WO2001080528A2 - Method and apparatus for test and verification of field and terminal equipment - Google Patents

Method and apparatus for test and verification of field and terminal equipment Download PDF

Info

Publication number
WO2001080528A2
WO2001080528A2 PCT/US2001/012215 US0112215W WO0180528A2 WO 2001080528 A2 WO2001080528 A2 WO 2001080528A2 US 0112215 W US0112215 W US 0112215W WO 0180528 A2 WO0180528 A2 WO 0180528A2
Authority
WO
WIPO (PCT)
Prior art keywords
equipment
unit
licensed
identifier sequence
digital signature
Prior art date
Application number
PCT/US2001/012215
Other languages
French (fr)
Other versions
WO2001080528A3 (en
Inventor
Bradley Yearwood
David J. Manley
Original Assignee
Next Level Communications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Next Level Communications filed Critical Next Level Communications
Priority to AU5350101A priority Critical patent/AU5350101A/en
Priority to CA002406093A priority patent/CA2406093A1/en
Publication of WO2001080528A2 publication Critical patent/WO2001080528A2/en
Publication of WO2001080528A3 publication Critical patent/WO2001080528A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Definitions

  • Digital telecommunications networks can provide both traditional telecommunications services such as Plain Old Telephony Service (POTS) as well as advanced services such as Switched Digital Video (SDV) and high-speed data access. Because of this range of services, it is likely that digital networks will be widely deployed. In a widespread deployment of digital networks, millions of homes will connect to the digital network. It is also likely that there will be a device located within the home to provide a central connectivity point to the digital network, digital to analog conversion, and supporting communications with multiple locations within the home (e.g., telephone, computer, television) . A centrally located in-home device is usually referred to as a Residential Gateway (RG) .
  • RG Residential Gateway
  • Faulty operation of an RG may take place due to the fact that the unit has an electrical failure, or may occur due to an error in software.
  • an RG may be incompatible with a particular digital network due to design flaws or faulty manufacturing.
  • Key aspects in the operation of the RG include the proper functioning of any Application Specific Integrated Circuits (ASICs) in the unit, proper functioning of the state machine that controls the various operations of the telephone connections, and the ability to properly test the communications channel formed by the RG and the drop line cable to the digital network.
  • ASICs Application Specific Integrated Circuits
  • Previous practice in electronically identified equipment has typically stored equipment identity information in a write-once or write-mostly non-volatile memory.
  • This identity information may indicate equipment type, revision level, manufacturing and warranty tracking information, such as a factory site code and serial number.
  • Such electronic verification and authorization mechanisms are easily pirated or copied. Consequently, misappropriated, unauthorized, or low quality units may preclude the digital network from proper operation or may prevent proper service provisioning by the telephone company or service provider.
  • the present invention discloses a method and apparatus for authenticating units of equipment, and verifying the authenticity of the unit when it is installed in a network environment.
  • a method of generating an authenticated unit of equipment such as a unit of equipment like a Residential Gateway (RG) , for use within a digital network, such as a Fiber- to-the-Curb (FTTC) network
  • the method includes storing an equipment identifier sequence, a unique sequence associated with each unit of equipment, within the unit of equipment.
  • a unique data sequence known as a digital signature, is then generated for each unit of equipment.
  • the method utilizes the Digital Signature Standard (DSS) algorithm to generate the digital signature.
  • the algorithm utilizes the equipment identifier sequence and a combination of public and private keys to generate the digital signature. The private keys are only used in the generation of the digital signature and are then discarded. This digital signature is then stored in the unit of equipment.
  • DSS Digital Signature Standard
  • the digital signature along with the equipment identifier sequence is what authenticates the unit of equipment.
  • .the method includes generating authenticated licensed units of equipment.
  • the equipment identifier sequence includes a licensing authorization code.
  • a unit of equipment which can be authenticated is disclosed.
  • the unit of equipment must contain, non-volatile memory in order to be authenticated, so that it can store the equipment identifier sequence and the digital signature therein.
  • the units of equipment are licensed units of equipment in which case the equipment identifier sequence includes licensing data.
  • a method of initializing an authenticated unit of equipment that is placed within a digital network is disclosed. Once the digital network detects that a new unit of equipment has been installed and signed on to the digital network, the digital network sends a request for authentication to the unit of equipment. The unit of equipment then transmits the equipment identifier sequence and the digital signature to the digital network. Based on an authentication family identified within the equipment identifier sequence, the digital network determines the public keys necessary to validate the digital signature. If the digital signature is validated, the digital network downloads operational software to the unit of equipment.
  • the unit of equipment must be capable of storing the equipment identifier sequence and the digital signature therein. It must be further capable of transmitting data to the digital network (i.e., the equipment identifier sequence, the digital signature) , and receiving data from the digital network (request for authentication data, operational software) .
  • the digital network must be capable of determining the presence of a unit of equipment within the digital network, sending data to the unit of equipment (request for authentication data, operational software) , receiving data from the unit of equipment (i.e., the equipment identifier sequence, the digital signature) , generating the necessary public keys, and authenticating the digital signature.
  • an unauthenticated unit of equipment that has an equipment identifier sequence and a digital signature, copied from an authenticated unit of equipment, stored therein to be initialized within the digital network.
  • a method of ensuring only authenticated, licensed, and operationally suitable units of equipment are used within a networked environment includes establishing authentication families and advising the networked environment of these.
  • the authentication families can be based on authentication type and license.
  • the authentication family may also be based on serial number.
  • the networked environment will not authenticate a unit of equipment that doesn't have a valid authentication family.
  • the networked environment will be advised of invalid licensee's and/or serial numbers and will not authenticate units having these invalid numbers.
  • Fig. 1 illustrates a hybrid-fiber-coax (HFC) access system
  • Fig. 2 illustrates a fiber-to-the-curb (FTTC) access system
  • Fig. 3 illustrates an FTTC access system including a residential gateway (RG) , and a coaxial drop line cable connecting the FTTC access system and the RG;
  • RG residential gateway
  • Fig. 4 illustrates a Digital Subscriber Line (DSL) access system including an RG, and a twisted wire pair drop line cable connecting the DSL access system and the RG;
  • DSL Digital Subscriber Line
  • Fig. 5 illustrates the contents of the equipment identifier sequence, according to one embodiment of the invention
  • Fig. 6 illustrates a digital signature that is generated from the equipment identifier sequence, according to one embodiment of the invention
  • Fig. 7 illustrates the process of generating the digital signature, according to one embodiment of the invention
  • Fig. 8 illustrates a process for initializing and authenticating a unit of equipment, according to one embodiment
  • Fig. 9 illustrates a process for initializing and authenticating a unit of equipment, according to one embodiment.
  • Fig. 1 illustrates a Hybrid-Fiber-Coax (HFC) digital network in which various devices within a residence 190 are connected to a Video Network (VN) 408 and/or a Data and Voice Network (DVN) 404.
  • the devices in the residence 190 can include a Premises Interface Device (PID) 196 connected to a telephone 194, a television (TV) set-top converter 198 connected to a TV 199, a Ethernet Bridge or Router (EBR) 191 connected to a computer 193, or other devices.
  • PID Premises Interface Device
  • TV television
  • EBR Ethernet Bridge or Router
  • a cable Head End (HE) 400 is connected upstream to the DVN 404 and the VN 408.
  • the physical interface to the DVN 404 may be copper wire pairs carrying either Digital Signal (DS)-l or DS-3 signals.
  • the physical interface to the VN 408 may be via a wide area network (WAN) .
  • WAN wide area network
  • the cable HE 400 is connected downstream to a plurality of optical to electrical (O/E) nodes 410 (only one illustrated) with fiber optic cables 160.
  • the O/E nodes 410 are located within the communities serviced by the HFC network. Each O/E node 410 provides service for up to 500 residences within the given community. Since such a large number of users are being serviced by one O/E node 410, amplifiers 420 are required.
  • the O/E node 410 connects to the residence 190 via coaxial cable 170.
  • the coaxial cable 170 is received by a splitter 177 within the residence 190 so that internal coaxial wiring 171 can route the data bei-ng transmitted to the various devices.
  • Each device connected to the internal coaxial wiring 171 will require an interface sub-system which can convert the current format of the signal being transmitted over the internal coaxial wiring 171 to the service interface required by the devices (i.e., telephone, TV, computer, or other devices) .
  • the PID 196 extracts time division multiplexed information carried on the internal coaxial wiring and generates a telephone signal compatible with the telephone 194.
  • the TV set-top 198 converts digital video signals to analog signals compatible with the TV 199.
  • the EBR 191 generates a signal compatible with the computer 193.
  • Fig. 2 illustrates a Fiber-to-the-Curb (FTTC) network in which various devices in the residence 190 are connected to a Public Switched Telecommunications Network (PSTN) 100 or an Asynchronous Transfer Mode (ATM) network 110.
  • PSTN Public Switched Telecommunications Network
  • ATM Asynchronous Transfer Mode
  • the devices in the residence 190 can include telephones 194 (with or without a PID 196), TV 199 with a TV set-top 198, and computer 193 with an EBR 191.
  • a Host Digital Terminal (HDT) 130 is connected to the PSTN 100 and the ATM network 110.
  • HDT Host Digital Terminal
  • a PSTN-HDT interface 103 is specified by standards bodies, such as Bellcore specifications TR-TSY-000008, TR-NWT-000057 or GR-NWT-000303. The Bellcore standards are incorporated herein by reference.
  • the HDT 130 can also receive special service signals from private or non-switched public networks.
  • the physical interface to the PSTN 100 may be twisted wire pairs carrying DS-1 signals, or optical fibers carrying Optical Carrier (OC)-3 optical signals.
  • An ATM network-HDT interface 113 can be realized using an OC-3 or OC-12c optical interface carrying ATM cells.
  • the HDT 130 has three OC-12c broadcast ports, which receive signals carrying ATM cells, and one OC-12c interactive port which receives and transmits signals.
  • An element management system (EMS) 150 is connected to the HDT 130 and forms part of an Element Management Layer (EML) which is used to provision services and equipment on the FTTC network, in the central office where the HDT 130 is located, in the field, or in the residences 190.
  • EML Element Management Layer
  • the EMS 150 is software based and can be run on a personal computer in which case it will support one HDT 130 and the associated digital network equipment connected to it, or can be run on a workstation to support multiple HDTs 130 and the associated digital network equipment.
  • Optical Network Units (ONUs) 140 are located in the serving area and are connected to the HDT 130 via optical fiber 160.
  • Digital signals having a format which is similar to the Synchronous Digital Hierarchy (SDH) format, are transmitted to and from each ONU 140 over the optical fiber 160 at a rate of at least 155 Mb/s, and preferably 622 Mb/s.
