NAME
- register - command to register set-top-box identity with signer
SYNOPSIS
- mux/register [ signer ]
DESCRIPTION
-
Register
is intended for use on a set top box (or similar device).
It connects to
signer,
a machine configured to sign certificates,
and obtains an authenticated certificate based on the contents of
/nvfs/ID
(the set top box ID in non-volatile memory).
The certificate is saved in the file
/nvfs/default
for later use.
If no
signer
is named explicitly, the
$SIGNER
named in
db(6)
is used instead.
There are several phases to obtaining the certificate.
- 1.
- The register command interacts with signer(8) on the signing host to construct the certificate. This certificate is `blinded' by a random bit mask, sent back to register which displays it in textual or graphical form to the user.
- 2.
- The user running register must use an independent, secure mechanism (for example, an untapped telephone call) to communicate with a human agent at the site acting as signer. That agent runs verify (see signer(8)) to display the same `blinded' certificate that was shown to register's user at the client. Once the agent is convinced that the `blinded' certificate has been delivered to the correct party, the agent tells verify to accept the identity of the caller.
- 3.
- Register then connects to the countersigner process (see signer(8)) to obtain the bitmask needed to `unblind' the previously received certificate. This step can only validly be performed after the successful completion of verify on the signer.
FILES
-
- /nvfs/ID
- File emulating set top box-id in ROM.
- /nvfs/default
- Repository of authenticated certificate.
- /services/cs/db
- Default definition of `signer' host.
SOURCE
- /appl/mux/register.b
SEE ALSO
- db(6), manufacture(8), signer(8)
| register(1) | Rev: Tue Jan 29 13:11:52 GMT 2008 |