公开(公告)号：US09450951B2

公开(公告)日：2016-09-20

申请号：US14982693

申请日：2015-12-29

Applicant: Cisco Technology, Inc.

Inventor： Plamen Nedeltchev ,  Helder F. Antunes ,  David Sisto Iacobacci ,  Pedro Leonardo ,  Parag Thakore ,  Gautam M. Aggarwal ,  Anuj Sawani

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04L63/0823 ,  H04L63/0272 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/0876 ,  H04W12/04 ,  H04W12/06

Abstract: In one embodiment, a device and a services provisioning system establish an over-the-air connection with each other, and perform device posture validation to obtain a unique identification (ID) of the device at the provisioning system. The device and provisioning system then participate in device and user authentication in response to a confirmed unique ID by a backend access control system, where the device generates a secure key pair after successful user authentication. In response to the device being approved for services (e.g., checked by the provisioning system via a registration system), the provisioning system provides a root certificate to the device, and the device sends a certificate enrollment request back to the provisioning system. In response to a certificate authority signing the certificate request, the provisioning system returns a valid certificate to the device, and the valid certificate is installed on the device.

Abstract translation: 在一个实施例中，设备和服务提供系统彼此建立空中连接，并执行设备状态验证，以在配置系统获得设备的唯一标识（ID）。 设备和配置系统然后响应于后端接入控制系统的确认的唯一ID参与设备和用户认证，其中设备在成功的用户认证之后生成安全密钥对。 响应于设备被批准用于服务（例如，经由注册系统由供应系统检查），供应系统向设备提供根证书，并且设备将证书注册请求发回给供应系统。 响应证书颁发机构对证书请求的签名，配置系统将向设备返回有效的证书，并在设备上安装有效的证书。

公开(公告)号：US20160112410A1

公开(公告)日：2016-04-21

申请号：US14982693

申请日：2015-12-29

Applicant: Cisco Technology, Inc.

Inventor： Plamen Nedeltchev ,  Helder F. Antunes ,  David Sisto Iacobacci ,  Pedro Leonardo ,  Parag Thakore ,  Gautam M. Aggarwal ,  Anuj Sawani

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L63/0272 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/0876 ,  H04W12/04 ,  H04W12/06

Abstract: In one embodiment, a device and a services provisioning system establish an over-the-air connection with each other, and perform device posture validation to obtain a unique identification (ID) of the device at the provisioning system. The device and provisioning system then participate in device and user authentication in response to a confirmed unique ID by a backend access control system, where the device generates a secure key pair after successful user authentication. In response to the device being approved for services (e.g., checked by the provisioning system via a registration system), the provisioning system provides a root certificate to the device, and the device sends a certificate enrollment request back to the provisioning system. In response to a certificate authority signing the certificate request, the provisioning system returns a valid certificate to the device, and the valid certificate is installed on the device.

Abstract translation: 在一个实施例中，设备和服务提供系统彼此建立空中连接，并执行设备状态验证，以在配置系统获得设备的唯一标识（ID）。 设备和配置系统然后响应于后端接入控制系统的确认的唯一ID参与设备和用户认证，其中设备在成功的用户认证之后生成安全密钥对。 响应于设备被批准用于服务（例如，经由注册系统由供应系统检查），供应系统向设备提供根证书，并且设备将证书注册请求发回给供应系统。 响应证书颁发机构对证书请求的签名，配置系统将向设备返回有效的证书，并在设备上安装有效的证书。

公开(公告)号：US09258295B1

公开(公告)日：2016-02-09

申请号：US13837278

申请日：2013-03-15

Applicant: Cisco Technology, Inc.

Inventor： Plamen Nedeltchev ,  Helder F. Antunes ,  David Sisto Iacobacci ,  Pedro Leonardo ,  Parag Thakore ,  Gautam M. Aggarwal ,  Anuj Sawani

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04L63/0823 ,  H04L63/0272 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/0876 ,  H04W12/04 ,  H04W12/06

Abstract: In one embodiment, a device and a services provisioning system establish an over-the-air connection with each other, and perform device posture validation to obtain a unique identification (ID) of the device at the provisioning system. The device and provisioning system then participate in device and user authentication in response to a confirmed unique ID by a backend access control system, where the device generates a secure key pair after successful user authentication. In response to the device being approved for services (e.g., checked by the provisioning system via a registration system), the provisioning system provides a root certificate to the device, and the device sends a certificate enrollment request back to the provisioning system. In response to a certificate authority signing the certificate request, the provisioning system returns a valid certificate to the device, and the valid certificate is installed on the device.

Abstract translation: 在一个实施例中，设备和服务提供系统彼此建立空中连接，并执行设备状态验证，以在配置系统获得设备的唯一标识（ID）。 设备和配置系统然后响应于后端接入控制系统的确认的唯一ID参与设备和用户认证，其中设备在成功的用户认证之后生成安全密钥对。 响应于设备被批准用于服务（例如，经由注册系统由供应系统检查），供应系统向设备提供根证书，并且设备将证书注册请求发回给供应系统。 响应证书颁发机构对证书请求的签名，配置系统将向设备返回有效的证书，并在设备上安装有效的证书。