1. Patent Search
  2. Details

METHOD FOR REGISTERING DEVICES, IN PARTICULAR CONDITIONAL ACCESS DEVICES OR PAYMENT OR VENDING MACHINES, ON A SERVER OF A SYSTEM WHICH COMPRISES A NUMBER OF SUCH DEVICES

20170337089 · 2017-11-23

    Inventors

    Cpc classification

    International classification

    Abstract

    A method of registering devices (2), in particular access control devices or payment or vending machines, on a server (3) of a system where the device (2) which is to be registered generates a public and a private key with asymmetrical cryptology. The device (2) subsequently transmits a registration request, signed with the device's private key, containing at least one device ID, the device's public key and the login details of a technician. The server (3) verifies the registration request using the device's public key and, after verification, assigns the device (2) to a ‘data reception room’ where no operational communication with the server (3) occurs. Subsequently, the device (2) is cleared for communication by a technician logged in to the server (3). The device is assigned to an area of the server memory for operationally cleared devices, and a notification of registration is transmitted to the device (2).

    Claims

    1-5. (canceled)

    6. A method of registering devices (2), in particular conditional access devices or payment or vending machines, on a server (3) of a system which comprises a number of such devices, the method comprising: generating a public and a private key with asymmetrical cryptography via the device (2) which is to be registered, subsequently transmitting a registration request to the server (3), via the device (2), signed with the device's private key containing at least one device ID, the device's (2) public key and login details of a technician, who authorises the establishment of a connection between the device (2) and the server (3), verifying, via the server (3), the registration request using the device's public key and following verification, assigning the device (2) which is to be registered to a ‘device reception room’ in the server's (3) memory, preventing operational communication with the server (3) from occurring as long as the device is assigned to the device reception room, subsequently clearing the device (2) in the device reception room, by a technician who logs into the server (3) using his login details, to operate and for operational communication, assigning the device (2) to an area of server (3) memory for operationally authorized devices, and transmitting a notification of registration to the device (2).

    7. The method according to claim 6, further comprising transmitting the notification of registration to the device (2), containing the acceptance of the public key by the server (3) and the clearance to operate and for operational communications, to the device directly following registration, or transmitting after a reboot of the device (2) or after the establishment of a new connection between the device (2) and the server (3).

    8. The method according to claim 6, further comprising, following registration of the device, signing the device's (2) notifications to the server (3) with the private key, carrying out, via the server (3), a verification of the notification by the device's public key, or transmitting, via the server (3), login details for operational communication to the device (2) with the notification of registration.

    9. The method according to claim 7, further comprising, following registration of the device, signing the device's (2) notifications to the server (3) with the private key, carrying out, via the server (3), a verification of the notification by the device's public key, or transmitting, via the server (3), login details for operational communication to the device (2) with the notification of registration.

    10. The method according to claim 6, further comprising, before clearance for operation and operational communication, configuring the device (2) or assigning a new configuration using configuration templates from other devices on the system.

    11. The method according to claim 7, further comprising, before clearance for operation and operational communication, configuring the device (2) or assigning a new configuration using configuration templates from other devices on the system.

    12. The method according to claim 8, further comprising, before clearance for operation and operational communication, configuring the device (2) or assigning a new configuration using configuration templates from other devices on the system.

    13. The method according to claim 9, further comprising, before clearance for operation and operational communication, configuring the device (2) or assigning a new configuration using configuration templates from other devices on the system.

    14. The method according to claim 9, further comprising generating in the device (2) which is to be registered the public and private keys which are valid for a predefined time, or for security reasons are replaced by a new key pair, initiating the generation of a new key pair by the device (2) or the server (3), whereby a new private and a new public key are generated in the device (2), transmitting the new public key to the server (3) and this notification is signed using the old private key, after verification of the signature by the server (3), replacing the old public key by the new public key generated by the device (2), and carrying out operational communication out using the new key pair.

    Description

    BRIEF DESCRIPTION OF THE DRAWINGS

    [0017] The invention will now be explained in more detail below by way of example with reference to the attached drawings.

    [0018] FIG. 1 shows a flow diagram illustrating the registration process according to the invention; and

    [0019] FIG. 2 shows a flow diagram illustrating the procedure for generating a new public and private key according to the invention.

    DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

    [0020] In FIG. 1 a technician is indicated by a 1, wherein a device which is to be registered with a server in a system comprising a number of such devices is indicated by a 2 and the server with a 3. The device 2 may for example be a conditional access device of a conditional access system in a ski resort, or a payment or vending machine.

    [0021] At the beginning of the process the device 2 which is to be registered generates a public and a private key with asymmetric cryptology (step 1) and requests login details from a logged-in technician (step 2), wherein, having obtained the login details (step 3) the device 2 transmits (step 4) a registration request signed with the device's private key to the server 3, wherein the registration request contains at feast one unique device ID, the device's public key and the technician's 1 login details. The login details serve to authenticate the registration request; using the login details the establishment of a connection to the server 3 and thus the registration are authorised.

    [0022] In a next step (step 5) the registration request is verified by the server 3 using the device's 2 public key, wherein, after verification, the device 2 which is to be registered is assigned to a ‘device reception room’, i.e. a virtual waiting room in the server 3 memory. Subsequently, the server 3 transmits (step 6) the verification to the device 2.

    [0023] Subsequently, the device 2 in the device reception room is cleared (step 8) for operating and operational communications by a technician who has logged into the server 3 using his login details, wherein the device is assigned (step 9) to an area of the server 3 memory which is for operationally cleared devices, a so-called operational area.

    [0024] In the example shown a renewed connection between the device 2 and the server 3 is established, wherein the device 2 authenticates itself (step 10) using a signature, wherein after verification of the signature in the server 3 (step 11) by means of the public key, a notification of the registration is transmitted (step 12) to the device 2, which from that point onwards is cleared (step 13) for operation and operational communications.

    [0025] The subject matter of FIG. 2 is a flow diagram to illustrate an exemplary procedure for generating new public and private keys for a registered device 2.

    [0026] In the depicted example the generation of the new key pair is requested (step 2) by the server 3 after a connection between the device 2 and the server 3 is established (step 1). A new private and a new public key are subsequently generated (step 3) in the device 2, wherein the new public key is transmitted to the server 3 and this notification is signed (step 4) using the old private key. After verification of the signature by the server 3 using the old public key the old public key is replaced (step 5) with the new public key generated by the device 2, wherein operational communications are carried out with the new key pair (steps 6, 7, 8, 9). In the example shown, once the old public key is replaced in the server 3 with new public key, a connection is established between the device 2 and the server 3, wherein the device uses (step 6) a signature created with the new key pair for authentication, wherein the server verifies (step 7) the signature and confirms (step 8) the verification using the new public key, and wherein the device 2 is subsequently cleared for operation and operational communication (step 9).