1. Field of the Invention
The present invention relates to installing security items (e.g., encryption keys, device credentials, root verification certificates, etc.) on a device, such as a printer, that has no previous security credentials. More specifically, the present invention concerns a user inputting an installation credential issued by an installation authority into a device, whereby the device uses the installation credential to establish a temporary secure communication channel between the device and the installation authority so that the installation authority can provide the device with encryption keys, or so that the installation authority can certify a key generated within the device.
2. Description of the Related Art
Computer systems that communicate via secure channels are known. For example, it has been known to employ printers in a secure printing system so that the printer can receive and process encrypted print jobs. In communicating a secure print job to a printer, it has been known to use a public key infrastructure in which the print job is encrypted at the sending node using a public key of the printer, and then when the print job is received, the printer decrypts the print job using its private key.
In this type of system, on the sending node side, the printer's public key is typically obtained by the sending node and may be stored locally in the sending node, or may be obtained via a network from a source, including the printer itself, each time a print job is to be encrypted. On the printer side, the printer's private key, along with the public key, is generally installed and stored on the printer in a secure manner. Thus, in this type of system, it is necessary to install the keys on the printer in a secure manner.
One typical process is to install the keys on the printer during the manufacturing process. While this process has generally been known to work satisfactorily, it does nonetheless present some problems. Specifically, because the keys are generated and installed on the printer during the manufacturing process, the keys are exposed to potential hackers long before the printer is even put into service. For example, an individual at the printer manufacturing facility may be able to hack into the printer and obtain or corrupt the keys. While the manufacturers generally take steps to ensure security, it is nearly impossible to prevent all unauthorized activities. Additionally, any one of a number of delivery service men, wholesale or retail dealers, installers, etc. may be able to obtain or corrupt the keys before the printer is put into service. Thus, to prevent the foregoing key exposure, it would be more desirable to install the keys in the printer after the printer has been installed on a network.
Techniques for installing keys in the printer after the printer has been installed on the network are also known. One technique is for a certifying authority to provide the keys to the user on a separate medium, such as a floppy disk or a compact disc. Using this medium, the user can then install the keys on the printer after the printer has been installed on the network. However, this technique presents the possibility of the medium being intercepted by unauthorized personnel so that the keys can be obtained.
Another technique is for the printer to establish a secure connection with a certifying authority once the printer is installed on the network and for the certifying authority to download the keys to the printer for installation. While this technique addresses some of the foregoing concerns relating to the keys being installed on the printer during manufacturing, or the keys being provided on a separate medium, it nonetheless has some drawbacks. Specifically, in order for the printer to establish a secure, authenticated connection with a certifying authority so that keys can be downloaded and installed on the printer, the printer must already have some type of security credentials in order to establish a secure connection for the key download. Thus, like the above-described problems, the security credentials installed on the printer would be subject to the same security problems as keys installed on the printer in that a hacker could obtain the credentials and use them to obtain the keys. Therefore, what is needed is a way to establish a temporary secure channel between a printer and a certifying authority in order to authenticate a printer that does not have any credentials previously installed thereon so that security keys can be installed on the printer.