Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Utility Patent
1998-02-04
2001-01-02
Beausoliel, Jr., Robert W. (Department: 2785)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S151000, C713S170000, C380S257000
Utility Patent
active
06170061
ABSTRACT:
FIELD OF INVENTION
The present invention relates to communications in computer networks. More specifically, it relates to a method and system for secure cable modem initialization in a data-over-cable system.
BACKGROUND OF THE INVENTION
Cable television networks such as those provided by Comcast Cable Communications, Inc., of Philadelphia, Pa., Cox Communications of Atlanta Ga., Tele-Communications, Inc., of Englewood Colo., Time-Warner Cable, of Marietta Ga., Continental Cablevision, Inc., of Boston Mass., and others provide cable television services to a large number of subscribers over a large geographical area. The cable television networks typically are interconnected by cables such as coaxial cables or a Hybrid Fiber/Coaxial (“HFC”) cable system which have data rates of about 10 Mega-bits-per-second (“Mbps”) to 30+ Mbps.
The Internet, a world-wide-network of interconnected computers, provides multi-media content including audio, video, graphics and text that requires a large bandwidth for downloading and viewing. Most Internet Service Providers (“ISPs”) allow customers to connect to the Internet via a serial telephone line from a Public Switched Telephone Network (“PSTN”) at data rates including 14,400 bps, 28,800 bps, 33,600 bps, 56,000 bps and others that are much slower than the about 10 Mbps to 30+ Mbps available on a coaxial cable or HFC cable system on a cable television network.
With the explosive growth of the Internet, many customers have desired to use the larger bandwidth of a cable television network to connect to the Internet and other computer networks. Cable modems, such as those provided by 3Com Corporation of Santa Clara, Calif., U.S. Robotics Corporation of Skokie, Ill., and others offer customers higher-speed connectivity to the Internet, an intranet, Local Area Networks (“LANs”) and other computer networks via cable television networks. These cable modems currently support a data connection to the Internet and other computer networks via a cable television network with a data rate of up to 30+ Mbps which is a much larger data rate than can be supported by a modem used over a serial telephone line.
However, most cable television networks provide only unidirectional cable systems, supporting only a “downstream” data path. A downstream data path is the flow of data from a cable system “headend” to a customer. A cable system headend is a central location in the cable television network that is responsible for sending cable signals in the downstream direction. A return data path via a telephone network, such as a public switched telephone network provided by AT&T and others, (i.e., a “telephony return”) is typically used for an “upstream” data path. An upstream data path is the flow of data from the customer back to the cable system headend. A cable television system with an upstream connection to a telephony network is called a “data-over-cable system with telephony return.”
An exemplary data-over-cable system with telephony return includes customer premise equipment (e.g., a customer computer), a cable modem, a cable modem termination system, a cable television network, a public switched telephone network, a telephony remote access concentrator and a data network (e.g., the Internet). The cable modem termination system and the telephony remote access concentrator together are called a “telephony return termination system.”
The cable modem termination system receives data packets from the data network and transmits them downstream via the cable television network to a cable modem attached to the customer premise equipment. The customer premise equipment sends response data packets to the cable modem, which sends response data packets upstream via public switched telephone network to the telephony remote access concentrator, which sends the response data packets back to the appropriate host on the data network.
When a cable modem used in the data-over-cable system with telephony return is initialized, a connection is made to both the cable modem termination system via the cable network and to the telephony remote access concentrator via the public switched telephone network. When a cable modem is initialized, it will initialize one or more downstream channels (i.e., downstream connections) to the cable modem termination system via the cable network or the telephony remote access concentrator via the public switched telephone network.
Once a cable modem has been initialized in a data-over-cable system, it registers with a cable modem termination system to allow the cable modem to receive data over a cable television connection and/or from a data network (e.g., the Internet or an Intranet). The cable modem forwards configuration information it receives in a configuration file during initialization to the cable modem termination system as part of a registration request message. The cable modem termination system performs a number of tests on the configuration in the registration request message to confirm the integrity of the configuration information. For example, the configuration information typically includes one or more Message Integrity Check (“MIC”) fields. The MIC fields are created on the cable modem by performing a cryptographic hashing function on the configuration information (e.g., with Message Digest 5 (“MD5”)), and sending the MIC fields with the configuration information in the registration request message. The cable modem termination system verifies the integrity of the configuration information in the registration request message using the same cryptographic hashing function on the configuration information and comparing the cryptographic hashing values to cryptographic hashing function values in the MIC fields.
There are several problems associated with sending configuration information from a cable modem to a cable modem termination system in the registration request message. Configuration information sent from a cable modem to a cable modem termination system with MIC fields is still vulnerable to malicious attacks. The configuration information in the registration request message can be intercepted and used in rouge cable modems that may attack the data-over-cable system or obtain free services on the data-over-cable system. The MIC fields allow the integrity of the configuration information to be verified at the cable modem termination system. However, the MIC fields do not include an identifier for a cable modem sending the configuration information, nor do the MIC fields identify a time period during which the configuration information can be used. Thus, the MIC fields, as they are presently used in the configuration information, do not prevent a malicious user from intercepting and re-using the configuration file for another cable modem at another time.
For example, a rouge user could intercept configuration information in a registration request message sent from a legitimate cable modem to the cable modem termination system. At a later time, the rouge user transmits all of the configuration information exactly as it was intercepted back to cable modem termination system in another cable modem registration request message. Since the configuration information was re-transmitted exactly as it was intercepted, when the cable modem termination system checks the MIC fields, the configuration information is verified as valid and the rouge user could masquerade as a “legitimate” cable modem user thereby receiving free services or attacking the data-over-cable system.
It is therefore desirable to improve the security for transferring configuration information from cable modems to the cable modem termination system in a data-over-cable system so the configuration information in a configuration file cannot be re-used by other cable modems at another time.
SUMMARY OF THE INVENTION
In accordance with an illustrative embodiment of the present invention, the problems associated with sending secure cable modem configuration information are overcome. A method and system for secure network device registration in a data-over-cable syst
3Com Corporation
Baderman Scott T.
Beausoliel, Jr. Robert W.
Lesavich Stephen
McDonnell & Boehnen Hulbert & Berghoff
LandOfFree
Method and system for secure cable modem registration does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for secure cable modem registration, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for secure cable modem registration will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2459720