  • the optical fiber 160 is a single-mode fiber and a dual wavelength transmission scheme is used to communicate between the ONU 140 and the HDT 130.
  • a single wavelength scheme is used in which low reflectivity components are used to permit transmission and reception on one fiber.
  • a Telephony Interface Unit (TIU) 145 in the ONU 140 generates analog Plain Old Telephone Service (POTS) signals which are transported to the residence 190 via a twisted wire pair, drop line cable 180.
  • POTS Plain Old Telephone Service
  • NID Network interface Device
  • the TIU 145 generates POTs signals for six residences 190, each having a separate twisted wire pair, drop line cable 180 connected to the ONU 140.
  • a Broadband Interface Unit (BIU) 152 is located in the ONU 140. and generates broadband signals which contain video, data and voice information.
  • the BIU 152 modulates data onto a RF carrier and transmits the data to the residence 190 over media 170, such as a coaxial, drop line cable or a twisted wire pair, drop line cable.
  • Fig. 2 illustrates the media 170 as the coaxial drop line cable.
  • the media 170 connects to the residence 190 at a splitter 177. The data then travels from the splitter 177 to the devices within the residence 190 over coaxial wiring 171 internal to the residence 190.
  • Each device connected to the internal coaxial wiring 171 will require an interface sub-system which can convert the current format of the signal being transmitted over the internal coaxial wiring 171 to the service interface required by the devices (i.e., telephone 194, TV 199, computer 193, or other devices) .
  • each ONU 140 is served by each HDT 130 and each ONU 140 serves 16 residences 190. In an alternate embodiment, each ONU 140 serves 8 residences 190.'
  • the NID .183 is located external to the residence 190, at what is known in the industry as the network demarcation point.
  • the NID 183 is a passive device whose principal functions are lightning protection and the ability to troubleshoot the network by allowing connection of a telephone 194 to the twisted wire pair, drop line cable 180 to determine if wiring problems exist on the internal twisted wire pairs 181.
  • Fig. 3 illustrates a residential gateway (RG) 200 located within the residence 190.
  • the digital network is an FTTC network and the media 170 is a coaxial, drop line cable for connecting to and communicating with the RG 200.
  • the RG 200 generates signals compatible with the devices (i.e., telephone 194, TV 199, and the computer 193) in the residence 190, thus reducing the number of interface subsystems required.
  • the computer 193 does not need the EBR 191
  • the telephone 194 does not need the PID 196
  • the TVs 199 do not require the set-top converters 198.
  • the RG 200 can produce TV signals as S- video signals and transmit the S-video signals to a TV 199 located in close proximity to the RG 200 using S-video cables 205.
  • Additional devices 192 such as additional TVs 199, which are remotely located from the RG 200 (hereinafter referred to as remotely located TVs 199) may be connected to the RG 200.
  • each of the remotely located TVs 199 may be connected to the RG 200 via media 210, such as internal coaxial cable, and the splitter 177 (this type of connection is known as a point-to- multipoint connection) .
  • each remotely located TV 199 may be directly connected to the RG 200 with the media 210 (this type of connection is known as a point-to-point connection) .
  • Fig. 4 illustrates an embodiment, in which the digital ' network is a Digital Subscriber Line (DSL) network.
  • the ONU 140 is replaced with a Universal Service Access Multiplexer (USAM) 340.
  • the USAM 340 is located in the serving area, and is connected to the HDT 130 via optical fiber 160.
  • a twisted wire pair, drop line cable 180 provides communications to and from the RG 200.
  • the USAM 340 includes a xDSL modem 350 which provides for the transmission of high-speed digital data to and from the residence 190, over the twisted wire pair, drop line cable 180.
  • xDSL refers to any one of the twisted wire pair digital subscriber loop transmission techniques including High speed Digital Subscriber Loop (HDSL) , Asymmetric Digital Subscriber Loop (ADSL) , Very high speed Digital Subscriber Loop (VDSL) , Rate Adaptive Digital Subscriber Loop (RADSL) , or other similar twisted wire pair transmission techniques. Such transmission techniques are known to those skilled in the_art.
  • the xDSL modem 350 contains the circuitry and software to generate a signal which can be transmitted over the twisted wire pair, drop line cable 180, and which can receive high speed digital signals transmitted from the RG 200 or other devices connected to the subscriber network.
  • a NID/filter 360 replaces the NID 183 of Figs. 2 and 3, and is used to separate the analog telephone signals from the digital signals.
  • the majority of xDSL transmission techniques leave the analog voice portion of the spectrum (from approximately 400 Hz to 4,000 Hz) undisturbed.
  • the analog telephone signal once separated from any digital data signals in the spectrum, is sent to the telephone 194 over the internal twisted wire pairs 181.
  • the digital signals that are separated at the NID/filter 360 are sent from a separate port on the NID/filter 360 to the RG 200.
  • the RG 200 serves as the interface to the other devices (TVs 1 ' 99, computers 193, and additional telephones 194) in the residence 190.
  • the embodiment illustrated in Fig. 4 is a central office configuration, which includes a USAM Central Office Terminal (COT) 324 connected to the HDT 130.
  • a USAM COT-HDT connection 325 is a twisted wire pair which transmits a STS3c signal in a preferred embodiment.
  • a PSTN-USAM COT interface 303 is one of the Bellcore specified interfaces including TR-TSY-000008, TR- NWT-000057 or TR-NWT-000303, which are all incorporated herein by reference.
  • the USAM COT 324 has the same mechanical configuration as the USAM 340 in terms of power supplies and common control cards, but has line cards which support twisted wire pair interfaces to the PSTN 100 (including DS-1 interfaces) and cards which support STS3c transmission over the twisted wire pair of the USAM COT-HDT connection 325.
  • a Channel Bank (CB) 322 is used to connect special networks 310, comprised of signals from special private or public networks, to the DSL network via a special networks-CB interface 313.
  • a CB-USAM COT connection 320 includes DS1 signals over twisted wire pairs.
  • the RG 200 of FIGS. 3 and 4 can be located anywhere within the residence 190 (i.e., in any of the living spaces, in the basement, in the garage, in a wiring closet, in the attic) , or external to the residence (i.e., on an external wall).
  • the RG 200 will require a hardened enclosure and components which work over a larger temperature range than those used for the RG 200 located internal to the residence 190.
  • Techniques for developing hardened enclosures and selecting temperature tolerant components are known to those skilled in the art.
  • the term "digital network” refers to all components external (upstream) to the residence 190. That is, the ONU 140, ' the HDT 130, etc.
  • the term "field equipment” when used throughout the specification refers to the components of the digital network that are located in the field. That is, the ONU 140, the USAM 340, etc.
  • the term "terminal equipment” when used throughout the specification refers to the components of the network within the residence 190. That is, the RG 200, the TV set-top converter 198, etc.
  • a verifiable communication path and message sequence For proper identification, authorization, and operation of a unit of equipment, such as a unit of terminal equipment like the RG 200 or a unit of field equipment like the ONU 140, a verifiable communication path and message sequence must be established between the unit of equipment and the rest of the digital network, such as a FTTC network.
  • a 36-byte equipment identifier sequence provides the necessary information about the unit of equipment to the digital network.
  • Fig. 5 illustrates the format of the equipment identifier- sequence as an annotated C language definition.
  • the first 32 bytes contain identity information such as equipment class and sub-class, hardware version numbers, hardware/software interface levels, a Telcordia (formally Bellcore) issued Common Line Equipment Identifier (CLEI) code if applicable, a serial number, and a unique media access control (MAC) address.
  • identity information such as equipment class and sub-class, hardware version numbers, hardware/software interface levels, a Telcordia (formally Bellcore) issued Common Line Equipment Identifier (CLEI) code if applicable, a serial number, and a unique media access control (MAC) address.
  • the CLEI code is used, typically by telephone companies, to properly identify equipment that is placed in the field.
  • the CLEI code identifies manufacturer, product and other key information.
  • the MAC address provides a unique network equipment identification address for each. unit of equipment.
  • the MAC address is used for communications between the specific unit of equipment and the digital network.
  • the MAC address is six bytes, with three bytes that are an IEEE assigned number to identify the type of equipment and three bytes that are a manufacturers unique number.
  • the Authority field is used to distinguish identity issuing authorities (i.e., licensed manufactures of the unit of equipment), and to distinguish prototype equipment, which has a reserved hex value of Oxff, from production equipment.
  • the AuthType field is used to differentiate between an authenticated and an unauthenticated identity code, and may be used in conjunction with other fields to identify the authentication family (discussed in more detail later) .
  • the field is specified to contain a hex value of Oxff for an unauthenticated identity code.
  • the Reserved field is specified to contain a hex value of Oxff, pending possible further use.
  • a 4-byte cyclic redundancy check (CRC) field is appended as a storage integrity checksum.
  • the CRC field is calculated by performing a CRC-32 checksum starting with an initial value of Oxffffffff (32 1-bits shown in hexadecimal notation), under a widely used polynomial: X ⁇ 32+X ⁇ 26+X ⁇ 23+X ⁇ 22+X ⁇ 16+X ⁇ 12+X ⁇ 11+X ⁇ 10+X ⁇ 8+X ⁇ 7+X ⁇ 5+X ⁇ 4+X ⁇ 2+X+1.
  • other checksums can be used without departing from the scope of the current invention.
  • Calculation of the CRC-32 checksum is sufficiently straightforward and efficient that a unit of equipment can locally check its own identity information for storage integrity before performing any version-specific actions.
  • network equipment upstream of the unit of equipment can perform a similar check to obtain independent confidence in the storage integrity of the identity information sent by the unit of equipment. Techniques for efficient implementation of this widely used checksum are well known to one skilled in the art.
  • the Authority field within the 36 byte equipment identifier sequence may be changed to reflect a unique code associated with a valid licensing authority (that is a licensed manufacturer) if the equipment is being manufactured by a licensed manufacturer.
  • the Authority field could also be considered a licensing authority field.
  • the AuthType field may be changed to identify an authenticated unit of equipment, that is equipment that can be authenticated by the digital network (and thus can be distinguished from an unauthenticated unit of equipment) . It may also be used, either alone or in conjunction with the values assigned to other identity fields, to distinguish different families of authentication codes.
  • an AuthType code of 0x11 may represent both an RG 200 and a TIU 145.
  • the other identity fields such as equipment class and sub-class, can be used to differentiate the two units of equipment into different authentication families.
  • the different families of authentication codes may use different values for the public keys p, q, and g which are used to generate and validate a digital signature (discussed in more detail later) . It would be obvious to one skilled in the art that the digital network, in particular the EMS 150, must be updated to include new AuthType codes and defined authentication families as they are generated so that the digital network can determine what AuthType codes are valid and what values of p, q, and g should be used for the various authentication families.
  • a new 4 byte CRC-32 checksum is calculated and appended to the 32 bytes of identity information to create a new 36 byte equipment identifier sequence.
  • Either the original or the new 36-byte equipment identifier sequence is stored in the unit of equipment, depending on whether a change was made to the Authority or AuthType fields.
  • the 36-byte equipment identifier sequence is stored in non-volatile memory contained within the unit of equipment.
