Secure network deployment

US 8,732,279 B2
Filed: 08/18/2006
Issued: 05/20/2014
Est. Priority Date: 08/18/2006
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

identifying a plurality of customized profiles for a network device model, wherein a first one of the profiles is customized for a first user and contains at least one different parameter for selected services than a second one of the profiles for a second user;

creating, using a call controller, a table associating each one of the customized profiles with a unique Personal Identification Number (PIN);

providing a web page form for registration of a network device;

receiving, at the call controller via the web page form, a message originating from the network device to be configured, wherein the call controller is a first party, and the network device is a second party;

the message further comprises;

a submitted PIN, and a manufacturer installed certificate, which includes a media access control (MAC) address, issued by a trusted third party;

wherein the message is signed using a public key included in the manufacturer installed certificate and contains the manufactured installed certificate within the message, wherein the manufactured installed certificate including the MAC address is appended into the web page form;

comparing, using the call controller, the submitted PIN included in the received message to the table;

identifying, using the call controller, a particular one of the customized profiles in the table according to the comparison;

extracting, using the call controller, the address from the manufacturer installed certificate of the network device included in the received message;

formatting, using the call controller, an entry in the table for the particular customized profile including the selected services with a value of the extracted MAC address; and

causing, using the call controller, the particular customized profile to be downloaded to the network device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a Manufacturer Installed Certificate (MIC) and a personal identification number are sent to a call controller to request a configuration profile. When the configuration file is received, the IP phone is provisioned according to the configuration profile.

59 Citations

View as Search Results

12 Claims

1. A method, comprising:
- identifying a plurality of customized profiles for a network device model, wherein a first one of the profiles is customized for a first user and contains at least one different parameter for selected services than a second one of the profiles for a second user;
  
  creating, using a call controller, a table associating each one of the customized profiles with a unique Personal Identification Number (PIN);
  
  providing a web page form for registration of a network device;
  
  receiving, at the call controller via the web page form, a message originating from the network device to be configured, wherein the call controller is a first party, and the network device is a second party;
  
  the message further comprises;
  
  a submitted PIN, and a manufacturer installed certificate, which includes a media access control (MAC) address, issued by a trusted third party;
  
  wherein the message is signed using a public key included in the manufacturer installed certificate and contains the manufactured installed certificate within the message, wherein the manufactured installed certificate including the MAC address is appended into the web page form;
  
  comparing, using the call controller, the submitted PIN included in the received message to the table;
  
  identifying, using the call controller, a particular one of the customized profiles in the table according to the comparison;
  
  extracting, using the call controller, the address from the manufacturer installed certificate of the network device included in the received message;
  
  formatting, using the call controller, an entry in the table for the particular customized profile including the selected services with a value of the extracted MAC address; and
  
  causing, using the call controller, the particular customized profile to be downloaded to the network device.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the manufacturer installed certificate corresponds to a manufacturer installed unique value stored in a non-volatile memory for the network device by a manufacturer of the network device during manufacture of the network device.
  - 3. The method of claim 1, further comprising:
    - logging into a uniform resource locator (URL) addressed web page using authentication credentials;
      
      selecting a base profile using a menu;
      
      selecting a phone model based on the selected base profile;
      
      specifying, in the table entry, at least one of a plurality of services associated with the selected phone model, the services including at least ring tone selections and speed dial values;
      
      assigning a phone number based on a pool associated with the table entry; and
      
      generating the unique PIN for the table entry.
  - 4. The method of claim 1, wherein the manufacturer installed certificate is located in an eXtensible Markup Language (XML) signature of the received message.

5. An apparatus, comprising:
- a memory including instructions configured to;
  
  generate a table associating each one of a plurality of customized profiles for a same network device model with a unique personal identifier, wherein a first one of the profiles is customized for a first user and contains at least one different parameter for a phone service than a second one of the profiles for a second user;
  
  provide a web page form for configuration of the network device;
  
  receive a message originating from the network device to be configured, the message comprising;
  
  a submitted personal identifier, and a manufacturer installed certificate which includes a media access control (MAC) address;
  
  wherein the manufacturer installed certificate including the MAC address is appended to the web page form;
  
  wherein the message is signed using a public key included in the manufacturer installed certificate, and contains the manufactured installed certificate within the message;
  
  compare the submitted personal identifier included in the received message to the table;
  
  identify a particular one of the customized profiles in the table according to the comparison;
  
  extract the MAC address from the manufacturer installed certificate included in the received message;
  
  store a value of the extracted MAC address in a table entry for the particular customized profile and associated with the phone service; and
  
  cause the particular customized profile to be downloaded to the network device.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The apparatus of claim 5, wherein the manufacturer installed certificate corresponds to a manufacturer installed unique value inserted into a memory of the network device by a manufacturer of the network device.
  - 7. The apparatus of claim 5, wherein the instructions are configured to:
    - log into a uniform resource locator (URL) addressed web page using authentication credentials;
      
      select a base profile using a menu;
      
      select a phone model based on the selected base profile;
      
      specify, in the table entry, at least one of a plurality of services associated with the selected phone model, the services including at least ring tone selections and speed dial values;
      
      assign a phone number based on a pool associated with the table entry; and
      
      generate the unique personal identifier for the table entry.
  - 8. The apparatus of claim 5, wherein the manufacturer installed certificate is located in an eXtensible Markup Language (XML) signature of the received message.
  - 9. The apparatus of claim 5, wherein the instructions are configured to:
    - select a template;
      
      select a phone model based on the selected template; and
      
      assign a phone number based on a pool associated with the selected template and the selected phone model to create the table entry.
  - 10. The apparatus of claim 5, wherein the instructions are configured to exchange communications with a Trivial File Transfer Protocol (TFTP) server to provide a configuration based on the table entry to the network device.
  - 11. The apparatus of claim 10, wherein the configuration contains a Locally Significant Certificate (LSC).

12. A method, comprising:
- identifying a plurality of customized profiles for a network device model, wherein a first one of the profiles is customized for a first user and contains at least one different parameter than a second one of the profiles for a second user;
  
  creating, using a call controller, a table associating each one of the customized profiles with a unique Personal Identification Number (PIN);
  
  providing a web page to configure the network device model;
  
  receiving, at the call controller, the call controller being a first party, a message originating from a network device to be configured, and the network device being a second party;
  
  the message further comprises;
  
  a submitted PIN, and a manufacturer installed certificate, which includes a media access control (MAC) address, issued by a trusted third party;
  
  wherein the manufacturer installed certification including the MAC address is appended to the web page;
  
  comparing, using the call controller, the submitted PIN included in the received message to the table;
  
  identifying, using the call controller, a particular one of the customized profiles in the table according to the comparison;
  
  extracting, using the call controller, the MAC address from the manufacturer installed certificate of the network device included in the received message;
  
  formatting, using the call controller, an entry in the table for the particular customized profile with a value of the extracted MAC address; and
  
  causing, using the call controller, the particular customized profile to be downloaded to the network device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Nedeltchev, Plamen, Bell, Robert T., Pritikin, Max
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
Benoit, Esther

Application Number

US11/465,598
Publication Number

US 20080046735A1
Time in Patent Office

2,832 Days
Field of Search

709/220
US Class Current

709/220
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/0892   by using authentication-aut...

H04L 67/303   Terminal profiles

Secure network deployment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Secure network deployment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links