Browse Prior Art Database

SECURE MASS CONFIGURATION OF AN APPLICATION VIA ENCRYPTED EMAIL

IP.com Disclosure Number: IPCOM000218912D
Publication Date: 2012-Jun-11
Document File: 4 page(s) / 23K

Publishing Venue

The IP.com Prior Art Database

Related People

Brian Matthews: AUTHOR [+2]

Abstract

A method is provided to configure an application securely by sending configuration information in a secure envelope and leveraging the authentication and encryption capabilities of the envelope and a keyserver, such as Cisco Registered Envelope Service (CRES).

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 40% of the total text.

Page 01 of 4

SECURE MASS CONFIGURATION OF AN APPLICATION VIA ENCRYPTED EMAIL

AUTHORS:

Brian Matthews

Bennett Ting

CISCO SYSTEMS, INC.

ABSTRACT

    A method is provided to configure an application securely by sending configuration information in a secure envelope and leveraging the authentication and encryption capabilities of the envelope and a keyserver, such as Cisco Registered Envelope Service (CRES).

DETAILED DESCRIPTION

    Computer administrators may desire to deploy an application with a certain set configuration of one or more users, and to do so in a secure fashion, so that a third party user cannot specify an alternate configuration and or otherwise tamper with the configuration.

    Existing mass install/configuration systems generally require users to be connected to a central network, all users are configured the same way, and any administrator can configure all the users. Examples of existing technologies include the "mass installation" technologies supported by the Microsoft Windows® operating system, such as Systems Management Server (SMS) and System Center Configuration Manager (SCCM). Administrators can configure an application, then push the pre-configured application to a group of users. Research-in-Motion supports similar functionality on BlackBerry Enterprise Servers.

    Techniques are provided herein for secure mass configuration of an application via encrypted email. The flow for these techniques is as follows. An end user receives an application in some fashion. For example, an administrator pushes it to their computer/device, they download it from an internal or external website, they download it

Copyright 2012 Cisco Systems, Inc. 1


Page 02 of 4

from an "app" store either on their computer or on their device, etc. An administrator constructs configuration information (for example, an XML document), has it signed by a signing service (for example, Cisco Registered Envelope Service (CRES)), and distributes it to one or more users as an attachment in a PostX Secure Envelope emailed to the users.

    A user receives the envelope in his/her email and instructs the email client to open the envelope in the application being configured (which may or may not have any relation to email). The application opens the signed configuration by prompting the user for their credentials on the signing service (such as CRES), which verifies the user was sent the configuration from the administrator (i.e., it was not forwarded from some other user), and the configuration has not been locked or expired by the administrator.

    The application then verifies the signature on the configuration, either locally or by querying the signing service, and also verifies it was received from an administrator with proper authority to construct the configuration. For example, the verification is made using an account number, token or symmetric key, and signature embedded in the configuration, which must match that on the signing server. Assuming all verifications pass, the...