  • DSS Digital Signature Standard
  • FIPS Federal Information Processing Standards
  • Patent 5,231,668 by Kravitz entitled “Digital Signature Algorithm” . All of these references are hereby incorporated by reference. As illustrated in Fig.
  • the Digital Signature Algorithm takes the 36 byte equipment identifier sequence (the data to be authenticated) and, using a set of rules and set of parameters, produces a signature in the form of a pair of large numbers (r, s) such that the identity of a signatory (the unit of equipment generating the signature) and the integrity of the equipment identifier sequence can be authenticated.
  • r, s large numbers
  • one embodiment of the invention described herein adds a CRC checksum code to the digital signature for storage integrity protection and network transmission protection.
  • Signature generation occurs in the manufacturing environment and makes use of a private key, x, to generate a unique digital signature of a message sequence, m (such as the 36-byte equipment identifier sequence) .
  • Signature verification by the digital network may occur at the HDT 130, the ONU 140, or the USAM 340, and makes use of a public key, y, that corresponds to, but is not the same as, the private key x.
  • Public keys are assumed to be known to the public in general, while the private key is never shared.
  • anyone can verify the signature of a user by employing that user's public key, but signature generation can be performed only by the possessor of the user's private key.
  • Fig. 7 illustrates the process of generating the digital signature.
  • the digital signature is generated and stored in the unit of equipment by, for example a factory authentication server and associated software.
  • the private key x which in a preferred embodiment is a 160 bit random integer, is generated (step 10) .
  • Suggested techniques for generating private key x include the use of a random source based upon a fundamentally unpredictable physical phenomenon, such as Johnson (thermal) noise in an electronic circuit, or radioactive decay.
  • the private key x is never stored, and in a preferred embodiment is inserted into the factory authentication server in two halves under divided custody of two people.
  • the integrity of the digital signature depends upon the private key x being infeasible to guess, and otherwise continuously maintained a-s a secret.
  • Suggested techniques for maintaining the secrecy of the private key x includes cryptography, physical and administrative controls widely used for the handling of valuable secret information.
  • a secret value, k which in a preferred embodiment is a 160 bit random integer, is arbitrarily formulated for each signature generation sequence (step 20) .
  • the secret value k is formulated by the factory authentication server used to generate the equipment identifier sequence and the private key x for each unit of equipment.
  • the secret value k is not stored in the unit of equipment and is not used in an authentication process (which will be discussed in more detail later) .
  • Suggested techniques for generating the secret value k are the same as those used to generate the private key x, that is the use of a random source based upon a fundamentally unpredictable physical phenomenon.
  • the secret value k must be kept secret during and after generation of the digital signature. Since, the secret value k is used only once, for the generation of one signature, and is not needed .for verification of the digital signature by the digital network, the secret value k may be generated and then obliterated after use.
  • Parameters p, q, and g are generated (step 30) .
  • the parameters p, q, and g are public parameters in that they can be made known without compromising the integrity of the signature. • These parameters are also known to the entity within the digital network verifying the digital signature, such. as the HDT 130, the ONU 140 or the USAM 340, which are devices within a FTTC network, DSL network, or both networks. These parameters are large integers, generated by techniques and mathematical constraints taught in DSS.
  • Step 70 generates a secure hash algorithm, H(m), which is a one-way mathematical function whose inverse is difficult to copy.
  • the digital signature consists of a pair of 160-bit (20-byte) integers r, s for a total of 40 bytes in a preferred embodiment. As previously mentioned and illustrated in Fig.
  • a 4 byte CRC- 32 checksum may be calculated and appended to the 40 byte digital signature, to generate a resultant 44 byte digital signature.
  • the message sequence m which is the 36 byte equipment identifier sequence in this embodiment, along with the 44 byte digital signature is stored in the unit of . equipment, which is the RG 200 in this embodiment (step 80) .
  • the message sequence m, and the digital signatures r, s are stored in nonvolatile memory of the unit of equipment.
  • the 36-byte equipment identifier sequence and the 44 byte digital signature may be stored either contiguously or discontiguously in the non-volatile memory or memories.
  • the digital signature is stored as consecutive 20 byte fields in either big- endian or little-endian byte order.
  • Figure 8 illustrates the process of authenticating a unit of equipment, such as the RG 200, when it is installed and connected to the digital network, such as a FTTC network.
  • the unit of equipment will be referred to as the RG 200 and the digital network will be referred to as the FTTC network.
  • the FTTC network is signed on to the FTTC network (step 10) .
  • the FTTC network determines that the RG 200 has signed on, the FTTC network sends the RG 200 a message requesting authentication data (step 20) .
  • the RG 200 Upon receiving the request, the RG 200 retrieves the 36-byte equipment identifier sequence and the 44 byte digital signature from local memory (step 30) .
  • the 36-byte equipment identifier sequence and the 44 byte digital signature will be referred to as authentication data, for convenience.
  • the RG 200 transmits the authentication data to the FTTC network (step 40) .
  • the RG 200 transmits the authentication data- to ' either the ONU 140 or the USAM 340 depending on the configuration of the digital network (that is the configuration illustrated in Fig. 3 or the configuration illustrated in Fig. 4, respectively) .
  • the appropriate one of the ONU 140 or the USAM 340 may act on the authentication data, may pass the authentication data along to the HDT 130 for processing, or may split the processing between the HDT 130 and the appropriate one of the ONU 140 or the USAM 340.
  • multiple other configurations are within the scope of the current invention.
  • the HDT 130 will be referred to as the component of the FTTC network that authenticates the RG 200. This would most likely be the case if the unit of equipment being authenticated were a unit of field equipment, such as the ONU 140 or the USAM 340. However, this in no way is intended to limit the scope of this invention.
  • the HDT 130 Upon receiving the authentication data, the HDT 130 determines the values of the public parameters p, q and g based on the authentication family identified within the equipment identifier sequence. The HDT 130 also determines the value of the public key, y, which corresponds to the private key x (Step 50) .
  • the public key y is a large integer which is needed for verification of the digital signature.
  • the public key y is a function of the private key x (g A x mod p) , but this function is one which is selected so that it is infeasible under the current mathematical art to compute the private key x given the public • key y and the other public parameters p, q, and g.
  • the HDT 130 verifies the digital signature (Step 60) .
  • a preferred embodiment of the verification is disclosed in FIPS publication 186 Section 6 "Signature Verfi ication" . If the digital signature is not valid, no further communications will be permitted between the RG 200 and the HDT 130 (step 70) .
  • the HDT 130 may attempt to authenticate the RG 200 several times before discontinuing further communications.
  • the HDT 130 may send the RG 200 a message stating it failed authentication.
  • the HDT 130 may flag the particular serial number for the RG 200 and terminate communications with that RG 200 as soon as that serial number is encountered (that. is before the public keys are retrieved and an attempt to verify the digital signature is attempted)*. In any event, if the RG 200 can not be authenticated by the HDT 130 it can not be used for its intended purpose in the FTTC network.
  • the RG 200 If the digital signature is valid the RG 200 is verified as authenticated and licensed.
  • the HDT 130 then downloads operational software to the RG 200 (Step 120). Upon successful completion of the software download, the RG 200 becomes fully operational (step 140) . According to one embodiment, if the RG 200 does not receive the operational software within a predetermined time period or if. the download is unsuccessful, the RG 200 will send a request to the* HDT 130 to re-download the software (step 130) .
  • the HDT 130 may attempt to validate the operation of the RG 200 prior to downloading operational software. For example, as illustrated in Fig. 9, the HDT 130 may send a request for a self-test to the RG 200 (step 80) . If the RG 200 does not receive the request for a self-test, within a predetermined time frame, the RG 200 retransmits the authentication data (Step 40) . . Upon receipt of the self-test request from the HDT 130, the RG 200 performs a self-test sequence (Step 90) . The self test sequence insures the integrity of the circuitry, the connections to the printed circuit board of the RG 200, and the functionality of some or all of the circuitry and components of the RG 200. The RG 200 transmits the results of the self-test to the HDT 130 (Step 100).
  • the HDT 130 determines if the self-test was successful (Step 110) .
  • the determination may be comparing ah expected test result which is stored in the HDT 130 with a few bytes of the test results (simple) or a long sequence of several hundred bytes generated by the self test (more complex) .
  • the end result will be a determination that the RG 200 is or is not working properly. If the HDT 130 determines that the RG 200 failed the self test and is not working properly, no further communications will occur between the RG 200 and the HDT 130 (step 70) . If the HDT 130 determines the RG 200 is operational, the process will continue with the download of software (step 120) .
  • the RG 200 Once the RG 200 becomes fully operational it can provide the connection and processing necessary to connect the devices (i.e., TVs 199, telephones 194, computers 193) within the residence 190 to the FTTC network.
  • devices i.e., TVs 199, telephones 194, computers 193
  • this invention provides a secure method of authenticating a RG 200 (or other unit of equipment) within the FTTC network (or other digital networks)
  • a RG 200 or other unit of equipment
  • the FTTC network or other digital networks
  • one skilled in the art may be able to copy the equipment identifier sequence and the digital signature (authentication data) from an authenticated RG 200 into an unauthentic RG 200. If one were able to copy the authentication data, it is feasible that the unauthenticated RG 200 would be authenticated by the FTTC network and this could become operational within the FTTC network.
  • the current invention could easily be .used as an inventory monitoring system without departing from the current scope. That is the HDT 130 (or other units within the digital network, such as the ONU 140, the USAM 340, or some combination of units) could identify RGs 200 (or other units of equipment) that should not be accepted within the digital network. For example, company XYZ manufactures RGs 200 and has a valid license to do so. However, after manufacturing and shipping RGs 200 with serial numbers in the range from 1234 - 2345 to the field it is determined that these RGs 200 contain problems, which would not be detected by the self-test. The HDT 130 could be programmed to deny access to any RG 200 having that manufacturers code with those serial numbers. Another, example could be, to deny access to a manufacturer who lost their license due to. manufacturing products that do not meet some standard applied by the licensor.
  • each licensor of a unit of equipment could monitor the status of the units being, produced by various licensed manufactures and have, access to the HDT* 130 software to program their inventory data therein.
  • each licensor would provide their*, inventory data to »an independent third party that would validate -the data and update the HDT software.
  • the independent third party would- monitor, all .licensing of ⁇ units of equipment within the digital' network and update the HDT software accordingly.

