Bootstrap channel security arrangement for communication network
First Claim
1. Apparatus for enabling on-line modification and upgrading of terminal software in a communication network while maintaining the integrity of communication between a service provider and a subscriber using the network comprising:
- booter means for downloading software via said communications network;
a subscriber terminal, coupled to said communication network, including;
a secret encryption key,means for initiating a communication with said network to receive data downloaded from said booter means,means for storing data downloaded from said booter means, andmeans independent of said downloaded data for computing a checksum from at least a portion of data downloaded from said booter means;
means for testing said checksum for validity;
means for preventing said subscriber terminal from executing software downloaded from said booter means unless the checksum is valid; and
network control center means for maintaining a record of said secret encryption key, whereby encrypted communication between the subscriber terminal and network control center means can take place with the encryption based upon the secret encryption key.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and a method are disclosed to enable on-line modification and upgrading of terminal software in a communication network while maintaining the integrity of communication between a service provider and a subscriber using the network. Software is downloaded on a booter channel on the communication network. A subscriber terminal, coupled to the network initiates a communication with the network to receive downloaded booter data. The downloaded data is stored, and a checksum is computed from at least a portion of the downloaded data. The checksum is tested for validity, and control of the subscriber terminal is released to the downloaded software only if the checksum is valid.
313 Citations
12 Claims
-
1. Apparatus for enabling on-line modification and upgrading of terminal software in a communication network while maintaining the integrity of communication between a service provider and a subscriber using the network comprising:
-
booter means for downloading software via said communications network; a subscriber terminal, coupled to said communication network, including; a secret encryption key, means for initiating a communication with said network to receive data downloaded from said booter means, means for storing data downloaded from said booter means, and means independent of said downloaded data for computing a checksum from at least a portion of data downloaded from said booter means; means for testing said checksum for validity; means for preventing said subscriber terminal from executing software downloaded from said booter means unless the checksum is valid; and network control center means for maintaining a record of said secret encryption key, whereby encrypted communication between the subscriber terminal and network control center means can take place with the encryption based upon the secret encryption key. - View Dependent Claims (2, 3)
-
-
4. Apparatus for protecting a communication network having an upstream communication channel and a downstream communication channel from illegitimate access by an unauthorized party comprising:
-
booter means coupled to said downstream channel for downloading software via said communication network; a subscriber terminal coupled to receive data from said downstream channel and transmit data on said upstream channel, said subscriber terminal including; a secret encryption key, means for receiving and storing data downloaded from said booter means, means for computing a checksum from at least a portion of data downloaded from said booter means, and means for establishing an encrypted communication with said network wherein the encryption is based on sad secret encryption key; network control center means coupled to said communication network and including a record of the secret encryption key for enabling encrypted communication with said subscriber terminal; means for verifying the checksum computed by said subscriber terminal via an encrypted communication established between the subscriber terminal and network control center means; and means for releasing control of said subscriber terminal to data downloaded from said booter means only if the checksum is found to be valid. - View Dependent Claims (5, 6)
-
-
7. A communication network comprising:
-
at least one communication channel; means for downloading data to a subscriber terminal coupled to said communication channel; means for storing downloaded data in said subscriber terminal; means for computing a checksum from at least a portion of downloaded data stored in said subscriber terminal; means for testing the checksum for validity; means for releasing control of said subscriber terminal to the downloaded data only if said checksum is valid; and network control center means coupled to said network for communicating with said subscriber terminal in an encrypted basis, so that checksum data can be passed between the network control center means and the subscriber terminal for validity testing without infiltration by an unauthorized party. - View Dependent Claims (8)
-
-
9. A terminal, for use in communicating on a communication network, comprising:
-
means for tuning to a booter channel on said network; means for receiving and storing a booter image downloaded on the booter channel; means for computing a checksum from at least a portion of data contained in said booter image; means for establishing an encrypted communication with another device coupled to said network to determine whether the computed checksum is valid; and means for executing software contained in said booter image to access a desired service available on said network only if the checksum proves to be valid. - View Dependent Claims (10)
-
-
11. A method for preventing unauthorized parties from illegitimate access to a communication network in which a booter image is downloaded to subscriber terminals coupled to the network, comprising the steps of:
-
embedding in a booter image a portion of data for use in computing a checksum; computing a checksum from booter image data downloaded into a subscriber terminal; computing the proper checksum which should result from the booter image if the booter image is properly received by the subscriber terminal; comparing the checksum computed from the booter image downloaded into the subscriber terminal with the checksum computed from the known booter image using a encrypted communication on said network; and releasing control of said subscriber terminal to the downloaded booter image only if the checksum computed by the subscriber terminal matches the proper checksum for the booter image. - View Dependent Claims (12)
-
Specification