Secure gateway with redundent servers
First Claim
Patent Images
1. A system for authenticating postal devices, comprising:
- a postal device including a device processor coupled to a device memory storing a device private key, a first device certificate, and a first server certificate, the first device certificate comprising a device public key and a digital signature of the device public key based upon a first server private key, the first server certificate comprising a first server public key and a digital signature thereof based upon a root private key;
a first server including a first processor coupled to a first memory storing the first server private key and the first server certificate;
a root server including a root processor coupled to a root memory storing the root private key and a root certificate comprising a root public key;
a second server providing functionality to said postal device redundant to functionality provided by said first server, said second server including a second processor coupled to a second memory storing a second server private key, a second server certificate comprising a second server public key and a digital signature thereof based upon the root private key and instructions configured to be executed by the second processor to receive from the postal device at the second server the first device certificate and the first server certificate, authenticate the first device certificate using the first server certificate, authenticate the first server certificate using the root certificate and send a second device certificate to the postal device,each of said first server and said second server being configured to service said postal device while said postal device is in an operational state,the system configured not to replicate data between said first server and said second server.
4 Assignments
0 Petitions
Accused Products
Abstract
A secure gateway includes a TLS server for authenticating connecting devices, a connection manager for routing requests from the TLS server to service provider adapters, and a key management system for providing key management functions, wherein when a device provides a manufacturing certificate to one or more servers of the gateway, servers identify the device as authentic by validating that the manufacturing certificate provided is signed by the same root that has signed the servers its own certificate.
34 Citations
20 Claims
-
1. A system for authenticating postal devices, comprising:
-
a postal device including a device processor coupled to a device memory storing a device private key, a first device certificate, and a first server certificate, the first device certificate comprising a device public key and a digital signature of the device public key based upon a first server private key, the first server certificate comprising a first server public key and a digital signature thereof based upon a root private key; a first server including a first processor coupled to a first memory storing the first server private key and the first server certificate; a root server including a root processor coupled to a root memory storing the root private key and a root certificate comprising a root public key; a second server providing functionality to said postal device redundant to functionality provided by said first server, said second server including a second processor coupled to a second memory storing a second server private key, a second server certificate comprising a second server public key and a digital signature thereof based upon the root private key and instructions configured to be executed by the second processor to receive from the postal device at the second server the first device certificate and the first server certificate, authenticate the first device certificate using the first server certificate, authenticate the first server certificate using the root certificate and send a second device certificate to the postal device, each of said first server and said second server being configured to service said postal device while said postal device is in an operational state, the system configured not to replicate data between said first server and said second server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for authenticating a postal device having a first device certificate and a first server certificate for a first server, the first device certificate including a device public key and a digital signature thereof based upon a first server private key, the first server certificate having a first public key and a digital signature thereof based upon a root server private key, comprising:
-
receiving from the postal device at a second server the first device certificate and the first server certificate, the second server configured to provide functionality to the postal device redundant to functionality provided by the first server; authenticating the first device certificate using the first server certificate; authenticating the first server certificate using a root certificate that includes a root server public key corresponding to the root server private key; and in response to the first device certificate and the certificate of the first server being authenticated, creating a second device certificate and sending the second device certificate to the postal device, each of the first server and the second server being configured to service said postal device while said postal device is in an operational state, the first server and the second server configured not to replicate data between the first server and the second server. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer readable storage medium storing instructions configured to authenticate a postal device having a first device certificate and a first server certificate for a first server, the first device certificate including a device public key and a digital signature thereof based upon a first server private key, the first server certificate having a first public key and a digital signature thereof based upon a root server private key and to perform steps comprising:
-
receiving from the postal device at a second server the first device certificate and the first server certificate, the second server configured to provide functionality to the postal device redundant to functionality provided by the first server; authenticating the first device certificate using the first server certificate; authenticating the first server certificate using a root certificate that includes a root server public key corresponding to the root server private key; and in response to the first device certificate and the certificate of the first server being authenticated, creating a second device certificate and sending the second device certificate to the postal device, each of the first server and the second server being configured to service said postal device while said postal device is in an operational state, the first server and the second server configured not to replicate data between the first server and the second server. - View Dependent Claims (19, 20)
-
Specification