Abstract
Multi-step factory provisioning of electronic devices is slow and costly. Provisioning steps are performed in the factory because most devices being provisioned require a level of security that guarantees that an end-user cannot mess with or inspect the values being provisioned. This disclosure describes techniques that enable simple, fast, and secure provisioning for devices in a factory, while other parts of secure provisioning are offloaded to when the device is first used by a customer. Per the techniques, a device manufactured in the factory is provisioned with a device-specific private key and a public key associated with a secure provisioning service. At initial setup, the device connects to a cloud-based provisioning service, authenticating itself using the stored private key. The provisioning service uses a stored database of public keys to authenticate the device and identify provisioning data for the device. The data is encrypted using the server private key and the device public key for secure transmission to the device. The device decrypts and stores the data securely.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Bires, Max and Scull, Andrew, "Using Cryptography to Offload Device Provisioning to a Cloud-based Service", Technical Disclosure Commons, (August 08, 2024)
https://www.tdcommons.org/dpubs_series/7266