Networking device provisioning

US 8,341,250 B2
Filed: 05/30/2009
Issued: 12/25/2012
Est. Priority Date: 05/30/2009
Status: Active Grant

First Claim

Patent Images

1. A logic encoded in one or more non-transitory tangible media for execution and when executed operable to perform a method, the method comprising:

storing, in a router, a set of device specific identification data;

a provisioning server storing an association between the router and a set of device specific provisioning data;

where the set of device specific provisioning data comprises a set of trusted public information that facilitates establishing a secure connection between the router and a device associated with the trusted public information;

where the device associated with the trusted public information is in a network in which the router is to be installed and that does not contain the provisioning server;

where a device associated with the trusted public information is any of, a certificate enrollment protocol registration authority, a virtual private network (VPN) hub, a VPN peer, and a group domain of interpretation (GDOI) server;

configuring the router to locate the provisioning server;

configuring the router to authenticate the provisioning server;

configuring the provisioning server to provide the set of device specific provisioning data to the router in response to receiving a provisioning data request from the router, where the provisioning data request facilitates authenticating the router with a portion of the set of device specific identification data, and to provide the set of trusted public information to the router after the router authenticates to the provisioning server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and other embodiments associated with network device provisioning are described. One example method includes storing a set of device specific identification data in a network device. The example method may also include storing an association between the network device and a set of device specific provisioning data. The example method may also include providing the set of device specific provisioning data to the network device. The set of device specific provisioning data may be provided in response to receiving a provisioning data request from the network device.

28 Citations

View as Search Results

24 Claims

1. A logic encoded in one or more non-transitory tangible media for execution and when executed operable to perform a method, the method comprising:
- storing, in a router, a set of device specific identification data;
  
  a provisioning server storing an association between the router and a set of device specific provisioning data;
  
  where the set of device specific provisioning data comprises a set of trusted public information that facilitates establishing a secure connection between the router and a device associated with the trusted public information;
  
  where the device associated with the trusted public information is in a network in which the router is to be installed and that does not contain the provisioning server;
  
  where a device associated with the trusted public information is any of, a certificate enrollment protocol registration authority, a virtual private network (VPN) hub, a VPN peer, and a group domain of interpretation (GDOI) server;
  
  configuring the router to locate the provisioning server;
  
  configuring the router to authenticate the provisioning server;
  
  configuring the provisioning server to provide the set of device specific provisioning data to the router in response to receiving a provisioning data request from the router, where the provisioning data request facilitates authenticating the router with a portion of the set of device specific identification data, and to provide the set of trusted public information to the router after the router authenticates to the provisioning server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The logic of claim 1, where the set of device specific identification data comprises a digital certificate.
  - 3. The logic of claim 1, where the set of device specific identification data comprises one or more of, a unique device identifier (UDI), and a public key certificate.
  - 4. The logic of claim 1, where the set of device specific identification data comprises an identification number.
  - 5. The logic of claim 4, where the identification number is one of, a media access control (MAC) address, and a behavior configuration number.
  - 6. The logic of claim 1, where the set of device specific provisioning data comprises a set of instructions that, when executed, cause the router to perform a behavior.
  - 7. The logic of claim 1, the method comprising receiving a set of purchase data, where the purchase data is associated with the set of device specific provisioning data.
  - 8. The logic of claim 1, where the set of device specific identification data is stored in the router during the manufacture of the router.
  - 9. The logic of claim 7, comprising providing a portion of the set of device specific identification data to a purchaser associated with the set of purchase data.
  - 10. The logic of claim 7, the method comprising:
    - causing the router to be shipped to a location identified by the set of purchase data.
  - 11. The logic of claim 1, where configuring the router to locate the provisioning server comprises providing the router with one of, a DNS name of the provisioning server, and IP address of the provisioning server.
  - 12. The logic of claim 1, where configuring the router to authenticate the provisioning server comprises configuring the router to process a trusted public credential of the provisioning server.

13. A method comprising:
- storing, in a router, a set of device specific identification data;
  
  a provisioning server storing an association between the router and a set of device specific provisioning data;
  
  where the device specific provisioning data comprises a set of trusted public information that facilitates establishing a secure connection between the router and a device associated with the trusted public information;
  
  where the device associated with the trusted public information is in a network in which the router is to be installed and that does not contain the provisioning server;
  
  where a device associated with the trusted public information is any of, a certificate enrollment protocol registration authority, a virtual private network (VPN) hub, a VPN peer, and a group domain of interpretation (GDOI) server;
  
  configuring the router to locate the provisioning server;
  
  configuring the router to authenticate the provisioning server;
  
  configuring the provisioning server to provide the set of device specific provisioning data to the router in response to receiving a provisioning data request from the router, where the provisioning data request facilitates authenticating the router with a portion of the set of device specific identification data, and to provide the set of trusted public information to the router after the router authenticates to the provisioning server.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13, where the set of device specific identification data comprises a digital certificate.
  - 15. The method of claim 13, where the set of device specific identification data comprises one or more of, a unique device identifier (UDI), and a public key certificate.
  - 16. The method of claim 13, where the set of device specific identification data comprises an identification number.
  - 17. The method of claim 16, where the identification number is one of, a media access control (MAC) address, and a behavior configuration number.
  - 18. The method of claim 13, where the set of device specific provisioning data comprises a set of instructions that, when executed, cause the router to perform a behavior.
  - 19. The method of claim 13, further comprising receiving a set of purchase data, where the purchase data is associated with the set of device specific provisioning data.
  - 20. The method of claim 13, where the set of device specific identification data is stored in the router during the manufacture of the router.
  - 21. The method of claim 19, comprising providing a portion of the set of device specific identification data to a purchaser associated with the set of purchase data.
  - 22. The method of claim 19, further comprising causing the router to be shipped to a location identified by the set of purchase data.
  - 23. The method of claim 13, where configuring the router to locate the provisioning server comprises providing the router with one of, a DNS name of the provisioning server, and IP address of the provisioning server.
  - 24. The method of claim 13, where configuring the router to authenticate the provisioning server comprises configuring the router to process a trusted public credential of the provisioning server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Pritikin, Max, McGrew, David A., Weis, Brian E., Vilhuber, Jan
Primary Examiner(s)
DAILEY, THOMAS J

Application Number

US12/475,487
Publication Number

US 20100306352A1
Time in Patent Office

1,305 Days
Field of Search

709/219, 709/221, 709/225, 713/156
US Class Current

709/221
CPC Class Codes

H04L 41/0806 for initial configuration o...

H04L 63/0823 using certificates cryptogr...

Networking device provisioning

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Networking device provisioning

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links