Provisioning a network appliance

US 8,191,122 B2
Filed: 11/27/2007
Issued: 05/29/2012
Est. Priority Date: 11/27/2007
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

determining that a network appliance is not initialized; and

initializing the network appliance without user input, the initializing comprising;

logging on to a server;

receiving from the server a unique identifier at the network appliance for identifying the network appliance;

generating a digital certificate signing request (CSR) by the network appliance;

sending the CSR and the unique identifier to the server with a timestamp;

receiving a signed certificate from the server at the network appliance, wherein the signed certificate was generated by the server in response to the server evaluating the CSR to determine that the timestamp has not expired and to verify a location of the network appliance, the location including an IP address; and

initializing the network appliance using the received signed certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and requesting and receiving a unique identifier from a service provider, where the unique identifier is used for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR with the unique identifier to the service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate.

45 Citations

View as Search Results

19 Claims

1. A computer implemented method, comprising:
- determining that a network appliance is not initialized; and
  
  initializing the network appliance without user input, the initializing comprising;
  
  logging on to a server;
  
  receiving from the server a unique identifier at the network appliance for identifying the network appliance;
  
  generating a digital certificate signing request (CSR) by the network appliance;
  
  sending the CSR and the unique identifier to the server with a timestamp;
  
  receiving a signed certificate from the server at the network appliance, wherein the signed certificate was generated by the server in response to the server evaluating the CSR to determine that the timestamp has not expired and to verify a location of the network appliance, the location including an IP address; and
  
  initializing the network appliance using the received signed certificate.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising receiving a user login having user credentials at the network appliance, wherein the user credentials comprise identifying information and authenticating information.
  - 3. The method of claim 1, wherein the server has compared the unique identifier sent to the network appliance with the unique identifier sent by the network appliance to determine whether to send the signed certificate to the network appliance.
  - 4. The method of claim 1, wherein determining that the network appliance is not initialized comprises evaluating whether the network appliance has a signed certificate.

5. A computer implemented method, comprising:
- determining whether a network appliance possesses a signed certificate from a service provider; and
  
  initializing the network appliance without user input, the initializing comprising;
  
  if the network appliance does not have a signed certificate, logging into the service provider using login credentials and requesting activation, and in response, receiving from the service provider, at the network appliance, a unique identifier for identifying the network appliance;
  
  generating a digital certificate signing request (CSR) by the network appliance that includes the received unique identifier and that further includes time information;
  
  sending the CSR, the time information and the unique identifier to the service provider to determine whether the network appliance is to be activated; and
  
  in response to receiving a signed certificate, initializing the network appliance, wherein the signed certificate was generated by the service provider in response to the service provider evaluating the CSR to determine that the time information shows that the CSR was timely received and to verify a location of the network appliance, the location including an IP address.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The method of claim 5, wherein the CSR is associated with user credentials of a user who has logged into the network appliance.
  - 7. The method of claim 6, further comprising sending a notification message to the user that the network appliance has been activated.
  - 8. The method of claim 5, wherein the signed certificate has been evaluated to determine whether the unique identifier sent in the CSR is the same as the unique identifier sent by the service provider, and in response, the signed certificate is signed.
  - 9. The method of claim 5, wherein the CSR includes configuration information or credential information for the network appliance.

10. A non-transitory machine-accessible medium including instructions that, when executed by a first machine, cause the first machine to perform a computer implemented method comprising:
- determining that a network appliance is not initialized; and
  
  initializing the network appliance without user input, the initializing comprising;
  
  requesting and receiving a unique identifier from a service provider for identifying the network appliance;
  
  generating a certificate signing request (CSR);
  
  sending the CSR, a timestamp and the received unique identifier to the service provider;
  
  receiving a signed certificate from the service provider at the network appliance, wherein the signed certificate was generated by the service provider in response to the service provider evaluating the CSR to determine that the timestamp has not expired and to verify a location of the network appliance, the location including an IP address; and
  
  initializing the network appliance using the received signed certificate.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The non-transitory machine-accessible medium of claim 10, further comprising receiving credential information of a user logged into the network appliance.
  - 12. The non-transitory machine-accessible medium of claim 10, wherein the unique identifier is encapsulated within the CSR.
  - 13. The non-transitory machine-accessible medium of claim 10, wherein the certificate signing request has been automatically generated by the network appliance upon a user logging into the network appliance and subsequently logging into the service provider.
  - 14. The non-transitory machine-accessible medium of claim 10, further including instructions that, when executed by a second machine, cause the second machine to perform a computer implemented method comprising:
    - comparing whether the unique identifier sent to the network appliance is the same as the unique identifier sent by the network appliance before signing the certificate.
  - 15. The non-transitory machine-accessible medium of claim 14, the method further comprising:
    - signing the signed certificate in response to validating credential information of a user logged in at the network appliance.

16. A computing system, comprising:
- a data store to store a signed certificate of a network appliance; and
  
  a processing device, coupled to the data store, wherein the processing device is configured to;
  
  receive a user login for the network appliance;
  
  receive credentials for logging on to a service provider;
  
  determine whether the signed certificate exists on the network appliance; and
  
  obtain the signed certificate without user input, the obtaining comprising;
  
  in response to determining that the signed certificate does not exist on the network appliance, requesting and receiving a unique identifier from the service provider,generating a certificate signing request (CSR),sending the CSR and the unique identifier to the service provider with time information, andreceiving the signed certificate from the service provider, wherein the signed certificate was generated by the service provider in response to the service provider evaluating the CSR to determine that the time information shows that the CSR was timely received and to verify a location of the network appliance, the location including an IP address.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16 further comprising:
    - the service provider networked with the network appliance, to receive the CSR from the network appliance, the CSR including the received unique identifier, and to sign a certificate for the network appliance if the unique identifier in the CSR is derived from the unique identifier sent by the service provider.
  - 18. The computing system of claim 16, further comprising:
    - a client networked with the network appliance to permit a user to login to the network appliance.
  - 19. The computing system of claim 16, wherein the unique identifier is known by the service provider before a request is received for the unique identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Schneider, James P., Riemers, Bill C.
Primary Examiner(s)
ARMOUCHE, HADI S

Application Number

US11/998,097
Publication Number

US 20090138946A1
Time in Patent Office

1,645 Days
Field of Search

726/5, 726/10, 713/2, 713/155, 713/156, 713/175, 713/178
US Class Current

726/5
CPC Class Codes

G06F 21/33 using certificates

Provisioning a network appliance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning a network appliance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links