Provisioning a network appliance

US 8,191,123 B2
Filed: 11/27/2007
Issued: 05/29/2012
Est. Priority Date: 11/27/2007
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

receiving a user login at a network appliance; and

initializing the network appliance without user input in response to receiving the user login, the initializing comprising;

determining that the network appliance is not initialized;

generating a provisionally unique identifier from the network appliance for identifying the network appliance;

generating, by the network appliance, a digital certificate signing request (CSR);

sending a message to a service provider, the message comprising the CSR, the provisionally unique identifier, time information associated with the CSR and information about the user login;

receiving a signed certificate from the service provider at the network appliance, wherein the signed certificate was generated in response to the message having been evaluated to determine whether the provisionally unique identifier is unique to the service provider and whether the time information indicates that the message was received within a predetermined time period; and

initializing the network appliance using the received signed certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and generating a provisionally unique identifier from the network appliance for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR, the provisionally unique identifier, and information about the user login to a service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate.

Citations

18 Claims

1. A computer implemented method, comprising:
- receiving a user login at a network appliance; and
  
  initializing the network appliance without user input in response to receiving the user login, the initializing comprising;
  
  determining that the network appliance is not initialized;
  
  generating a provisionally unique identifier from the network appliance for identifying the network appliance;
  
  generating, by the network appliance, a digital certificate signing request (CSR);
  
  sending a message to a service provider, the message comprising the CSR, the provisionally unique identifier, time information associated with the CSR and information about the user login;
  
  receiving a signed certificate from the service provider at the network appliance, wherein the signed certificate was generated in response to the message having been evaluated to determine whether the provisionally unique identifier is unique to the service provider and whether the time information indicates that the message was received within a predetermined time period; and
  
  initializing the network appliance using the received signed certificate.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the user login comprises a user name.
  - 3. The method of claim 1, wherein the provisionally unique identifier is not known beforehand by the network appliance.
  - 4. The method of claim 1, wherein the determination that the network appliance is not initialized is made by evaluating whether the network appliance has a signed certificate.
  - 5. The method of claim 1, wherein the provisionally unique identifier is generated using a location of the network appliance, the location including an IP address.

6. A computer implemented method, comprising:
- receiving a user login at a network appliance; and
  
  initializing the network appliance without user input in response to receiving the user login, the initializing comprising;
  
  determining whether the network appliance comprises a signed certificate from a service provider;
  
  if the network appliance does not have a signed certificate, generating a digital certificate signing request (CSR) by the network appliance that includes a provisionally unique identifier for identifying the network appliance;
  
  sending a message to a service provider, the message comprising the CSR, time information associated with the CSR and the provisionally unique identifier, to determine whether the network appliance is to be activated; and
  
  in response to receiving a signed certificate, initializing the network appliance, wherein the signed certificate was generated in response to the message having been evaluated to determine whether the provisionally unique identifier is unique to the service provider and whether the time information indicates that the message was received within a predetermined time period.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein the CSR comprises user credentials of a user who has logged into the network appliance.
  - 8. The method of claim 7, further comprising sending a notification message to the user that the network appliance has been activated.
  - 9. The method of claim 6, wherein the CSR includes configuration information, or credential information for the network appliance.

10. A non-transitory machine-accessible medium including instructions that, when executed by a network appliance, cause the network appliance to perform a computer implemented method comprising:
- initializing the network appliance without user input in response to receiving a user login at the network appliance, the initializing comprising;
  
  determining that the network appliance is not initialized;
  
  generating a provisionally unique identifier by the network appliance for identifying the network appliance;
  
  generating a certificate signing request (CSR) by the network appliance;
  
  sending a message to a service provider, the message comprising the CSR, time information associated with the CSR and the provisionally unique identifier;
  
  receiving a signed certificate from the service provider at the network appliance, wherein the signed certificate was generated in response to the message having been evaluated to determine whether the provisionally unique identifier is unique to the service provider and whether the time information indicates that the message was received within a predetermined time period; and
  
  initializing the network appliance using the received signed certificate.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The non-transitory machine-accessible medium of claim 10, further comprising receiving credential information of a user logged into the network appliance.
  - 12. The non-transitory machine-accessible medium of claim 10, wherein the provisionally unique identifier is not known beforehand by the network appliance implementing the method.
  - 13. The non-transitory machine-accessible medium of claim 10, wherein the certificate signing request has been automatically generated by the network appliance upon a user logging into the network appliance.
  - 14. The non-transitory machine-accessible medium of claim 10, further including instructions that, when executed by a second machine, cause the second machine to perform a computer implemented method comprising:
    - evaluate the provisionally unique identifier to determine whether the provisionally unique identifier is unique; and
      
      if not,sending a request to the network appliance to generate another provisionally unique identifier.
  - 15. The non-transitory machine-accessible medium of claim 14, the method further comprising:
    - signing the signed certificate in response to validating credential information of a user logged in at the network appliance.

16. A computing system, comprising:
- a network appliance, to receive a user login, to determine whether a signed certificate exists on the network appliance, and if not, to automatically initialize the network appliance, wherein to automatically initialize the network appliance, the network appliance generates a provisionally unique identifier of the network appliance to be transmitted to a service provider; and
  
  the service provider networked with the network appliance, to receive a certificate signing request (CSR) from the network appliance, the certificate signing request including the provisionally unique identifier and time information associated with the CSR, and to sign a certificate for the network appliance if login credentials from the user login are recognized, the provisionally unique identifier is unique to the service provider, and the time information indicates that the CSR was received within a predetermined time period.
- View Dependent Claims (17, 18)
- - 17. The computing system of claim 16, further comprising:
    - a client networked with the network appliance to permit a user to login to the network appliance.
  - 18. The computing system of claim 16, wherein the provisionally unique identifier is not known beforehand by the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Schneider, James P., Riemers, Bill C.
Primary Examiner(s)
ARMOUCHE, HADI S

Application Number

US11/998,098
Publication Number

US 20090138947A1
Time in Patent Office

1,645 Days
Field of Search

726/5, 726/10, 713/2, 713/155, 713/156, 713/175, 713/178
US Class Current

726/5
CPC Class Codes

G06F 21/33 using certificates

Provisioning a network appliance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning a network appliance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links