System and method for securing a network

US 8,555,057 B2
Filed: 07/21/2006
Issued: 10/08/2013
Est. Priority Date: 07/21/2006
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a residential gateway device to communicate with a remote internet protocol television network; and

a gaming console device to;

receive a private encryption key from the remote internet protocol television network before data packets are sent from the gaming console device to the residential gateway device, wherein the private encryption key is received in response to authorization by an administrator of the remote internet protocol television network; and

send the data packets to the residential gateway device,wherein the data packets are sent to request access to video content from the remote internet protocol television network, wherein the request to access the video content includes a multicast group loin request for a channel, and wherein the data packets include authentication information comprising an IPSec authentication header that includes an integrity check value encrypted using the private encryption key;

wherein the residential gateway device authenticates the data packets using a decryption key in response to receipt of the data packets, wherein the decryption key is received from the remote internet protocol television network, wherein the residential gateway device inhibits the request to access the video content until the residential gateway device authenticates the data packets to determine that the gaming console device is a trusted device and wherein the residential gateway device authenticates the data packets by verifying the integrity check value using the decryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure network is disclosed. The secure network includes a residential gateway to communicate with a remote network and a local network. At least one trusted local device is configured to send communications including data packets with authentication information to the residential gateway to request access to resources of the remote network. The residential gateway inhibits a request received from the local network to access resources on the remote network until the residential gateway uses authentication information to authenticate data packets associated with the request as originating from the at least one trusted local device.

29 Citations

View as Search Results

11 Claims

1. A system comprising:
- a residential gateway device to communicate with a remote internet protocol television network; and
  
  a gaming console device to;
  
  receive a private encryption key from the remote internet protocol television network before data packets are sent from the gaming console device to the residential gateway device, wherein the private encryption key is received in response to authorization by an administrator of the remote internet protocol television network; and
  
  send the data packets to the residential gateway device,wherein the data packets are sent to request access to video content from the remote internet protocol television network, wherein the request to access the video content includes a multicast group loin request for a channel, and wherein the data packets include authentication information comprising an IPSec authentication header that includes an integrity check value encrypted using the private encryption key;
  
  wherein the residential gateway device authenticates the data packets using a decryption key in response to receipt of the data packets, wherein the decryption key is received from the remote internet protocol television network, wherein the residential gateway device inhibits the request to access the video content until the residential gateway device authenticates the data packets to determine that the gaming console device is a trusted device and wherein the residential gateway device authenticates the data packets by verifying the integrity check value using the decryption key.

2. A residential gateway device comprising:
- a processor; and
  
  a memory accessible to the processor, the memory including instructions that, when executed by the processor, cause the processor to perform operations comprising;
  
  receiving, from a gaming console device, data packets indicating a request to access video content from a remote internet protocol television network, wherein the request includes a multicast group loin request for a channel, wherein the data packets include authentication information, the authentication information comprising an IPSec authentication header that includes an integrity check value encrypted using a private encryption key, and wherein the private encryption key is received by the gaming console device from the remote internet protocol television network in response to authorization by an administrator of the remote internet protocol television network and before the gaming console device sends the data packets;
  
  in response to receiving the request;
  
  receiving a decryption key from the remote internet protocol television network; and
  
  authenticating the data packets in the request using the decryption key, wherein authenticating the data packets includes verifying the integrity check value using the decryption key and wherein the request to access the video content is inhibited until the data packets are authenticated to determine that the data packets are received from a trusted device;
  
  in response to determining, based on authentication of the data packets, that the gaming console device is a particular trusted device, sending the data packets to the remote internet protocol television network; and
  
  in response to determining, based on the authentication of the data packets, that the gaming console device is not the particular trusted device, preventing the data packets from being sent to the remote internet protocol television network.
- View Dependent Claims (3)
- - 3. The residential gateway device of claim 2, wherein the operations further comprise inspecting predetermined types of the plurality of data packets.

