[go: up one dir, main page]

CN101467131A - Network user authentication system and method - Google Patents

Network user authentication system and method Download PDF

Info

Publication number
CN101467131A
CN101467131A CNA2006800327604A CN200680032760A CN101467131A CN 101467131 A CN101467131 A CN 101467131A CN A2006800327604 A CNA2006800327604 A CN A2006800327604A CN 200680032760 A CN200680032760 A CN 200680032760A CN 101467131 A CN101467131 A CN 101467131A
Authority
CN
China
Prior art keywords
network
building
digital certificate
module
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2006800327604A
Other languages
Chinese (zh)
Inventor
罗宾·R·库珀
罗伯特·T·库拉考维斯基
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Verimatrix Inc
Original Assignee
Verimatrix Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Verimatrix Inc filed Critical Verimatrix Inc
Publication of CN101467131A publication Critical patent/CN101467131A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

In a network user authentication system, a network user is identified for authentication purposes using the unique identifier for a dedicated physical communication line associated with the building in which the network user is located or a digital certificate which is associated with a secure component or communication line physically attached to a building. An authentication server initially verifies the identification of the dedicated communication line to be associated with a network service subscriber or issues a unique digital certificate to be associated with the dedicated communication line for authentication purposes. The digital certificate may be stored in a building gateway or in an edge site module which is connected to the secure components of a plurality of buildings and stores unique digital certificates for each building.

Description

Network user authentication system and method
The application requires the right of priority of U.S. Provisional Patent Application No.60/701239 that proposes the 20 days July in 2005 of co-applications and the U.S. Provisional Patent Application No.60/803679 that proposed on June 1st, 2006, and these two temporary patent applications are incorporated this into as a reference in full.
Technical field
The present invention relates to a kind of system and method for verifying the network user or between the network equipment, setting up the trusted communications path of being used to.
Background technology
Along with the internet communication amount increases, the better network user's the need for equipment of verifying is significantly increased.Network has proved very valuable and necessary instrument.But swindle and the wrong possibility of using also increase day by day.
In recent years, securities broker company for example Verisign, Thawt or the like by provide the checking network user device set up attractive business prototype.By sending and cancel the digital certificate of infrastructure (PKI) of using public-key, the network user can be sure of that some transaction are by safe handling.The problem of " Verisign " model is the steps necessary that server side takes to verify self usually, and still, client and other network client have shown loses interest in to the solution that obtains to help them to be verified equally.To a great extent, network client is owing to unclear obtainable benefit is reluctant to mean their all demo plants paying.In addition, certifying organization how to work between kinds of platform (PC, kneetop computer, mobile device or the like) neither be very clear.
Because in fact, all clients on the common network are not verified by any way, so the potential possibility of swindle and harm is still serious and go from bad to worse.
In the last few years, multiple innovation had been proposed to help recognition of network clients.In these innovations some comprise:
The fail-safe software dog
Smart card techniques
The element safety in the chip, can unique identification
Just there is defective in these innovations from beginning, and this is because these (reaching other) hardware componenies are lost easily, stolen or exchange.Although these solutions provide the checking of floor level, their validity is because the client can not guarantee that they are safe and limited.
Therefore, in the network world of today, there are enough checkings, but client-side is had only seldom checking or not checking host computer system (server side system).If have a kind of feasible each client's of reliable authentication mode, then will begin to occur new and commercial opportunity that potential earning power is arranged, and the network of end-to-end " credible " will come true.
Therefore, need a kind of system and method that overcomes those serious problems of finding in the aforesaid legacy system.
Summary of the invention
Embodiment described in the literary composition provides a kind of verification system and method, and it can be verified network client and set up believable communication path two sides or in many ways.
According to an aspect of the present invention, a kind of network user authentication system is provided, wherein use the security component or the interior one or more network equipments of physical network connectivity verification building that are associated with building, the network service of feasible safety and the building owner or tenant's direct correlation.At least one subscriber equipment in the building is linked to this security component, and security server is linked to this security component or connection.Security server is configured to determine the physical connection sign (ID) of this security component, and this physical connection ID is associated with Customer ID, so that follow the tracks of particular customer or subscriber equipment in the building that request is served on common network.
Security server can be the part of business website or network, or the service provider website that provides service to a plurality of families and enterprise for example telephony service provider or telephone operator (Telco), near or the network edge website part of telephone operator's edge site, CATV (cable television) edge site or Utilities Electric Co.'s edge site for example of building being linked to, or near the wireless network base station of building being linked to, perhaps can be the independent security server that is connected to security component via network.Security server no matter be independently or be attached to long-range website or local edge site in, can be used by different trade companies or the network user, so that other network user of making business with this trade company or the network user is wished in checking.This system makes subscriber equipment be associated with fixed building or with the physical connection ID of this building permanent association, verifies that the communication path between this two side is credible, promptly sets up the trusted communications path.This two can be to be network trade company or service provider and the network user or two network users for example.
Security component can be any communication line of setting up with building, comprise physical connection based on cable modem, Digital Subscriber Line or DSL derivant, wireless input port, optics input or circuit or the like, perhaps the public utility operating position that can be used to follow the tracks of buildings by utility company is so that instrument box of charge or the like, and it has the built-in communication facilities that is used for via network and utility company's server communication.In one embodiment, security component can be from Network Access Point or edge site to the user the physical network access device for example last mile (last mile) of digital modems, cable modem, asynchronous transfer mode (ATM) modulator-demodular unit, fibre optic modem, DSL modulator-demodular unit or other family expenses modulator-demodular unit connect.The key of checking is to be established as family or other physical location to provide in last of service and connect, and this connection is associated with the user of family or physical location with the realization security purpose.This connection can be to connecting to the physics copper cash of family, or wire cable data, services interface specification (DOCSIS) address on the cable modem terminal server (CMTS), or wireless medium accesses control (MAC) or logic link control (LLC) or the radio link address that connects in last between family and the network, digital subscriber line access multiplex (DSLAM) circuit I D or connectivity port that DHCP (DHCP) service or relay agent report, or wireless client is connected in the base station of wireless network any one.Customer ID can be the arbitrary value that has the permanent fixation value for the user, is nonce for single connection only perhaps.The identifier that Customer ID can provide based on IP address, IP address and port numbers, user ID, the random number that derives from user ID, network edge website is Network address translators (NAT) address and can be used for any data value that customer equipment is associated with communication line ID for example.
Security server can use the network equipment to connect or communication line ID.In one embodiment, can follow the traceroute mapping with definite network topology, thereby can discern for example Telco edge site of service edge website.In case edge site is identified, then security server sends inquiry by request user or client's Internet protocol (IP) address to this edge site, and request identification is connected to the communication line that this subscriber equipment is positioned at building wherein with the Telco edge site.
Wherein can use an example of the situation of a network element of this verification system identification is that set-top box (STB) is verified the physical connection (being used for DSL and dialing) to Telco via copper cash by it.If relating to e-commerce transaction, STB for example asks to buy film, whether then movie services provider or Telco can use this verification system to pass through relatively this physical connection ID and user or Customer ID, check request STB right from the correct physics copper cash that is connected to this building.
In another embodiment, can provide another additional safe floor by in system, adding signature or security code.In one embodiment, security control unit is associated with security component, and has the data memory module of wherein storing unique digital certificate, and processor is configured to communicate by letter with this security server via private.Security server is at first checked the situation of building, and unique digital certificate that will be associated with this situation of building is issued this security control unit.This security control unit can be installed in the security component that is positioned at this place, situation of building or be connected to this security component, perhaps can be positioned at the edge site module of the security component that is connected to a plurality of buildings.In the case, unique digital certificate of each building of edge site module stores.
Security component can be user gateway or connectivity port, for example forever is connected the existing broadband telecommunication circuit between building and the telecommunications company's edge site, perhaps with the radio network gateway that is associated to the dedicated wireless link of building.Unique digital certificate only is associated with circuit to this specific building then.Because digital certificate directly is associated with physics building (or physical security or with the integrated gateway of this building), so it can be used for verifying reliably the personnel interior inhabitation of this building, that have this building or work in this building.Digital certificate can be attached on the special-purpose broadband access line of building at the security control unit of the building end that is positioned at circuit or at provider edge site place.In one embodiment, each Provider Edge website comprises the control module with data memory module, and this module is preserved and is connected with this website and the digital certificate of all buildings that subscription validation is served.Each digital certificate only is associated with communication line to the specific building that is associated with this digital certificate then.Because building does not move usually, and security component is connected to building so that it cannot or hardly be mobile under the situation about being connected of not interrupting with building, so digital certificate can be provided at the reliable indication of the client identity authentication of network communication via this digital certificate.
In another embodiment, security component comprises safety box or housing, and this safety box or housing physical connection in some way arrive building interior or outside, and comprise the security control unit of maintenance for the specific digital certificate of this building.In one example, security control unit can comprise the metering outfit that is used for specific utility, and can communicate by letter with the utility service device and read and verify so that measure.Private or VPN(Virtual Private Network) are utility company's network in the case, and authentication server can be carried out by this utility service device or the independent authentication server that is linked to this public commerce server.
The security gateway module can be arranged on Architectural Services Department so that be connected to the interior a plurality of subscriber equipmenies of building.In one embodiment, security control unit comprises gateway module.In another embodiment, security control unit is connected to gateway module.Gateway module can be router or enhanced routers module.
This system also can comprise at least one security hardware that is associated with this gateway module, and with building in the security hardware that is associated of each subscriber equipment.Safety equipment can be USB (universal serial bus) (USB) dongle, smart card, credible platform module (TSM), be used for subscriber information module (SIM) chip of wireless device or the like.In exemplary embodiment of the present invention, the special-purpose digital certificate of specific building can be complementary with the counterpart keys of the security hardware stored of the gateway module that is connected to this building, so that network is successfully operated.Security hardware in the gateway module then in each subscriber equipment with the safety equipment cryptosync so that successfully verify and carry out network service.This provides two levels of authentication, is that certification entity or authentication server arrive building specifically, and builds the subscriber equipment in this building.
According to another aspect of the present invention, a kind of verification method is provided, this verification method comprises by the ID that makes user ID (ID) and prospective users be positioned at the physical connection of building wherein or security component and is associated to user of network service registry, the record of storage user ID and physical connection ID, receive from the user each subsequently to the request of service the time determine to connect user's physical connection ID, this physical connection ID is compared so that test with the previous user ID of setting up, and if check successfully then service is provided.
In one embodiment, the geographic position of building that is positioned at the authentication server place is based on the position of security component or physical connection and be verified, unique digital certificate is associated with the situation of building that is verified, and this unique digital certificate is sent to the security control unit that is associated with this security component or physical connection, and this unique digital certificate is stored in the data memory module of security control unit.In another embodiment, the user is used for being determined by security server at the connection ID of creating to the physical connection of building with the previous of network service, and this physical connection ID is associated with user's user ID.
Usually, in modern cryptographic technique, for carry out secure communication entity can be considered to overall safety and reliable before wish to carry out three level verifications.These grades comprise:
1. what has
2. what is known
3. whom is
First can be by the safe embedded key of having of some type be provided to customer equipment secure hardware equipment for example safety element and other the hardware based cryptography scheme in smart card, USB dongle, safety chip or the chip realize.Can realize by using the distinctive username and password of user for second.The 3rd more is difficult to realize.Biometric recognition technique comprises retina scanners and fingerprint analyzer, but the installation of this equipment is very expensive usually and be difficult to management.For example building or family or the security component that is connected to this physical arrangement provide the identification of " whom is " to embodiment described in the literary composition as bioassay equipment by utilizing physical arrangement.In fact, all physical arrangements, especially be equipped with those physical arrangements of broadband-access to have an owner and a limited number of in this structure, the inhabitation or the individual of work.By the unique ID identification service-user based on physical connection in building or network communication circuit, in the present invention, the user can be associated with a unique immovable physical arrangement.This method and system can be used for discerning the personnel that have physical arrangement, work or live therein.
After the detailed description and accompanying drawing checked hereinafter, other features and advantages of the present invention are more apparent to those skilled in the art.
Description of drawings
Can partly understand the details about its structure and operation of the present invention by the research accompanying drawing, similar parts like the Reference numeral representation class in the accompanying drawings, and wherein:
Fig. 1 illustrates the block diagram of use according to the network of the authentication system of one exemplary embodiment of the present invention and method;
Fig. 2 is the process flow diagram of method that is verified at first the client of service to service provider's registration that illustrates according to one exemplary embodiment of the present invention;
Fig. 3 is illustrated in the process flow diagram of discerning user or client's method after the initial registration of Fig. 2;
Fig. 4 is the logical process step of the real-time verification that is used for the user in illustrating according to one embodiment of present invention and the logical diagram of data memory module;
Fig. 5 is the block diagram that verification system according to another embodiment of the invention is shown;
Fig. 6 is the block diagram of modification that the system of Fig. 5 that two level verifications are provided is shown;
Fig. 7 is the process flow diagram of initial setting that the verification system of Fig. 5 and 6 is shown;
Fig. 8 illustrates the verification system of use one embodiment of the present of invention with the process flow diagram of checking as the client's of this system potential network affiliate;
Fig. 9 is the block diagram of verification system that the watermark that content file is provided of modification is shown;
Figure 10 is the block diagram that the verification system of modification according to another embodiment of the invention is shown;
Figure 11 is the family of embodiment of Figure 10 or the block diagram of building unit;
Figure 12 is similar to Fig. 9 but the block diagram of verification system that provides the modification of bi-directional verification;
Figure 13 is the process flow diagram that verification method according to an embodiment of the invention is shown; And
Figure 14 illustrates the block diagram that is derived from commercial network and is addressed to the encryption layer in the message of the security component that is connected to the subscriber equipment that is verified gateway or is connected to buildings.
Embodiment
Discloseder embodiment provide the user rs authentication based on fixed physical buildings address or position in the literary composition.For example, disclosed a kind of method allows to make unique digital certificate to be associated with family or building unit in the literary composition, and perhaps physical connection is to family or buildings.
After reading this explanation, how to realize that in various optional embodiment and optional application the present invention is very clearly to those skilled in the art.But,, it should be understood that these embodiment only are as example rather than restriction although various embodiment of the present invention has been described in the literary composition.Thereby the detailed description of various embodiment should not be understood that to limit scope of the present invention or the range as setting forth in the claims.
The common name of term Telco (telephone operator) as any service provider used in explanation hereinafter, and be used to discern the communication or the Internet Service Provider of any kind, as telephone operator, cable television service provider, CATV (cable television) (tv) operator, ISP, satellite television provider, fiber optic network Connected Corp., wireless service provider, cell phone service provider or the like.
Fig. 1 is the block diagram with communications network system of diverse network parts.As will be described in more detail, verification system according to one exemplary embodiment of the present invention is attached in the network system, and is used when for example the set-top box (STB) 370 in physical equipment or the buildings 40 is connected to commercial application/network 388 when subscriber equipment.STB370 is the electronic equipment that is connected to communication channel, as phone, Internet service digital network (ISDN) or catv line, and produces output on the traditional tv screen.Set-top box is generally used for receiving and the broadcasting of decoded digital circuit, and is connected with internet interface by user's TV rather than PC.Set-top box is divided into several classes, translate the set-top box of input TV signal from the simplest reception and reduction, to the more complicated set-top box that also can be used as the multimedia desk-top computer, this multimedia desk-top computer can move multiple advanced person's service, as video conference, family internal network, Internet protocol (IP) phone, video request program (VoD) and high-speed Internet TV service.But, should understand, home network in Fig. 1 can be connected to the user's electronic communication facilities of many other types, and in conjunction with the term set-top box (STB) that Fig. 1 uses will be the electronic communication equipment that covers any kind, comprise the common name of STB, personal computer (PC), PDA(Personal Digital Assistant), network MP3/ video player (wherein MP3 is a MPEG-1Audio Layer-3 equipment, and MPEG represents motion picture expert group), cell phone or the like.