Abstract

A method of authenticating a unit of equipment within a networked environment is disclosed. A unique digital signature is generated for each unit of equipement and stored therein. When the unit of equipment is installed in the networked environment it will not operate within the network unless the network can authenticate the digital signature by request self test (80) and then performs the self test (90). The generation and authentication of the digital signature (60) are based on a digital signature standard (DSS).

Description

TITLE
METHOD AND APPARATUS FOR TEST AND VERIFICATION OF FIELD AND TERMINAL EQUIPMENT
By Bradley Yearwood and David L. Manley
Background of the Invention
Digital telecommunications networks (access systems) , such as Hybrid-Fiber-Coax (HFC) , Fiber-to-the-Curb (FTTC) , and Digital Subscriber Line (DSL) , can provide both traditional telecommunications services such as Plain Old Telephony Service (POTS) as well as advanced services such as Switched Digital Video (SDV) and high-speed data access. Because of this range of services, it is likely that digital networks will be widely deployed. In a widespread deployment of digital networks, millions of homes will connect to the digital network. It is also likely that there will be a device located within the home to provide a central connectivity point to the digital network, digital to analog conversion, and supporting communications with multiple locations within the home (e.g., telephone, computer, television) . A centrally located in-home device is usually referred to as a Residential Gateway (RG) .
Since subscribers will be dependent on such integrated networks for such basic services as voice communications, it is essential that the digital network be reliable. This includes network equipment within the office, network equipment in the field (field equipment) and equipment within the residence (terminal equipment) . Since it is likely that multiple devices such, the telephone companies or service providers will maintain large inventories of RGs for installation and maintenance. Moreover, equipment, such as RGs, which was previously only available through the network operator, will- become available at retail outlets.
Faulty operation of an RG may take place due to the fact that the unit has an electrical failure, or may occur due to an error in software. In addition, it is possible that an RG may be incompatible with a particular digital network due to design flaws or faulty manufacturing. Key aspects in the operation of the RG include the proper functioning of any Application Specific Integrated Circuits (ASICs) in the unit, proper functioning of the state machine that controls the various operations of the telephone connections, and the ability to properly test the communications channel formed by the RG and the drop line cable to the digital network.
In addition, verification of a unique address of the RG is necessary to ensure proper service entitlements. Uniquely identified and authenticated equipment allows for operation of network routing functions or network security and correct delivery of authorized services.
Previous practice in electronically identified equipment has typically stored equipment identity information in a write-once or write-mostly non-volatile memory. This identity information may indicate equipment type, revision level, manufacturing and warranty tracking information, such as a factory site code and serial number. Such electronic verification and authorization mechanisms are easily pirated or copied. Consequently, misappropriated, unauthorized, or low quality units may preclude the digital network from proper operation or may prevent proper service provisioning by the telephone company or service provider. Because of the critical communication functions being performed by the digital networks, and in particular the RGs, there exists the need for a reliable method and apparatus to identify the type and source .of the unit of equipment being connected to the digital network, to test and verify the operation of the unit and its uniqueness in the' digital network, and to verify the proper operation of the subscriber drop line cable.
Summary Of The Invention
The present invention discloses a method and apparatus for authenticating units of equipment, and verifying the authenticity of the unit when it is installed in a network environment.
In one embodiment, a method of generating an authenticated unit of equipment, such as a unit of equipment like a Residential Gateway (RG) , for use within a digital network, such as a Fiber- to-the-Curb (FTTC) network, is disclosed. The method includes storing an equipment identifier sequence, a unique sequence associated with each unit of equipment, within the unit of equipment. A unique data sequence, known as a digital signature, is then generated for each unit of equipment. The method utilizes the Digital Signature Standard (DSS) algorithm to generate the digital signature. The algorithm utilizes the equipment identifier sequence and a combination of public and private keys to generate the digital signature. The private keys are only used in the generation of the digital signature and are then discarded. This digital signature is then stored in the unit of equipment. The digital signature along with the equipment identifier sequence is what authenticates the unit of equipment. In another embodiment, .the method includes generating authenticated licensed units of equipment. In this method the equipment identifier sequence includes a licensing authorization code. In one embodiment, a unit of equipment which can be authenticated is disclosed. The unit of equipment must contain, non-volatile memory in order to be authenticated, so that it can store the equipment identifier sequence and the digital signature therein. In another embodiment, the units of equipment are licensed units of equipment in which case the equipment identifier sequence includes licensing data.
In one embodiment, it is possible for someone to copy the equipment identifier sequence and the digital signature that are stored in an authenticated unit of equipment into an unauthenticated unit of equipment.
In one embodiment, a method of initializing an authenticated unit of equipment that is placed within a digital network is disclosed. Once the digital network detects that a new unit of equipment has been installed and signed on to the digital network, the digital network sends a request for authentication to the unit of equipment. The unit of equipment then transmits the equipment identifier sequence and the digital signature to the digital network. Based on an authentication family identified within the equipment identifier sequence, the digital network determines the public keys necessary to validate the digital signature. If the digital signature is validated, the digital network downloads operational software to the unit of equipment.
In one embodiment, the unit of equipment must be capable of storing the equipment identifier sequence and the digital signature therein. It must be further capable of transmitting data to the digital network (i.e., the equipment identifier sequence, the digital signature) , and receiving data from the digital network (request for authentication data, operational software) .
In one embodiment, the digital network must be capable of determining the presence of a unit of equipment within the digital network, sending data to the unit of equipment (request for authentication data, operational software) , receiving data from the unit of equipment (i.e., the equipment identifier sequence, the digital signature) , generating the necessary public keys, and authenticating the digital signature.
In one embodiment, it is possible for an unauthenticated unit of equipment that has an equipment identifier sequence and a digital signature, copied from an authenticated unit of equipment, stored therein to be initialized within the digital network.
In one embodiment, a method of ensuring only authenticated, licensed, and operationally suitable units of equipment are used within a networked environment is disclosed. The method includes establishing authentication families and advising the networked environment of these. The authentication families can be based on authentication type and license. In another embodiment, the authentication family may also be based on serial number. The networked environment will not authenticate a unit of equipment that doesn't have a valid authentication family. In another embodiment, the networked environment will be advised of invalid licensee's and/or serial numbers and will not authenticate units having these invalid numbers.
These and other features and objects of the invention will be more fully understood from the following detailed description of the preferred embodiments which should be read in light of the accompanying drawings .
Brief Description Of The Drawings
The accompanying drawings, which are incorporated in and form a part of the specification, illustrate the embodiments of the present invention and, together with the description serve to explain the principles of the invention.
In the drawings: Fig. 1 illustrates a hybrid-fiber-coax (HFC) access system;
Fig. 2 illustrates a fiber-to-the-curb (FTTC) access system;
Fig. 3 illustrates an FTTC access system including a residential gateway (RG) , and a coaxial drop line cable connecting the FTTC access system and the RG;
Fig. 4 illustrates a Digital Subscriber Line (DSL) access system including an RG, and a twisted wire pair drop line cable connecting the DSL access system and the RG;
Fig. 5 illustrates the contents of the equipment identifier sequence, according to one embodiment of the invention;
Fig. 6 illustrates a digital signature that is generated from the equipment identifier sequence, according to one embodiment of the invention;
Fig. 7 illustrates the process of generating the digital signature, according to one embodiment of the invention;
Fig. 8 illustrates a process for initializing and authenticating a unit of equipment, according to one embodiment; and
Fig. 9 illustrates a process for initializing and authenticating a unit of equipment, according to one embodiment.
Detailed Description Of The Preferred Embodiment
In describing a preferred embodiment of the invention illustrated in the drawings, specific terminology will be used for the sake of clarity. However, the invention is not intended to be limited to the specific terms so selected, and it is to be understood that each specific term includes all technical equivalents, which operate in a similar manner to accomplish a similar purpose.
With reference to the drawings in general, and Figs. 1 through 8 in particular, the method and apparatus of the present invention is disclosed. Fig. 1 illustrates a Hybrid-Fiber-Coax (HFC) digital network in which various devices within a residence 190 are connected to a Video Network (VN) 408 and/or a Data and Voice Network (DVN) 404. The devices in the residence 190 can include a Premises Interface Device (PID) 196 connected to a telephone 194, a television (TV) set-top converter 198 connected to a TV 199, a Ethernet Bridge or Router (EBR) 191 connected to a computer 193, or other devices. A cable Head End (HE) 400 is connected upstream to the DVN 404 and the VN 408. The physical interface to the DVN 404 may be copper wire pairs carrying either Digital Signal (DS)-l or DS-3 signals. The physical interface to the VN 408 may be via a wide area network (WAN) .
The cable HE 400 is connected downstream to a plurality of optical to electrical (O/E) nodes 410 (only one illustrated) with fiber optic cables 160. The O/E nodes 410 are located within the communities serviced by the HFC network. Each O/E node 410 provides service for up to 500 residences within the given community. Since such a large number of users are being serviced by one O/E node 410, amplifiers 420 are required. The O/E node 410 connects to the residence 190 via coaxial cable 170. The coaxial cable 170 is received by a splitter 177 within the residence 190 so that internal coaxial wiring 171 can route the data bei-ng transmitted to the various devices. Each device connected to the internal coaxial wiring 171 will require an interface sub-system which can convert the current format of the signal being transmitted over the internal coaxial wiring 171 to the service interface required by the devices (i.e., telephone, TV, computer, or other devices) . In a preferred embodiment, the PID 196 extracts time division multiplexed information carried on the internal coaxial wiring and generates a telephone signal compatible with the telephone 194. Similarly, the TV set-top 198 converts digital video signals to analog signals compatible with the TV 199. Likewise, the EBR 191 generates a signal compatible with the computer 193.
Fig. 2 illustrates a Fiber-to-the-Curb (FTTC) network in which various devices in the residence 190 are connected to a Public Switched Telecommunications Network (PSTN) 100 or an Asynchronous Transfer Mode (ATM) network 110. The devices in the residence 190 can include telephones 194 (with or without a PID 196), TV 199 with a TV set-top 198, and computer 193 with an EBR 191. In the FTTC network, a Host Digital Terminal (HDT) 130 is connected to the PSTN 100 and the ATM network 110.
A PSTN-HDT interface 103 is specified by standards bodies, such as Bellcore specifications TR-TSY-000008, TR-NWT-000057 or GR-NWT-000303. The Bellcore standards are incorporated herein by reference. The HDT 130 can also receive special service signals from private or non-switched public networks. The physical interface to the PSTN 100 may be twisted wire pairs carrying DS-1 signals, or optical fibers carrying Optical Carrier (OC)-3 optical signals. An ATM network-HDT interface 113 can be realized using an OC-3 or OC-12c optical interface carrying ATM cells. In a preferred embodiment, the HDT 130 has three OC-12c broadcast ports, which receive signals carrying ATM cells, and one OC-12c interactive port which receives and transmits signals.
An element management system (EMS) 150 is connected to the HDT 130 and forms part of an Element Management Layer (EML) which is used to provision services and equipment on the FTTC network, in the central office where the HDT 130 is located, in the field, or in the residences 190. The EMS 150 is software based and can be run on a personal computer in which case it will support one HDT 130 and the associated digital network equipment connected to it, or can be run on a workstation to support multiple HDTs 130 and the associated digital network equipment.
