Method and system for automatic secure delivery of appliance updates

US 7,802,092 B1
Filed: 09/30/2005
Issued: 09/21/2010
Est. Priority Date: 09/30/2005
Status: Expired due to Fees

First Claim

Patent Images

1. An appliance, comprising:

a memory;

a network interface device;

a processor connected to the memory and the network interface device;

a key generator configured to generate, via the processor of the appliance, a manufacturing public key for the appliance;

a reporting module coupled to the key generator and configured to communicate via the network interface device verification data, including the manufacturing public key and a serial number of the appliance, from the appliance to a verification database; and

a certificate signing request (CSR) module configured to obtain via the network interface device a signed certificate from a certificate authority (CA) based on the verification data stored in the verification database, wherein the CA has access to the verification database.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method to securely deliver software updates to an appliance are provided. The system comprises a key generator, a reporting module, and a certificate signing request (CSR) module. The key generator may be configured to generate, at the processing system, verification data for the processing system. The reporting module may be configured to communicate the verification data from the processing system to a verification database. The certificate signing request (CSR) module may be configured to obtain a signed certificate from a certificate authority (CA) based on the verification data stored in the verification database.

Citations

20 Claims

1. An appliance, comprising:
- a memory;
  
  a network interface device;
  
  a processor connected to the memory and the network interface device;
  
  a key generator configured to generate, via the processor of the appliance, a manufacturing public key for the appliance;
  
  a reporting module coupled to the key generator and configured to communicate via the network interface device verification data, including the manufacturing public key and a serial number of the appliance, from the appliance to a verification database; and
  
  a certificate signing request (CSR) module configured to obtain via the network interface device a signed certificate from a certificate authority (CA) based on the verification data stored in the verification database, wherein the CA has access to the verification database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The appliance of claim 1, wherein the key generator is configured to generate the verification data by:
    - generating a plurality of prime numbers;
      
      deriving, from the plurality of prime numbers, a manufacturing key pair, the manufacturing key pair including a manufacturing private key and the manufacturing public key; and
      
      associating the serial number of the appliance with the manufacturing public key.
  - 3. The appliance of claim 2, further comprising a non-volatile memory configured to store the plurality of prime numbers.
  - 4. The appliance of claim 3, wherein the non-volatile memory is an electrically erasable programmable read-only memory (EEPROM).
  - 5. The appliance of claim 3, wherein the key generator is further configured to recreate the manufacturing private key utilizing the plurality of prime numbers stored in the non-volatile memory.
  - 6. The appliance of claim 5, wherein the CSR includes the serial number of the appliance and the CSR is signed with the manufacturing private key.
  - 7. The appliance of claim 3, wherein the key generator is further configured to generate a communications key pair, the communications key pair comprising a communications public key.
  - 8. The appliance of claim 7, wherein the CSR includes the communications public key as a subject key.
  - 9. The appliance of claim 1, wherein the appliance is a proxy server.

10. A method to permit secure communications with an appliance, the method comprising:
- generating, at the appliance, verification data, including a manufacturing public key and a serial number of the appliance, for the appliance;
  
  communicating the verification data to a verification database;
  
  generating, at the appliance, a certificate signing request (CSR) including the serial number of the appliance, wherein the CSR is signed with a manufacturing private key;
  
  sending the CSR to a certificate authority (CA); and
  
  obtaining, at the appliance, a signed certificate from the CA based on the verification data obtained from the verification database, wherein the CA has access to the verification database.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein generating the verification data further comprises:
    - generating a plurality of prime numbers;
      
      deriving, from the plurality of prime numbers, a manufacturing key pair, the manufacturing key pair including the manufacturing private key and the manufacturing public key;
      
      associating the serial number of the appliance with the manufacturing public key; and
      
      identifying the associated serial number and the manufacturing public key as the verification data.
  - 12. The method of claim 11, further comprising storing, in a non-volatile memory of the appliance, the plurality of prime numbers.
  - 13. The method of claim 12, wherein obtaining the signed certificate further comprises:
    - receiving the signed certificate;
      
      accepting the signed certificate; and
      
      storing the signed certificate at the appliance.
  - 14. The method of claim 10, further comprising generating a communications key pair, the communications key pair comprising a communications public key.
  - 15. The method of claim 14, wherein the CSR includes the communications public key as a subject key.
  - 16. The method of claim 15, further comprising:
    - establishing a secure connection with a download server utilizing the signed certificate; and
      
      receiving a software update from the download server according to the serial number of the appliance.
  - 17. The method of claim 15, further comprising establishing a secure connection with another appliance utilizing the signed certificate.
  - 18. The method of claim 15, further comprising establishing a secure connection with a management node associated with the appliance, utilizing the signed certificate.

19. A method to permit secure communications with an appliance, the method comprising:
- receiving, from the appliance, a certificate signing request (CSR) signed with a manufacturing private key from a manufacturing key pair, wherein the CSR includes a serial number of the appliance and a communications public key from a communications key pair;
  
  extracting the serial number from the CSR;
  
  interrogating a verification database with the serial number to access a manufacturing public key associated with the serial number;
  
  verifying the signature on the CSR with the manufacturing public key; and
  
  responsive to verifying the signature on the CSR with the manufacturing public key, returning a signed certificate to the appliance.

20. A non-transitory tangible machine-readable medium having stored thereon data representing sets of instructions which, when executed by a machine, cause the machine to:
- generate, at a processing system of an appliance, verification data, including a manufacturing public key and a serial number of the appliance, for the processing system;
  
  communicate the verification data from the processing system of the appliance to a verification database; and
  
  obtain a signed certificate from a certificate authority (CA), based on the verification data stored in the verification database, wherein the CA has access to the verification database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Blue Coat Systems Incorporated (Gen Digital Inc.)
Inventors
Kelly, Thomas J., Tomic, Gary W.
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
SIMS, JING F

Application Number

US11/242,213
Time in Patent Office

1,817 Days
Field of Search

713155-159, 713/161, 713/168, 713/176, 709/229, 726/2, 726 11- 15
US Class Current

713/156
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 67/34   involving the movement of s...

H04L 9/0861   Generation of secret inform...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

Method and system for automatic secure delivery of appliance updates

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for automatic secure delivery of appliance updates

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links