STB370 is depicted as in an illustrated embodiment and is connected to TV 372, and via the family in or buildings in network 385 be connected to CPE 380.Any type of CPE of CPE (CPE) 380 representatives, as router, modulator-demodular unit, switch, gateway or any network processes equipment, it is used in the local network device inner joint and is connected to and leads to receiving and transmitting being connected or communication line 305 of data of the external world.Connecting 305 can be wired, wireless, cable or optical interconnection with external network edge device, edge site or access point 303, and can be based on point-to-point, star, annular or other network topology.In this embodiment, see below that Fig. 1-4 describes in detail, verification system uses the identifier of physical connection 305, so that the user of the equipment in checking dwelling house or the home network 385.
Client device for example STB 370 can be directly connected to CPE modulator-demodular unit 380, or serves the local access point router sub-network of use network address translation (nat)/fire wall alternatively.NAT is that a kind of Local Area Network that makes can use one group of internet standard that is used for the IP address of internal transmission and is used for second group address of external transmission.
Network edge device or website 303 are connected to commercial the application and network 388 via network 315.Commercial use and network 388 can be independently based on the company service of ecommerce or network perhaps can be the utility that telephone operator (TelCo) or other third party provide.Network 315 can be for example the Internet of special use or company's network or common network, and edge site 303 with commercial use and network 388 between communicate by letter and can realize via one or more networks 315.Network edge device 303 is suitable for being used for providing to the user physical network layer of service, and including but not limited to the physical connection based on cable modem, Digital Subscriber Line and DSL derivant, wireless and optical tech.The DSL technology use complicated modulation scheme with packing data to copper cash.They are called as last mile technology sometimes, and this is because they only are used for from the telephone exchange station to family or the connection of office rather than the connection the switching station.In Fig. 1, network edge device is the example that communication line 305 is connected to the marginal position of cpe device 380.Network system also can comprise network operation center (not shown, between network edge device 303 and network 315).The network data center processing capacity can be distributed in other position or use other server.
Security server 310 is connected to network edge device via network 315.Although security server 310 is independent website in Fig. 1, it also can be the part of network edge device or edge site 303, the part of network operation center, or the part of commercial application site 388.Fig. 1 also illustrates DHCP (DHCP) server 320, and this server 320 is connected to DHCP database 330, is used for communicating by letter with client's cpe device 380 via network 315.Dynamic Host Configuration Protocol server 320 can be the server of internet protocol-based that is used for providing to cpe device or other computer equipment the standard of Internet protocol (IP) address, this cpe device or other computer equipment is assigned with the IP address so that access network.DHCP is the known agreement that is used for the devices allocation dynamic IP addressing on network.Alternatively, Dynamic Host Configuration Protocol server 320 can comprise and can be used for distributing address information or access information so that be connected to the miscellaneous equipment of network to computing machine or other customer equipment (STB, PDA, PC, cell phone or the like).Dynamic Host Configuration Protocol server 320 also can be embodied as the database with address information, this address information be used to make computing machine or other customer equipment via mainframe network edge device 303 for example the Telco edge site be connected to network 315.
Proof procedure (that is, being used to start the trusted communications path) according to an embodiment is as described below.This process powers on and attempts being connected to the Telco service or commercially use at 388 o'clock and begin at the customer equipment of STB 370 representatives.STB370 usually can be from router, switch or the gateway device request IP address of the part that is expressed as CPE 380 equipment.The IP address of STB 370 is network edge device 303 or Dynamic Host Configuration Protocol server 320 possibility ignorant Local Interconnect Network (IP) addresses.Fig. 2 illustrates and according to an embodiment of the inventionly is used to begin use 388 for being verified or credible service registry client's method to the service provider is for example commercial.When any customer equipment contact service provider in the buildings can use the method when obtaining the service of any kind on network.An example of this service be when subscriber equipment for example set-top box contact security film or video delivery service when obtaining the application key of decryption of video.
Customer equipment for example STB 370 at first powers on and obtains IP address (step 340) from CPE 380.Customer equipment is connected to service provider's (step 342) and request service then.STB uses the IP address of CPE 380 equipment rather than the IP address of STB to be connected to network edge device 303.The IP address of STB is local for family or premises network 385, and present to commerce or service provider client (STB) IP address may to distribute to the IP address of STB different with in-home network router, switch or the gateway of CPE 380.The IP address of presenting to STB is the IP address that network edge device 303 provides for CPE 380 equipment.
When STB contact is commercial use and network 388 so that when registering service from trade company, registration process can be used the IP address of client or CPE 380, and can determine the identity of the physical connection 305 between network edge device 303 and the STB 370 from the suitable network equipment, this physical connection 305 is connected to network edge device (step 344) via CPE 380.Hereinafter describe the technology of the identity that is used for definite physical connection 305 in detail.Registration process can be used independently security server 310 as shown in Figure 1, perhaps can be the part of commercial application or website 388.Client enrollment information comprises the identifier that is called as at the physical connection ID of the connection 305 between network edge device 303 and the CPE 380.
Physical connection ID is the identifier of the physical connection 305 between unique identification network edge device 303 and the CPE 380.There is the multiple technology that can be used for obtaining the identity of physical connection 305.The DSL example of physical connection ID is the physical port ID that is used for DSL digital subscriber line access multiplex (DSLAM) equipment, this DSLAM equipment is used for the DSL service is connected to copper cash to telephone line, and this telephone line is connected to the user with Telco center or local call office.DSLAM receives single high-speed asynchronous transmission mode (ATM) circuit with a plurality of clients' DSL connection chain.Connect, can obtain physical connection ID for optical fiber, and can obtain virtual connection ID for wireless device based on the cable modem system of the Internet service of CATV (cable television).For example, in Fiber to the home (FTTH) network, connection ID can be to be used to make the user to be connected to the identifier of the optical network unit (ONU) of optical-fiber network by interface.The ONU identifier can be used for making video (or other) service-user to be connected or ONU join dependency connection with physical fiber to this user.Also can imagine, can use the identifier of traceroute or other network mapping resource acquisition physical connection 305, to determine physical connection 305.Although the traceroute resource of standard is not discerned physical connection 305, can imagine, can create the resource that physical connection 305 and signal route can be offered together computer node that is similar to traceroute.
In many network systems, when customer equipment (STB, PC, PDA or the like) used DHCP agreement request network ip address, network edge device 303 can be transmitted to Dynamic Host Configuration Protocol server with the DHCP request.Except being used as dhcp relay agent, when transmitting the DHCP request by network edge device 303, network edge device 303 also adds physics connection identifier (CID (for example DHCP option 82).When network edge device 303 adds the physics connection identifier (CID, Dynamic Host Configuration Protocol server can be stored in this physical connection identifier in the Dynamic Host Configuration Protocol server lease file, and this document is to comprise the information of handling about DHCP and comprise file about IP address, CPE media access control (MAC) address, lease status, the information of lease duration and out of Memory usually.DHCP on the same day based on the network of DSL handled comprise that DSL DSLAM adds indication connects the physical cord in getting home via the DSLAM port numbers port identifiers.The DSLAM port numbers is unique, and when copper cash was connected to the DSLAM port, the physics copper cash between family and the Telco network can be discerned uniquely.In many systems, DHCP lease fileinfo also comprises by network edge device 303 and adds any physical connection identifier (for example DHCP option 82) in the DHCP request to.
Under the disabled situation of physical connection identifier of the physical connection 305 between network edge device 303 and CPE 380 equipment, can write software to visit this information with the data that obtain to can be used for identifier is associated with physical connection 305 by detection network edge device 303.Any method reading circuit ID from this DSLDSLAM equipment that the example of this detection is to use DSLAM equipment to provide.Detection network edge device 303 can be applicable to any network type (wireless, cable, optical fiber, DSL, Ethernet or the like), and surveys the method that can obtain physical connection 305 based on slave unit.The typical method that obtains the identifier of physical connection 305 comprises the read data library file, execution Telnet dialogue, exposed interface on accesses network or the network edge device 303, access network services is with acquired information, via file transfer protocol (FTP) (FTP) or HTTP(Hypertext Transport Protocol) interface accessing information, or other method.
After determining physical connection ID, proof procedure makes physical connection 305 be associated (step 345) with service-user in this embodiment, and storage is about this user's information and the physical connection sign (step 346) that is associated.The Information Authentication user that this makes the service provider to use to comprise physical connection 305, thus this user is linked to the physical connection and its physical arrangement that links or buildings that identifies.In case this information is stored, then the client is service registry, and can receive service from trade company 388 then.After registration, physical connection 305 is used for verifying the user in each request to service subsequently as shown in Figure 3.
Also can imagine by this application, such network service can be provided, i.e. the exposed interface that this network service makes the service provider can use network edge device 303 or the Telco network equipment or Dynamic Host Configuration Protocol server 320 or security server 310 or other network site to provide obtains physical connection 305 identifiers from Telco or service provider.
Although when using physical connection 305 information during the client in the system sometimes on the same day in checking, but this use is confined to the Internet Service Provider when verifying user's CPE 380 equipment, and this information also is not used in checking and exceeds user outside the Physical Links Layer, for example the application layer of service or the user in the user's of checking e-commerce system ecommerce layer, internet system, network service, e-mail system or the like.
Fig. 3 illustrates and is used for after registration identification user or client so that detect the proof procedure that the swindle of attempting access services is attempted.The swindle individuality that is called as the hacker is attempted plunder or steals service method have a variety of.For example, the hacker can use clone's customer equipment for example STB or the PC with the user profile of duplicating, and attempts to pretend to be authorized user.Proof procedure susceptible of proof client shown in Fig. 3 is from this serves 305 these services of visit of the identical physical connection of employed physical connection with registration, and have a plurality of clients of identical credentials can activity in this service simultaneously.
As shown in Figure 3, receive transaction request in step 350 from registered client (perhaps attempting to use cloned devices etc. to pretend to be the unauthorized user of registered client).Then, read the home gateway IP address (the IP address of home gateway or CPE 380, rather than the IP address of STB 370) (step 352) that connects the user.User's gateway ip address is used to obtain this user's physical communication circuit or physical connection ID (step 354).This can be by the network data item acquisition that comprises at the physical communication line identifier of this gateway ip address.This can multitude of different ways obtain, and for example can read DHCP lease file to obtain this mapping.Also can inquire about this information to the network equipment by read DSL DSLAM port id from DSLAM.Can use other method according to network.Because most systems is used the DHCP IP address management by preliminary rental agreement, so user gateway IP address is interim association.Thereby the user is identified as and is connected to physical communication circuit rather than IP address.The physical connection line identifier is unique for each user, and an example is DSLAM_IP_ADDRESS.PortNumber, wherein DSLAM_IP_ADDRESS is the IP address of one of the many DSLAM in the network, and the .PortNumber field is that copper cash is connected to physical port on user's the DSLAM of position.
Then, by the current DSL AM_IP_ADDRESS.PortNumber or the physical connection ID and the physical connection ID that obtains when the user is this service registry first that compare the user, checking connects client's (step 356).But software supervisory user physical connection, and check that a plurality of users are movable on network and this user's different physical connections simultaneously.User's CPE can be positioned at after home gateway or the fire wall, and but user's client IP address is to be local the IP address that verification system can not be seen for family or front end.The method makes the user be associated with physical connection 305 rather than client IP address to buildings, and this provides better basis for checking.Software determines whether mate (step 358) between user's the physical connection ID new or current physical connection ID and registration.If coupling, then this connection is believable, and transaction can be proceeded (step 362).If physical connection ID and log-on message do not match, then report this change (step 360), and according to this change be for reasonable cause or its under a cloud be clone on the network, transaction can be proceeded or not proceed.
In step 360, process software can report that the equipment that the user uses is positioned on the DSLAM port different with the DSLAM port that is this service registry at present.The subscriber equipment physical connection may change because of multiple different reasonable cause, and comprise the technician user is moved to different port on the DSLAM, perhaps technician mobile STB and do not upgrade user's information in field, and even when the user moves STB.Although these conditions do not constitute the clone on the network, processing procedure can be reported the incident of these types.
Legal STB by the unique identification of MAC Address can exist only on the single DSLAM physical port address at any given time.In one embodiment, see below that Fig. 1 to 4 is described in more detail, verification system and method are connected to DHCP lease record more than the STB of a physical circuit by search, use the DHCP with relay agent information scaling option to serve and detect clone STB.Fig. 4 the system that is used for Fig. 1 is shown in case carry out shown in Fig. 2 and 3 real-time registration checking and to the logical process process and the data storage of the scan report of potential clone's existence.The authentication server that is used to carry out proof procedure can reside in independent safety or authentication server 310, perhaps can be set at the network operation center that is connected to network edge website 303, perhaps is set in other embodiments on the commercial application site 388.
As shown in Figure 4, Dynamic Host Configuration Protocol server and relay agent 363 are connected to DHCP lease file storage module 364.DHCP list constructor 365 is connected to DHCP lease file storage module 364 and DHCP catalogue 366.The table of being created by list constructor 365 is stored in the DHCP lease table module 367.All STB associated datas in particular electrical circuit information is stored in Circuit management (CM) registration table 368, i.e. client enrollment information and related physical connection ID.When receiving key request or services request (369) from STB, system is by the relatively information of DHCP lease table stored and the information of Circuit management (CM) registration table 368 stored, determines that whether leased circuit that this request is derived from is corresponding to registered circuit (374).Ifs circuit does not match, and then generates checking and is stored in the checking abnormal module 375 so that handle (376) after a while in scan report unusually and with it.When not finding coupling in step 374, STB can be rejected service or write down quietly so that investigation after a while.There is reasonable cause in change in the ifs circuit identification, and then the CM registration table can be updated with the registered circuit of indicating this particular customer corresponding to leased circuit.
To illustrate in greater detail a example now as the described verification system of Fig. 1 to 4.In order to verify user or client,, can obtain MAC Address and DSL port numbers (opt.82) from Dynamic Host Configuration Protocol server or Relay Server for any given IP address.In the embodiment shown in fig. 4, from DHCP lease file, visit dhcp state.In optional embodiment, equivalent state information can use general management (TM) medium wave that obtains the Myvo/Siemens of title and out of Memory as the client to obtain.Alternatively, the exportable authentication server of giving of dhcp state daily record perhaps can be realized the DHCP requested service amount from authentication server.
The DHCP activity is maintained at/etc/dchpd.leases or DHCP lease file 365 in, this document comprises from these option fields of network edge dhcp relay agent 363 results.
Field name Field ID Data type
Relay agent information 82 Piece (byte sequence)
The circuit id of relay agent: the port numbers of identification DSLAM 82 (sub-options-1) Piece
The ID of the long-range id:CPE of relay agent (STB, modulator-demodular unit) 82 (sub-options-2) Piece
Although it is that the overall situation is unique that remote ident is assumed to be, circuit I D is unique for DSLAM only, and available Subnet address limits to guarantee the uniqueness for authentication server.Consider that wherein but STB is cloned the degenerate case that occupies two same circuits on the different sub-network network by chance.In order to detect this clone, the uniqueness that can test two sub-networks and circuit.Quote DHCP agreement relay agent in the giaddr field, this field is the IP address of relay agent.Circuit I D option in the lease file is the splicing of giaddr and circuit." giaddr " field is a gateway ip address, promptly is used to refer to the term of the IP address of any relay agent between Dynamic Host Configuration Protocol server and the circuit (for example DSLAM, gateway or the like).The lease file can be retained as ASCII(American Standard Code for information interchange) (ASCII) text on plane, perhaps can change on content and layout.Lease file plug-in unit is used for abstract local file access.