Optical Network Units (ONUs) 140 are located in the serving area and are connected to the HDT 130 via optical fiber 160. Digital signals, having a format which is similar to the Synchronous Digital Hierarchy (SDH) format, are transmitted to and from each ONU 140 over the optical fiber 160 at a rate of at least 155 Mb/s, and preferably 622 Mb/s. In a preferred embodiment, the optical fiber 160 is a single-mode fiber and a dual wavelength transmission scheme is used to communicate between the ONU 140 and the HDT 130. In an alternate embodiment, a single wavelength scheme is used in which low reflectivity components are used to permit transmission and reception on one fiber.
A Telephony Interface Unit (TIU) 145 in the ONU 140 generates analog Plain Old Telephone Service (POTS) signals which are transported to the residence 190 via a twisted wire pair, drop line cable 180. At the residence 190 a Network interface Device (NID) 183 provides for high-voltage protection and serves as the interface and demarcation point between the twisted wire pair, drop line cable 180 and the twisted wire pairs 181 internal to the residence 190. In a preferred embodiment, the TIU 145 generates POTs signals for six residences 190, each having a separate twisted wire pair, drop line cable 180 connected to the ONU 140.
A Broadband Interface Unit (BIU) 152 is located in the ONU 140. and generates broadband signals which contain video, data and voice information. The BIU 152 modulates data onto a RF carrier and transmits the data to the residence 190 over media 170, such as a coaxial, drop line cable or a twisted wire pair, drop line cable. Fig. 2 illustrates the media 170 as the coaxial drop line cable. The media 170 connects to the residence 190 at a splitter 177. The data then travels from the splitter 177 to the devices within the residence 190 over coaxial wiring 171 internal to the residence 190. Each device connected to the internal coaxial wiring 171 will require an interface sub-system which can convert the current format of the signal being transmitted over the internal coaxial wiring 171 to the service interface required by the devices (i.e., telephone 194, TV 199, computer 193, or other devices) .
In a preferred embodiment, 64 ONUs 140 are served by each HDT 130 and each ONU 140 serves 16 residences 190. In an alternate embodiment, each ONU 140 serves 8 residences 190.'
As illustrated in Fig. 2, the NID .183 is located external to the residence 190, at what is known in the industry as the network demarcation point. For the delivery of telephone services the NID 183 is a passive device whose principal functions are lightning protection and the ability to troubleshoot the network by allowing connection of a telephone 194 to the twisted wire pair, drop line cable 180 to determine if wiring problems exist on the internal twisted wire pairs 181.
Fig. 3 illustrates a residential gateway (RG) 200 located within the residence 190. In the embodiment illustrated, the digital network is an FTTC network and the media 170 is a coaxial, drop line cable for connecting to and communicating with the RG 200. The RG 200 generates signals compatible with the devices (i.e., telephone 194, TV 199, and the computer 193) in the residence 190, thus reducing the number of interface subsystems required. For example, the computer 193 does not need the EBR 191, the telephone 194 does not need the PID 196, and the TVs 199 do not require the set-top converters 198. Moreover, in a preferred embodiment, the RG 200 can produce TV signals as S- video signals and transmit the S-video signals to a TV 199 located in close proximity to the RG 200 using S-video cables 205.
Additional devices 192, such as additional TVs 199, which are remotely located from the RG 200 (hereinafter referred to as remotely located TVs 199) may be connected to the RG 200. In one embodiment, each of the remotely located TVs 199 may be connected to the RG 200 via media 210, such as internal coaxial cable, and the splitter 177 (this type of connection is known as a point-to- multipoint connection) . In another embodiment, each remotely located TV 199 may be directly connected to the RG 200 with the media 210 (this type of connection is known as a point-to-point connection) .
Fig. 4 illustrates an embodiment, in which the digital ' network is a Digital Subscriber Line (DSL) network. In this embodiment, the ONU 140 is replaced with a Universal Service Access Multiplexer (USAM) 340. The USAM 340 is located in the serving area, and is connected to the HDT 130 via optical fiber 160. A twisted wire pair, drop line cable 180 provides communications to and from the RG 200.
The USAM 340 includes a xDSL modem 350 which provides for the transmission of high-speed digital data to and from the residence 190, over the twisted wire pair, drop line cable 180. When used herein, the term xDSL refers to any one of the twisted wire pair digital subscriber loop transmission techniques including High speed Digital Subscriber Loop (HDSL) , Asymmetric Digital Subscriber Loop (ADSL) , Very high speed Digital Subscriber Loop (VDSL) , Rate Adaptive Digital Subscriber Loop (RADSL) , or other similar twisted wire pair transmission techniques. Such transmission techniques are known to those skilled in the_art. The xDSL modem 350 contains the circuitry and software to generate a signal which can be transmitted over the twisted wire pair, drop line cable 180, and which can receive high speed digital signals transmitted from the RG 200 or other devices connected to the subscriber network.
Traditional analog telephone signals are combined with the digital signals for transmission to the residence 190. A NID/filter 360 replaces the NID 183 of Figs. 2 and 3, and is used to separate the analog telephone signals from the digital signals. The majority of xDSL transmission techniques leave the analog voice portion of the spectrum (from approximately 400 Hz to 4,000 Hz) undisturbed. The analog telephone signal, once separated from any digital data signals in the spectrum, is sent to the telephone 194 over the internal twisted wire pairs 181. The digital signals that are separated at the NID/filter 360 are sent from a separate port on the NID/filter 360 to the RG 200. The RG 200 serves as the interface to the other devices (TVs 1'99, computers 193, and additional telephones 194) in the residence 190.
The embodiment illustrated in Fig. 4 is a central office configuration, which includes a USAM Central Office Terminal (COT) 324 connected to the HDT 130. A USAM COT-HDT connection 325, is a twisted wire pair which transmits a STS3c signal in a preferred embodiment. A PSTN-USAM COT interface 303 is one of the Bellcore specified interfaces including TR-TSY-000008, TR- NWT-000057 or TR-NWT-000303, which are all incorporated herein by reference. The USAM COT 324 has the same mechanical configuration as the USAM 340 in terms of power supplies and common control cards, but has line cards which support twisted wire pair interfaces to the PSTN 100 (including DS-1 interfaces) and cards which support STS3c transmission over the twisted wire pair of the USAM COT-HDT connection 325.
A Channel Bank (CB) 322 is used to connect special networks 310, comprised of signals from special private or public networks, to the DSL network via a special networks-CB interface 313. In a preferred embodiment, a CB-USAM COT connection 320 includes DS1 signals over twisted wire pairs.
The RG 200 of FIGS. 3 and 4 can be located anywhere within the residence 190 (i.e., in any of the living spaces, in the basement, in the garage, in a wiring closet, in the attic) , or external to the residence (i.e., on an external wall). For external locations, the RG 200 will require a hardened enclosure and components which work over a larger temperature range than those used for the RG 200 located internal to the residence 190. Techniques for developing hardened enclosures and selecting temperature tolerant components are known to those skilled in the art.
It should be noted that when the term "digital network" is used throughout the specification, it refers to all components external (upstream) to the residence 190. That is, the ONU 140,' the HDT 130, etc. The term "field equipment" when used throughout the specification refers to the components of the digital network that are located in the field. That is, the ONU 140, the USAM 340, etc. The term "terminal equipment" when used throughout the specification refers to the components of the network within the residence 190. That is, the RG 200, the TV set-top converter 198, etc.
For proper identification, authorization, and operation of a unit of equipment, such as a unit of terminal equipment like the RG 200 or a unit of field equipment like the ONU 140, a verifiable communication path and message sequence must be established between the unit of equipment and the rest of the digital network, such as a FTTC network. In a preferred embodiment, a 36-byte equipment identifier sequence provides the necessary information about the unit of equipment to the digital network. Fig. 5 illustrates the format of the equipment identifier- sequence as an annotated C language definition. The first 32 bytes contain identity information such as equipment class and sub-class, hardware version numbers, hardware/software interface levels, a Telcordia (formally Bellcore) issued Common Line Equipment Identifier (CLEI) code if applicable, a serial number, and a unique media access control (MAC) address.
The CLEI code is used, typically by telephone companies, to properly identify equipment that is placed in the field. The CLEI code identifies manufacturer, product and other key information. The MAC address provides a unique network equipment identification address for each. unit of equipment. The MAC address is used for communications between the specific unit of equipment and the digital network. In a preferred embodiment, the MAC address is six bytes, with three bytes that are an IEEE assigned number to identify the type of equipment and three bytes that are a manufacturers unique number.
Also included in the 32 bytes of identity information is an Authority field, an AuthType field, and a Reserved field. The Authority field is used to distinguish identity issuing authorities (i.e., licensed manufactures of the unit of equipment), and to distinguish prototype equipment, which has a reserved hex value of Oxff, from production equipment. The AuthType field is used to differentiate between an authenticated and an unauthenticated identity code, and may be used in conjunction with other fields to identify the authentication family (discussed in more detail later) . The field is specified to contain a hex value of Oxff for an unauthenticated identity code. The Reserved field is specified to contain a hex value of Oxff, pending possible further use.
To the 32 bytes of identity information, a 4-byte cyclic redundancy check (CRC) field is appended as a storage integrity checksum. The CRC field is calculated by performing a CRC-32 checksum starting with an initial value of Oxffffffff (32 1-bits shown in hexadecimal notation), under a widely used polynomial: XΛ32+XΛ26+XΛ23+XΛ22+XΛ16+XΛ12+XΛ11+XΛ10+XΛ8+XΛ7+XΛ5+XΛ4+XΛ2+X+1. As would be obvious to one skilled in the art, other checksums can be used without departing from the scope of the current invention.
Calculation of the CRC-32 checksum is sufficiently straightforward and efficient that a unit of equipment can locally check its own identity information for storage integrity before performing any version-specific actions. In addition, network equipment upstream of the unit of equipment can perform a similar check to obtain independent confidence in the storage integrity of the identity information sent by the unit of equipment. Techniques for efficient implementation of this widely used checksum are well known to one skilled in the art.
Within the factory, as part of the initial authorization of the equipment, the Authority field within the 36 byte equipment identifier sequence may be changed to reflect a unique code associated with a valid licensing authority (that is a licensed manufacturer) if the equipment is being manufactured by a licensed manufacturer. Thus, the Authority field could also be considered a licensing authority field. Moreover, the AuthType field may be changed to identify an authenticated unit of equipment, that is equipment that can be authenticated by the digital network (and thus can be distinguished from an unauthenticated unit of equipment) . It may also be used, either alone or in conjunction with the values assigned to other identity fields, to distinguish different families of authentication codes.
For example, an AuthType code of 0x11 may represent both an RG 200 and a TIU 145. However, the other identity fields, such as equipment class and sub-class, can be used to differentiate the two units of equipment into different authentication families. Moreover, it is possible for different licensed manufactures of the same unit of equipment to be classified as different authentication families with the use of the Authority field which contains a unique licensing number for each manufacturer of a particular unit of equipment.
The different families of authentication codes may use different values for the public keys p, q, and g which are used to generate and validate a digital signature (discussed in more detail later) . It would be obvious to one skilled in the art that the digital network, in particular the EMS 150, must be updated to include new AuthType codes and defined authentication families as they are generated so that the digital network can determine what AuthType codes are valid and what values of p, q, and g should be used for the various authentication families.
Once the Authority and AuthType fields have been set, if required, a new 4 byte CRC-32 checksum is calculated and appended to the 32 bytes of identity information to create a new 36 byte equipment identifier sequence. Either the original or the new 36-byte equipment identifier sequence is stored in the unit of equipment, depending on whether a change was made to the Authority or AuthType fields. Preferably, the 36-byte equipment identifier sequence is stored in non-volatile memory contained within the unit of equipment.
