Networked device branding for secure interaction in trust webs on open networks
First Claim
1. A branding process to establish cryptographically secured interaction among networked computing devices within a trust group, the trust group comprising a group of devices, on an open multi-access network, comprising:
- securely networking a security-uninitialized device with a branding device via a secured network medium;
generating a branding certificate at the branding device, the branding certificate instructing that the security-uninitialized device trust the branding device, the branding certificate further containing key data for verifying certificates provided by other devices on the open multi-access network to the security-uninitialized device are authenticated by the branding device;
transmitting the branding certificate from the branding device to the security-uninitialized device via the secured network medium;
generating a trust group membership certificate at the branding device which is signed by the branding device, the trust group membership certificate containing a signed group name as well as a signed key identifying the security-uninitialized device such that, when the security-uninitialized device sends the trust group certificate to a branded device which is a member of the trust group, the trust group certificate is validated by the branded device, and the branded device verifies that the security-uninitialized device identified in the trust group membership certificate is a member of the trust group of devices referred to by the group name;
transmitting the trust group membership certificate from the branding device to the security-uninitialized device via the secured network medium; and
initializing a security resolver of the security-uninitialized device to use the key data of the branding certificate to authenticate other devices interacting with the security-uninitialized device on the open multi-access network are in the trust group, and to provide the trust group membership certificate to such other devices as authentication that the security-uninitialized device is a member of the trust group, such that at least some interaction via the open multi-access network with the security-uninitialized device is cryptographically secured to only other devices in the trust group.
2 Assignments
0 Petitions
Accused Products
Abstract
A branding process provides a networked computing device with initial set up information, including a name, a public/private key pair, and a set of certificates the device will need to inter-operate with other devices in the trust group. A branding device conveys the initial set-up information to the networked computing device via a limited access network interface, or alternatively via a broadcast network media with the device enclosed in a wave guide and/or Faraday cage. The networked computing device can then use the set up information to verify that other devices on the network that seek to interact with the device are also members of the trust group, with which networked computing device can interact.
-
Citations
19 Claims
-
1. A branding process to establish cryptographically secured interaction among networked computing devices within a trust group, the trust group comprising a group of devices, on an open multi-access network, comprising:
-
securely networking a security-uninitialized device with a branding device via a secured network medium; generating a branding certificate at the branding device, the branding certificate instructing that the security-uninitialized device trust the branding device, the branding certificate further containing key data for verifying certificates provided by other devices on the open multi-access network to the security-uninitialized device are authenticated by the branding device; transmitting the branding certificate from the branding device to the security-uninitialized device via the secured network medium; generating a trust group membership certificate at the branding device which is signed by the branding device, the trust group membership certificate containing a signed group name as well as a signed key identifying the security-uninitialized device such that, when the security-uninitialized device sends the trust group certificate to a branded device which is a member of the trust group, the trust group certificate is validated by the branded device, and the branded device verifies that the security-uninitialized device identified in the trust group membership certificate is a member of the trust group of devices referred to by the group name; transmitting the trust group membership certificate from the branding device to the security-uninitialized device via the secured network medium; and initializing a security resolver of the security-uninitialized device to use the key data of the branding certificate to authenticate other devices interacting with the security-uninitialized device on the open multi-access network are in the trust group, and to provide the trust group membership certificate to such other devices as authentication that the security-uninitialized device is a member of the trust group, such that at least some interaction via the open multi-access network with the security-uninitialized device is cryptographically secured to only other devices in the trust group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A networked computing device supporting branding to establish cryptographically secured interaction with other devices within a trust group of devices on an open-access network, the networked computing device comprising:
-
a network interface for communicating on the open-access network; a security initializer operational to receive a branding certificate from a branding device securely networked to the networked computing device, the branding device having previously generated the branding certificate and trust group membership certificates, the security initializer further operational to initialize security resolvers with the branding certificate, wherein the branding certificate comprises branding key data for verifying certificates provided by other devices within the trust group on the open-access network; and a security resolver operational, after being initialized with the branding public key to authenticate trust group membership certificates separate from the branding certificate provided to the networked computing device from other devices via the network interface using the branding key data and to verify that the other devices providing trust group membership certificates are members of the trust group of devices, and further operational to inhibit interaction via the network interface with other devices not authenticated as in the trust group of devices, the security resolver being initially uninitialized; wherein each trust group membership certificate received after the security resolver is initialized is sent by an other device and each trust group membership certificates comprises; a signed name for a trust group; and a signed identifier for the other device sending the trust group membership certificate. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. One or more computer-readable storage media containing instructions which, when executed on a computer, cause the computer to perform a branding process to establish cryptographically secured interaction among networked computing devices within a trust group, the trust group comprising a group of devices, on an open multi-access network, the branding process comprising:
-
securely networking a security-uninitialized device with a branding device via a secured network medium; generating a branding certificate at the branding device, the branding certificate instructing that the security-uninitialized device trust the branding device, the branding certificate further containing key data for verifying certificates provided by other devices on the open multi-access network to the security-uninitialized device are authenticated by the branding device; transmitting the branding certificate from the branding device to the security-uninitialized device via the secured network medium; generating a trust group membership certificate at the branding device which is signed by the branding device, the trust group membership certificate containing a signed group name as well as a signed key identifying the security-uninitialized device such that, when the security-uninitialized device sends the trust group certificate to a branded device which is a member of the trust group, the trust group certificate is validated by the branded device, and the branded device verifies that the security-uninitialized device identified in the trust group membership certificate is a member of the trust group of devices referred to by the group name; transmitting the trust group membership certificate from the branding device to the security-uninitialized device via the secured network medium; and initializing a security resolver of the security-uninitialized device to use the key data of the branding certificate to authenticate other devices interacting with the security-uninitialized device on the open multi-access network are in the trust group, and to provide the trust group membership certificate to such other devices as authentication that the security-uninitialized device is a member of the trust group, such that at least some interaction via the open multi-access network with the security-uninitialized device is cryptographically secured to only other devices in the trust group.
-
Specification