For extensive installation, to determine still whether all lease files have same format.Conceptive, heterogeneous system can have different Dynamic Host Configuration Protocol server, lease file layout and thereby have different lease file plug-in units.The DHCP lease information of Dynamic Host Configuration Protocol server can be similar to the IP lease that is issued and the hereinafter example of circuit option were shown from the same day:
Lease 172.22.22.254{
starts 1 2006/02/06 15:46:27;
ends 1 2006/02/06 16:46:27;
tstp 1 2006//02/06 16:46:27;
binding state free;
hardware ethernet 00:03:e6:00:3c:84;
option agent.circuit-id“10.160.220.232:1-3-26-0-adsl-0-36”;
}
In this example, the giaddr field is 10.160.220.232.For direct-connected STB, DHCP lease file item has IP address and the MAC Address of this STB.In access point (AC) situation, DHCP lease file item has IP address and the MAC Address of AP rather than STB.In this explanation, term " access point " is meant hardware device or the computer software as the user's communications hub of wired lan.But, circuit information for all devices in the CPE territory, comprise that AP and STB are shared.
Hour of log-on for the ease of circuit I D is found the solution, and creates DHCP lease table 367.The input of this lease table is about all lease flat file information and keys of IP address so that this address be associated with 305 the circuit I D of being connected that the IP lease is associated.This has improved performance level handling to compare with the flat file of period of registration.In one embodiment, this table can comprise:
Field name Describe Data type and size Uniqueness
Lease IP Lease IP address IPV4 text: 16 IPV6 texts: 48 Be
The DHCP expiry of tenancy Expiry of tenancy The DHCP timestamp N/A
Leased circuit The circuit I D that is associated of IP lease therewith Free-format character string N (34 characters in the sample) Be
Carry out batch processing with parsing DHCP lease file 364, and data are imported DHCP lease table 367.Constructor can be used as the background process operation.The lease list constructor should submit to the system task of higher priority, comprises registrar.List constructor can use DHCP catalogue location DHCP lease file.Catalogue comprises the master list of all processed Dynamic Host Configuration Protocol server of its lease file.Catalogue can be manually added, and the person of being operated UI manages and finally explored automatically by DHCP and generates.
Verification system can directly be registered STB, perhaps the access point of registrable STB (AP).For direct-connected STB 370, in step 369, STB sends the key request with its IP address and MAC or STB ID.Registration or authentication server (security server 310 or be arranged on the server of commercial application site) can use lease IP address that this STB MAC is associated with this circuit when registration.
For the AP registration, when STB registered, it sent the key request 369 that comprises its STB ID (MAC).Request IP is the NAT of access point or CPE 380 translations, adds access point IP address thereby key request comprises STB MAC.Checking or registrar use lease IP address that this STB MAC is associated with this circuit when registration.
For a plurality of STB or subscriber equipment, registration process is handled in the same manner, the unique MAC that uses a plurality of STB to send in this case.In each case, registrar receives and has the unique MAC that is used for search circuit ID and the key request of access point or AP IP.
This process is similarly for direct STB and AP registration, because IP always decomposes the CPE circuit.Play an important role when being registered in execution based on the checking of circuit.Because STB MAC may only be known when the initial key request, so it is the registered events that drives checking.Can use business logic to detect clone STB based on the checking of circuit.The key that any this STB can initiatively be refused, or informed quietly so that investigation after a while.
Be rejected or the result of suspicious Circuit verification is inserted in the checking exception table 375, so that processing scan report 376 in after a while.Unauthorized request can be rejected and be recorded in then in the exception table 375.Unusually also can being stored in this table of other type.In one embodiment, the record of checking exception table 375 stored comprises:
Field name Describe Data type and size Uniqueness
STB MAC The MAC Address of STB The dynamic range of MAC Address, in the dotted line hexadecimal string 48 Not
The IP address The IP address that is associated with MAC Be used to help network operator positioning MAC IPV4 text: 16 IPV6 texts: 48 Not
Exception code Abnormal cause sign indicating number-Circuit verification ENUM N/A
Constantly At the current time of writing down when unusual, be used for scan report and filter and periodic maintenance System timestamp N/A
The DHCP expiry of tenancy Expiry of tenancy at Circuit verification and when being write down unusually The DHCP timestamp N/A
Zhu Ce circuit before The circuit I D that before distributes to MAC in the CM database Free-format character string (34 characters in the sample) N/A
Zhu Ce circuit afterwards The circuit I D that distributes to MAC at present in the CM database Free-format character string (34 characters in the sample) N/A
Clone STB in the identical CPE can not easily be detected, and this is because they share identical circuit.Wherein STB is circulated by power or the legal operating position that moves to the room from the room also can cause this situation.In order to expand this restriction, share the multilayer dwelling unit of public AP and can serve a plurality of STB.As countermeasure, registrar can use actual upper bound or other defensive measure of the registration number of time per unit on same circuits.
Can use the open type data storehouse to connect (ODBC) drive access customer database or registration table 368.This installation can be revised customer database to insert registration certificate full word section.Data field is general transform format (UTF)-8 or UNICODE (UNICODE is the standard that is similar to ASCII of representing the integer character).It is interior for use in checking that field hereinafter can be comprised in CM registration table 368:
Field name Describe Data type and size Uniqueness
Circuit I D The DSLAM circuit I D or the connectivity port of the report of DHCP/ relay agent Free-format character string (34 characters in the sample) Be-to make circuit by the relay agent address of considering in advance be unique
Remote ident The unique remote identifiers of STB The dynamic range of MAC Address, in the dotted line hexadecimal string 48 Be
The warning counting Be used for the clone with respect to STB is warned the totalizer of counting, be used to report alert threshold and trend INT N/A
Control Be used for the control field of enumerating that network operator white list, blacklist and warning suppress priority ENUM N/A
Use these fields, network operator can be by the specific supervision report of circuit, place, sub-network or the like structure.
DHCP IP lease may the lease file by in the lease list constructor results and the lease file be registered server use between expiration.Registration or authentication server can filter border condition and defer to the scan report rule by writing DHCP expiry of tenancy and the moment and relevant field to checking exception table 375.The scan report logic can be tested these fields to consider their border condition.The key that is awarded can be rented in time expiration.
Verification system is designed to content authorization service (CAS) compatible substantially, and can act on behalf of with simple object Access Protocol (SOAP) and combine, thereby provides SOAP/ extend markup language (XML) to remote procedure call (RPC) conversion.Verification system can operation in the non-protection area (DMZ) that does not under fire threaten.DMZ is positioned at for example for example computing machine between the public the Internet or small-sized sub-network of private local area network of company (LAN) and incredible external network of believable internal network.Usually, Dynamic Host Configuration Protocol server and relay agent have trusting relationship, and DHCP client's (cpe device that comprises STB) is assumed that it is incredible.In one embodiment, usage license cryptographic key protection verification system is not used by unauthorized ground.Be limited to the be shifted manager login of management level function.
The user interface of verification system can realize with Java or similar internet program design language, and comprise following function:
Control Describe Note
The Dynamic Host Configuration Protocol server tabulation List the list control of the choice box of enabling and forbid Dynamic Host Configuration Protocol server Initial control is manual, can explore by DHCP and expand
The DHCP list constructor Time control (time of operation and frequency), and enable/forbid choice box Control when system carries out the DHCP list constructor with results DHCP lease file
Scanning is preferred The report threshold value is forbidden the expired choice box of lease etc.
Scan report By the list control of verifying or security server generated, demonstrate the scanning summary, point out any tagged STB Under system maintenance, comprise at the white list of STB and forbid warning
Management Enable or walk around Circuit verification cleaning checking exception table and rebuild DHCP lease table The managerial class displacement of username and password protection will be subjected to
Verification system is installed the registration permission server can comprise after the renewal, and this server is realized checking based on circuit with the software that is associated.As part renewal/establishment database schema of installing and new form.In Windows operating system, Installshield EXE produces new Windows service.For the Solaris/Linux system, solution should can be used as tape file (TAR), Red-hat package manager (RPM) or the like and install.If the service for checking credentials is the option of permitting separately, then it will be added unique LICENSE_KEY so that the installation and the unloading of admin-authentication service.In some cases, allow unloading the CM database recovery is arrived the preceding state of checking, relevant form and the field of the deletion service for checking credentials.
The solution that is proposed minimizes or has reduced influence to real-time registration, and allows DHCP lease list constructor and scan report to carry out off-line processing.The scan report execution time is relevant with the quantity of checking exception record, and moves alternately or may be with the periodic duty of report every day (equity).DHCP lease table 367 can be included as all CPE IP leases of the Internet issue of whole acceptance service.The large-scale installation of worst case can be served 1M CPE.Suppose that each all has an IP who rents, then the lease table has the record of about 1M.The main business influence of verification system or operating influence are at registration or Qualify Phase.Under the situation of DHCP lease table off-line, the IP address searching failure, verify perhaps that improper update failure, system will recover and after return current function.Verification system can be permitted separately, and the business logic of verifying and recognizing checking is not recognized in back compatible.
DHCP lease list constructor 365 can be handled the copy of DHCP lease file, and keeps the real-time lease file in the memory module 364 motionless.Construction process can not influence service.Lease table 367 can the repetition period (scratch) rebuilds from the working area, make that it is self-healing.
The scan report that uses the checking exception table can be off-line and can not influence service.Fault in exception table or the report can be safeguarded by the periodic data storehouse and be resumed.The periodic maintenance of checking exception table can be removed outmoded record.
DHCP lease file can be collected into a central network file system (NFS) and derive in the catalogue so that handle.The total collection that can scan all Dynamic Host Configuration Protocol server lease files is to check clone STB.DHCP lease file can regularly be pushed to central collection site by Dynamic Host Configuration Protocol server, perhaps by list constructor in every way (FTP, network file system(NFS) (NFS) or the like) pull out.
DHCP can report the agent circuit ID value of current lease in statistical report (comprising its MIB (management information piece)) and daily record.Because circuit I D is local for the given trunk agency only, limits so circuit I D can be identified the giaddr value of relay agent.Be not written into now at circuit information under the situation of lease file, Dynamic Host Configuration Protocol server and/or relay agent must be enhanced.Remote ident can be DSL modulator-demodular unit ID.
In said system, the identification that is embodied as the physical network connection ID that is associated with building of computer data structure or data-base recording is used to verify the one or more network equipments in the building, makes the network service of safety directly be associated with the owner or the tenant of building.This finishes by making the user when serving and be associated to the physical connection ID that builds at their signatures, check then from the user's of same physical connection ID services request subsequently.Because building can not move, this provides the basis that relies on user dependability.
Fig. 5 illustrates verification system according to another embodiment of the invention, and it also depends on physical assemblies or verifies with being connected of building, but is to use digital certificate to discern this connection, has added another safe floor like this in system.Verification system is " piggy backed " at the bilateral network of existing physical security for example on the effectiveness network that has to the telephone operator of the dedicated line of particular home and building.But, independent, verification system independently can be provided in optional embodiment.In Fig. 5, verification system is piggybacked or adds in the existing Digital Subscriber Line service of telephone operator.This system can connect with the broadband line that is provided to building alternatively other for example serve that cable service provider, circuit company, FTTH or the like use.
The system of Fig. 5 is linked to public utility server or data center's 10 management of the authentication center 20 that has authenticated, and this center can be trusted to carry out the service for checking credentials.In this embodiment, authentication center or server can be known certification entity, as Verisign, Thawt or Baltimore.Other entity then also can be participated in as long as authenticate to credible similarly.In optional embodiment, public utility data center 10 and authentication center 20 can be combined into single entity, and the public utility server is carried out the believable service for checking credentials.But public utility is not known as qualified execution authentication function usually, thereby the system in the illustrated embodiment uses the independent service for checking credentials.
Public utility server or data center 10 are connected to various utility companies edge site or service box 30, and are connected to the gateway module 36 in each family that orders this service or build 40 by special-purpose physical communication circuit 35 then.In the case, communication line 35 is safe component very basically, and each communication line is connected to a specific building.Home gateway module 36 is connected to the interior multiple subscriber equipment of building by wired or wireless communication link 38 then, as set-top box or TV 45, personal computer or laptop computer 50, and various wireless device 55 based on carrier.Each communication line 38 only is connected to a building or physical location.
Term " based on the wireless device of carrier " is meant customer equipment or the miscellaneous equipment that is connected to wireless network.Wireless network can be any attachable per capita open network, as Institute of Electrical and Electric Engineers (IEEE) 802.11, or service provider, the service that provides as portable telephone company or other radio communication carrier or Wireless Telecom Equipment.Example based on the wireless device of carrier is cell phone, radio modem, wireless PDA and other wireless device.Voice ﹠ Video playback reproducer and web browser application are the examples of the application that moves on the wireless device based on carrier.Also can expect the application that other moves on the wireless device based on carrier, and the verification method described in the literary composition is benefited from these application.
Gateway module 36 in this embodiment and the CPE (CPE) the 380th among the last embodiment, equivalent, and can be any equipment that stops the Telco signal or the Telco signal is passed to network.The example of home gateway module comprises that DSL modulator-demodular unit, cable modem, fibre optic modem, radio modem, special circuit connect for example T1 equipment, and makes communication line be connected to the miscellaneous equipment of network.Home gateway module 36 can comprise a plurality of communications, modulator-demodular unit formula function, and can comprise NAT, inner to family's Dynamic Host Configuration Protocol server, fire wall and other network functions for example VPN, WAP or the like.Term " home gateway " or " CPE " are to each upper description in above-mentioned, and except above-mentioned network function, also can comprise unique identifier for example DSL modulator-demodular unit identifier, wire cable data, services interface specification (DOCSIS) identifier, the enhancing privately owned interface of baseline (BPI+) and other identifier.
In the embodiment shown, the subscriber equipment in the building is connected to content supplier via the public utility server, and is connected to other user 60 via internet 65 or private (not shown).But, via the public utility server with being connected of the external world be not essential, and the verification system of Fig. 5 can only be used with verifying the user alternatively and builds.Building or physical arrangement 40 that can have other with broadband cabled or wireless connections various other websites so that transmit and receive data.
Public utility edge site module 30 is to be responsible for family and the physical arrangement of building in the discrete cluster that is connected on the backbone network.In the exemplary embodiment of Fig. 5, each edge site module 30 comprises and security component that is connected near each building or the security control unit that circuit 35 is associated.Edge site module 30 has enough physical security measures and structure, can not enter and the destruction system divulges a secret because of resident person to guarantee edge site module itself.When the edge site module is the DSL edge site, it can comprise and be used to guide the digital subscriber line access multiplex of going to from each building of communicating by letter (DSLAM), this edge site is connected to this building via the dedicated line 35 that is associated, and can as mentioned belowly comprise the control module of a part that forms verification system.
Edge site module 30 comprises following two safe classes:
1. edge site itself is protected physically, and its visit only is confined to authorize the individual, this mandates individual should make data center 10 and also the possibility authentication server know their entering and leaving.
2.DSLAM server (and the server that is used to support DSLAM) also is protected physically.DSLAM can have they self independently safety feature and equipment, and these safety features and equipment separate with the safety feature and the equipment that are used for people intercept outside the physical arrangement of edge site.
In the embodiment of Fig. 1 to 4, user proof or checking depend on the relevance of setting up between registered user and the physical circuit that is connected family or building and network edge website.This relevance is by in when registration and determine that when the registered user uses this equipment subsequently user's physical network connection ID creates.In the embodiment of Fig. 5, be not to use each provenance for example DHCP lease table recognize the connection or the circuit I D of unique communication line 35 of building, but make additional security credence and building or be associated to the physical connection of building.Security credence can be a digital certificate.In one embodiment, each edge site module 30 comprises a plurality of digital certificates 70, and these digital certificates are distributed to each the interior discrete physical structure 40 of trooping that the edge site module is served via the one or more communication lines 35 that edge site module 70 are linked to physical arrangement 40.These digital certificates are stored in the data storage areas.The edge site module also can have the long term memory that comprises the password routine that is used to verify, in the edge site module, can add and be programmed to carry out the Attached Processor of necessary verification step, if perhaps suitable, these functions can be carried out by existing edge site processor.
