Certifying the identity of a network device

US 8,650,394 B2
Filed: 11/14/2011
Issued: 02/11/2014
Est. Priority Date: 03/12/2003
Status: Active Grant

First Claim

Patent Images

1. A method for certifying the identity of a network device, the method comprising:

directly physically coupling the network device to a provisioning device via an electrical cable without requiring any network connectivity;

wherein the provisioning device comprises both a configuration module and a certification module;

the provisioning device certifying the identity of the network device by performing;

the configuration module generating a cryptographic public/private key pair for the network device and the certification module obtaining a digital certificate for the network device, and sending both the generated private key and the obtained digital certificate to the network device over the electrical cable;

wherein the obtained digital certificate is signed by a certificate authority;

wherein the obtained digital certificate includes the generated public key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one aspect, a method for certifying the identity of a network device. The method includes an initial step of coupling the network device to a provisioning device via a physically secure communications link. The provisioning device then certifies the identity of the network device including generating a cryptographic private key for the network device and sending the generated private key to the network device over the physically secure communications link.

Citations

30 Claims

1. A method for certifying the identity of a network device, the method comprising:
- directly physically coupling the network device to a provisioning device via an electrical cable without requiring any network connectivity;
  
  wherein the provisioning device comprises both a configuration module and a certification module;
  
  the provisioning device certifying the identity of the network device by performing;
  
  the configuration module generating a cryptographic public/private key pair for the network device and the certification module obtaining a digital certificate for the network device, and sending both the generated private key and the obtained digital certificate to the network device over the electrical cable;
  
  wherein the obtained digital certificate is signed by a certificate authority;
  
  wherein the obtained digital certificate includes the generated public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the step of coupling the network device to the provisioning device is performed by a human.
  - 3. The method of claim 1, further comprising the provisioning device certifying the identity of the network device without requiring the network device to have any network connectivity.
  - 4. The method of claim 1, wherein the certification module includes the certificate authority;
    - and wherein obtaining the digital certificate for the network device includes the certificate authority generating the digital certificate for the network device.
  - 5. The method of claim 1, wherein the provisioning device is human portable.
  - 6. The method of claim 1, wherein the provisioning device is a smart card comprising a processor, and the step of coupling the network device to the provisioning device comprises inserting the smart card into the network device.
  - 7. The method of claim 1, further comprising certifying the identity of the network device at the network device'"'"'s ultimate physical point of deployment.
  - 8. The method of claim 1, wherein the provisioning device comprises an identity registrar for verifying information associated with a request for the digital certificate.
  - 9. The method of claim 8, wherein the identity registrar is a PKI registration authority.
  - 10. The method of claim 1, wherein the provisioning device is operatively coupled to the certificate authority by a network;
    - and wherein obtaining the digital certificate for the network device includes the provisioning device receiving the digital certificate from the certificate authority over the network.

11. One or more non-transitory computer-readable media storing one or more sequences of instructions that, when executed by one or more processors, cause performance of a method for certifying the identity of a network device, the method comprising the step of:
- a provisioning device, comprising both a configuration module and a certification module, certifying the identity of the network device by performing;
  
  the configuration module generating a cryptographic public/private key pair for the network device and the certification module obtaining a digital certificate for the network device, and sending both the generated private key and the obtained digital certificate to the network device over an electrical cable;
  
  wherein the obtained digital certificate is signed by a certificate authority;
  
  wherein the obtained digital certificate includes the generated public key.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The one or more non-transitory computer-readable media of claim 11, the method further comprising the provisioning device certifying the identity of the network device without requiring the network device to have any network connectivity.
  - 13. The one or more non-transitory computer-readable media of claim 11, wherein the certification module includes the certificate authority;
    - and wherein obtaining the digital certificate for the network device includes the certificate authority generating the digital certificate for the network device.
  - 14. The one or more non-transitory computer-readable media of claim 11, wherein the provisioning device is mechanically and electrically coupled to the network device with an electrical cable.
  - 15. The one or more non-transitory computer-readable media of claim 11, wherein the provisioning device is human portable.
  - 16. The one or more non-transitory computer-readable media of claim 11, wherein the provisioning device is a smart card comprising the one or more non-transitory computer-readable media and the one or more processors.
  - 17. The one or more non-transitory computer-readable media of claim 11, the method further comprising certifying the identity of the network device at the network device'"'"'s ultimate physical point of deployment.
  - 18. The one or more non-transitory computer-readable media of claim 11, wherein the provisioning device comprises an identity registrar for verifying information associated with a request for the digital certificate.
  - 19. The one or more non-transitory computer-readable media of claim 18, wherein the identity registrar is a PKI registration authority.
  - 20. The one or more non-transitory computer-readable media of claim 11, wherein the provisioning device is operatively coupled to the certificate authority by a network;
    - and wherein obtaining the digital certificate for the network device includes the provisioning device receiving the digital certificate from the certificate authority over the network.

21. A provisioning device comprising:
- one or more processors;
  
  one or more non-transitory computer-readable media storing one or more sequences of instructions that, when executed by the one or more processors, cause performance of a method for certifying the identity of a network device, the method comprising the step of;
  
  the provisioning device, comprising both a configuration module and a certification module, certifying the identity of the network device by performing;
  
  the configuration module generating a cryptographic public/private key pair for the network device and the certification module obtaining a digital certificate for the network device, and sending both the generated private key and the obtained digital certificate to the network device over an electric cable that directly and physically couples the network device to the provisioning device;
  
  wherein the obtained digital certificate is signed by a certificate authority;
  
  wherein the obtained digital certificate includes the generated public key.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The provisioning device of claim 21, the method further comprising the provisioning device certifying the identity of the network device without requiring the network device to have any network connectivity.
  - 23. The provisioning device of claim 21, wherein the certification module includes the certificate authority;
    - and wherein obtaining the digital certificate for the network device includes the certificate authority generating the digital certificate for the network device.
  - 24. The provisioning device of claim 21, wherein the provisioning device is mechanically and electrically coupled to the network device with an electrical cable.
  - 25. The provisioning device of claim 21, wherein the provisioning device is human portable.
  - 26. The provisioning device of claim 21, wherein the provisioning device is a smart card.
  - 27. The provisioning device of claim 21, the method further comprising certifying the identity of the network device at the network device'"'"'s ultimate physical point of deployment.
  - 28. The provisioning device of claim 21, wherein the provisioning device comprises an identity registrar for verifying information associated with a request for the digital certificate.
  - 29. The provisioning device of claim 28, wherein the identity registrar is a PKI registration authority.
  - 30. The provisioning device of claim 21, wherein the provisioning device is operatively coupled to the certificate authority by a network;
    - and wherein obtaining the digital certificate for the network device includes the provisioning device receiving the digital certificate from the certificate authority over the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Vilhuber, Jan, Pritikin, Max
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Nobahar, Abdulhakim

Application Number

US13/296,069
Publication Number

US 20120060027A1
Time in Patent Office

820 Days
Field of Search

713/153, 713/155, 713/156, 726/1, 726/4, 726/10, 726/11, 726/18, 726/21, 709/220, 709223-225
US Class Current

713/156
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/3263   involving certificates, e.g...

Certifying the identity of a network device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Certifying the identity of a network device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links