REGISTER(8)REGISTER(8)NAME
register - command to register set-top-box identity with signer
SYNOPSIS
mux/register [ signer ]
DESCRIPTIONRegister is intended for use on a set top box (or similar device). It
connects to signer, a machine configured to sign certificates, and
obtains an authenticated certificate based on the contents of (the set
top box ID in non-volatile memory). The certificate is saved in the
file for later use. If no signer is named explicitly, the $SIGNER
named in db(6) is used instead.
There are several phases to obtaining the certificate.
1. The register command interacts with signer(8) on the signing
host to construct the certificate. This certificate is `blinded'
by a random bit mask, sent back to register which displays it in
textual or graphical form to the user.
2. The user running register must use an independent, secure mecha‐
nism (for example, an untapped telephone call) to communicate
with a human agent at the site acting as signer. That agent
runs verify (see signer(8)) to display the same `blinded' cer‐
tificate that was shown to register's user at the client. Once
the agent is convinced that the `blinded' certificate has been
delivered to the correct party, the agent tells verify to accept
the identity of the caller.
3. Register then connects to the countersigner process (see
signer(8)) to obtain the bitmask needed to `unblind' the previ‐
ously received certificate. This step can only validly be per‐
formed after the successful completion of verify on the signer.
FILES
/nvfs/ID
File emulating set top box-id in ROM.
/nvfs/default
Repository of authenticated certificate.
/services/cs/db
Default definition of `signer' host.
SOURCE
/appl/mux/register.b
SEE ALSOdb(6), manufacture(8), signer(8)
mux REGISTER(8)