Digital certificate 70 is sent and cancelled to the verification system of this embodiment foundation structure (PKI) that uses public-key, and this digital certificate is immutable software object.These digital certificates are sealing of two unique keys of carrying.These two keys have nothing in common with each other.A key is the reverse password of another key.If a key is used to encrypted packets, then the unique key that can successfully decipher this packet in the universe is exactly another key that keeps in this digital certificate.A key is commonly called PKI, and another key is commonly called private key.Private key always is attached on the immutable object safely.PKI is shared between the network each side of user and expection.
In case it is the specific building (perhaps security component promptly is connected to the circuit 35 of this building) of immutable object in the case that certified entity of digital certificate 70 or authentication server 20 are issued, then can use following steps to verify the network user in the building:
-user uses the encrypted private key packet, and encrypted data packet and unencryption (expressly) packet are sent to another network user;
-take over party receives this two packets, and uses the corresponding PKI with user's building is associated from certification entity 20 that former encrypted data packet is decrypted;
-take over party executable operations is with coupling clear data bag and clear data bag;
If-matching operation success, then the authenticating remote network user.
In this embodiment, the security component that is connected to this specific building by the digital certificate that uses in this proof procedure is related to immovable specific building or can be verified provides higher safe class.The use of this digital certificate that this is different from the past, wherein certificate for example sends to the user by certification entity and interrelates so that be installed in such as the USB (universal serial bus) in the hardware device of computing machine (USB) dongle or the like and physical assemblies movably.Replace or be positioned and store except physical connection identifier wherein, can use the relevance of digital certificate and physical connection 35 or 305 (Fig. 1) so that verify registered user's the technology that above illustrates in conjunction with first embodiment.
At the special-purpose edge site digital certificate of specific building be stored in the building safely, for example the counterpart keys in family's gateway module 36 is complementary.Such protection mechanism is provided, promptly this protection mechanism can guarantee equipment for example home gateway module 36 can not move to another physical location, and good authentication user still.Known cipher key system can be created and be used for standard and system that immutable object and extremely low error rate are interrelated.In other words, as long as building block (in the case, edge site module, circuit 35, home gateway module) is immutable, then can use mathematics to guarantee that the contact between the building block is very good.
Because each digital certificate 70 is associated with fixed physical structure (perhaps being connected with the discrete of this fixed physical structure), so making, this system can carry out reliable checking to the user who has this physical arrangement or building, in this physical arrangement or building, live or work, and be not only the checking of subscriber equipment, do not discern or guarantee the actual user's of equipment reliability like this.Each digital certificate can have the unique communication line of being exclusively used in of himself and therefore be exclusively used in the private key of a physical site.
Physical communication circuit 35 between edge site module 30 and the physical arrangement 40 can be that physical cord connects for example twisted-pair feeder (copper cash), DSL line, optical fiber cable, special-purpose and discrete wireless connections, or carry out other private port or the connection or the dedicated line of similar special function.Authentication devices 20 can send and cancel troops (community) interior interior digital certificate of various edge site modules so that verify this interior physical arrangement of trooping.Digital certificate can be the X.509 digital certificate that carries two unique keys.X.509 be the explanation of the digital certificate of ITU-T (International Telecommunications Union (ITU)-telecommunications) issue.
Other families and office building can be designated their discrete digital certificate.Therefore, whole trooping can be used this verification system and method.
When communication line 35 was the DSL circuit, it was typically connected to home gateway module 36 so that be implemented to and be connected from the DSL of subscriber equipment in the building.Alternatively, gateway module 36 can be the simple router that is connected to the subscriber equipment in the family, perhaps is used for the improvement router of the data stream of management of end-user.In another embodiment, the one or more subscriber equipmenies in the building can be directly connected to communication line 35 and therefore be connected to digital certificate.
In case be provided with digital certificate 70 for specific building, then this digital certificate also can be used for verifying the subscriber equipment in this building.Although digital certificate is not attached to building itself safely in this embodiment, this digital certificate is attached to the private access circuit that is used for this specific building in DSLAM or other server safely at Provider Edge website module 30 places.This all is very important, because DSLAM is maintained in the edge site of physical security and confirms that it is specifically designed to correct building, this all is because service is handed to this building by the private access circuit, and has the payment history record of user to serving in this building.With the verification system of the network of needs oneself, and have the box of the internuncial safety physically of bilateral network and comparing being connected of each building of subscription validation service, considerably cheaper is wanted in " incidentally " setting of this system on existing network.
The embodiment of Fig. 5 provides foundation structure that uses public-key (PKI) or equivalent so that send the X.509 VPN (virtual private network) of digital certificate 70 (or similar authentication certificate), each certificate is associated with ground fixed physical position, rather than is associated with the removable or relative movable subscriber equipment that may be moved, steal, clone or the like.This makes can carry out safe bi-directional verification to ecommerce, Email and other electronic transactions.The system of Fig. 1-5 utilize utility company for example existing hardware, software and the dedicated network of phone, Utilities Electric Co., CNN or the like as the basis of customer authentication system.If necessary, all verification system hardware and software each positions in network that need are added in existing hardware and the software.This can significantly reduce the initial setting up expense.But independent, provider of independently customer authentication system, and the webserver that these systems can be set to dedicated network, authentication server and database with oneself alternatively use this system to register and user rs authentication.This is especially feasible under the situation of new building exploitation.
Fig. 5 illustrate Certificate Authority checking consumer electronic devices be positioned at wherein family or the first level verification system and method for other physical arrangement 40.Subscriber equipment also can be by the security component checking that is connected with building in two levels of authentication system as shown in Figure 6.In this system, Certificate Authority 20 provides digital certificate 70, the physical location of the building that 70 checkings of this digital certificate are associated with this digital certificate (perhaps be connected to the security component of building, as be connected to the interior connectivity port of circuit 35, the building of building, be connected to the position of the home gateway module 36 or the like of circuit 35).This is first order checking.In the checking of the second level, home gateway module 36 is verified each subscriber equipment in the building then.Fig. 6 illustrates the two levels of authentication system of the embodiment of Fig. 5, but can use similar system in the embodiment of Fig. 1 to 4, this system have be fated as additional firmware and the software shown in Fig. 5.
In the embodiment of Fig. 5, home gateway module 36 can have the key corresponding to the edge site digital certificate 70 that is associated with its specific building that is stored in the data memory module.As shown in Figure 5, utility company (for example telephone operator or Telco) or authentic authentication mandate provide the hardware security element that comprises with the pairing digital certificate of digital certificate 70 to the building user alternatively.The hardware security element can be a USB dongle 95, or any other hardware security element, as safety chip, credible platform module (TPM), smart card or the like.TPM is used to computer equipment that hardware based security is provided.Usually, TPM comprises interior cryptographic hardware of embedding chip or independent hardware module.In the embodiment of Fig. 4, safe USB dongle 95 is installed in the home gateway module 36.
In the embodiment of Fig. 5,, can between family's gateway module 36 and telephone operator's edge site digital certificate 70, successful execution encrypt " signature " function, so that authentication function obtains positive result for the network service normal running.This can guarantee that given home gateway module 36 (or router device of other type) can be in different physical location work.The ciphering signature function can be used suitable encryption software, and for example the software that provided of the RSA Security of Bedford company of Massachusetts is carried out.The said firm has and is used to guarantee the method, technology and the algorithm that are correctly mated by corresponding digital certificate before correctly carrying out at network behavior.The proof procedure of RSA-type can be used for each embodiment described in the literary composition.In one embodiment, the digital certificate proof procedure is used to check authorisation device not move to another physical location from a physical location.
Shown in the dotted outline in Fig. 5, system can use TPM96 rather than dongle 95 in family's gateway module.For example smart card, safety chip technology or the like are associated with digital certificate 70 so that make the home gateway module safely can to use any suitable hardware security element to replace dongle 95 or TPM96.
Similar hardware or software security equipment can be set in each subscriber equipment that is associated with building.For example, set-top box 45 can have for example smart card 98 of hardware based safety element, and it comprises the corresponding digital certificate of certificate 70.Smart card 98 is replaced by dongle, safety chip or the like alternatively.Personal computer 50 can have the dongle 100 of hardware based safety element shown in for example in Fig. 5 or smart card, TPM, safety chip or the like, and it also comprises the homologue of digital certificate 70.
In order to support wireless device 55, home gateway module 36 can have subscriber identification module or the SIM110 of himself, and this module makes can carry out secure communication with all wireless devices 55 that belong to the buildings owner and/or buildings tenant.SIM card or chip comprise the safe storage of storage clients' accounts or credit information.Each wireless device can have SIM card 112 then, and this SIM card is configured to only communicate by letter with the SIM card of home gateway module by the secure tunnel or the link 114 that use security socket layer (SSL) or similar techniques.Subscriber identification module is used for the wireless device based on carrier wave alternatively, the service identification of this module stores equipment, and be used for bill credit or other accounting information alternatively.Usually, SIM is the safety encipher processor that is used to discern the user.Secure tunnel 114 can be based on VPN (virtual private network) (VPN), IPSec or ssl tunneling or other communication link of having verified and having encrypted, or special inside communication link for example of the present invention.Secure tunnel can be the virtual channel between two network endpoints that connect between wired and the wireless communications path.
When the initial setting up of system, perhaps when adding new subscriber equipment, each subscriber equipment by 36 checkings of home gateway module so that the safety element 98,100,112 of subscriber equipment cryptographically be associated with the same numbers certificate 70 related with dongle 95 or TPM96 and SIM card 110.Similar measure can be used for Fig. 5 embodiment so that each subscriber equipment be associated with the digital certificate 70 of home unit 80 stored.This provides the building home unit or has arrived the second level checking of the gateway of subscriber equipment.
In the embodiment of Fig. 5 and 6, the building in equipment only at DSLAM edge site 30 by being assigned to the digital certificate communication of building.Therefore, realize following communication:
DSLAM edge site 1 → DSLAM digital certificate 1 → building 1
DSLAM edge site 2 → DSLAM digital certificate 2 → building 2
DSLAM edge site 3 → DSLAM digital certificate 3 → building 3
In one embodiment, building 2 can not be communicated by letter with DSLAM digital certificate 1 or 3, can not communicate by letter with DSLAM digital certificate 1 or 2 (or any other digital certificate except digital certificate 3) and build 3.Therefore, each building or physical arrangement can be only by its oneself digital certificate communication.
In one embodiment, as shown in Figure 5, Telco or public data center also have related data certificate 71.Data certificate 71 can be unique for each edge site 30 that is connected to data center, perhaps can be associated with single or multiple Telco data center.All safety elements in every paths path for example shown in Figure 5 can be calibrated and synchronously encryptedly, so that authentication function can obtain positive result and carry out proper network communication.In other words, main frame digital certificate 71, edge site digital certificate 70, home gateway dongle 95 or TPM96 and STB smart card can be encrypted ground synchronously so that paid television services or film are provided.Similarly, main frame or service operations person's digital certificate 71, edge site digital certificate 70, home gateway dongle 95 or TPM96 and PC dongle 100 can be calibrated and synchronously encryptedly, to enable the safe common network communication between PC and other webserver or the user 60.At last, main frame or service operations person's digital certificate 71, edge site digital certificate 70, home gateway SIM chip 110 and wireless device SIM chip 112 can cryptographically be calibrated and synchronously, so that can carry out radio communication.If the hardware security element is affected or removed and move to other places from subscriber equipment, calibration can not take place to encrypt, this is because safety element is not connected to suitable home gateway safety element.The all-network circulation depend on what its network development process in office may take place before at the RSA type proof procedure of the success between digital certificate and fail-safe software dog 95 or TPM 96 at family gateway module place.
Fig. 7 is the process flow diagram that the verification method of the system that uses Fig. 5 and 6 is shown.In the first step 200, prospective users or client use them the Notice of Intention service for checking credentials (can be provided by utility company, or independently service for checking credentials provider 20) of service.Authentication server 20 attempt then using related dedicated network for example the special use checking network among telephone operator or other service provider network or the optional embodiment be connected to this prospective users and be positioned at wherein building (step 202).When telephone company network during as verification system a part of, the service for checking credentials 20 is attempted by operation center of telephone operator or data center 10, is positioned at telephone operator's edge site 30 that building 40 wherein is associated and the dedicated line 35 that edge site is connected to the home gateway module of building is connected to building with this prospective users.If successful connection is if then use the record of telephone operator's storage and/or the physical location (204) of position transducer-setting-check building.Use known PKI technology to create unique digital certificate 70 (205) then, and this digital certificate 70 is associated in remote validation is served the checking record of databases storage at 20 places with building.In step 206, unique digital certificate 70 is provided for edge site 30, and in edge site 30 or building gateway module 37 stored in permanent storage.This is as the checking of the first order shown in the system of Fig. 4.
Can carry out second level checking then.The hardware based safety equipment that are associated with this unique digital certificate and comprise the key that is used for this certificate are provided for the service-user at the building site place, and by user installation in the building gateway module (step 208).These safety equipment just can be verified in the time of can be only in being installed in gateway module 36, and these gateway module 36 physical connections are to the industrial siding or the link 35 of this building site, thus its for attempt to steal and settle again this service anyone be useless.Safety equipment also can be configured to be installed on each subscriber equipment at place, situation of building, and in step 210, the safe key of these equipment cryptographically is associated with the safety equipment 95,96 or 110 of gateway module 36.Equally, these safety equipment can only be verified when the suitable equipment that is connected to by this locality in the gateway module 36, thereby they can not be used for any other position.This means and use all secure network communications of digital certificate 70 only to be associated reliably with a physical arrangement with discernible tenant and/or user.Then, but a trust chain deviated from network reaches structure 40, and from structure 40 to subscriber equipment with associated user.
Can easily realize high granularity by this system.When buildings had a plurality of lessee, each lessee can have his or she digital certificate based on tree structure issue, landlord or to build the owner be " father " branch in this tree structure.Verification model can be then: network → structure → landlord → lessee.This tree structure can almost ad infinitum be expanded.For example, do not have the physical address that they self are associated with it, and be connected to via Virtual Private Network under the situation of authentication server, can allow to be associated to charge with existing physical address people.This service can take additional measures with for example after as the successful talks process of the current use of company of Verisign check the user of building external.
Fig. 8 be illustrate ought be for example for E-mail communication of for example financial business of safety or shopping of commercial use, safety or the like, the process flow diagram of performed verification step when the user of subscription validation service wishes to carry out secure communication with the potential network partner with webserver 60.System for example provides by regulating preference in each network application to the user and is arranged on inside or peripheral operation secure network to open or to turn-off the option of verification system.When not needing to verify, if for example the user searches on the internet with acquired information, then the user may select not activate the service for checking credentials.When safety or the service for checking credentials were activated, the user can send to the PKI of digital certificate potential network partner (step 250).This can be sent to selected network partner 60 by private, private public servicer 10, public network or internet 65, perhaps can directly be sent to public network 65 (for example, shown in the optional embodiment of Fig. 9) from building 40 by another connection.Can provide in the embodiment in figure 1 and similarly leave the direct wired and wireless connections of building internet and other public network or private.
In one embodiment, service for checking credentials user may need to import username and password so that the visit service for checking credentials.This provides extra safe class for verification system.Three safe classes that provide among this embodiment are: (i) what (that is username and password) you know; (ii) what (that is, hardware security element or such as the element of USB dongle or the like) you have; And (iii) who are you (being attached to the security identification that the building or the digital certificate of physical arrangement provide the source).In the embodiment of Fig. 1 to 4, for example existing IP address port of physical connection by identification and building number provides the 3rd safe class (who are you).
