Method and system for secure cable modem initialization
First Claim
1. In a data-over-cable system including a plurality of network devices, a method of securely initializing a network device, the method comprising the following steps:
- receiving a request a for first configuration file on a first protocol server from a first network device, the first configuration file including a plurality of configuration parameters to initialize the first network device;
adding a unique identifier for the first network device to the first configuration file;
adding a selected time-value to the first configuration file, wherein the selected time-value indicates a sending time for the first configuration file;
calculating a message integrity check value using the unique identifier, the selected time-value and one or more configuration parameters from the first configuration file in a pre-determined order to uniquely identify the first configuration file for the network device;
adding the message integrity check value to the first configuration file; and
sending the first configuration file from the first protocol server to the first network device,wherein the first network device uses the message integrity check value, the unique identifier and the selected-time value indicating when the first message was sent from the first protocol server to verify the integrity of first configuration file.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and system for secure cable modem initialization in a data-over-cable system is provided using a secure protocol server. The method includes sending a unique identifier, such an Internet Protocol ("IP") address and a selected time-value, such as an approximate message send time-value, in a configuration file from a protocol server such as a Trivial File Protocol server ("TFTP"). A message integrity value is calculated using the unique identifier, the selected time-value and one or more configuration parameters in a pre-determined order with a cryptographic hashing function. The message integrity value is added to the configuration file. A cable modem receives the configuration file from the TFTP server and uses the message integrity value to authenticate the configuration file and determine if the configuration file was sent within a pre-determined period of time (e.g., 5 seconds) from the TFTP server. If not, the configuration is discarded by the cable modem. The unique identifier and selected time-value uniquely identify the configuration file for the cable modem and help prevent a rouge user from intercepting a valid cable modem configuration file and using it at a later time to initialize a rouge cable modem. The method and system provide improved security for initializing cable modems in a data-over-cable system.
-
Citations
22 Claims
-
1. In a data-over-cable system including a plurality of network devices, a method of securely initializing a network device, the method comprising the following steps:
-
receiving a request a for first configuration file on a first protocol server from a first network device, the first configuration file including a plurality of configuration parameters to initialize the first network device; adding a unique identifier for the first network device to the first configuration file; adding a selected time-value to the first configuration file, wherein the selected time-value indicates a sending time for the first configuration file; calculating a message integrity check value using the unique identifier, the selected time-value and one or more configuration parameters from the first configuration file in a pre-determined order to uniquely identify the first configuration file for the network device; adding the message integrity check value to the first configuration file; and sending the first configuration file from the first protocol server to the first network device, wherein the first network device uses the message integrity check value, the unique identifier and the selected-time value indicating when the first message was sent from the first protocol server to verify the integrity of first configuration file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In a data-over-cable system including a plurality of network devices, a method of securely initializing a network device, the method comprising the following steps:
-
receiving a first configuration file on a first network device from a first protocol server; and determining whether the first configuration file is valid using a message integrity check value included in the first configuration file, and if so, determining whether the first configuration file was sent within a pre-determined time using a selected time-value from the first configuration file, and if not, rejecting the first configuration file on the first network device. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A secure protocol server for transferring a configuration file to a network device, the secure protocol server comprising:
-
unique identifier extractor, for extracting a unique identifier for a network device from a request message to uniquely identify the configuration file for the network device; time-value selector, for selecting a time-value that is added to the configuration file and used to indicate a send time for the configuration file; message integrity value calculator, for calculating a message integrity value using the unique identifier, selected time-value and one or more configuration parameters to uniquely identify the configuration file for a network device. - View Dependent Claims (19, 20)
-
-
21. In a data-over-cable system including a plurality of cable modems, a method of securely initializing a cable modem, the method comprising the following steps:
-
receiving a request for a first configuration file on a Trivial File Transfer Protocol server from a cable modem, the first configuration file including a plurality of configuration parameters to initialize the cable modem; adding an Internet Protocol address for the cable modem to the first configuration file; adding a selected time-value to the first configuration file, wherein the selected time-value indicates a sending time for the requested first configuration file; calculating a message integrity check value using a cryptographic hashing function with the Internet Protocol address, the selected time-value and one or more configuration parameters from the first configuration file in a predetermined order to uniquely identify the first configuration file for the cable modem; adding the message integrity check value to the first configuration file; and sending the first configuration file from the Trivial File Transfer Protocol server to the cable modem, wherein the cable modem uses the message integrity check value, the unique identifier and the selected time-value indicating when the first configuration file was sent to the cable modem from the Trivial File Transfer Protocol server to verify the integrity of the first configuration file. - View Dependent Claims (22)
-
Specification