Method and system for automatic secure delivery of appliance updates
First Claim
Patent Images
1. An appliance, comprising:
- a memory;
a network interface device;
a processor connected to the memory and the network interface device;
a key generator configured to generate, via the processor of the appliance, a manufacturing public key for the appliance;
a reporting module coupled to the key generator and configured to communicate via the network interface device verification data, including the manufacturing public key and a serial number of the appliance, from the appliance to a verification database; and
a certificate signing request (CSR) module configured to obtain via the network interface device a signed certificate from a certificate authority (CA) based on the verification data stored in the verification database, wherein the CA has access to the verification database.
12 Assignments
0 Petitions
Accused Products
Abstract
A system and method to securely deliver software updates to an appliance are provided. The system comprises a key generator, a reporting module, and a certificate signing request (CSR) module. The key generator may be configured to generate, at the processing system, verification data for the processing system. The reporting module may be configured to communicate the verification data from the processing system to a verification database. The certificate signing request (CSR) module may be configured to obtain a signed certificate from a certificate authority (CA) based on the verification data stored in the verification database.
-
Citations
20 Claims
-
1. An appliance, comprising:
-
a memory; a network interface device; a processor connected to the memory and the network interface device; a key generator configured to generate, via the processor of the appliance, a manufacturing public key for the appliance; a reporting module coupled to the key generator and configured to communicate via the network interface device verification data, including the manufacturing public key and a serial number of the appliance, from the appliance to a verification database; and a certificate signing request (CSR) module configured to obtain via the network interface device a signed certificate from a certificate authority (CA) based on the verification data stored in the verification database, wherein the CA has access to the verification database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method to permit secure communications with an appliance, the method comprising:
-
generating, at the appliance, verification data, including a manufacturing public key and a serial number of the appliance, for the appliance; communicating the verification data to a verification database; generating, at the appliance, a certificate signing request (CSR) including the serial number of the appliance, wherein the CSR is signed with a manufacturing private key; sending the CSR to a certificate authority (CA); and obtaining, at the appliance, a signed certificate from the CA based on the verification data obtained from the verification database, wherein the CA has access to the verification database. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method to permit secure communications with an appliance, the method comprising:
-
receiving, from the appliance, a certificate signing request (CSR) signed with a manufacturing private key from a manufacturing key pair, wherein the CSR includes a serial number of the appliance and a communications public key from a communications key pair; extracting the serial number from the CSR; interrogating a verification database with the serial number to access a manufacturing public key associated with the serial number; verifying the signature on the CSR with the manufacturing public key; and responsive to verifying the signature on the CSR with the manufacturing public key, returning a signed certificate to the appliance.
-
-
20. A non-transitory tangible machine-readable medium having stored thereon data representing sets of instructions which, when executed by a machine, cause the machine to:
-
generate, at a processing system of an appliance, verification data, including a manufacturing public key and a serial number of the appliance, for the processing system; communicate the verification data from the processing system of the appliance to a verification database; and obtain a signed certificate from a certificate authority (CA), based on the verification data stored in the verification database, wherein the CA has access to the verification database.
-
Specification