After receiving PKI, potential network partner requires authentication server 10 to determine the validity (step 252) of key then.Whether authentication server can check key and the significant figure certificate 70 that is associated with Architecural Physics address or position be complementary (step 254), and can take steps for example to come contact device by edge site module and circuit 35 via private, check is authorized to equipment and does not also move to another physical location from a physical location.If check successfully, then allow to carry out proper network communication (256).If check is unsuccessful, then do not allow to communicate (255).
Fig. 9 illustrates the modification of the system of the Figure 4 and 5 that another safe level is provided.This additional safe level also can provide in the system of Fig. 1 to 4.In the embodiment of Fig. 9, subscriber equipment 45,50 is connected to dedicated line 35 between building 40 and the edge site 30 by the home gateway module, and can use this line access to be connected to other network (as shown in Figure 1) of host computer system.The fixed line broadband that building 40 can have other connect 280, and subscriber equipment also can obtain and send data content file, otherwise connect communication by these.In the case, connecting the 280 any higher value content that receive via fixed line broadband must be encrypted to ensure safety.Higher value content is delivered to STB or PC (that is, Fig. 9 secure private outside) with can being subjected to obstacle usually.Fixed line broadband connects 280 and illustrates and be used for not providing the actual Internet service that does not comprise the Internet cable system for example.But for many application, fixed line broadband connects 280 only to be provided by communication line 35.
Wireless device 55 can receive with sending via high-speed wireless link or source 290 and communicate by letter.This has represented wireless network or has served IEEE802.11 for example or for example mobile telephone company or the service that provides other radio communication carrier or Wireless Telecom Equipment with the wireless connections of network or communication port to be provided of provider.When wireless device when for example the cell phone service provider orders wireless service from other wireless carrier, this carrier has their checking user's method, and method of the present invention provides more checking and safety for whole network.But system and method for the present invention does not need independent wireless carrier.
In the modification embodiment of Fig. 9, conversation-based watermark software module 300 is installed in each subscriber equipment 45,50,55 and for example builds on interior each set-top box, computing machine and the wireless device.
Conversation-based watermark software is used for plagiarization, predation and the copy right piracy that initiatively identification is carried out at the content file that is transmitted or download to by streaming in the physical arrangement 40.Software is placed discrete and unique watermark useful load in the content of user's download.The useful load of watermark is the identifier (perhaps affairs ID or the like) of client's special use, and this identifier can be used for discerning the client playing equipment (STB, PC, PDA, mobile phone or the like) that is used to visit with play content.The watermark useful load can be by the private key for user ciphering signature from unique digital certificate, thereby further checking is provided when content is sent out.If this make user attempt with the content unauthorized distribute to other user, this user will be identified.
In optional embodiment, conversation-based watermark software can be held in place in the content server of main frame or data center of telephone operator or server 10.Since each stream or download be at discrete physical arrangement and separate devices 45,50 or 55 and special-purpose, unique watermark useful load of inserting master data center 10 will be enough to prevent the digital piracy in the physical arrangement 40.This optional embodiment requires to download and is directed to building by the master data center, rather than directly is directed to building in connecting at another.Can realize using the cryptographic signatures in client's the watermark useful load of private key, send and be solely responsible for the protection of content with further proof user or client requests content.This can prevent effectively that content is uploaded on public's sharing site.
Advise that all watermarks are dialogue-based and carry out.This means each independent content stream or download and made marks uniquely.In the above-mentioned first optional water mark method, the unique watermark of insertion in client or subscriber equipment itself can or be downloaded at each stream that arrives this equipment.Can select among the embodiment second, content server system can target be each stream of particular device (rather than other) or download in the unique watermark of insertion.
In addition, the encrypted checking of key that can use of the useful load using system in the watermark.In one embodiment, in the watermark useful load, add digital signature, i.e. the encrypted private key that watermark useful load is used by the client " signature ".Also can use other method for example " hash " and use session key.The additional step of this checking watermark useful load is also provable is responsible for the personnel's of leaking from the content of family or building certainty and fault.Term " digital signature " when being used for the application, comprise send or the take over party uses or can be used for transmission path can the side of being received to create, Certificate Authority or unique cryptographic signatures of the opposing party's checking or any and all technology of identifier.The available digital signatures that has various ways, be included in and use PKI to encrypt on message hash or the eap-message digest, eap-message digest is Message Digest 5 (MD5), safety of America hashing algorithm (SHA1) and other data signature technology based on cryptographic technique for example.The digital signature of any kind all can be used for digital signature, and, can utilize the digital signature of any type of current safety or following digital signature technology.
Even for safest environment, content also always may from network, leak and under the dissenting situation of content owner, become disclose available.Although this is unlikely, piracy and cribbing that prediction may take place in some cases are very important.Therefore, advantageously use for example conversation-based watermark of technique of secret writting and process, sightless mark is placed in the content file so that the personnel that identification causes undelegated content to leak.
A kind of possible application of the system of Fig. 9 is to allow user's download early to issue or high definition (HD) film or the like.Because the danger of digital piracy is very big, the digital content of their high value is obtained by the client on the internet so most film workshop is unwilling.Consumer electronics companies also is unwilling to take the valuable content of the feasible stealing hardware and software technology of difficulty more, because this can increase the cost of consumer-elcetronics devices.This means that in fact not having personal computer is safe for the HD content.Its main cause is that the HD film can easily be uploaded on the internet from personal computer, and be provided for have that network connects actual anyone.Owing to have the anonymity of height on the internet, so digital piracy person can carry out these upload operation with impunity.The verification system that has added Fig. 9 of conversation-based watermark software can be a kind ofly to overcome these problems and allow to buy valuable digital content on the internet the method that danger that so that check this content further distributed by unauthorized ground is very little or do not have on the subscriber equipment that is verified.Network structure of the present invention can be verified this network user when the network user wants to consume value product.(perhaps make another similar illegal act) if this network user's decision sticks on content file on the publicly available network, then he or she has the danger of being arrested, because they may be identified in the interior watermark of adding of content-based file.This for valuable digital content for example the digital piracy of HD film or the behavior of undelegated issue be very big fright, and encourage people to utilize and to the legal paying of this content.
Figure 10 and 11 illustrates the selected embodiment of verification system and method, and wherein other Internet Service Provider of Utilities Electric Co.'s network rather than telephone operator or previous embodiment is used as the basis of verification system.The mode of traditional tracking client power consumption is the voltameter in each family or other construction and installation safety, and meter reading regularly is so that charge.But the plan of worldwide Utilities Electric Co. uses network technology so that their employee does not need regularly to visit each building so that meter reading.Identical system can be used for using the tap water or the gas company of metering system, and this computing system is via the regular gauging table reading of company's Network Transmission.
The system postulation utility company of Figure 10 for example Utilities Electric Co. set up main plan preset time section inquire about the network of the reader/transmitter device of the state of the ammeter of each structure 40.In the case, security component or home unit 80 have the assembly that comprises the local verification control module or the instrument box or the shell of circuit.Home unit 80 is connected this building safely or physical arrangement 40 is inner or outside.Control module is illustrated in greater detail in Fig. 9, and is configured to control the local operation of verification system and the metrological operation of utility company.Control module is communicated by letter with main frame or common network server 84 via VPN (virtual private network) (VPN) 85.Also can communicate by letter with the primary networking service device via network 85 in other contiguous access control unit.Master server 84 is communicated by letter with believable certification entity or authentication server 20 then so that carry out checking, and perhaps in optional embodiment, this function can be carried out by host server 84.
As shown in figure 11, security control unit in the case 80 comprises long term memory or the data memory module 86 that is enough to keep digital certificate 70, be used to keep the additional long term memory or the data memory module 88 of password routine or the like, and the central processing unit 90 that is linked to this data memory module 86 and 88.In optional embodiment, these two data memory functions can be comprised in the individual module.Gauging table reading module 87 also is linked to central processing unit 90.Control module also comprises and is used for the main communication module 92 of communicating by letter with the access point of network 85 via dedicated wireless link or fixing wire link, uses wireless or is fixed with connection or local user's communication module or the router 94 that the consumer device in wired link and the building is connected with being used to.
Although family or building unit are associated with specific, unique physical location or address by primary networking service device 84 when mounted, can by in control module, comprise local sensor module 95 for example the position transducer of GPS (GPS) sensor assembly or other type security further is provided.Position transducer can be used for the geographic position of test box 80.If case is removed from building or removed, then geographic coordinate will no longer be matched with the situation of building that is associated with digital certificate, the indication change at once of this system.Can use the digital certificate of being set up 70 of data memory module 86 stored to guarantee that control module can not removed and move to another position from its fixed building position and carry out unlawful activities like this.In the case, the input of position transducer 95 is examined and plans the position of the building that is connected with case 80 and compare, so that verify digital certificate 70 when client or user ask safety to connect or be movable.In the embodiment of Figure 10 and 11, the counterpart keys of digital certificate can be stored in the data memory module 88.
The user that is suitable for the operation demonstration system or the software of client are provided in data memory module 86,88 and/or processor module 90.The physical arrangement or the encapsulation of family or building control module are designed to and can not be easily moved, and can have proprietorial identification code that shows discernible individual or company or the like.Also can adopt other safety practice, thereby for example destroy or cancellation digital certificate during movable case 80 detecting some.
As previous embodiment, main frame or common network server 84 are linked to believable certification entity or service operations person's database/authentication server 20, this server 20 collect subscription validation service all physical arrangements 40 data and provide digital certificate 70 to the structure that is verified, but also make this information can be in the internet 65 (or other common networks) go up by fast and inquiry effectively.As shown in figure 10, as authentic authentication mandate or authentication server 20, the subscriber equipment in the network structure 40 is connected with internet or other common network 65 by wired or wireless connection.As previous embodiment, authentic authentication authorization server and database can be provided a part as himself webserver and database 84 by utility company itself, perhaps can be the entities that separates fully as shown in Figure 5.
Family in Figure 10 or building unit or security component 80 are connected to various subscriber equipmenies in the building 40 by router built-in in the control module in the case 80 etc.This connection can be the Internet protocol (IP) on (but being not limited to) Ethernet.Software and communication module be designed to supporting structure 40 and host server 84 for example between the Utilities Electric Co. and this structure and structure in the client or subscriber equipment for example the equipment 40,50 in the structure and 55 and other electronic equipment between secure bidirectional communication.In the embodiment of Figure 10, as the embodiment of Fig. 9, can and be connected in the subscriber equipment of home unit in home unit 80 for example dongle 95 of extra safety element is installed.
Each building control module can be regularly reports to host server or operation center 84 with continuous data with the information of the state of affirmation digital certificate 70.Digital certificate status information is delivered to authentication server 20 (if separating with host server) via one or more intermediate data bleeding points or network trunk station.When receiving status information, the renewable plan certification of proof of authentication server is a database believable and that do not distorted, thereby it can be used for checking the people's who lives or work network trading in building 40.Regular digital certificate state upgrades and is sent to host server from the edge site server, sends to authentication server then.
Because the network that Utilities Electric Co. disposes can regularly be reported to operation center, importantly, deployment can be used large-scale, safety, the jumbo server of the information that obtains by the checking digital certificate, thereby can make the instantaneous network request of authenticating security network activity based on this certificate.
In case the checking network is set up, then it can be used for verifying the set-top box 45 of using paid television services, check has the non-spam of subscriber equipment of e-mail function, and the transaction of checking internet electronic business reduces identity theft and reduces the based on network fraud of other types.
In the past, many significant effort have been made with the checking network user in chip-scale.It is owing to protect about the sound of individual privacy protection to a great extent that these effort are not implemented in.This is because Authentication devices is run counter to client's will and imposed on the user, is hidden in the customer equipment.On the contrary, unless verification system of the present invention and method by the special request of client or user otherwise can not be mounted, perhaps can arbitrarily easily be started by the client or close.Certainly, when system was not activated, the client can not verify other network service or customer contact of level with need this for the Secure Transaction on internet or other common network.
In addition, the client only needs and PKI can be sent to the anticipation network partner so that be verified, and this PKI can be associated with the connecting line identifier in the embodiment of the digital certificate of the building of distributing to the client in the embodiment of Fig. 5 to 11 or Fig. 1 to 4.Do not need personal information for example address, telephone number or other customizing messages about building.Be enough to cause the basis of trusting if exist, then the anticipation network partner can return YES to the inquiry of authentication server, and if there is no foundation of trust is then returned NO.
If use the people of verification system to participate in unlawful activities, then appropriate managerial mechanism can obtain about the information of the physical address of building and the building owner/user's information from service for checking credentials general headquarters, and can take suitable action.This is as broad as long with the illegal act that location and check take place on network with the current state of using apparatus for obtaining evidence.
By this system, family or building only need by remote validation service or data center's checking self.Subscriber equipment in the family can be verified to for example single building gateway of CPE, security gateway module, router, modulator-demodular unit or switch (Fig. 1 to 9), or the metering of the combination shown in Figure 10 and 11 and security control unit 80.As utility company in living environment each lessee or each user in office or the business environment provide the service, verification system of the present invention can provide identical grain size category.The owner of building needn't be responsible for total, but can require each lessee to be responsible for their zone via the digital certificate of distributing to each lessee.This can and be each user or the lessee issues independent digital certificate and key is easily realized by the layer creating level structure.
Figure 12 is the more detailed view of the verification system of Fig. 9, and it illustrates the system that is linked to commercial network infrastructure management company or service provider, and Figure 13 illustrates when the proof procedure during from retailer's subscribed services on the user path of indicating in Figure 12 of registration.Although this embodiment uses real figure certificate 70 to recognize unique wired or wireless connection 35 of building 40, but also can be according to above setting up safety certificate in conjunction with the mode of Fig. 1 to 4 explanation, promptly be embodied as the physical connection ID of computer data structure or data-base recording, and use this physical connection ID as " certificate " that be used to verify via the user of this connection ID communication by identification.
The digital certificate 70 of family or building can be the individual digit certificate when being used, perhaps can between physical arrangement 40 and telephone operator or main edge site 30, distribute, and can be independently or as mentioned in conjunction with Fig. 6 describedly with physical arrangement in the network element combination so that a certificate chain to be provided.When digital certificate divides timing between physical arrangement 40 and edge site 30, can perhaps connect combination takes place based on the physical connection between structure 40 and the edge site 30 via the cryptosecurity of between edge site 30 and physical arrangement 40, setting up.For explanation hereinafter, should understand term " digital certificate " can be the digital certificate of actual installation, as certificate X.509, perhaps can be family or building to be connected to the communication line of network edge website or to be used to receive the association that realizes between the port via the communication of this circuit in conjunction with Fig. 1 to 4 is described as mentioned.
The previous embodiment of combination illustrates as mentioned, and the communication line 35 between edge site 30 and building gateway, router, modulator-demodular unit or the switch 36 can be wired or wireless.When using radio communication, the combination that can use wireless connections and some customer equipment appointed information is safe storage, the network MAC address in sequence number, SIM card, smart card, the customer equipment or be used to service provider etc. to set up wireless service (mobile phone for example, radio modem, or other wireless device) any other identifier set up communication line 35.
