Method and system for secure cable modem registration

US 6,170,061 B1
Filed: 02/04/1998
Issued: 01/02/2001
Est. Priority Date: 02/04/1998
Status: Expired due to Term

First Claim

Patent Images

1. In a data-over-cable system including a plurality of network devices, a method of securely registering a network device, the method comprising the following steps:

receiving a first configuration file on a first network device from a first protocol server, the first configuration file including a plurality of configuration parameters;

creating a first message on the first network device including one or more configuration parameters from the first configuration file;

adding a unique identifier for the first network device to the first message;

adding a selected time-value to the first message, wherein the selected time-value indicates a sending time for the first message;

calculating a message integrity check value using the unique identifier, the selected time-value and one or more configuration parameters from the first configuration file in a pre-determined order to uniquely identify the configuration information for the network device;

adding the message integrity check value to the first message; and

sending the first message from the first network device to a second network device, wherein the second network device uses the message integrity check value, the unique identifier of the first network device and the selected time-value to verify the integrity of the first message.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for secure cable modem initialization in a data-over-cable system is provided. The method includes sending a unique identifier, such an Internet Protocol (“IP”) address and a selected time-value, such as an approximate message send time-value, in a registration request message. A message integrity check value is calculated using the unique identifier, the selected time-value and one or more configuration parameters in a pre-determined order. The message integrity check value is added to the registration request message. A cable modem termination system receives the registration request message and uses the message integrity check value to authenticate the message and determine if the registration request message was sent within a pre-determined period of time (e.g., 1 second) from a recognized cable modem. If not, the registration request message is discarded and a log file entry is added to a log file with information from the registration request message (e.g., network level and data-link level network addresses). The network address and selected time-value uniquely identify the cable modem and help prevent a rouge user from intercepting a valid cable modem registration request message and using it at a later time to register a rouge cable modem. The log file helps track rouge users attacking the data-over-cable system. The method and system provide improved security for registering cable modems in a data-over-cable system.

222 Citations

23 Claims

1. In a data-over-cable system including a plurality of network devices, a method of securely registering a network device, the method comprising the following steps:
- receiving a first configuration file on a first network device from a first protocol server, the first configuration file including a plurality of configuration parameters;
  
  creating a first message on the first network device including one or more configuration parameters from the first configuration file;
  
  adding a unique identifier for the first network device to the first message;
  
  adding a selected time-value to the first message, wherein the selected time-value indicates a sending time for the first message;
  
  calculating a message integrity check value using the unique identifier, the selected time-value and one or more configuration parameters from the first configuration file in a pre-determined order to uniquely identify the configuration information for the network device;
  
  adding the message integrity check value to the first message; and
  
  sending the first message from the first network device to a second network device, wherein the second network device uses the message integrity check value, the unique identifier of the first network device and the selected time-value to verify the integrity of the first message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the step of calculating a message integrity check value includes calculating the message integrity check value with a cryptographic hashing function.
  - 3. The method of claim 2 wherein the cryptographic hashing function is MD5.
  - 4. The method of claim 1 wherein the step of adding a unique identifier for the first network device to the first message includes adding any of Internet Protocol address or a Medium Access Protocol Address for the network device to the first message.
  - 5. The method of claim 1 wherein the first network device is a cable modem the second network device is a cable modem termination system and the first protocol server is a Trivial File Transfer Protocol server.
  - 6. The method of claim 1 wherein the first message is a cable modem registration request message used to register a cable modem in the data-over-cable system.
  - 7. The message of claim 1 wherein the selected time-value is a number of seconds the first network device has been executing.
  - 8. The method of claim 7 wherein the number of seconds the first network device has been executing includes the number of seconds the first network device has been executing since time 00:
    - 00 on Jan. 1, 1970.
  - 9. The method of claim 1 wherein the step of calculating a message integrity check value includes:
10. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 1.

11. In a data-over-cable system including a plurality of network devices, a method of registering a network device, the method comprising the following steps:
- receiving a first message on a second network device from a first network device; and
  
  determining whether the first message is valid using a first message integrity check value included in the first message, and if so, determining whether the first message was sent within a pre-determined time using a selected time-value from the first message, and if not, discarding the first message;
  
  creating a log entry in a log file on the second network device with a plurality of information from the first message, wherein the log entry is used to determine where the discarded first message was sent from in the data-over-cable system; and
  
  sending a second message to the first network device as a response to the first message indicating rejection of the first message.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The method of claim 11 wherein the first network device is a cable modem, the first message is a cable modem registration request message, and the second network device is a cable modem termination system.
  - 13. The method of claim 11 wherein the message integrity check value includes a first unique identifier for the first network device, a selected time-value indicating a sending time for the first message and a plurality of configuration parameters used to configure the first network device.
  - 14. The method of claim 11 wherein the step of creating a log entry in a log file includes creating a log entry including a first network address, a second network address and the selected time-value.
  - 15. The method of claim 14 wherein the first network address is a network level network address and the second network address is a data-link level network address.
  - 16. The method of claim 15 wherein the network level address is an Internet Protocol address and the data-link level network address is a Medium Access Control address.
  - 17. The method of claim 11 wherein the step of determining whether the first message is valid using a message integrity check value included in the first message includes calculating a second message integrity check value using a cryptographic hashing function and comparing it to the fist message integrity check value.
  - 18. The method of claim 17 wherein the cryptographic hashing function is MD5.
  - 19. The method of claim 11 further comprising:
20. The method of claim 19 wherein the first message is a cable modem registration request message, the second message is a cable modem registration response message, the first network device is a cable modem, and the second network device is a cable modem termination system.
21. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 11.

22. In a data-over-cable system including a plurality of cable modems, a method of securely registering a cable modem, the method comprising the following steps:
- receiving a first configuration file on a cable modem from a Trivial File Transfer Protocol server, the first configuration file including a plurality of configuration parameters to configure the cable modem;
  
  creating a registration request message on the cable modem including configuration parameters from the first configuration file;
  
  adding an Internet Protocol address for the cable modem to the registration request message;
  
  adding a selected time-value to the registration request message, wherein the selected time-value indicates a sending time of the registration request message;
  
  calculating a message integrity check value using a cryptographic hashing function with the Internet Protocol address, the selected time-value and one or more configuration parameters from the first configuration file in a pre-determined order to uniquely identify the configuration parameters for the cable modem;
  
  adding the message integrity check value to the registration request message; and
  
  sending the registration request message from the cable modem to a cable modem termination system, wherein the cable modem termination system uses the registration request message integrity check value, the Internet Protocol address for the cable modem and a selected time-value indicating when the registration request message was sent from the cable modem to verify the integrity of the registration request message.
- View Dependent Claims (23)
- - 23. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 22.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
3Com Corporation (HP Inc.)
Inventors
Beser, Nurettin B.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Baderman, Scott T.

Application Number

US09/018,372
Time in Patent Office

1,063 Days
Field of Search

713/201, 713/162, 713/181, 713/151, 713/153, 713/154, 713/160, 713/170, 713/161, 380/256, 380/257, 380/266, 379/93.01
US Class Current

726/3
CPC Class Codes

H04L 63/12 Applying verification of th...

H04N 7/17345 Control of the passage of t...

Method and system for secure cable modem registration

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

222 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Method and system for secure cable modem registration

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

222 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others