Method to block unauthorized access to TFTP server configuration files
First Claim
1. A method for providing restricted transmissions of cable modem (CM) configuration files maintained on a trivial file transfer protocol server (TFTP), the method comprising:
- using a dynamic host configuration protocol (DHCP) server to associate an un-modified CM configuration filename to a cable modem Internet protocol (IP) address upon receipt of a DHCP REQUEST;
storing a coordination pass phrase on a DHCP server and a TFTP server;
generating a first authentication key;
creating a modified CM configuration filename by combining a CM configuration filename with the authentication key;
transmitting the modified CM configuration filename to the cable modem in a DHCP RESPONSE;
transmitting the modified CM configuration filename from the cable modem to the TFTP server;
parsing the modified CM configuration filename into the un-modified CM configuration filename;
generating a second authentication key;
transmitting the CM configuration file to the cable modem only if the first authentication key matches the second authentication key;
wherein the first authentication key and the second authentication key depend upon the un-modified CM configuration filename, the cable modem IP address and the coordination pass phrase; and
wherein the coordination pass phrase is not known to the cable modem.
7 Assignments
0 Petitions
Accused Products
Abstract
The present invention teaches methods and systems for blocking unauthorized access to cable modem configuration files stored on trivial file transfer protocol (TFTP) servers. Filenames are modified by the DHCP to incorporate an authentication key (and optional cloaking) prior to transmission to the cable modem. When the TFTP server receives a modified filename, it also generates an authentication key. The authentication keys must match in order for the cable modem to receive the configuration file requested. At a minimum, authentication keys depend upon the un-modified filename, the cable modem IP address and a “coordination pass phrase” known to the TFTP server and DHCP server, but not known to the cable modem. Variations include optional cloaking, various actions performed for non-matching authentication keys, selection of authentication key generating algorithm and inclusion of cable modem MAC address in the authentication key for all cable modems or for premium service customer cable modems.
-
Citations
51 Claims
-
1. A method for providing restricted transmissions of cable modem (CM) configuration files maintained on a trivial file transfer protocol server (TFTP), the method comprising:
-
using a dynamic host configuration protocol (DHCP) server to associate an un-modified CM configuration filename to a cable modem Internet protocol (IP) address upon receipt of a DHCP REQUEST; storing a coordination pass phrase on a DHCP server and a TFTP server; generating a first authentication key; creating a modified CM configuration filename by combining a CM configuration filename with the authentication key; transmitting the modified CM configuration filename to the cable modem in a DHCP RESPONSE; transmitting the modified CM configuration filename from the cable modem to the TFTP server; parsing the modified CM configuration filename into the un-modified CM configuration filename; generating a second authentication key; transmitting the CM configuration file to the cable modem only if the first authentication key matches the second authentication key; wherein the first authentication key and the second authentication key depend upon the un-modified CM configuration filename, the cable modem IP address and the coordination pass phrase; and
wherein the coordination pass phrase is not known to the cable modem. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for providing restricted transmissions of cable modem (CM) configuration files maintained on a trivial file transfer protocol server (TFTP), the method comprising:
-
using a dynamic host configuration protocol (DHCP) server to associate an un-modified CM configuration filename to a cable modem Internet protocol (IP) address upon receipt of a DHCP REQUEST; storing a coordination pass phrase on a DHCP server and a TFTP server; generating a first authentication key; creating a modified CM configuration filename by combining a CM configuration filename with the authentication key; creating a cloaked modified CM configuration filename by cloaking the modified CM configuration filename; transmitting the cloaked modified CM configuration filename to the cable modem in a DHCP RESPONSE; transmitting the cloaked modified CM configuration filename from the cable modem to the TFTP server; de-cloaking the cloaked modified CM configuration filename to obtain the modified CM configuration filename; parsing the modified CM configuration filename into the un-modified CM configuration filename; generating a second authentication key; transmitting the CM configuration file to the cable modem only if the first authentication key matches the second authentication key; wherein the first authentication key and the second authentication key depend upon the un-modified CM configuration filename, the cable modem IP address and the coordination pass phrase; and
wherein the coordination pass phrase is not known to the cable modem. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for providing restricted transmissions of cable modem (CM) configuration files maintained on a trivial file transfer protocol server (TFTP), the method comprising:
-
using a dynamic host configuration protocol (DHCP) server to associate an un-modified CM configuration filename to a cable modem Internet protocol (IP) and a cable modem media access control address upon receipt of a DHCP REQUEST; storing a coordination pass phrase on a DHCP server and a TFTP server; generating a first authentication key; creating a modified CM configuration filename by combining a CM configuration filename with the authentication key; transmitting the modified CM configuration filename to the cable modem in a DHCP RESPONSE; transmitting the modified CM configuration filename from the cable modem to the TFTP server; separately obtaining the cable modem media access control address associated with the cable modem IP address; parsing the modified CM configuration filename into the un-modified CM configuration filename; generating a second authentication key; transmitting the CM configuration file to the cable modem only if the first authentication key matches the second authentication key; wherein the first authentication key and the second authentication key depend upon the un-modified CM configuration filename, the cable modem IP address, the coordination pass phrase and the cable modem media access control address; and
wherein the coordination pass phrase is not known to the cable modem. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A method for providing restricted transmissions of cable modem (CM) configuration files maintained on a trivial file transfer protocol server (TFTP), the method comprising:
-
using a dynamic host configuration protocol (DHCP) server to associate an un-modified CM configuration filename to a cable modem Internet protocol (IP) and a cable modem media access control address upon receipt of a DHCP REQUEST; storing a coordination pass phrase on a DHCP server and a TFTP server; generating a first authentication key; creating a modified CM configuration filename by combining a CM configuration filename with the authentication key; creating a cloaked modified CM configuration filename by cloaking the modified CM configuration filename; transmitting the cloaked modified CM configuration filename to the cable modem in a DHCP RESPONSE; transmitting the cloaked modified CM configuration filename from the cable modem to the TFTP server; separately obtaining the cable modem media access control address associated with the cable modem IP address; de-cloaking the cloaked modified CM configuration filename to obtain the modified CM configuration filename; parsing the modified CM configuration filename into the un-modified CM configuration filename; generating a second authentication key; transmitting the CM configuration file to the cable modem only if the first authentication key matches the second authentication key; wherein the first authentication key and the second authentication key depend upon the un-modified CM configuration filename, the cable modem IP address, the coordination pass phrase and the cable modem media access control address; and
wherein the coordination pass phrase is not known to the cable modem. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
Specification