Figure 12 illustrates the communication path from the subscriber equipment that is associated with physical arrangement to commerce or service supplier.Master data or operation center 10 and edge site 30 are connected to network 400, and network 400 can be the physics or the wireless network of any kind, as the Internet.The diverse network edge site 410 that is similar to edge site 30 is connected to network 400 in common mode, comprises the edge site 450 of trade company's network 470.Trade company's network 470 is the computer networks at commerce or trade position.Example comprises the distributed collection of the Computer Service of the processing that can be described to provide www.ebay.com
Figure A200680032760D0046163806QIETU
Computer network.Another example is that the distributed computer that is used for e-commerce site or educational site is handled.E-commerce website infrastructure management company of trade company or data center 483 are connected to commercial network 470 via the commercial router or the network switch 480.Electronic commerce network infrastructure management company of trade company troops for the computing machine of commerce or service process execution processing, for example e-commerce website.The e-commerce website infrastructure management company of a kind of particular type of connectable to network 470 is ordering server infrastructure management companies 490, its be via home gateway module 36 to subscriber equipment for example STB, smart card, PC, provide the computing machine of video delivered service to troop based on wireless device of carrier or the like.Video request program (VOD) server infrastructure management company 490 can issue the content and the medium of other form, and is not limited to video content.Ordering server infrastructure management company also represents any type of ecommerce, education, physical culture, consumption registration or other internet sites.
In this embodiment, can use the safety curtain that is embedded in the key network assembly to set up between user or user and service provider is verified or believable communication path.Voucher can be identifier or the digital certificate that physically is comprised in the equipment, or third party's related voucher of providing of Telco for example.Voucher can be as the X.509 digital certificate in the embodiment of Fig. 5 to 11, maybe can be as mentioned in conjunction with the security credence of the identification of Fig. 1 to 4 explanation 40 the concrete physical connection from Telco edge site 30 to physical arrangement.The voucher of key network assembly is used to verify particular network end points (client computer or server), perhaps the message between two end points is all from known network and known network position, and this known network and known network position are used above and to be connected (communication line 305 or 35) in conjunction with any technology of Fig. 1 to 11 explanation based on their physical network and to verify.The voucher that is verified in the trusted communications path can minimumly make the single communication line 35 of physical arrangement 40 come into force, or a plurality of end points in the communication path from PC 50 to trade company's network 470 are for example come into force.Can check voucher with the security credence of checking physical arrangement 40 by visit Telco or other master data center 10, perhaps check can be by independently the authentic authentication mandate or the authentication server 20 of the security credence of third party's e-business net checking website 420 or checking building are carried out.
The add ons of trusted path can be added in the proof procedure, comprises for example authentication of any network edge website (for example element 450 and 30 in Figure 12) in the path of customer equipment (STB 45) and trade company's network 470 of physical connection site.Trusted path communication can comprise a plurality of essential elements in the communication network, comprises ISP (ISP), Network Access Point, fiber backbone network, high speed Global Internet telecommunication circuit, the communication of traversing ocean, satellite and microwave communication circuit or path or the like.
In one embodiment, can carry out two communication path checkings between two network services, to set up trusted path.The term that uses in the literary composition " trusted path " is meant that one or two network equipment that comprises in the transaction is positioned at and for example is connected to the right known location of physics copper cash.Under the situation of physical arrangement 40, known location is communication line 305 or 35.For trade company's network 170, known location is the physical circuit 455 that network edge website 450 is connected to commercial network, and it can be that telephone for special use connects for example T1 line.Be used as the part of customer inspection to the related security credence of the physical connection of equipment, and if the physical connection ID of user's be associated digital certificate or physical connection 40 be matched with the relevance of expection, then the user is considered to credible.When user's registration service, perhaps when during registration or e-commerce transaction, using user and/or address, can set up the expection relevance of the digital certificate of physical arrangement 40 and this structure 40.Be connected with the known on-ramp of Telco and off-ramp from network edge website 450 to trade company's network 470 connects at the client, edge (periphery) equipment for example edge site 30 and 450 can be verified.Except the checking of user's physical connection circuit 35, with Telco edge site 30 be connected and the checking of commercial connection the (network edge website 450 is to commercial network 470), the client can use dongle (100) that is connected to PC 50 or the smart card 98 that is connected to STB 45 or home gateway 36 interior TPM 96, the fail-safe software dog 95 that is connected to home gateway 36 or other extra security credences further to be verified.
Also can provide other checking to the network equipment outside edge device 30,450 to improve the proof strength of verification system.Example can comprise the checking (when main frame or Telco edge site during by the communication of Telco data center) at Telco or master data center 10 and the checking of other Network Transmission and communication facilities (being depicted as network 400).
By via the SIM card 112 in the radio sources 290 checking wireless devices 55,, can verify that this wireless device 55 is to provide believable communication path perhaps by authenticating to the communication path of radio sources 290.In order between wireless device 55 and commercial network 470, to set up believable path communication, radio sources 290 can be used SIM card 112 checking wireless devices 18 under the situation that SIM exists, other verification method that perhaps utilizes radio sources or service provider 290 to use is verified.When verifying commercial networks 470 based on the wireless device 55 of carrier, wireless device can use the digital certificate of commercial network 470, and when customer authentication trade company network 470, comprises the checking that is connected with the network edge website 450 of commercial network 470 alternatively.
Figure 12 illustrates simplified block diagram element or the module 290 that is used for wireless carrier or service provider, but the interior details of radio sources 290 can comprise based on carrier or not based on all-network and communication facilities commonly used in the communication network of carrier.Trusted path communication can comprise the checking that individual node in radio sources or the carrier network 290 or a plurality of node are carried out.In addition, can be based on the wireless device 55 of carrier via wireless device 55 or via radio sources 290 or via the combination of wireless device 55 and radio sources 290 or even verified separately by the two and third-party authentication agency (single agency, Certificate Authority (CA) or other).
When not having SIM card in the wireless device 55, also can realize trusted path communication by wireless device 55.Radio sources 290 can be carried out the Standard User checking that is used to verify wireless device 55 usually by wireless device provider, and radio sources or service provider 290 can provide the interface with the external world, and this interface can be used for checking state or the identity based on the wireless device 55 of carrier.Whether radio sources 290 can be added the message that has been verified of indication wireless device 55, and can provide about radio sources 290 by Report Stolen or the information that jeopardized.In case wireless device 55 is verified by radio sources 290, then radio sources 290 can be verified wireless device that the result offers believable Certificate Authority, authentication server 20, commercial electronic commerce NET property 483, or other is carried out customer authentication or service provider or equivalent about the details of customer authentication are provided.
For the wireless device 55 that does not comprise SIM card or equivalent safety element, radio sources 290 can lack SIM card to authentication server, CA center or other agency or the computing machine indication of the checking that relates to wireless device 55.Wireless device safety element (SIM, other safety element or do not have) indication can be used to indicate the intensity of credible CA, authentication server or agency's of equal value customer authentication, and this information is provided for commercial network 470 when commercial network 470 is verified wireless devices 55.
In one embodiment, customer equipment (STB, PC or wireless device) is set up with except the exemplary electronic commercial affairs voucher that uses this commerce, by to verify that with circuit 35 similar modes physical circuit 455 verifies and being connected of trade company network 470.The client can be from credible CA, authentication server or service, agency or commercial network service provider (not shown) acquired information, this makes customer equipment can check the network path between this customer equipment and the trade company's network to go up foundation at correct physical circuit (in this example, circuit 455).This trust is by credible CA or authentication server 20, provide the mainframe network 10 of service to commercial network 470, or checking physical circuit 455 or provide the third party agency or the service for checking credentials 420 of the voucher of the physical circuit 455 that can be checked by customer equipment to set up.
Hereinafter in the explanation, term " based on the equipment that is verified of family " be meant via from the network edge device to the family or the dwelling house that is associated of the physical connection of room or transaction or the computer based equipment in the building network for example personal computer is (for example, PC 50), other computing machine, personal digital assistant or PDA (not shown), set-top box (for example STB 45), digital VTR (DVR) (not shown) and other consumer product (TV, broadcasting, player, projector), be used to verify this equipment with the relevance of physical connection.In the case, term " family " is meant any physical arrangement or the building that the people lives therein or works.
The equipment that is verified based on family also comprises for example home gateway module 36 of home network foundation structure project, and the home gateway module with fail-safe software dog 95, SIM card 110 and/or TPM 96.The term that uses among the application " home gateway " or " home gateway module " also can be applicable to any home networking equipment for example network router, the network switch, DSL modulator-demodular unit, cable modem, Fiber to the home (FTTH) network equipment, dialing modem, Fiber To The Curb (FTTC)/FTTC equipment, satellite receiver, other modulator-demodular unit or network communication equipment.Physical interconnection can via with the physical connection of equipment, or the association of the wireless checking that provides via wireless service provider.
In order to improve the security of high-value transactions, need the user via providing additional information, as password, PIN or security code at keypad or keyboard credible or that be verified the customer equipment that connects on the communication path.
In one embodiment, verification system is configured to make the network equipment can detect the transaction that is verified automatically to be requested, and the transmission path of the transaction that is verified also can be verified.This can realize by following operation, be existing protocol and increase suitably expansion, exploitation is also specified New Deal, carry out independent message transaction, provide safe interface at any nexus place that can be inquired about, add to have and be added to the additional message encapsulation that flows to the security information the message of server from client computer, and the network path between definite Authentication devices (commercial network 470), this Authentication devices are checked from communication line 35 to physical arrangement the customer equipment physical connection of STB 45 for example in 40.
In one embodiment, the physical connection checking is carried out during the initial connection between two end points is set up.These two end points for example can be STB 45 and trade company's electronic commerce network property 483, perhaps can be Any user equipment and Internet Service Provider.After the checking of physical connection, these two end points can use symmetric cryptography then between end points.This means between these two end points and to generate session key communication path test safety, that be verified before.Even when two end points are positioned at open the Internet, before the session key exchange between these two end points, only during initial setup, carry out checking believable known communication path is provided.An alternative embodiment of the invention is not that session keys are used in two information communications between the end points, and on the contrary, two end points can use the asymmetric encryption based on PKI, and the private/public key that is verified of this each network endpoint of encryptions use is right.
Another optional method is to add trigger or identifier is requested to indicate believable path validation session, and for example network router, switch, DSLAM, broadband loop carrier BLC, radio-cell website, wireless router, wireless exchange board, the DOCSIS network equipment, network access equipment and other edge and network infrastructure device are handled automatically by the network equipment.Trigger indication client computer or server or client-server or the other network equipment should increase the new route authorization information to transaction by using New Deal or being encapsulated in the message that is sent out between these two network endpoints automatically.To the automatic detection of the request of trusted path checking dialogue can based on to the network equipment of any kind for example STB 45, home gateway 36, PC 50, based on the supporting property 490 of wireless device 55, VOD server of carrier or be positioned at customer rs site or the request of the computing machine of the similar type of commerce site or equipment.Automatically detection can be based on the expansion to existing network transmission control protocol/Internet protocol (TCP/IP), ATM(Asynchronous Transfer Mode), dialing modem, DOCSIS, satellite communication agreement, or by limiting new checking special communication protocol.The automatic detection of indentification protocol for example can utilize the indication trusted path to verify requested enhancing message when TCP/IP or Secure Sockets Layer(SSL) based on existing protocol.
As above as seen, the use based on X.509 certificate that is used to verify is optional.The key element of checking is physical connection circuit 305 or 35 related with physical arrangement 40, this physical arrangement comprises one or more computer equipments (STB40, PC50, home gateway 36 etc.), the physical endpoint authorization information is provided, and this information is provided for then can use physical endpoint to connect the remote server of verifying the network equipment.X.509 relevance between the equipment in communication line 35 and physical arrangement 40 and the physical arrangement 40 can use or not use certificate to set up, even can not use standard X.509 (use non-certificate based on X.509, or only use simple associated data structures) and set up.Relevance between the computer equipment in communication line 35 or other security component and the physical arrangement 40 has improved the checking that does not wherein have the user of smart card, safe storage, password coprocessor or the like greatly.
In one embodiment, verification system is associated with physical connection to family/user by making the client, and is associated with family or user without any need for safety element, and trusted path communication is provided.This means that physical connection information can be used to save the customer equipment safety element, perhaps outside these elements, can be used to strengthen the checking of customer equipment security by way of parenthesis.
With reference to Figure 12 and 13, and use STB 45 and home gateway module 36, communication line 35 and Telco edge site 30, checking or trusted path to be set up as follows and do not rely on any safety element in STB 45 and the home gateway module 36.STB 45 uses any wired and wireless communication technology to be connected to home gateway module 36, and beginning and being connected at the application server of the position that is called as the commercial electronic commerce NET property 483 that is connected to commercial network 470.When STB 45 was connected to home gateway module 36, home gateway module 36 was carried out the IP address translation that NAT (Network address translators) provides, thereby the IP address of STB 45 is different with the IP address that home gateway module 36 offers the Telco network.STB 45 is connected to the supporting property 483 of commercial network, and one or more dangerous ID are provided, as STB sequence number or MAC Address or have or do not have the user ID of password.When the connection message of the service that receives requests verification, the supporting property 483 of commercial network can be discerned the physical communication circuit 35 that Telco edge site 30 is connected to physical arrangement 40, home gateway module 36 and STB or subscriber equipment 45.The supporting property 483 of commercial network can be utilized the traceroute mapping or connect the communication line 35 that recognition methods (IP address search etc.) identification is connected to Telco edge site 30 the home gateway module 36 of user STB45 as other that hereinafter is described in more detail.
Telco or main frame edge site 30 can provide the mapping locating function, and this function can be mapped to the persistent identifier of communication line 35 with IP address or NAT translating address, and can not reveal the identity of physical arrangement 40.This identification can be used the Telco NAT of data center address translation IP address, back for communication line 35, it is constant that this communication line 35 keeps for physical arrangement 40, but is interim because DHCP or equivalent move on Telco data center 10 or Telco edge site 30 for real ip address.This permanent association makes that the supporting property 483 of commercial network is associated with the user with physical circuit 35 as user during to service that supporting property 483 enrolled merchant of commercial network provide.Provided a kind of possible correlation model in the following table 1:
Table 1 user correlation model
Entity Identity Related Action
STB The basic identification symbol is as unsafe sequence number or user ID The user ID of user or STB User ID or the equivalent part as dangerous login is provided
Communication line ID-DSL For DSL:DSLAM physics copper cash/port association The Telco IP address port of presenting to network No. 400 is associated with communication line 35 At STB 45 or build other subscriber equipmenies in 40, Telco number is associated communication line 35 and the IP address port of presenting to network 400
Communication line ID-cable For cable: DOCSIS, DAVID, cable modem terminal server (CMTS) or Physical layer or higher network layer identifier, this identifier recognizes the communication line 35 of family The cable companies IP address port of presenting to network No. 400 is associated with communication line 35 For STB 45 or build connection between other subscriber equipment in 40, cable companies makes communication line 35 and the IP address port of presenting to network No. 400 be associated
Communication line ID-optical fiber (FTTC)/Fiber to the home (FTTH) or connect with the different Physical layer of physical arrangement 40 for Fiber To The Curb, Physical layer or higher network layer identifier, this identifier recognize the communication line 35 of family The IP of the FTTC provider address port of presenting to network No. 400 is associated with communication line 35 For STB 45 or build connection between other subscriber equipment in 40, cable companies makes communication line 35 and the IP address port of presenting to network No. 400 be associated
Telco data center (TDC) The identity of TDC can be by similar traceroute function or protocol encapsulation or other method be determined TDC provides the method for the interior described communication line of top 3 row of related this table Safety method is exposed to provide communication line ID by TDC or Telco edge site.The safety method of communication line ID is provided by credible CA 1 or other trusted entity alternatively
The verification system of the foregoing description can be called as trusted path with method and communicate by letter.In one embodiment, checking or trusted path communication means indicate trusted path to verify that requested standard message can be added to arbitrary layer of open system interconnection (osi) seven layer networks with being used to, in Physical layer, data link layer, network layer, transport layer, session layer or presentation layer.Using assembly and software to strengthen can detection validation request automatically in the suitable layers of OSI seven layer network models with the network equipment that the automatic reliable path validation is provided.When using other network layer model, the trusted path checking can be added in the random layer or a plurality of layer of network model.Add to existing protocol for example the trigger in the automatic checking indicator of SSL can need be encapsulated in the new packet header that comprises the verification msg title by the network packet that will not be verified to network equipment indication, perhaps have the additional packets (network packet that does not have encapsulation not to be verified) of the verification msg (being with outer message) of enhancing, thereby add extra verification msg by transmission.The trusted path network equipment can detect the trusted path communication session and be requested, and suitable trusted path safety or the verification method using as hereinafter be described in more detail automatically.
