Device certificate individualization

US 9,336,359 B2
Filed: 02/06/2012
Issued: 05/10/2016
Est. Priority Date: 10/18/2004
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable memory devices or storage devices storing instructions which, when executed by one or more processing units, cause the one or more processing units to:

access an instance of a device certificate template, wherein the device certificate template is shared by a plurality of devices of a product line and the device certificate template includes product line characteristics of the plurality of devices of the product line; and

use the instance of the device certificate template and information specific to an individual device of the plurality of devices to obtain a device certificate for the individual device, wherein the information specific to the individual device distinguishes the individual device from other devices of the product line,wherein the device certificate that is obtained using the instance of the device certificate template and the information specific to the individual device enables the individual device to access protected content, andwherein the device certificate template provides a chain of trust structure linking a first certificate associated with a manufacturer of the individual device to a second certificate associated with a certificate authority.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of generating a device certificate. A method of generating a device certificate comprising, constructing a device certificate challenge at a device, sending information to a device certificate individualization server in response to the device certificate challenge, validating the device certificate challenge by the device certificate individualization server, and validating the device certificate response by the device.

782 Citations

23 Claims

1. One or more computer-readable memory devices or storage devices storing instructions which, when executed by one or more processing units, cause the one or more processing units to:
- access an instance of a device certificate template, wherein the device certificate template is shared by a plurality of devices of a product line and the device certificate template includes product line characteristics of the plurality of devices of the product line; and
  
  use the instance of the device certificate template and information specific to an individual device of the plurality of devices to obtain a device certificate for the individual device, wherein the information specific to the individual device distinguishes the individual device from other devices of the product line,wherein the device certificate that is obtained using the instance of the device certificate template and the information specific to the individual device enables the individual device to access protected content, andwherein the device certificate template provides a chain of trust structure linking a first certificate associated with a manufacturer of the individual device to a second certificate associated with a certificate authority.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The one or more computer-readable memory devices or storage devices of claim 1, the stored instructions further causing the processor to:
    - access another instance of the device certificate template; and
      
      use the another instance of the device certificate template and other information specific to another individual device of the plurality of devices to obtain another device certificate for the another individual device,wherein the instance of the device certificate template and the another instance of the device certificate template are identical, the information and the other information are different, and the device certificate and the another device certificate are different.
  - 3. The one or more computer-readable memory devices or storage devices of claim 1, wherein the instance of the device certificate template is stored on the individual device when accessed and the using comprises:
    - sending the instance of the device certificate template and the information specific to the individual device to another device that creates the device certificate for the individual device; and
      
      receiving the device certificate from the another device.
  - 4. The one or more computer-readable memory devices or storage devices of claim 3, wherein the product line characteristics included in the device certificate template comprise device features of the plurality of devices of the product line that distinguish the plurality of devices of the product line from another product line having different device features.
  - 5. The one or more computer-readable memory devices or storage devices of claim 4, wherein the first certificate is a device authorization certificate and the second certificate is an authorization root certificate.
  - 6. The one or more computer-readable memory devices or storage devices of claim 4, the stored instructions further causing the processor to:
    - create a challenge comprising the instance of the device certificate template, the information specific to the individual device, and a public key;
      
      send the challenge to the another device; and
      
      store a private key corresponding to the public key on the individual device.
  - 7. The one or more computer-readable memory devices or storage devices of claim 6, the stored instructions further causing the processor to:
    - receive the device certificate from the another device in an encrypted form; and
      
      decrypt the device certificate using the private key.

8. A computing device comprising:
- one or more processing units; and
  
  one or more memory devices or storage devices storing instructions which, when executed by the one or more processing units, cause the one or more processing units to;
  
  access a device certificate template for a product line, wherein the computing device is one of a plurality of devices of the product line and the device certificate template identifies one or more device features that are common to the plurality of devices of the product line; and
  
  use the device certificate template and information specific to the computing device to obtain a device certificate for the computing device,wherein;
  
  the device certificate enables the computing device to access protected content,the device certificate template comprises another certificate associated with a manufacturer of the plurality of computing devices of the product line, andthe one or more device features included in the device certificate template distinguish the product line from at least some other product lines.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The computing device of claim 8, wherein the device certificate template comprises an authorization root certificate associated with a certificate authority.
  - 10. A system comprising the computing device of claim 8 and a server configured to create the device certificate based on the device certificate template and the information specific to the computing device and send the device certificate to the computing device.
  - 11. The system of claim 10, wherein the server is further configured to:
    - create the device certificate by filling in sections of the device certificate template with the information specific to the computing device;
      
      create another device certificate for another computing device of the product line by filling in the sections of the device certificate template with other information specific to the another computing device; and
      
      send the another device certificate to the another computing device.
  - 12. The computing device of claim 8, wherein the one or more device features identified by the device certificate template include a model identifier shared by each of the plurality of devices of the product line.
  - 13. The computing device of claim 12, wherein the information specific to the computing device comprises a serial number of the computing device.
  - 14. The computing device of claim 13, wherein the another certificate is a device authorization certificate.
  - 15. The computing device of claim 8, wherein the device certificate template comprises a partial chain of trust that is completed by the device certificate.
  - 16. The computing device of claim 8, wherein the instructions further cause the one or more processing units to:
    - generate a key pair comprising a public key and a private key;
      
      store the private key on the computing device;
      
      send the public key, the device certificate template, and the information specific to the computing device to another computing device that creates the device certificate and encrypts the device certificate using the public key;
      
      receive the device certificate from the another computing device in encrypted form; and
      
      decrypt the device certificate using the private key.

17. A method performed by at least one computer processing unit, the method comprising:
- populating a device certificate template to obtain a populated device certificate template comprising;
  
  information common to a plurality of computing devices of a product line,an authorization certificate associated with a manufacturer of the plurality of computing devices of the product line, andan authorization root certificate associated with a certificate authority, wherein the plurality of computing devices have stored thereon different identifiers;
  
  receiving, from the plurality of computing devices, the different identifiers; and
  
  using the populated device certificate template and the different identifiers to create a plurality of individualized device certificates for the plurality of computing devices responsive to receiving the different identifiers.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17, further comprising:
    - populating the device certificate template with a group certificate associated with the product line to obtain the populated device certificate template.
  - 19. The method of claim 17, further comprising:
    - receiving a public key from a first computing device of the product line;
      
      encrypting a first individualized device certificate with the public key; and
      
      sending the encrypted first individualized device certificate to the first computing device.
  - 20. The method of claim 17, further comprising:
    - receiving different template instances of the populated device template from the plurality of computing devices, the different template instances having corresponding template signatures; and
      
      verifying the template signatures prior to creating the plurality of individualized device certificates.
  - 21. The method of claim 20, further comprising:
    - receiving the different template instances in device certificate challenges having the different identifiers and challenge signatures; and
      
      verifying the challenge signatures prior to creating the plurality of individualized device certificates.
  - 22. The method of claim 17, wherein the plurality of computing devices are provided to users with the populated device template stored thereon.
  - 23. The method of claim 17, wherein the authorization certificate contains authorization from the certificate authority to the manufacturer to produce the plurality of individualized device certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Jain, Amit, Storm, Clifford Paul, Cutter, Benjamin Brooks Jr., Evans, Brian Patrick
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US13/367,198
Publication Number

US 20120137127A1
Time in Patent Office

1,555 Days
Field of Search

380/44, 380/285, 726/20, 713/156, 713/159, 713/173
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2209/603   Digital right managament [DRM]

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Device certificate individualization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

782 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Device certificate individualization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

782 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links