4. A gaming console device comprising:
- a processor; and
  
  a memory accessible to the processor, the memory including instructions that, when executed by the processor, cause the processor to perform operations comprising;
  
  in response to authorization by an administrator of a remote internet protocol television network, receiving a private encryption key from the remote internet protocol television network before sending data packets to a residential gateway device, wherein the data packets are sent to request access to video content from the remote internet protocol television network and wherein the request to access the video content includes a multicast group loin request for a channel;
  
  generating an integrity check value for inclusion in an IPSec authentication header in authentication information included in the data packets sent to the residential gateway device wherein the integrity check value is encrypted using the private encryption key before the data packets are sent to the residential gateway device; and
  
  sending the data packets to the residential gateway device;
  
  wherein the residential gateway device authenticates the data packets using a decryption key in response to receipt of the data packets, wherein the decryption key is received from the remote internet protocol television network, wherein the residential gateway device inhibits the request to access the video content from the remote internet protocol television network until the residential gateway device authenticates the data packets to determine that the data packets are received from a trusted device, and wherein the residential gateway device authenticates the data packets by verifying the integrity check value of the data packets using the decryption key.

5. A method comprising:
- receiving, at a residential gateway device, from a gaming console device, data packets indicating a request to access video content from a remote internet protocol television network, wherein the data packets include authentication information comprising an IPSec authentication header that includes an integrity check value encrypted using a private encryption key, and wherein the private encryption key is received by the gaming console device from the remote internet protocol television network in response to authorization by an administrator of the remote internet protocol television network and before the gaming console device sends the data packets;
  
  in response to receiving the request;
  
  receiving, at the residential gateway device, a decryption key from the remote internet protocol television network; and
  
  authenticating, at the residential gateway device, the data packets in the request using the decryption key, wherein authenticating the data packets includes verifying the integrity check value using the decryption key and wherein residential gateway device inhibits the request to access the video content until the residential gateway device authenticates the data packets to determine that the data packets are received from a trusted device;
  
  in response to determining, based on the authentication of the data packets, that the gaming console device is a particular trusted device, sending, from the residential gateway device, the data packets to the remote internet protocol television network; and
  
  in response to determining, based on the authentication of the data packets, that the gaming console device is not the particular trusted device, preventing, at the residential gateway device, the data packets from being sent to the remote internet protocol television network.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The method of claim 5, wherein the video content includes video on demand content from the remote internet protocol television network.
  - 7. The method of claim 5, wherein the decryption key is received from a second trusted device associated with the remote internet protocol television network.
  - 8. The method of claim 7, wherein the second trusted device is a client-facing tier switch.
  - 9. The method of claim 5, wherein the decryption key is accessed via a certification authority.
  - 10. The method of claim 5, wherein the private encryption key is received by the claming console device during an initial setup of the gaming console device.

11. A computer readable memory device storing instructions that, when executed by a processor, cause the processor to perform operations comprising:
- receiving, at a residential gateway device, from a gaming console device data packets indicating a request to access video content from a remote internet protocol television network, wherein the request includes a multicast group loin request for a channel, wherein the data packets include authentication information comprising an IPSec authentication header that includes an integrity check value encrypted using a private encryption key, and wherein the private encryption key is received by the gaming console device from the remote internet protocol television network in response to authorization by an administrator of the remote internet protocol television network and before the gaming console device sends the data packets;
  
  in response to receiving the request;
  
  receiving, at the residential gateway device, a decryption key from the remote internet protocol television network; and
  
  authenticating, at the residential gateway device, the data packets using the decryption key, wherein authenticating the data packets includes verifying the integrity check value using the decryption key and wherein the residential gateway device inhibits the request to access the video content until the residential gateway device authenticates the data packets to determine that the data packets are received from a trusted device; and
  
  in response to determining, based on the authentication of the data packets, that the gaming console device is a particular trusted device, sending, from the residential gateway device, the data packets to the remote internet protocol television network; and
  
  in response to determining, based on the authentication of the data packets, that the gaming console device is not the particular trusted device, preventing, at the residential gateway device, the data packets from being sent to the remote internet protocol television network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sbc Knowledge Ventures, L.P.
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Raftelis, Michael, Chin, Jae-Sun
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
CHANG, KENNETH W

Application Number

US11/490,848
Publication Number

US 20080022084A1
Time in Patent Office

2,636 Days
Field of Search

713/161
US Class Current

713/161
CPC Class Codes

H04L 12/2836   Protocol conversion between...

H04L 2209/60   Digital content management,...

H04L 63/164   at the network layer

H04L 9/3236   using cryptographic hash fu...

System and method for securing a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

11 Claims

Specification

Use Cases

Quick Links

Others

System and method for securing a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

11 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others