Exist multiple possible being used to set up to be verified or the method for trusted path communication session, but the key of any method that is employed is a trusted path network enhancing equipment to be carried out some and handles, the trustable network path that this processing causes communication network device to be identified as being verified.Computer network software or hardware design those of skill in the art can use technology as mentioned below at a particular network layer, to set up verification method and system.Listed the technology of each layer that can be applicable to OSI7 layer network model usually in the following table 2.Set up trusted path communication or be verified the required hardware and software of path communication and can all be added in the single model layer, or be distributed in more than in one the model layer.When providing in the table hereinafter more than one model example, also can expect, those skilled in the art can only realize specific function at single layer, for example trusted path communication is only added in the browser layer, perhaps trusted path communication is only added in the HTTP(Hypertext Transport Protocol) function of application layer (layer 7).
Show the possible different layers that can be applicable to OSI 7 layer network models of 2-to set up the verification technique of trusted path communication
Figure A200680032760D00551
Figure A200680032760D00561
Exist multiple different procotol revised or application to support the mode of verification system described in the literary composition and method.Figure 13 illustrate a kind of checking from the subscriber equipment to the trade company or service carry
The path that supplies the merchant is to provide safety or trusted communications route method.In step 500, order by the subscriber equipment from Physical layer for example the PC in Figure 12 50 offer for example Internet Service Provider of the supporting property 490 of VOD server or any kind of trade company through one or more networks.In a possible example, application layer is connected to network software in the PC 50 and request trusted path checking (step 502) by interface.It should be noted that in this example this application knows that the order video needs user's checking.If application software does not automatically perform this step, then trade company's network 470 can be verified the client by using the order of checking client requests.To the request of trusted path checking not necessarily from application layer.PC 50 does not need even to know that trusted path checking is performed, and server side (commercial network 470) but solicited message with the check trusted path.Network software receives the request to the checking of order path, and beginning with expect that end points sets up the process of trusted path.In the case, end points identification user wishes the remote machine that connects, for example supporting property 490 of VOD server or commercial electronic commerce NET property 483.
Telco or main frame edge site 30 receive " trusted path connect " message via home gateway module 36 from PC 50 by communication line 35.In one embodiment, edge site 30 can be configured to add the node specific identification in trusted path connects message.The node identification information specific can recognize the physical circuit 35 of building 40, is used to verify user's communications circuit ID (rather than using digital certificate) with generation.Alternatively, edge site 30 can provide application programming interfaces (API) or the network service that can be used for checking physical connection.
Telco or main frame edge site 30 also can receive the request to the checking trusted path via the supporting property end points of server/network that message communicates with from PC 50.In this optional embodiment, commercial network 470 can send Customer ID to edge site 30 or equivalent, thereby edge site can be discerned the user that commercial network 470 is wished checking.The business website also can allow to set up credible or is verified the authorization information in path from main frame or Telco request.
In one embodiment, commercial network edge site 450 receives trusted path from Telco edge site 30 and sets up communication or message, and it comprises node certain validation information.Network edge website 450 adds network edge website node certain validation information in this message.The multinode certain validation can be applied to the trusted path message that connects in this way.
The trusted path that commercial network 470 receives the node customizing messages with edge site then message that connects can ask authentic authentication mandate or authentication server 20 or third-party authentication service 420 to confirm trusted communications paths (step 504) then.When subscriber equipment when for example STB 45 or PC 50 are connected to commercial network 470, trusted path information that CA checking Telco provides that commercial network or web site requests are credible.Checking trusted path message can be by for example with encrypting timestamp, message SN and optional random number digital signature, this make commercial network 470 can unique identification from the message of Telco or credible CA.
Whether certification entity (CA) or other checking or safety equipment receive commercial network 470 " checking trusted path " request (step 505), and definite path credible (step 506).The message of CA is encrypted with message SN and timestamp with the private key of CA or is signed to eliminate replay attack.Although in this step, mention certification entity or independent or third-party authentication server, but also can the required software and hardware of checking trusted path be set in Telco data center 10, and Telco data center can provide response to commercial network 470 in the case, and whether this response indication path is credible.If the path is insincere, then transaction (step 507) can be selected to stop by trade company.
If commercial network receives verifying the positive response of trusted path request from CA or similar certificate server, then use the PKI of CA to confirm this message, and commercial network is also confirmed timestamp, message SN and the random number of being added by commercial network when for the first time CA being done the outbound path authentication request.Commercial network 470 also uses the public key encryption of PC 50 to be used for the session key (step 508) of communicating by letter with PC 50.Session key after trade company will encrypt sends to PC 50 (step 510).The PKI of PC 50, home gateway dongle 95, TPM 96 or STM 110 can be used for encrypted session key when session key is sent to PC 50.A kind of optional method is that encrypted session key is used this encrypted session key of public key encryption of Telco edge site 30 then so that flow to Telco edge site 30 after encrypting with the dongle key 100 of PC 50.Telco edge site 30 can be deciphered the encryption useful load that comprises this encrypted session key subsequently.Figure 14 illustrates the encrypted session key of this example, and is illustrated in greater detail hereinafter.
Network edge website 450 receives encrypted session key from commercial network 470 when being routed to PC 50, and alternatively as the part of the foundation of trusted path catenation sequence, adds the node certain validation in the encrypted session key response.Encrypted session key with the certain validation of being added can be sent to PC 50 via network 400 then.Optionally the node certain validation makes PC 50 can check commercial network 470.Network edge website 450 can not be deciphered this encrypted session key.
Encrypted session key response (step 510) from commercial network 470 is received at Telco DSL edge site 30 places, and perhaps the combination via Telco data center 10 and edge site 30 is received.Alternatively, Telco data center 10 or Telco edge site 30 can be verified commercial response.Session key after the encryption is sent to PC 50 via communication line 35 or home gateway module 36 (if present) then.PC 50 receives the session key after the encryption, and verifies the communication path from supporting property of commercial network or the supporting property 490 of VOD server alternatively.Can between commercial network 470 and PC 50, begin to carry out secure communication (step 512) then.
As shown in figure 14, trusted communications path method mentioned above makes a plurality of encryption layers can be applicable to checking or transmitting data stream or is applied to the two simultaneously.For example, PC 50 can encrypt the message of commercial network 470, and Telco edge site 30 can add the extra encryption layer at network edge website 450.By make network edge device for example DSL/DSLAM edge device 30 encryption of adding 450 special uses of particular network edge sites can realize network trust.Any network infrastructure device can add this network path and encrypt.For example, suppose that Telco edge site 30 is connected to Telco data center 10, and Telco data center 10 is large-scale telephone operator or other large-scale service provider.Commercial network 470 can be used to use the user's of PC 50 message to improve physical security by layered encryption.As shown in figure 14, Telco data center encrypting messages 550 can comprise the encrypting messages 552 that is used for Telco edge site 30, and message 552 can comprise the encrypting messages 554 at user PC 50 then.Alternatively, be placed on by encrypting messages in the encrypting messages of Telco data center 10, two infill layers rather than three infill layers can be provided user PC 50.Two-layer or three infill layers can be made only useful to the user of Telco response.Strengthen physical security and can comprise one, two or more physical network and connect for example PC 50, home gateway 36, Telco edge site 30 and Telco data center 10 by adding encryption credible or that verified the network path special use.The special-purpose trustable network of the encryption of each interpolation path can comprise identifier, and this identifier can be used for removing automatically the encryption layer of interpolation by the trustable network junction device.
The communication facilities that trusted path enables can verify that any expection in the transmission path is verified the point of (digital signature or other cryptographic technique).For example, commercial network 470 can authenticate to the physical connection of PC50, and perhaps PC 50 and dongle 100 (if you are using) are to the physical connection of Telco edge site 30, Telco data center 10 and network edge website 450.Alternatively, a minimum side who verifies network trading for example only verifies PC50.Another example is that commercial network 470 is via dongle 100 checking PC 50, via dongle 95 or TPM96 checking home gateway 36, via digital certificate 70 checking Telco edge sites 30, via Telco digital certificate 71 checking Telco data centers 10, perhaps via certificate in the network edge website 450 or security credence (not shown) checking network edge website 450.Minimum PC 50 end points of verifying of this verification system, perhaps can verify PC 50 end points and along this path any other the expection element.In addition, because the physical communication circuit 35 that causes physical arrangement 40 can be verified, so except PC 50 or replace PC 50, can use the digital certificate 70 of physical arrangement 40.This makes and can use one or more check post checking physical arrangements 40.
With reference to Figure 14, the message that is derived from commercial network 470 can only be sent as the encrypting messages 554 that is used for PC 50, and it can only be deciphered by PC 50.Nexus (for example, Telco data center 10) encrypting messages 550 can comprise the decrypt messages destination indicator, this designator indication should be deciphered this message along which network element of trusted path, for example Teclo data center 10, Telco edge site 30, PC 50 or home gateway 36.Equally, the security of increase can be laminated on the end points dedicated encrypted, but this makes trusted path network identification message, and this message can be deciphered by the network equipment when moving through network.
In Figure 14, Telco data center 10 can identify message 550 can be by 10 deciphering of Telco data center.After first encrypting messages was decrypted, the residue message 552 that comprises two inner boxes was forwarded to Telco edge site 30.Not still at the network equipment of commercial network outside, and the message encapsulation of data of interpolation also can be deciphered or remove to commercial network 470.The encryption layer that adds can by source point for example commercial network 470 carry out, perhaps by the network edge website for example as shown in figure 12 network edge website 450 add.Adding to basic is that message encryption layer in the message 554 of target can be based on the letter bag that encapsulation comprises the message of letter bag session key with the end points, and this session key is by the public key encryption of network element (for example Telco data center 10).Need the network element of decrypt can use the private key of network element to separate secret letter bag session key to expose session key.Session key can be used for the letter bag data of decrypted session secret key encryption then, and these data are that basic in Figure 14 is the encapsulation of the message (encrypting messages 554 of PC 50) of target with the end points.Discerned as the decrypt messages order destination indicator in the message letter bag, the message of target that basic with the end points is is the message that is sent to end points, and all other the encryption layer of this message is removed by the network equipment along trusted path.
The trusted path checking can be used as SSL (security socket layer) the transmission path operation of overall safety, wherein verifies and transmits and encrypt the encryption of using based on unsymmetrical key PKI, and this PKI key is based on connection end point (for example, STB 50 and VOD server 490).Endpoint verification (for example, STB 50 and VOD server 490) can use unsymmetrical key PKI method to carry out, and the stream of the VOD in the encrypting messages or other transport payload can utilize symmetric key encryption, and set up session key between end points (for example, STB 50 and VOD server 490).After the checking transmission path, can carry the key that is used for symmetric key encryption.The key that is used for symmetric key encryption can use the PKI key that is used for each end points, perhaps uses the session key of setting up between end points 50 and 490 after checking, exchange between end points (being 50 and 490 in the case).Alternatively, symmetric cryptographic key can use the checking of acquiescence by the public key encryption session key that uses other end points.Other Certificate Authority (not shown) that the PKI of end points can be comprised in credible CA or the system obtains.In above-mentioned example, STB 50 and VOD server 490 are used as end points, but any two network elements all can be used as end points.The example of trusted path checking will make Telco data center 10 verify Telco edge sites 30, digital certificate 70, home gateway 36 and PC 50.
The network user mentioned above or customer authentication method and system can add in any network infrastructure elements, comprise that modulator-demodular unit, FTTC, FTTH or optical fiber are to neighbours (FTTN) interface card, cable modem, DSL modulator-demodular unit, router and the network switch.This method and system comprises the aut.eq. that is used to start the transaction that is verified, and sign in the transaction path that can comprise network edge device, the transaction path signature of application program provider, the transaction path testing that the client uses, and service provider's transaction path testing.For example, online trade company can check following path:
1. via the ISP of the user who is positioned at the physical cord check signature on the edge site that is connected to the user to the user that Internet service is provided.
2. user's ISP is to the ISP that service is provided to online trade company.
Via at the online ISP of trade company of the checking of the network edge website of ISP to the checking of online trade company, this edge site comprises circuit or the network edge device that makes online trade company be connected to the online ISP of trade company.
4. make the computing machine of the website that is positioned at online trade company be connected to the transaction door (or computing machine) of the online trade company of the online ISP of trade company.
5. optional, the additional checking of the network path in the online trade company
The method provides credible VPN for transmission path so that checking and registration.Registration may need to take place by home gateway, this means that the certificate of home gateway relates to new user or for example registration of TV, visual telephone, computing machine or the like of customer equipment.Checking can be from home gateway, and this home gateway is used to registration/checking level on being set at DSL or safe physical circuit the time.
Do not begin session by requests verification when being connected to remote server or e-commerce website request client (for example, the STB 45 in Figure 12), this remote server (commercial network 470) can begin customer authentication by sending the customer authentication request command.This order can be inquired about the network equipment between client's (STB 45 and Telco edge site 30 or Telco data center 10 or equivalent) to obtain client's verification msg.
In one embodiment, the wireless device carrier checking that for example equipment 55 of Figure 12 can be by carrier and this wireless device and being linked.This can be Digital Right Management DRM exchange good model is provided, thus the checking of wireless device suppressed by vector, and home gateway or video distribution equipment susceptible of proof wireless device are the parts of individual private.
Other sub-network that can be HDCP (HDCP) and move on conventional hardware provides the sub-network checking.The HDCP that for example has weak security with legacy equipment compares, and new hardware can be benefited from better security and registration.
At Installed System Memory at a plurality of safety verification transmission paths, and the service or the shopping validation chain in can use any and whole element.For example:
The DSL edge site is to DSL modulator-demodular unit or home gateway;
Home gateway is to STB;
Home gateway is to PC;
PC is to monitor.
Safety element can be used for being directly connected to the keyboard of PDA or PC, and can order be passed to the safety element that needs response from remote computer, and remote computer is encrypted and is sent in this response by safety element.
Verification method mentioned above and system can avoid or reduce because the problem that the phishing request brings.The user can be by using aforesaid method of inspection check from believable Email or the data that are verified the source.For example, when communicating by letter with the banker, the source that the user can be checked through message is from this banker.System can check the voucher of remote source to be applicable to requested information.
As mentioned above, the traceroute mapping can be used for determining network topology, thereby edge site or router can detected and checks.Known traceroute mapping not only can be used for router, and is used in the network equipment of layer 1,2,3..., how to take place in lower network layer so that determine to seal dress.When not providing interface type in traceroute is mapped in traceroute response, the Internet Service Provider can set up the relevance the traceroute from the safety head end to the user.Example is as follows:
Traceroute user 123456, it translates into IP address 205.171.17.135.The traceroute from head end when the identification user can be as follows:
1 pos2-0-155m.cr2.telco.net(205.117.17.130)2ms
2 205.171.17.135 1ms
In above-mentioned example, from the traceroute of head end will be identified as being connected of user 123456 via the connection of jumping apart from 1 pos2-0-155cm.cr2.telco.net, relevance can or be equal to interface via network management consloe and be determined connection/IP address for this reason and specific physics copper cash from local office to the family that is positioned at particular address to being associated.