Cryptographic techniques that are well understood by those skilled in the art can be used to provide additional security to the. authentication process for the unit of equipment. A Digital Signature Standard (DSS) is widely used in the communications industry. The DSS is documented in Federal Information Processing Standards (FIPS) Publication 186, related publication 180-1 entitled "Secure Hash Standard", and U.S. Patent 5,231,668 by Kravitz entitled "Digital Signature Algorithm" . All of these references are hereby incorporated by reference. As illustrated in Fig. 6, the Digital Signature Algorithm (DSA) takes the 36 byte equipment identifier sequence (the data to be authenticated) and, using a set of rules and set of parameters, produces a signature in the form of a pair of large numbers (r, s) such that the identity of a signatory (the unit of equipment generating the signature) and the integrity of the equipment identifier sequence can be authenticated. As is also illustrated in Fig. 6, one embodiment of the invention described herein adds a CRC checksum code to the digital signature for storage integrity protection and network transmission protection.
Signature generation occurs in the manufacturing environment and makes use of a private key, x, to generate a unique digital signature of a message sequence, m (such as the 36-byte equipment identifier sequence) . Signature verification by the digital network, such as a FTTC network or a DSL network, may occur at the HDT 130, the ONU 140, or the USAM 340, and makes use of a public key, y, that corresponds to, but is not the same as, the private key x. Public keys are assumed to be known to the public in general, while the private key is never shared. Anyone can verify the signature of a user by employing that user's public key, but signature generation can be performed only by the possessor of the user's private key.
Fig. 7 illustrates the process of generating the digital signature. The digital signature is generated and stored in the unit of equipment by, for example a factory authentication server and associated software. The private key x, which in a preferred embodiment is a 160 bit random integer, is generated (step 10) . Suggested techniques for generating private key x include the use of a random source based upon a fundamentally unpredictable physical phenomenon, such as Johnson (thermal) noise in an electronic circuit, or radioactive decay. The private key x is never stored, and in a preferred embodiment is inserted into the factory authentication server in two halves under divided custody of two people. The integrity of the digital signature depends upon the private key x being infeasible to guess, and otherwise continuously maintained a-s a secret. Suggested techniques for maintaining the secrecy of the private key x includes cryptography, physical and administrative controls widely used for the handling of valuable secret information.
A secret value, k, which in a preferred embodiment is a 160 bit random integer, is arbitrarily formulated for each signature generation sequence (step 20) . The secret value k is formulated by the factory authentication server used to generate the equipment identifier sequence and the private key x for each unit of equipment. The secret value k is not stored in the unit of equipment and is not used in an authentication process (which will be discussed in more detail later) . Suggested techniques for generating the secret value k are the same as those used to generate the private key x, that is the use of a random source based upon a fundamentally unpredictable physical phenomenon. The secret value k must be kept secret during and after generation of the digital signature. Since, the secret value k is used only once, for the generation of one signature, and is not needed .for verification of the digital signature by the digital network, the secret value k may be generated and then obliterated after use.
Parameters p, q, and g are generated (step 30) . The parameters p, q, and g are public parameters in that they can be made known without compromising the integrity of the signature. These parameters are also known to the entity within the digital network verifying the digital signature, such. as the HDT 130, the ONU 140 or the USAM 340, which are devices within a FTTC network, DSL network, or both networks. These parameters are large integers, generated by techniques and mathematical constraints taught in DSS.
Two of the three public parameters, p and g, are used along with the secret value k in mathematical formulas to generate the first part of the signature, r (steps 40-50) . The third public parameter, q, is used along- with the secret value k, the private key x, and the message sequence m in mathematical formulas to generate the second part of the signature, s (steps 60-80) . Step 70 generates a secure hash algorithm, H(m), which is a one-way mathematical function whose inverse is difficult to copy. The digital signature consists of a pair of 160-bit (20-byte) integers r, s for a total of 40 bytes in a preferred embodiment. As previously mentioned and illustrated in Fig. 5, a 4 byte CRC- 32 checksum may be calculated and appended to the 40 byte digital signature, to generate a resultant 44 byte digital signature. The message sequence m, which is the 36 byte equipment identifier sequence in this embodiment, along with the 44 byte digital signature is stored in the unit of . equipment, which is the RG 200 in this embodiment (step 80) . Preferably, the message sequence m, and the digital signatures r, s are stored in nonvolatile memory of the unit of equipment. The 36-byte equipment identifier sequence and the 44 byte digital signature may be stored either contiguously or discontiguously in the non-volatile memory or memories. In one preferred embodiment, the digital signature is stored as consecutive 20 byte fields in either big- endian or little-endian byte order.
Figure 8 illustrates the process of authenticating a unit of equipment, such as the RG 200, when it is installed and connected to the digital network, such as a FTTC network. In describing this process the unit of equipment will be referred to as the RG 200 and the digital network will be referred to as the FTTC network. However, this in no way infers that the unit of equipment is limited to the RG 200 or that the digital network is limited to the FTTC network. Once the RG 200 is installed and connected to the FTTC network, the RG 200 is signed on to the FTTC network (step 10) . Once the FTTC network determines that the RG 200 has signed on, the FTTC network sends the RG 200 a message requesting authentication data (step 20) . Upon receiving the request, the RG 200 retrieves the 36-byte equipment identifier sequence and the 44 byte digital signature from local memory (step 30) . Hereinafter, the 36-byte equipment identifier sequence and the 44 byte digital signature will be referred to as authentication data, for convenience. The RG 200 transmits the authentication data to the FTTC network (step 40) .
The RG 200 transmits the authentication data- to' either the ONU 140 or the USAM 340 depending on the configuration of the digital network (that is the configuration illustrated in Fig. 3 or the configuration illustrated in Fig. 4, respectively) . The appropriate one of the ONU 140 or the USAM 340 may act on the authentication data, may pass the authentication data along to the HDT 130 for processing, or may split the processing between the HDT 130 and the appropriate one of the ONU 140 or the USAM 340. As one skilled in the art would know, multiple other configurations are within the scope of the current invention.
Hereinafter the HDT 130 will be referred to as the component of the FTTC network that authenticates the RG 200. This would most likely be the case if the unit of equipment being authenticated were a unit of field equipment, such as the ONU 140 or the USAM 340. However, this in no way is intended to limit the scope of this invention.
Upon receiving the authentication data, the HDT 130 determines the values of the public parameters p, q and g based on the authentication family identified within the equipment identifier sequence. The HDT 130 also determines the value of the public key, y, which corresponds to the private key x (Step 50) . The public key y is a large integer which is needed for verification of the digital signature. The public key y is a function of the private key x (gAx mod p) , but this function is one which is selected so that it is infeasible under the current mathematical art to compute the private key x given the public key y and the other public parameters p, q, and g.
Once the value for the public parameters and the public key is determined, the HDT 130 verifies the digital signature (Step 60) . A preferred embodiment of the verification is disclosed in FIPS publication 186 Section 6 "Signature Verfi ication" . If the digital signature is not valid, no further communications will be permitted between the RG 200 and the HDT 130 (step 70) . In one embodiment, the HDT 130 may attempt to authenticate the RG 200 several times before discontinuing further communications. In another embodiment, the HDT 130 may send the RG 200 a message stating it failed authentication. In another embodiment, the HDT 130 may flag the particular serial number for the RG 200 and terminate communications with that RG 200 as soon as that serial number is encountered (that. is before the public keys are retrieved and an attempt to verify the digital signature is attempted)*. In any event, if the RG 200 can not be authenticated by the HDT 130 it can not be used for its intended purpose in the FTTC network.
If the digital signature is valid the RG 200 is verified as authenticated and licensed. The HDT 130 then downloads operational software to the RG 200 (Step 120). Upon successful completion of the software download, the RG 200 becomes fully operational (step 140) . According to one embodiment, if the RG 200 does not receive the operational software within a predetermined time period or if. the download is unsuccessful, the RG 200 will send a request to the* HDT 130 to re-download the software (step 130) .
In an alternative embodiment, the HDT 130 may attempt to validate the operation of the RG 200 prior to downloading operational software. For example, as illustrated in Fig. 9, the HDT 130 may send a request for a self-test to the RG 200 (step 80) . If the RG 200 does not receive the request for a self-test, within a predetermined time frame, the RG 200 retransmits the authentication data (Step 40) . .Upon receipt of the self-test request from the HDT 130, the RG 200 performs a self-test sequence (Step 90) . The self test sequence insures the integrity of the circuitry, the connections to the printed circuit board of the RG 200, and the functionality of some or all of the circuitry and components of the RG 200. The RG 200 transmits the results of the self-test to the HDT 130 (Step 100).
Upon receipt of the self-test results, the HDT 130 determines if the self-test was successful (Step 110) . The determination may be comparing ah expected test result which is stored in the HDT 130 with a few bytes of the test results (simple) or a long sequence of several hundred bytes generated by the self test (more complex) . In any embodiment, the end result will be a determination that the RG 200 is or is not working properly. If the HDT 130 determines that the RG 200 failed the self test and is not working properly, no further communications will occur between the RG 200 and the HDT 130 (step 70) . If the HDT 130 determines the RG 200 is operational, the process will continue with the download of software (step 120) .
Once the RG 200 becomes fully operational it can provide the connection and processing necessary to connect the devices (i.e., TVs 199, telephones 194, computers 193) within the residence 190 to the FTTC network.
While this invention provides a secure method of authenticating a RG 200 (or other unit of equipment) within the FTTC network (or other digital networks) , it is feasible that one skilled in the art may be able to copy the equipment identifier sequence and the digital signature (authentication data) from an authenticated RG 200 into an unauthentic RG 200. If one were able to copy the authentication data, it is feasible that the unauthenticated RG 200 would be authenticated by the FTTC network and this could become operational within the FTTC network.
It would be obvious to one skilled in the art that the current invention could easily be .used as an inventory monitoring system without departing from the current scope. That is the HDT 130 (or other units within the digital network, such as the ONU 140, the USAM 340, or some combination of units) could identify RGs 200 (or other units of equipment) that should not be accepted within the digital network. For example, company XYZ manufactures RGs 200 and has a valid license to do so. However, after manufacturing and shipping RGs 200 with serial numbers in the range from 1234 - 2345 to the field it is determined that these RGs 200 contain problems, which would not be detected by the self-test. The HDT 130 could be programmed to deny access to any RG 200 having that manufacturers code with those serial numbers. Another, example could be, to deny access to a manufacturer who lost their license due to. manufacturing products that do not meet some standard applied by the licensor.
In one embodiment, each licensor of a unit of equipment could monitor the status of the units being, produced by various licensed manufactures and have, access to the HDT* 130 software to program their inventory data therein. In another embodiment, each licensor would provide their*, inventory data to »an independent third party that would validate -the data and update the HDT software. In yet another embodiment, it is possible that the independent third party would- monitor, all .licensing of units of equipment within the digital' network and update the HDT software accordingly.
As should be obvious to one skilled in the art, this- invention could easily be applied to other type of networks without departing from the scope of the invention.
Although this invention has been illustrated by reference to specific embodiments, it will be apparent to those skilled in the art that various changes- and modifications may be made which clearly fall within the scope of the invention. The invention is intended to be protected broadly within- the spirit and scope of the appended claims.

