Computer networks often include a device manager that manages or controls a number of lightweight devices. Lightweight devices are relatively simple electronic devices that accomplish tasks using minimal logic (e.g., relatively simple circuits, ASICS, or processors). Because lightweight devices do not have sophisticated logic or large memory, it may be difficult for them to perform complex operations necessary for establishing secure communications channels with other network devices. Device managers can be general-purpose computers or other more sophisticated electronic devices.
Typically, when a computer network is initially deployed into the field, a field technician uses a secure communication channel to configure the lightweight devices and/or the device manager to enable secure communications between the manager and the lightweight devices. For example, one prior art technique calls for establishing a temporary secure physical link between the lightweight devices and configuration equipment. In particular, when configuring the network, a field technician uses configuration equipment to physically transfer cryptographic keys and other security information into each lightweight device and the device manager. One disadvantage of this technique is that when a device manager fails, the field technician has to physically access and upload new security information to all the lightweight devices and a replacement device manager. Another disadvantage is that adding lightweight devices to the network similarly requires a field technician to establish a temporary secure physical link between the configuration equipment and the new lightweight device and the/or the device manager. Another disadvantage is the need for a specific configuration device that is not a common tool for field technicians. This configuration device is not easily replaced if it is lost or fails. Another disadvantage is that this technique requires additional expertise for the field technicians.
Another prior art technique requires that the lightweight device be connected directly to a device manager over a physically secure link. The disadvantages of this technique are that it is generally impractical to maintain either a large physically secure network or to bring each lightweight device to the device manager's location (or to each device manager's location for networks that have more than one device manager) for the initial installation and for any time that a device manager fails.