Browse Prior Art Database

TECHNIQUES FOR PROVIDING SECURE ZERO TOUCH PROVISIONING

IP.com Disclosure Number: IPCOM000250574D
Publication Date: 2017-Aug-03
Document File: 6 page(s) / 253K

Publishing Venue

The IP.com Prior Art Database

Abstract

The present disclosure relates to Zero Touch Provisioning (ZTP) of Network Elements (NEs) in a secure manner. The secure ZTP provides a secure configuration transfer from a configuration server or the closest DHCP relay agent to a device without preloading any password or certificate on the device. In a single customer's network, the configuration is encrypted and automatically associated to a specific DHCP transaction of a specific device via a specific interface. In multiple customers' networks, a user password can be used to configure the edge devices that interoperate with other customers' devices. The password can be used to assist the edge devices requesting zero touch provisioning to decipher the configuration and authenticate the data as its own. The secure ZTP also provides a network configuration where the network can support secure ZTP across multiple vendors' devices using the same scheme described herein. The scheme guarantees the encryption key is generated privately by each vendor, allows the configuration to be encrypted on any other devices and guarantees the encrypted configuration can only be interpreted by the proper device and not readable by third-party devices.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 20% of the total text.

TECHNIQUES FOR PROVIDING SECURE ZERO TOUCH PROVISIONING

ABSTRACT

The present disclosure relates to Zero Touch Provisioning (ZTP) of Network Elements (NEs) in a secure manner.  The secure ZTP provides a secure configuration transfer from a configuration server or the closest DHCP relay agent to a device without preloading any password or certificate on the device.  In a single customer’s network, the configuration is encrypted and automatically associated to a specific DHCP transaction of a specific device via a specific interface. In multiple customers’ networks, a user password can be used to configure the edge devices that interoperate with other customers’ devices.  The password can be used to assist the edge devices requesting zero touch provisioning to decipher the configuration and authenticate the data as its own.  The secure ZTP also provides a network configuration where the network can support secure ZTP across multiple vendors’ devices using the same scheme described herein.  The scheme guarantees the encryption key is generated privately by each vendor, allows the configuration to be encrypted on any other devices and guarantees the encrypted configuration can only be interpreted by the proper device and not readable by third-party devices.

 

DETAILED DESCRIPTION

Again, the present disclosure relates to zero touch provisioning in a secure manner.  Networks (e.g., optical, packet, etc.) are realized through physical network elements interconnected to one another.  Network elements are geographically deployed such as in Central Offices (COs), data centers, huts/shelters, customer premises, etc.  The conventional approach to installation and provisioning includes field technicians installing, powering up the network element, and configuring provisioning information to enable the network element to communicate on the network.  Zero touch provisioning includes automatic configuration of the network element once it is powered up and able to communicate on the network such as to automatically download provisioning information.  Low touch provisioning, similar to zero touch provisioning, includes automatic configuration of the network element once the network element is at a minimum configured for network communication.  Advantageously, these approaches to provisioning significantly reduce turn up time and configuration errors. 


FIG. 1: Zero touch provisioning (ZTP) deployment

FIG. 1 is a diagram of Zero touch provisioning (ZTP) which is a technique to allow devices to be provisioned and configured automatically. The device sends out a request through Dynamic Host Configuration Protocol (DHCP) to a DHCP server to obtain the location of its configuration. It then downloads it from a configuration service which could be a server running File Transfer Protocol (FTP/SFTP/TFTP) or HyperText Transfer Protocol (HTTP/HTTPS) and installs it. In the case that the device is not in the same layer 2 network with the server, DHCP r...