Claims

ClaimsWhat is claimed:
1. A method for generating an authenticated unit of equipment for operation in a networked environment, the method comprising: storing an equipment identifier sequence in the authenticated unit of equipment; and generating a digital signature based on the equipment identifier sequence and a private key.
2. The method of claim 1, further comprising storing the digital signature in the authenticated unit of equipment.
3. The method of claim 2, wherein said storing an equipment identifier sequence comprises storing the equipment identifier sequence in non-volatile memory of the authenticated unit of equipment and said storing the digital signature comprises storing the digital signature in the non-volatile memory of the authenticated unit of equipment.
4. The method of claim 1, wherein the equipment identifier sequence includes a unique network equipment identification address.
5. A method for generating an authenticated licensed unit of equipment for operation in a networked environment, the method comprising: storing an equipment identifier sequence in the authenticated licensed unit of equipment, the equipment identifier sequence including a licensing authorization code; and generating a digital signature based on the equipment identifier sequence and a private key.
6. The method of claim 5, further comprising storing the digital signature in the authenticated licensed unit of equipment .
7. The method of claim 5, wherein the equipment identifier sequence further includes a unique network equipment identification address.
8. The method of claim 5, wherein the digital signature is generated using a DSS algorithm.
9. The method of claim 8, wherein generation of the digital signature using the DSS algorithm includes generation of public parameters p, q, and g, secret value k, and a private key x.
10. The method of claim 9, wherein the secret value k and the private key x are randomly generated from fundamentally unpredictable physical phenomena.
11. A unit of equipment, which can be authenticated in a networked' environment, comprising non-volatile memory that has stored therein an equipment identifier sequence; and a digital signature which is computed based on the equipment identifier sequence and a private key.
12. The unit of equipment of claim 11, wherein the equipment identifier sequence includes a unique network identification address.
13. A unit of licensed equipment, which can be authenticated in a networked environment, comprising non-volatile memory that has stored therein an equipment identifier sequence having a licensing authorization field; and a digital signature which is computed based on the equipment identifier sequence and a private key.
14. The unit of licensed equipment of claim 13, wherein the equipment identifier sequence further includes a unique network identification address.
15. The unit of licensed equipment of claim 14, wherein the unique network equipment identification address is a MAC address.
16. The unit of licensed equipment of claim 15, wherein the MAC address is 6 bytes.
17. The unit of licensed equipment of claim 16, wherein the 6-byte MAC address includes 3 bytes that are an IEEE assigned identification and 3 bytes that are a manufacturers assigned unique number.
18. A method for generating an unlicensed unit of equipment for operation in a networked environment, the method comprising: obtaining an authenticated licensed unit of equipment for operation in the networked. environment, the authenticated licensed unit of equipment including non-volatile memory having an equipment identifier sequence and a digital signature stored therein, wherein the equipment identifier sequence includes a unique network equipment identification address and a licensing authorization field, and the digital signature is computed based on the equipment identifier sequence and a private key; and copying the equipment identifier sequence and the digital signature into the unauthorized unit of equipment.
19. A method for generating an authenticated licensed unit of equipment for operation in a networked environment, the method comprising: generating an original equipment identifier sequence that includes; a unique network equipment identification address; a licensing authorization field; and a CRC field; writing a licensing authorization code into the licensing authorization field to create an intermittent equipment identifier sequence; calculating a CRC checksum based on the intermittent equipment identifier sequence; writing the CRC checksum into the CRC field of the intermittent equipment identifier sequence to create a modified equipment identifier sequence; and generating a digital signature based on the modified equipment identifier sequence and a private key.
20. The method of claim 19, further comprising storing the modified equipment identifier sequence and the digital signature in the authenticated licensed unit of equipment.
21. An authenticated licensed unit of equipment, for operation in a networked environment, comprising non-volatile memory having stored therein: an equipment identifier. sequence including a unique network equipment identifier; and a licensing authorization code; a CRC checksum appended to the equipment identifier sequence, wherein the CRC checksum is calculated on the basis of the equipment identifier sequence; and a digital signature which is calculated based on the equipment identifier sequence, the CRC checksum, and. a private key.
22. The authenticated licensed unit of claim 21, wherein the unique network equipment identifier is a MAC address.
23. The authenticated licensed unit of claim 21, wherein the equipment identifier sequence further includes a CLEI code.
24. The authenticated licensed unit of claim 21, wherein the equipment identifier sequence further includes equipment class and sub-class codes; hardware version major and minor numbers; and a factory serial number.
25. The authenticated licensed unit of claim 24, wherein the equipment identifier sequence further includes a layout version code; a hardware/software interface base level code; a hardware/software interface base level extension code; a CLEI code; and an authentication type code.
26. The authenticated licensed unit of. claim 25, wherein the equipment identifier sequence further includes a field reserved for future use.
27. A method of initializing a unit of licensed equipment placed in a networked environment, the networked environment performing the method comprising: requesting authentication data from the unit of licensed equipment; receiving the authentication data from the unit of licensed equipment, wherein the authentication data includes an equipment identifier sequence having a licensing authorization field embedded therein, and a digital signature; and authenticating the' unit of licensed equipment based on the equipment identifier sequence and the digital signature.
28. The method of claim 27, further comprising downloading operational software to the unit of licensed equipment.
29. The method of claim 27, wherein said authenticating includes checking the embedded licensing authorization field for a valid type to determine if a manufacturer of the unit of equipment is licensed.
30. The method of claim 27, wherein said authenticating includes verifying the digital signature using a DSS algorithm.
31. The method of claim 27, wherein said authenticating includes : determining values for public parameters based on the embedded licensing authorization field; determining a value for a public key; and verifying the digital signature based on the public key and the public parameters.
32. The method of claim 31, wherein the public parameters include p, q, and g and the public key is y.
33. The method of claim 32, wherein the public key y is a function of a private key x, which was used to generate the digital signature.
34. The method of claim 33, wherein the function is such that it is infeasible to compute the private key x, given the public key y and the public parameters p, q, and g.
35. A method of initializing a unit of licensed equipment placed in a networked environment, the unit of licensed equipment performing the method comprising: receiving a request for authentication data from the networked environment; and transmitting the authentication data to the networked environment, wherein the authentication data includes an equipment identifier sequence having a licensing authorization field embedded therein, and a digital signature.
36. The method of claim 35, further comprising receiving a download of operational software from the networked environment.
37. A system, within a networked environment, for initializing a unit of licensed equipment placed in the networked environment, the system comprising: means for requesting authentication data from the unit of licensed equipment; means for receiving the authentication data from the unit of licensed equipment, wherein the authentication data includes an equipment identifier sequence having a licensing authorization field embedded therein, and a digital signature; and means for authenticating the unit of licensed equipment based on the equipment identifier sequence and the digital signature.
38. The system of claim 37, further comprising means for downloading operational software to the unit of licensed equipment .
39. The system of claim 37, wherein said means for authenticating includes means for validating a manufacturer of the unit of equipment is licensed by determining if the embedded licensing authorization field contains a valid type.
40. The system of claim 37, wherein said means for authenticating includes: means for determining a value for a public key associated with the digital signature; means for determining values for public parameters based on the embedded licensing authorization field; . means for verifying the digital signature of the unit of licensed equipment based on the values of the public parameters and the public key.
41. A system, within a unit of licensed equipment, for initializing the unit of licensed equipment placed in a networked environment, the system comprising: means for receiving a request for authentication data; and means for transmitting the authentication data to the networked environment, wherein the authentication data includes an equipment identifier sequence having a licensing authorization field embedded therein, and a digital signature.
42. The system of claim 41, further comprising means for receiving a download of operational software from the networked environment.
43. A method for operating an unlicensed unit of equipment in a networked environment, the method comprising: placing the unlicensed unit of equipment in the networked environment, wherein the unlicensed unit of equipment was manufactured by copying an equipment identifier sequence and" a digital signature stored within an authenticated licensed unit of equipment for operation in the networked environment, the equipment identifier sequence including a unique network equipment identification code and a licensing authorization code, and the digital signature computed based on the equipment identifier sequence and a private key; receiving a request for authentication data from the networked environment; and transmitting the authentication data to the networked environment, wherein the authentication data includes the equipment identifier sequence and the digital signature.
44. The method of claim 43, further comprising receiving a download of operational software from the networked environment.
45. A method of initializing a unit of licensed equipment placed in a networked environment, the method comprising: installing a unit of licensed equipment in the networked environment; initializing the unit of equipment; requesting the unit of licensed equipment transmit the authentication data stored therein to the networked environment; retrieving the authentication data from storage, the authentication data including an equipment identifier sequence having a licensing authorization field embedded therein, and a digital signature; transmitting the authentication data to the networked environment; and authenticating the unit of licensed equipment based on the equipment identifier sequence and the digital signature.
46. The method of claim 45, further comprising downloading operational software to the unit of licensed equipment.
47. The method of claim 45, further comprising: transmitting a request for a self-test to the unit of licensed equipment; performing a self-test on the unit of licensed equipment; and transmitting results of the self-test to the networked environment .
48. The method of claim 45, wherein said authenticating . includes : checking the embedded licensing authorization field for a valid type to determine if a manufacturer of the unit of equipment is licensed; retrieving public parameters associated with the embedded licensing authorization field; determining a public key based on the digital signature; verifying the digital signature based on the public key and the public parameters.
49. The method of claim 48, wherein said verifying is performed using a DSS algorithm.
50. The method of claim 45, wherein the unit of equipment is a unit of terminal equipment.
51. The method of claim 50, wherein the unit of terminal equipment is a residential gateway.
52. The method of claim 50, wherein the unit of terminal equipment is a TV set-top converter.
53. The method of claim 45, wherein the unit of' equipment is a unit of field equipment.
54. The method of claim 53, wherein the unit of field equipment is an optical network unit.
55. The method' of claim 53, wherein the unit of field equipment is a universal service access multiplexer.
56. The method of claim 45, wherein the networked environment is a digital telecommunications network.
57. The method of claim 56, wherein the digital telecommunications network is a fiber-to-the-curb network.
58. The method of claim 56, wherein the digital telecommunications network is a hybrid-fiber-coax network.
59. The method of claim 56, wherein the digital telecommunications network is a digital subscriber line network.
60. A method of ensuring only authenticated, licensed and operationally suitable units of equipment are used within a networked environment, the method comprising establishing authentication families; advising the networked environment of the established authentication families; producing an authenticated unit of equipment by generating a authentication type code for each distinct type of unit of equipment; generating a licensing authorization code for each licensee of a unit of equipment; storing an equipment identifier sequence in each unit of equipment, the equipment identifier sequence including the authentication type code and the licensing authorization code; and generating a digital signature based on the equipment identifier sequence, the authentication family, and a private key; installing the unit of equipment within the networked environment; and authenticating the unit of equipment within the networked environment by verifying the digital signature of the unit of equipment, the verification based on the authentication family, and a public key corresponding to the private key.
61. The method of claim 60, wherein the unit of equipment will not be authenticated by the networked environment if the networked environment does not recognize the authentication family.
62. The method of claim 60, wherein the authentication family is based on the authentication type code and the licensing authorization code.
63. The method of claim 60, wherein the equipment identifier sequence further includes a serial number.
64. The method of claim 63, wherein the authentication family is based on the authentication type code, the licensing authorization code and the serial number.
65. The method of claim 60, wherein authenticating the unit of equipment further comprises determining if the licensing authorization code is valid.
66. The method of claim 63, wherein authenticating the unit of equipment further comprises determining if the serial number for that particular unit of equipment produced by that particular licensee is valid.
67. The method of claim 60, further comprising updating the networked environment if a valid licensee loses its license.
68. The method of claim 63, further comprising updating the networked environment regarding invalid serial numbers.
PCT/US2001/012215 2000-04-14 2001-04-13 Method and apparatus for test and verification of field and terminal equipment WO2001080528A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU5350101A AU5350101A (en) 2000-04-14 2001-04-13 Method and apparatus for test and verification of field and terminal equipment
CA002406093A CA2406093A1 (en) 2000-04-14 2001-04-13 Method and apparatus for test and verification of field and terminal equipment

