System and method for securing a network

US 20080022084A1
Filed: 07/21/2006
Published: 01/24/2008
Est. Priority Date: 07/21/2006
Status: Active Grant

First Claim

Patent Images

1. A secure network comprising:

a residential gateway to communicate with a remote network and a local network;

at least one trusted local device configured to send communications comprising data packets with authentication information to the residential gateway to request access to resources of the remote network;

wherein the residential gateway inhibits a request received from the local network to access resources on the remote network until the residential gateway uses the authentication information to authenticate the data packets as coming from the at least one trusted local device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure network is disclosed. The secure network includes a residential gateway to communicate with a remote network and a local network. At least one trusted local device is configured to send communications including data packets with authentication information to the residential gateway to request access to resources of the remote network. The residential gateway inhibits a request received from the local network to access resources on the remote network until the residential gateway uses authentication information to authenticate data packets associated with the request as originating from the at least one trusted local device.

58 Citations

View as Search Results

31 Claims

1. A secure network comprising:
- a residential gateway to communicate with a remote network and a local network;
  
  at least one trusted local device configured to send communications comprising data packets with authentication information to the residential gateway to request access to resources of the remote network;
  
  wherein the residential gateway inhibits a request received from the local network to access resources on the remote network until the residential gateway uses the authentication information to authenticate the data packets as coming from the at least one trusted local device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The secure network of claim 1, wherein the authentication information includes an authentication header.
  - 3. The secure network of claim 1, wherein the at least one trusted local device includes a network device that is authorized by an administrator of the remote network to access the requested resources on the remote network.
  - 4. The secure network of claim 1, wherein the at least one trusted local device includes a set-top box.
  - 5. The secure network of claim 1, wherein the at least one trusted local device includes a digital video recorder.
  - 6. The secure network of claim 1, wherein the authentication information includes an integrity check value.
  - 7. The secure network of claim 1, wherein the authentication information includes an authentication header wherein the authentication header includes an encrypted integrity check value.
  - 8. The secure network of claim 1, wherein at least a portion of the authentication information is encrypted, and wherein the residential gateway is configured to decrypt the encrypted portion of the authentication information.
  - 9. The secure network of claim 1, wherein the at least one trusted local device includes an encryption key for encrypting the authentication information, and wherein the residential gateway includes a decryption key for decrypting the authentication information.
  - 10. The secure network of claim 9, wherein the encryption key includes a secret key to generate an integrity check value, and wherein the decryption key includes a secret key to verify the integrity check value.
  - 11. The secure network of claim 9, wherein the encryption key includes a cryptographic key to generate a cryptographic hash value, and wherein the decryption key includes cryptographic key to verify the cryptographic hash value.
  - 12. The secure network of claim 1, wherein the resources of the remote network include video content and wherein the residential gateway inhibits a request received from the local network to access the video content until the residential gateway uses the authentication information to authenticate the data packets associated with the request as originating from the at least one trusted local device.
  - 13. The secure network of claim 1, wherein the request received from the local network includes a join command to be added to a multicast group of a channel.

14. A residential gateway comprising:
- a first network interface to communicate with a first network;
  
  a second network interface to communicate with a second network; and
  
  an authentication module;
  
  wherein the authentication module inspects data packets received from the second network to determine whether the data packets originated from a trusted network device.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The residential gateway of claim 14, wherein the authentication module inspects each data packet received from the second network.
  - 16. The residential gateway of claim 14, wherein inspecting data packets received from the second network includes decoding an authentication header associated with each data packet and verifying the decoded authentication header.
  - 17. The residential gateway of claim 14, wherein inspecting data packets received from the second network includes verifying an integrity check value included in each data packet.
  - 18. The residential gateway of claim 14, wherein the authentication module includes at least one decryption key corresponding to an encryption key available to the trusted network device.
  - 19. The residential gateway of claim 14, wherein the authentication module inspects predetermined types of data packets received from the second network.
  - 20. The residential gateway of claim 14, wherein the first network interface forwards one or more data packets received from the second network to the first network after the authentication module determines that the one or more data packets originated from the trusted network device.
  - 21. The residential gateway of claim 14, wherein the first network interface does not forward one or more data packets received from the second network to the first network when the authentication module fails to verify that the one or more data packets originated from the trusted network device.

22. A set-top box comprising:
- a local network interface to communicate with a local network;
  
  a display interface to generate a display on a display device coupled to the set-top box, andan authentication module;
  
  wherein the authentication module includes an encryption key, and wherein the authentication module generates an integrity check value of each data packet of a request to access video content on a remote network, and wherein the authentication module encrypts the integrity check value using the encryption key before sending each data packet of the request to a network device on the local network.
- View Dependent Claims (23, 24)
- - 23. The set-top box of claim 22, wherein the set-top box is configured to share a decryption key corresponding to the encryption key with a residential gateway coupled to the local network.
  - 24. The set-top box of claim 22, wherein the encryption key includes a private key having a corresponding public key available to at least one network device of the local network.

25. A method of securing a network, the method comprising:
- receiving at least one first request to access resources of a remote network from a local network device, wherein the at least one first request comprises a plurality of data packets;
  
  authenticating each data packet of the at least one first request as originating from a trusted local network device; and
  
  sending at least one second request to the remote network, after authenticating each data packet of the at least one first request as originated from the trusted local network device.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The method of claim 25, wherein the at least one first request includes a request to access video content from the remote network.
  - 27. The method of claim 25, wherein authenticating each data packet of the at least one first request comprises decrypting an authentication header of each data packet and verifying the decrypted authentication header.
  - 28. The method of claim 25, further comprising accessing a decryption key to authenticate each data packet of the at least one first request.
  - 29. The method of claim 28, wherein accessing the decryption key comprises receiving the decryption key from the trusted local network device.
  - 30. The method of claim 28, wherein accessing the decryption key comprises receiving the decryption key from a trusted source on the remote network.

31. A computer readable medium tangibly embodying a program of instructions to manipulate a computing platform to:
- receive at least one first request to access resources of a remote network from a local network device, wherein the at least one first request comprises a plurality of data packets;
  
  authenticate each data packet of the at least one first request as originating from a trusted local network device; and
  
  send at least one second request to the remote network, after the at least one first request is authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sbc Knowledge Ventures, L.P.
Original Assignee
SBC Knowledge Ventures LP
Inventors
Raftelis, Michael, Chin, Jae-Sun

Granted Patent

US 8,555,057 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 12/2836   Protocol conversion between...

H04L 2209/60   Digital content management,...

H04L 63/164   at the network layer

H04L 9/3236   using cryptographic hash fu...

System and method for securing a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

58 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links