an authentication process to authenticate the printing device after having received the request for provision of the security token; in a case where the printing device is authenticated, obtaining the security token of the printing device correlated in the database with the installation credential; encrypting the obtained security token of the printing device using the installation credential; and transmitting the encrypted security token of the printing device to the printing device over the established temporary secure communication channel; and by the printing device; receiving the encrypted security token transmitted by the installation authority server; decrypting the security token using the installation credential input into the printing device by the user; performing an installation process to install the security token on the printing device; and after having completed the installation process, erasing the installation credential from the printing device.
-
-
8. A computer-readable non-transitory storage medium on which is stored a computer-readable program for executing a method of establishing security credentials for a printing device not having any previous security credentials, the program comprising the steps of:
-
by the printing device, generating a security token to be used by the printing device for secure communications; and storing the generated security token in the printing device, by an installation authority server; generating an installation credential for the printing device, wherein the installation credential comprises one of a barcode and an alphanumeric code; storing the installation credential in a database of the installation authority server in correlation with identification information of the printing device; and generating a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device, by the printing device; accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device; establishing a temporary secure communication channel with the installation authority server utilizing the installation credential as a temporary security key; encrypting the security token of the printing device utilizing the input installation credential; and transmitting the encrypted security token to the installation authority via the temporary secure communication channel for the installation authority server to certify the security token, by the installation authority server; receiving the encrypted security token transmitted by the printing device; decrypting the security token using the installation credential stored in the database; performing a process to certify the security token; and providing a certified security token and a root verification certificate of the installation authority server to the printing device, and by the printing device; installing the certified security token and the root verification certificate in the printing device; and terminating the temporary secure communication channel and erasing the installation credential from the printing device.
-
-
9. A system for installing encryption keys on a printing device not having any previous security credentials, comprising:
-
an installation authority server, comprising; a security token generator that generates a security token to be used by the printing device for secure communications; an installation credential generator that generates an installation credential for the printing device, wherein the installation credential comprises one of a barcode or an alphanumeric code and is to be used by the printing device to obtain the security token from the installation authority server; a storage unit that stores the security token generated for the printing device and the installation credential generated for the printing device in a database, wherein the installation credential and security token are stored in the database in correlation with one another; a hardcopy format generator that generates a hardcopy format of the installation credential, the generated hardcopy format being provided to a user of the printing device for an initial installation of the encryption keys in the printing device, the printing device, comprising; an input unit for accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device; a secure communication unit that establishes a temporary secure communication channel with the installation authority server utilizing the input installation credential as a temporary security key; a security token requesting unit that generates a request message to be sent to the installation authority server for requesting that the installation authority server provide the generated security token to the printing device via the established temporary secure communication channel; a message encryption unit that encrypts the generated request message using the input installation credential; and a transmitting unit that transmits the encrypted request message to the installation authority server over the established temporary secure communication channel, wherein the installation authority server further comprises; an installation credential a receiving unit that receives the request message encrypted with the installation credential from the printing device via the established temporary secure communication channel; a decryption unit that decrypts the received request message; an authentication unit that performs an authentication process to authenticate the printing device after having received the request for provision of the security token; an obtaining unit that, in a case where the printing device is authenticated, obtains the security token of the printing device correlated in the database with the installation credential; an encryption unit that encrypts the obtained security token of the printing device using the installation credential; and a transmitting unit that transmits the encrypted security token of the printing device to the printing device over the established temporary secure communication channel, and wherein the printing device further comprises; a receiving unit that receives the encrypted security token transmitted by the installation authority server; a decryption unit that decrypts the security token using the installation credential input into the printing device by the user; an installation unit that installs the received security token on the printing device; and an erasing unit that, after the installation unit installs the security token, erases the input installation credential from the printing device. - View Dependent Claims (10, 11)
-
-
12. A system for establishing security credentials for a printing device not having any previous security credentials, comprising:
-
an installation authority server, comprising; an installation credential generator that generates an installation credential for the printing device, wherein the installation credential comprises one of a barcode or an alphanumeric code; a storing unit that stores, in a database, the installation credential in correlation with identification information of the printing device; and a hardcopy format generator that generates a hardcopy format of the installation credential, wherein the hardcopy format of the installation credential is provided to a user of the printing device, and the printing device, comprising; a security token generator that generates a security token to be used by the printing device for secure communications; a storing unit for storing the generated security token in the printing device; an input unit for accepting an input of the installation credential by the user of the printing device who inputs the installation credential into the printing device; a secure communication unit that establishes a temporary secure communication channel with the installation authority server utilizing the input installation credential as a temporary security key; an encryption unit that encrypts the generated security token utilizing the input installation credential; and a security token transmitting unit that transmits the encrypted security token to the installation authority server via the established temporary secure communication channel, wherein the installation authority server further comprises; a receiving unit that receives the encrypted security token transmitted by the transmitting unit of the printing device; a decryption unit that decrypts the security token using the installation credential stored in the database; a certifying unit that performs a certification process to certify the security token; and a transmitting unit that transmits a certified security token and a root verification certificate of the installation authority server to the printing device, and wherein the printing device further comprises; an installation unit that installs the certified security token and the root verification certificate in the printing device; and an erasing unit that erases the input installation credential from the printing device.
-
Specification