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US55038500A 2000-04-14 2000-04-14
US09/550,385 2000-04-14

Publications (2)

Publication Number Publication Date
WO2001080528A2 true WO2001080528A2 (en) 2001-10-25
WO2001080528A3 WO2001080528A3 (en) 2002-07-04

Family

ID=24196955

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/012215 WO2001080528A2 (en) 2000-04-14 2001-04-13 Method and apparatus for test and verification of field and terminal equipment

Country Status (3)

Country Link
AU (1) AU5350101A (en)
CA (1) CA2406093A1 (en)
WO (1) WO2001080528A2 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1833223A1 (en) * 2006-03-08 2007-09-12 Alcatel Lucent Method for inverse port-based authentication
US7739717B1 (en) 2004-07-13 2010-06-15 The Directv Group, Inc. System and method for performing diagnostics for a customer IRD in a satellite television system
WO2010073105A1 (en) * 2008-12-23 2010-07-01 Nortel Networks Limited, Network device authentication
US7937731B2 (en) 2003-05-22 2011-05-03 The Directv Group, Inc. System and method for evaluating callback functionality in a satellite television network
EP1458164A3 (en) * 2003-03-10 2012-05-30 Samsung Electronics Co., Ltd. Method, apparatus and computer readable storage medium for authentication of optical network units in an Ethernet Passive Optical Network EPON

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5455865A (en) * 1989-05-09 1995-10-03 Digital Equipment Corporation Robust packet routing over a distributed network containing malicious failures
US5724425A (en) * 1994-06-10 1998-03-03 Sun Microsystems, Inc. Method and apparatus for enhancing software security and distributing software
US6115376A (en) * 1996-12-13 2000-09-05 3Com Corporation Medium access control address authentication
US6151676A (en) * 1997-12-24 2000-11-21 Philips Electronics North America Corporation Administration and utilization of secret fresh random numbers in a networked environment
US6263446B1 (en) * 1997-12-23 2001-07-17 Arcot Systems, Inc. Method and apparatus for secure distribution of authentication credentials to roaming users

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5455865A (en) * 1989-05-09 1995-10-03 Digital Equipment Corporation Robust packet routing over a distributed network containing malicious failures
US5724425A (en) * 1994-06-10 1998-03-03 Sun Microsystems, Inc. Method and apparatus for enhancing software security and distributing software
US6115376A (en) * 1996-12-13 2000-09-05 3Com Corporation Medium access control address authentication
US6263446B1 (en) * 1997-12-23 2001-07-17 Arcot Systems, Inc. Method and apparatus for secure distribution of authentication credentials to roaming users
US6151676A (en) * 1997-12-24 2000-11-21 Philips Electronics North America Corporation Administration and utilization of secret fresh random numbers in a networked environment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DAVIS RUSSELL: 'Network authentication tokens' VIRGINIA: FORD AEROSPACE 1990, pages 234 - 238, XP002947110 *
HARBITTER A.H.: 'Performance of public-key-enabled Kerberos authentication in large networks' IEEE May 2001, pages 170 - 183, XP002947109 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1458164A3 (en) * 2003-03-10 2012-05-30 Samsung Electronics Co., Ltd. Method, apparatus and computer readable storage medium for authentication of optical network units in an Ethernet Passive Optical Network EPON
US7937731B2 (en) 2003-05-22 2011-05-03 The Directv Group, Inc. System and method for evaluating callback functionality in a satellite television network
US7739717B1 (en) 2004-07-13 2010-06-15 The Directv Group, Inc. System and method for performing diagnostics for a customer IRD in a satellite television system
EP1833223A1 (en) * 2006-03-08 2007-09-12 Alcatel Lucent Method for inverse port-based authentication
US8301115B1 (en) 2006-03-08 2012-10-30 Alcatel Lucent Method for inverse port-based authentication
WO2010073105A1 (en) * 2008-12-23 2010-07-01 Nortel Networks Limited, Network device authentication
US8892869B2 (en) 2008-12-23 2014-11-18 Avaya Inc. Network device authentication

Also Published As

Publication number Publication date
CA2406093A1 (en) 2001-10-25
AU5350101A (en) 2001-10-30
WO2001080528A3 (en) 2002-07-04

Similar Documents

Publication Publication Date Title
US8181262B2 (en) Network user authentication system and method
US9172542B2 (en) System and method to pass a private encryption key
US8973025B2 (en) Method and system for providing security within multiple set-top boxes assigned for a single customer
US5764756A (en) Networked telephony central offices
US6311218B1 (en) Method and apparatus for providing security in a star network connection using public key cryptography
US20060130135A1 (en) Virtual private network connection methods and systems
US9240993B1 (en) Method and system for in-field recovery of security when a certificate authority has been compromised
CN101467131A (en) Network user authentication system and method
CA2370471A1 (en) Built-in manufacturer's certificates for a cable telephony adapter to provide device and service certification
CN102246487A (en) Method for increasing security in a passive optical network
NO160110B (en) Cable Television-TELECOMMUNICATIONS SYSTEM.
EP1749356A2 (en) Optical line termination, optical access network, and method and apparatus for determining network termination type
WO2001080528A2 (en) Method and apparatus for test and verification of field and terminal equipment
US7376837B1 (en) Built-in manufacturer's certificates for a cable telephony adapter to provide device and service certification
CN113169953B (en) Method and apparatus for authenticating a device or user
CN113300847A (en) Authentication without pre-knowledge of credentials
TWI531194B (en) Cable modem and method for reissuing a digital certificate
KR100516971B1 (en) Method and system for user certification in dynamic host configuration protocol network
CN101151881B (en) Administration of computer telephony applications that are connected to a private branch exchange via a local network
EP1833223B1 (en) Method for inverse port-based authentication
JP2006318383A (en) Program downloading method and communication system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWE Wipo information: entry into national phase

Ref document number: 2406093

Country of ref document: CA

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP