Method and system for secure cable modem initialization

US 6,070,246 A
Filed: 02/04/1998
Issued: 05/30/2000
Est. Priority Date: 02/04/1998
Status: Expired due to Term

First Claim

Patent Images

1. In a data-over-cable system including a plurality of network devices, a method of securely initializing a network device, the method comprising the following steps:

receiving a request a for first configuration file on a first protocol server from a first network device, the first configuration file including a plurality of configuration parameters to initialize the first network device;

adding a unique identifier for the first network device to the first configuration file;

adding a selected time-value to the first configuration file, wherein the selected time-value indicates a sending time for the first configuration file;

calculating a message integrity check value using the unique identifier, the selected time-value and one or more configuration parameters from the first configuration file in a pre-determined order to uniquely identify the first configuration file for the network device;

adding the message integrity check value to the first configuration file; and

sending the first configuration file from the first protocol server to the first network device,wherein the first network device uses the message integrity check value, the unique identifier and the selected-time value indicating when the first message was sent from the first protocol server to verify the integrity of first configuration file.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for secure cable modem initialization in a data-over-cable system is provided using a secure protocol server. The method includes sending a unique identifier, such an Internet Protocol ("IP") address and a selected time-value, such as an approximate message send time-value, in a configuration file from a protocol server such as a Trivial File Protocol server ("TFTP"). A message integrity value is calculated using the unique identifier, the selected time-value and one or more configuration parameters in a pre-determined order with a cryptographic hashing function. The message integrity value is added to the configuration file. A cable modem receives the configuration file from the TFTP server and uses the message integrity value to authenticate the configuration file and determine if the configuration file was sent within a pre-determined period of time (e.g., 5 seconds) from the TFTP server. If not, the configuration is discarded by the cable modem. The unique identifier and selected time-value uniquely identify the configuration file for the cable modem and help prevent a rouge user from intercepting a valid cable modem configuration file and using it at a later time to initialize a rouge cable modem. The method and system provide improved security for initializing cable modems in a data-over-cable system.

140 Citations

22 Claims

1. In a data-over-cable system including a plurality of network devices, a method of securely initializing a network device, the method comprising the following steps:
- receiving a request a for first configuration file on a first protocol server from a first network device, the first configuration file including a plurality of configuration parameters to initialize the first network device;
  
  adding a unique identifier for the first network device to the first configuration file;
  
  adding a selected time-value to the first configuration file, wherein the selected time-value indicates a sending time for the first configuration file;
  
  calculating a message integrity check value using the unique identifier, the selected time-value and one or more configuration parameters from the first configuration file in a pre-determined order to uniquely identify the first configuration file for the network device;
  
  adding the message integrity check value to the first configuration file; and
  
  sending the first configuration file from the first protocol server to the first network device,wherein the first network device uses the message integrity check value, the unique identifier and the selected-time value indicating when the first message was sent from the first protocol server to verify the integrity of first configuration file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 1.
  - 3. The method of claim 1 wherein the step of calculating a message integrity check value includes calculating the message integrity check value with a cryptographic hashing function.
  - 4. The method of claim 3 wherein the cryptographic hashing function is MD5.
  - 5. The method of claim 1 wherein the step of adding a unique identifier for the first network device to the configuration file includes adding an Internet Protocol address for the first network device to the first configuration file.
  - 6. The method of claim 1 wherein the first network device is a cable modem and the first protocol server is a secure Trivial File Transfer Protocol server.
  - 7. The method of claim 1 wherein the first configuration file is a cable modem configuration file used to initialize a cable modem in the data-over-cable system.
  - 8. The message of claim 1 wherein the selected time-value is a number of seconds the first network device has been executing.
  - 9. The method of claim 8 wherein the number of seconds the first network device has been executing includes the number of seconds the first network device has been executing since time 00:
    - 00 on Jan. 1, 1970.
  - 10. The method of claim 1 wherein the step of calculating a message integrity check value includes:
    - calculating a first message integrity value using the unique identifier, the selected time-value and one or more configuration parameters from the first configuration file in a predetermined order;
      
      adding the first message integrity value to the first configuration file;
      
      calculating a second message integrity value using the unique identifier, the selected time-value, one or more configuration parameters from the first configuration file and the first message integrity value in a pre-determined order; and
      
      adding the second message integrity value to first configuration file as the message integrity value.

11. In a data-over-cable system including a plurality of network devices, a method of securely initializing a network device, the method comprising the following steps:
- receiving a first configuration file on a first network device from a first protocol server; and
  
  determining whether the first configuration file is valid using a message integrity check value included in the first configuration file, and if so,determining whether the first configuration file was sent within a pre-determined time using a selected time-value from the first configuration file, and if not,rejecting the first configuration file on the first network device.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 11.
  - 13. The method of claim 11 wherein the first network device is a cable modem and the first protocol server is a secure Trivial File Transfer Protocol server.
  - 14. The method of claim 11 wherein the message integrity check value includes a first unique identifier for the first network device, a selected time-value indicating a sending time for the first configuration file and a plurality of configuration parameters used to configure the first network device.
  - 15. The method of claim 11 wherein the step of determining whether the first configuration file is valid using a message integrity check value included in the first configuration file includes calculating a second message integrity value using a cryptographic hashing function and comparing it to the message integrity check value.
  - 16. The method of claim 15 wherein the cryptographic hashing function is MD5.
  - 17. The method of claim 11 further comprising:
    - determining whether the first configuration file was sent within a predetermined time using a selected time-value from the first message integrity check value, wherein the first message integrity check value includes a unique identifier for the first network device and a selected time-value, and if so,accepting the configuration file on first network device; and
      
      initializing the first network device using configuration parameters from the first configuration file.

18. A secure protocol server for transferring a configuration file to a network device, the secure protocol server comprising:
- unique identifier extractor, for extracting a unique identifier for a network device from a request message to uniquely identify the configuration file for the network device;
  
  time-value selector, for selecting a time-value that is added to the configuration file and used to indicate a send time for the configuration file;
  
  message integrity value calculator, for calculating a message integrity value using the unique identifier, selected time-value and one or more configuration parameters to uniquely identify the configuration file for a network device.
- View Dependent Claims (19, 20)
- - 19. The secure protocol server of claim 18 wherein the secure protocol server is a secure Trivial File Transfer Protocol server.
  - 20. The secure protocol server of claim 18 wherein the network device is a cable modem and the unique identifier selector selects an Internet Protocol address for a network device.

21. In a data-over-cable system including a plurality of cable modems, a method of securely initializing a cable modem, the method comprising the following steps:
- receiving a request for a first configuration file on a Trivial File Transfer Protocol server from a cable modem, the first configuration file including a plurality of configuration parameters to initialize the cable modem;
  
  adding an Internet Protocol address for the cable modem to the first configuration file;
  
  adding a selected time-value to the first configuration file, wherein the selected time-value indicates a sending time for the requested first configuration file;
  
  calculating a message integrity check value using a cryptographic hashing function with the Internet Protocol address, the selected time-value and one or more configuration parameters from the first configuration file in a predetermined order to uniquely identify the first configuration file for the cable modem;
  
  adding the message integrity check value to the first configuration file; and
  
  sending the first configuration file from the Trivial File Transfer Protocol server to the cable modem,wherein the cable modem uses the message integrity check value, the unique identifier and the selected time-value indicating when the first configuration file was sent to the cable modem from the Trivial File Transfer Protocol server to verify the integrity of the first configuration file.
- View Dependent Claims (22)
- - 22. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 21.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
3Com Corporation (HP Inc.)
Inventors
Beser, Nurettin B.
Primary Examiner(s)
Butler, Dennis M.
Assistant Examiner(s)
OMAR, OMAR B

Application Number

US09/018,756
Time in Patent Office

846 Days
Field of Search

713/200, 713/201, 713/1, 707/203, 709/219, 709/217, 709/220, 380/23, 380/30
US Class Current

726/2
CPC Class Codes

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5014   using dynamic host configur...

H04L 61/5053   Lease time; Renewal aspects

H04L 63/12   Applying verification of th...

H04L 67/06   specially adapted for file ...

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Method and system for secure cable modem initialization

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

140 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure cable modem initialization

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links