What technology area does this patent fall under?

Primary CPC classification H04L9/3263. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jun 06 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Computerized system and method for deployment of management tunnels

US9673987B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9673987-B2
Application number	US-201514816030-A
Country	US
Kind code	B2
Filing date	Aug 2, 2015
Priority date	Mar 15, 2006
Publication date	Jun 6, 2017
Grant date	Jun 6, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the management device is located by the managed device with the assistance of a locator server and the managed device initiates establishment of an encrypted management tunnel with the management device. Prior to allowing the management device to use the management tunnel to perform management functionality in relation to the managed device, credentials of the management device are verified by the managed device by comparing the PKI-authenticated unique identifier of the management device to that which is stored within the managed device.

First claim

Opening claim text (preview).

What is claimed is: 1. A system comprising: a plurality of network devices, including a management device, a managed firewall device and a locator server with which the management device registers and updates its current IP address; wherein the management device is manufactured by a particular manufacturer, wherein the management device is programmed to remotely monitor or manage, via a network-enabled management interface, one or more network devices within a private Internet Protocol (IP) network that are manufactured by the particular manufacturer; wherein, during a manufacturing or distribution process of each of the plurality of network devices, a digital certificate/private key pair and a unique identifier of the network device are stored therein, wherein the unique identifier is authenticated by the digital certificate which is signed by the particular manufacturer, thereby providing a Public Key Infrastructure (PKI)-authenticated unique identifier within each of the plurality of network devices; wherein, prior to installation within the private IP network, the managed firewall device is configured to trust the management device by storing the unique identifier of the management device within the managed firewall device; wherein, responsive to being installed within the private IP network, the managed firewall device initiates establishment of an encrypted management tunnel with the management device by retrieving the current IP address of the management device from the locator server and sending a message to the management device; and wherein, prior to allowing the management device to use the encrypted management tunnel to perform management functionality in relation to the managed firewall device, credentials of the management device are verified by the managed firewall device by comparing the PKI-authenticated unique identifier of the management device to the unique identifier of the management device stored within the managed firewall device. 2. The system of claim 1 , wherein the unique identifier comprises a digest of the digital certificate. 3. The system of claim 1 , wherein the unique identifier comprises a serial number of the network device. 4. The system of claim 1 , wherein the management device is deployed within the private IP network. 5. The system of claim 1 , wherein the management device interacts with the managed firewall device via the Internet. 6. The system of claim 1 , wherein the locator server comprises a public server. 7. The system of claim 1 , wherein the locator server is implemented within a managed device that is a trusted peer of the managed firewall device. 8. A method comprising: prior to being installed within a private Internet Protocol (IP) network, receiving and storing, by a managed firewall device of a plurality of network devices, a unique identifier of a management device of the plurality of network devices, wherein the plurality of network devices further includes a locator server with which the management device registers and updates its current IP address and wherein, during a manufacturing or distribution process of each of the plurality of network devices, a digital certificate/private key pair and a unique identifier of the network device are stored therein, wherein the unique identifier is authenticated by the digital certificate which is signed by the particular manufacturer, thereby providing a Public Key Infrastructure (PKI)-authenticated unique identifier within each of the plurality of network devices; responsive to being installed within the private IP network, initiating, by the managed firewall device, establishment of an encrypted management tunnel with the management device by retrieving the current IP address of the management device from the locator server and sending a message to the management device; and allowing, by the managed firewall device, the management device to use the encrypted management tunnel to perform management functionality in relation to the managed firewall device after credentials of the management device are verified by the managed firewall device by comparing the PKI-authenticated unique identifier of the management device to the unique identifier of the management device stored within the managed firewall device. 9. The method of claim 8 , wherein the unique identifier comprises a digest of the digital certificate. 10. The method of claim 8 , wherein the unique identifier comprises a serial number of the network device. 11. The method of claim 8 , wherein the management device is deployed within the private IP network. 12. The method of claim 8 , wherein the management device interacts with the managed firewall device via the Internet. 13. The method of claim 8 , wherein the locator server comprises a public server. 14. The method of claim 8 , wherein the locator server is implemented within a managed device that is a trusted peer of the managed firewall device.

Assignees

Fortinet Inc

Inventors

Krywaniuk Andrew

Classifications

H04L63/061
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
H04L12/24
Electricity · mapped topic
H04L41/00
Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks · CPC title
H04L63/164
at the network layer · CPC title
H04L63/0823
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title

Patent family

Related publications grouped by family.

View patent family 38517699

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9673987B2 cover?: Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by…
Who is the assignee on this patent?: Fortinet Inc
What technology area does this patent fall under?: Primary CPC classification H04L9/3263. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jun 06 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).