Behaviour of Unified Client
Essay by review • December 21, 2010 • Essay • 407 Words (2 Pages) • 1,132 Views
CUPC will stores its certificate and private key using SIP PUBLISH method and retrieve its public/private key pair by subscribing (using SIP SUBSCRIBE) to credentials event package.
The steps involved for CUPC to generate and store (and retrieve) their pubic/private keys are:
1. User login into CUPC. As a part of its configuration download from CUPS, CUPC will get the information that if is configured for encrypted CCM config file. If it is configured for encrypted CCM config file then CUPC needs to have it own public/private key pair. CUPC will always gets its certificate & private keys from CUPS's keymgmt. CUPC will always store private key as encrypted blob at CUPS. The key to encrypt the private key will be derived from a pass phrase which user needs to enter very first time it login into CUPC. CUPC can store this pass phrase securely into Laptop/computer. Whether or not CUPC should store pass phrase locally, could be based on the "Password remember" check box. If "Password remember" check box is not checked then CUPC will not store pass phrase in Laptop/computer.
2. Once CUPC gets its certs/keys from CUPS through SUBSCRIBE/NOTIFY using credential event package, then CUPC will decrypt the private key using pass phrase. If pass phrase is not stored locally then UC will prompt for user to enter the pass phrase. CUPC will download encrypted configuration file from CCM using call flow defined in section 8.2.1.9 (for details refer EDCS-370907 - Phone Configuration File Encryption). Once encrypted config file is downloaded and decrypted, CUPC will remove decrypted private key from the memory.
3. If CUPC is not successful in finding the keys from CUPS, then it will generate public/private keys and prompt user to provide (new) pass phrase to encrypt the private key and store its certificate and encrypted password on CUPS using SIP PUBLISH method. CUPC will not store pass phrase in Laptop/computer, if "Password remember" check box is not checked. CUPC will never store public/private key at local machine. Rest of the steps is same as #2 above.
4. If CUPC certificate is revoked by CUPS admin then CUPC will get NOTIFY with empty body. In this case CUPC will regenerate its public/private key pair and follow #3 above to store it on CUPS.
5. CUPC should provide a warning/info to the user to save the pass phrase securely at some place so that it could
...
...