REGISTER(8)                   (mux)                   REGISTER(8)

          register - command to register set-top-box identity with

          mux/register [ signer ]

          Register is intended for use on a set top box (or similar
          device).  It connects to signer, a machine configured to
          sign certificates, and obtains an authenticated certificate
          based on the contents of `/nvfs/ID' (the set top box ID in
          non-volatile memory).  The certificate is saved in the file
          `/nvfs/default' for later use.  If no signer is named
          explicitly, the $SIGNER named in db(6) is used instead.

          There are several phases to obtaining the certificate.

          1.   The register command interacts with signer(8) on the
               signing host to construct the certificate. This cer-
               tificate is `blinded' by a random bit mask, sent back
               to register which displays it in textual or graphical
               form to the user.

          2.   The user running register must use an independent,
               secure mechanism (for example, an untapped telephone
               call) to communicate with a human agent at the site
               acting as signer. That agent runs verify (see
               signer(8)) to display the same `blinded' certificate
               that was shown to register's user at the client.  Once
               the agent is convinced that the `blinded' certificate
               has been delivered to the correct party, the agent
               tells verify to accept the identity of the caller.

          3.   Register then connects to the countersigner process
               (see signer(8)) to obtain the bitmask needed to
               `unblind' the previously received certificate.  This
               step can only validly be performed after the successful
               completion of verify on the signer.

          /nvfs/ID         File emulating set top box-id in ROM.
          /nvfs/default    Repository of authenticated certificate.
          /services/cs/db  Default definition of `signer' host.


          db(6), manufacture(8), signer(8)

     Page 1                       Plan 9             (printed 10/2/22)