Method and apparatus for integrated provisioning of a network device with configuration information and identity certification
First Claim
1. A provisioning server for provisioning a network device, comprising:
- a configuration module that is adapted for configuring the network device; and
an identification certification module that is configured for certifying the identity of the network device;
wherein the provisioning server is adapted to securely couple to the network device via a physically secure direct communications link;
wherein the configuration module is adapted for configuring the network device over the physically secure direct communications link without requiring the network device to have any network connectivity;
anwherein the identification certification module is configured for obtaining certification of the network device'"'"'s identity over the physically secure direct communications link without requiring the network device to have any network connectivity; and
wherein the identification certification module is configured for generating a cryptographic private key for the network device.
0 Assignments
0 Petitions
Accused Products
Abstract
According to one aspect, a provisioning server comprises a configuration module that configures a network device and an identification certification module that certifies the identity of the network device. With use of the provisioning server, the network device does not require configuration with network connectivity in order to obtain its certified identity. In one embodiment, configuration module configures the device for operation at the device'"'"'s point of deployment in a network. In one embodiment, the identity certification module is configured to generate a digital certificate for the network device and the configuration module is configured to automatically configure the network device based on its digital certificate. The provisioning server is coupled to the network device with a secure communication link. As a result, a more trusted network device is ultimately deployed into its network of operation.
-
Citations
31 Claims
-
1. A provisioning server for provisioning a network device, comprising:
-
a configuration module that is adapted for configuring the network device; and an identification certification module that is configured for certifying the identity of the network device; wherein the provisioning server is adapted to securely couple to the network device via a physically secure direct communications link; wherein the configuration module is adapted for configuring the network device over the physically secure direct communications link without requiring the network device to have any network connectivity;
anwherein the identification certification module is configured for obtaining certification of the network device'"'"'s identity over the physically secure direct communications link without requiring the network device to have any network connectivity; and wherein the identification certification module is configured for generating a cryptographic private key for the network device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for provisioning a network device, the method comprising the computer-implemented steps of:
-
configuring the network device over a physically secure direct communications link without requiring the network device to have any network connectivity; and certifying the identity of the network device over the physically secure direct communications link without requiring the network device to have any network connectivity; and wherein certifying the identity of the network device includes generating a cryptographic private key for the network device. - View Dependent Claims (14, 15, 16)
-
-
17. A computer-readable non-transitory medium storing one or more sequences of instructions for provisioning a network device, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
configuring the network device over a physically secure direct communications link without requiring the network device to have any network connectivity; and certifying the identity of the network device over the physically secure direct communications link without requiring the network device to have any network connectivity; and wherein certifying the identity of the network device includes generating a cryptographic private key for the network device. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A system for provisioning a network device, the system comprising:
-
means for configuring the network device; and means for certifying the identity of the network device; wherein the system is adapted to securely couple to the network device via a physically secure direct communications link; wherein the system is adapted for configuring the network device over the physically secure direct communications link without requiring the network device to have any network connectivity; wherein the system is configured for obtaining certification of the network device'"'"'s identity over the physically secure direct communications link without requiring the network device to have any network connectivity; and wherein the system is configured for generating a cryptographic private key for the network device.
-
-
25. A device for provisioning a network device, the device comprising:
-
one or more processors; a computer-readable storage medium comprising one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to carry out the steps of; configuring the network device; and certifying the identity of the network device; wherein the device is adapted to securely couple to the network device via a physically secure direct communications link; wherein the device is adapted for configuring the network device over the physically secure direct communications link without requiring the network device to have any network connectivity;
anwherein the device is configured for obtaining certification of the network device'"'"'s identity over the physically secure direct communications link without requiring the network device to have any network connectivity; and wherein the device is configured for generating a cryptographic private key for the network device. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
Specification