Similarly the traceroute relationship maps can be mapped to IP address Cable Modem Termination System (CMTS) MAC Address and/or identification of physics DOCSIS (or similar) cable modem and user.Term " traceroute " is exemplary in the text, but realizes that any order or interface that user that Physical layer connects is associated with Provider Edge website or Network Access Point all can replace traceroute.Can imagine, can develop newer command so that Physical layer, data link layer, network layer, the transport layer or more high-rise suitably related of user and OSI seven layer protocol models.
Although can imagine, a plurality of network equipments in the Web publishing service can be associated with physical connection etc. or be verified, but the most important association that can set up be the user the physical network access device (for example, modulation equipment in data modem unit, cable modem, ATM modulator-demodular unit, fibre optic modem, DSL modulator-demodular unit or other family) with the network edge website between so-called " last mile " related, this network edge website physically stops and being connected of family.This association can comprise any one in following seven layers of OSI hierarchical network model or more than one, indication is called as Physical layer, data link layer, network layer, transport layer, session layer, presentation layer or application layer in the table 2 as mentioned.The mapping (DSL, Sonet, Fast Ethernet be 100BaseT, integrated services digital network (ISDN), token ring, Fiber Distributed Data Interface (FDDI), wide area network (WAN), ATM, hybrid fiber/coaxial network or other physical-layer techniques for example) that user's association can use Physical layer to connect is usually set up in Physical layer.Can be a user and set up additional Physical layer association, but a crucial Physical layer association is last mile association that service is provided for family or position.Can imagine that also one or more layer is combinable,, for example merge data link layer on the network edge device (layer 2) for example medium access control of parameter (MAC) address and user and be connected with Physical layer to user front end so that the user is associated with physical connection.If this association can via with the communicating by letter of networking edge device-available-set up, perhaps set up via the database of service provider or equivalent operation.The parsing of user's association can be meticulous to the physics copper cash of family to being connected, or the DOCSIS address on the Cable Modem Termination System (CMTS), or the MAC of wireless last mile connection between family and the network or logical link control layer (LIC) or radio link address, or wireless client is connected to the base station of wireless network.
Checking has the required checking of the user of communication line or client or physical connection id information can be provided by the Telco data center 10 (or equivalent) that client (STB 12, PC 14, based on carrier wireless device 18, PDA or other client) is associated with communication line or Telco edge site 30 (or equivalent) or credible CA 20 (or equivalent).Verify that required minimum information is Customer ID and communication line ID.Customer ID is to be used to follow the tracks of the value that is connected to the specific client devices of network via communication line.This value can be the arbitrary value with permanent fixation value that is used for the user, and perhaps it can be the nonce that only is used for single connection.The identifier that this value can provide based on IP address, IP address and port numbers, user ID, the random number that derives from user ID, Telco edge site is the address of NAT for example, or other the similar data value that is used to discern or customer equipment is associated with hereinafter described communication line information field.Communication line identification symbol or ID are the persistent identifiers that the Telco edge site is connected to the communication line of computer equipment in the physical arrangement 40 or modulator-demodular unit or gateway.This value provides persistent identifier, thereby any customer equipment that is connected with physical arrangement 40 all can be verified.
In exemplary embodiment of the present invention, can obtain extra check or authorization information so that increase security.For example, signature, security code or other identifier can be used to check Customer ID data field and communication line ID not to be modified.This field can be simple as the tape symbol hash of Customer ID and communication line id field.Alternatively, signed value can be generated by two different hash, thereby distorts the possible of hash by utilizing hash collision to eliminate.There is the hash of symbol can use the private key of Telco edge site 30 or Telco data center 10 or credible CA 20 or equivalent encrypted.When using a pair of hash that symbol arranged to utilize hash collision to eliminate to distort, these two hash are the dissimilar hash with different hash collisions.For example, when using a pair of hash to utilize hash collision to eliminate signature to distort, hash can be that MD5 and another hash are the different hash SHA1 for example with different conflict characteristics.If a hash is used twice, then the calculating of hash can be carried out based on precise information, and second hash can use the SALTed hash that is similar to the SALT value to calculate, when the user selected same password for system, the SALT value is added so that the identical randomization password value (SALT is the random data string that is used to revise encryption) that cryptographic randomization stores up with the elimination databases.When using two same Hash, a hash can be used unmodified precise information, and second hash is used the randomizer of using or brightened device when calculating the second data hash of being put in marks.If data are distorted to utilize hash collision, randomizer or brighten device and can cause hash collision utilization failure then, this be because the conflict that is utilized only in one of two calculated hash.This is that to use the input of different data as hash function, first hash be precise information and second hash has the employed data of first hash function that are randomized or brighten because each hash is calculated.Randomizer or to brighten device can be for example XOR (XOR) function of simple function, or more complicated function for example derives from the random number of seed, this seed are used for calculating to second hash provides different input data.
If safety or verification system are by hacker attacks or jeopardized safety, the embodiment described in the literary composition can comprise renewable feature.In some cases, renewable property can realize by changing cryptographic technique simply.For example; if advanced encryption standard (AES) 128 encipherment schemes are disposed and by hacker attacks; then change into for example RSA Security ofBedford of another standard fast, the RC-4 encipherment scheme of Mass. exploitation can be used for content protecting a couple of days or several weeks.In the case, system designer upgrades the original encryption method if having time so that redeploy this encryption method a little later the time.
The server side of network, client-side and peer users can be understood mutually, but all users' a main focus is the safety of resisting various dangerous protections self.Main hazard during network uses is:
1. the client receives spam and virus (example of client-side danger) from the entity of the unknown;
2. the consumer experience of the credit card that based on network retailer usurps from use, identity of usurping or the like is to highly swindle, especially for example long-distance telephone service of immediate consumption customer service (example of server side danger);
3. the electronic commerce network client on the e-Bay for example, its worry enters the transaction (example that equity is dangerous) with unknown buyer or seller
If verification system of the present invention is used so that realize security identification based on specific physical arrangement by client and retailer, then can alleviate some or all the problems referred to above.
Verification system also can be used for sending to set-top box the pay TV content of safety on public network, and for example computing machine and hand portable equipment send sensitive information and material to subscriber equipment.If these contents are leaked or are further distributed to undelegated user, then than being easier to the identified leakage source.System can be used for for example checking of first aid information of medical science, finance and other sensitive information.Use this bi-directional verification (provider and customer authentication) can be more easily and utilize the network service of various high values safely, for example early discharge the windows content issue, the resolution content issue, safe e-Bay transaction, secure financial transactions, the transaction of safety equity, safety E-mail communication or the like.
It will be understood by those skilled in the art that various example logic program blocks, module, circuit and the algorithm steps in conjunction with disclosed embodiment explanation can often be embodied as electronic hardware, computer software or their combination in the literary composition.In order to be clearly shown that this interchangeability of hardware and software, program block, module, circuit and step above general description their function.It still is that software depends on concrete application and in the design constraint of total system that this function is implemented as hardware.The technician can realize described function in many ways at each concrete application, but this realization decision should not be understood that to deviate from scope of the present invention.In addition, the grouping of the function in module, program block or the step is in order to be easy to explanation.Specific function or step can be removed from a module or program block and can not deviated from the present invention.
Become general processor, digital signal processor (DSP), special IC (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, isolating hardware assembly or their any combination realization or the execution of function described in the execution literary composition with the module available design in conjunction with the various example logic program blocks of disclosed embodiment explanation in the literary composition.General processor can be a microprocessor, but in optional embodiment, processor can be any processor, controller, microcontroller or state machine.Processor also can be implemented as the combination of computing equipment, one or more microprocessors of for example combination of DSP and microprocessor, a plurality of microprocessor, associating DSP nuclear or any other this configuration.
Can directly use hardware, executable software module of processor or the embodied in combination of the two in conjunction with the method for disclosed embodiment explanation in the literary composition or the step of algorithm.Software module can be positioned at the storage medium of RAM storer, flash memory, ROM storer, eprom memory, eeprom memory, register, hard disk, removable disk, CD-ROM or any other form.Exemplary storage medium can be coupled to processor, thereby processor can be from this storage medium read message and to its write information.Under optional situation, storage medium can be integrated in the processor.Processor and storage medium can be positioned at ASIC.
Various embodiment for example also can use assembly, mainly realize with hardware as special IC (ASIC) or field programmable gate array (FPGA).The realization that can carry out the hardware state machine of function described in the literary composition also is conspicuous to those skilled in the art.Various embodiment also can use the combination of hardware and software to realize.
The above-mentioned explanation of disclosed embodiment makes any those skilled in the art can realize or use the present invention.Various modifications to these embodiment are conspicuous for those skilled in the art, and the ultimate principle described in the literary composition can be used other embodiment and can not deviate from the spirit or scope of the present invention.Therefore, should be understood that explanation and the accompanying drawing in the literary composition represented the preferred embodiments of the present invention, therefore the purport of representing the present invention to summarize.Should also be understood that scope of the present invention comprises for those skilled in the art significantly other embodiment fully, and therefore scope of the present invention is only limited by claims.

Claims (44)

1. network user authentication system comprises:
Physical connection is to the security component of building;
Be linked at least one interior subscriber equipment of building of this security component;
Security server;
This security server is linked at least one network of this security component; And
Be configured to determine the physical connection sign (ID) of this security component and the security server that this physical connection ID is associated with the network service user that uses this subscriber equipment.
2. according to the system of claim 1, wherein said security component is the dedicated line that is connected to building.
3. according to the system of claim 2, wherein said circuit is the broadband telecommunication circuit that an end is connected to building.
4. according to the system of claim 2, wherein said circuit is a Digital Subscriber Line.
5. according to the system of claim 2, wherein said circuit is a fibre circuit.
6. according to the system of claim 2, wherein said circuit is the dedicated wireless link to building.
7. according to the system of claim 1, wherein said security server is the independently server that is linked to described security component at least one network.
8. according to the system of claim 1, wherein this system also comprises the service provider network edge site, and between this edge site and building, provide at least one connecting line of communication, and the provider server data center that is linked to edge site, described security component comprises the connecting line from edge site to building.
9. system according to Claim 8, wherein this system also comprises the building gateway module that is linked to described connecting line in the building, this building gateway module is configured to provide interface at described connecting line with between each subscriber equipment in building.
10. according to the system of claim 9, wherein said subscriber equipment comprises at least one personal computer.
11. according to the system of claim 10, wherein said subscriber equipment also comprises at least one set-top box.
12. according to the system of claim 10, wherein said subscriber equipment also comprises at least one Wireless Telecom Equipment.
13. according to the system of claim 12, wherein said wireless device is selected from the group that is made of mobile phone, personal digital assistant and wireless computer.
14. system according to claim 9, wherein said edge site server has the dedicated connection that private communication is provided for a plurality of buildings in the local group, described edge site server has processor module, this processor module is configured at a plurality of unique digital certificates of described data memory module stored, and each digital certificate is linked with the corresponding dedicated line that is connected to the building that is associated with described digital certificate.
15. system according to claim 14, wherein this system also comprises a plurality of subscriber equipmenies in each building, this subscriber equipment is linked to described gateway module, and configuration is used to use the unique digital certificate that is associated with the dedicated line that each building is connected to described edge site server to carry out safe network service.
16. according to the system of claim 14, wherein said gateway module has the first hardware security element that is associated with described unique digital certificate.
17. according to the system of claim 16, wherein said hardware security element is selected from the group that is made of USB (universal serial bus) (USB) dongle, smart card, SIM card and credible platform module (TPM).
18. according to the system of claim 16, wherein said subscriber equipment has with the described first hardware security element password in described gateway module to be harmonized and the second synchronous hardware security element.
19. system according to claim 14, wherein said gateway module has at least one the hardware security element that is associated with described unique digital certificate, and each subscriber equipment have with described gateway module in the hardware security element encrypt calibration and synchronous hardware security element.
20. system according to claim 19, wherein at least one described subscriber equipment is the wireless device with the safety element that comprises first subscriber identification module (SIM) chip, and described gateway module has and is configured to a described SIM chip communication so that the 2nd SIM chip of the radio communication that is verified.
21. system according to claim 1, wherein this system also comprises conversation-based watermark module, and this module is associated with described subscriber equipment and is configured to insert unique watermark useful load on public network in all the elements file that described subscriber equipment receives.
22. according to the system of claim 21, wherein said conversation-based watermark module also is configured to use the user's private cipher key feedwater that is associated with unique digital certificate to be printed on and imitates the load cryptographic signatures.
23. a network user authentication system that is used to verify the subscriber equipment in the building comprises:
Physical connection is to the security component of building and being associated with subscriber equipment;
Authentication server;
This authentication server is linked at least one network of this security component;
This authentication server has the trusted path authentication module, this block configuration becomes to create the Customer ID that is associated with this subscriber equipment, discern this security component, and unique digital certificate is associated with this security component, and the data memory module that is used to store this Customer ID and the digital certificate that is associated; And
This authentication server also comprises inspection module, and this inspection module is used to use this Customer ID and the digital certificate that is associated is carrying out secure communication on the public network between subscriber equipment and other subscriber equipment.
24. according to the system of claim 23, wherein said security component comprises the industrial siding that is connected to building, and described digital certificate comprises the based on network sign of this industrial siding.
25. according to the system of claim 23, wherein said digital certificate comprises the digital certificate based on X.509.
26. system according to claim 23, wherein this system also comprises the control module that is associated with described security component, this control module has processor module and data memory module, described authentication server also comprises the certificate transport module that is configured to digital certificate is passed to control module, this processor module is configured at the described digital certificate of described data memory module stored, and uses described digital certificate carrying out secure communication on the common network between described subscriber equipment and other webserver.
27. one kind be used to verify the network user in case on common network the method for secure communication, comprising:
Receive to the security component of building and at least one private by physical connection at authentication server and to verify from the building of the subscriber equipment this building in and to ask;
Determine the user's of subscriber equipment user identity (user ID);
The physical connection identity (physical connection ID) of test safety assembly;
The record of storage user ID and related physical connection ID;
Receiving when connecting each services request of user, determining the current physical connection ID of the security component of this connections user use;
The previously stored physical connection ID of more current physical connection ID and same subscriber ID is so that test; And
This service that successfully just provides of checking is provided.
28. according to the method for claim 27, wherein this method comprises that also information available is determined physical connection identification in the network data structure.
29. method according to claim 27, wherein also comprise unique digital certificate is associated with physical connection, this digital certificate comprises the physics connection ID, at the unique digital certificate of data storage areas stored that is associated with this physical connection, and use this unique digital certificate with common network on anticipation network partner's network service in test.
30. method according to claim 29, comprise also that wherein the first hardware security element that makes in the described security component is associated with described unique digital certificate, and hardware security element and this first hardware security element at least one subscriber equipment in the building of harmonizing cryptographically.
31., wherein also comprise the unique watermark useful load that is associated with building inserted the content file that the subscriber equipment in the building receives by network according to the method for claim 27.
32., wherein also comprise the geographic position of use in the position transducer check building of the geographic coordinate that is used for definite described security component at described security component place according to the method for claim 31.
33. according to the method for claim 32, when wherein the subscriber equipment in building begins on common network to carry out secure communication with the anticipation network partner, the geographic position that check is built.
34. a network user authentication system comprises:
Physical connection to building and with building in the security component that is associated of at least one subscriber equipment;
With the control module that described security component is associated, the data memory module that this control module has processor module and is associated with this processor module;
Authentication server;
This authentication server is linked at least one network of this control module;
This authentication server is configured to make unique digital certificate to be associated with this security component, and this unique digital certificate is passed to the control module that is associated with this security component; And
This processor module is configured at this unique digital certificate of described data memory module stored, and uses this digital certificate carrying out secure communication on the common network between subscriber equipment and other webserver.
35. according to the system of claim 34, wherein said authentication server is utility company's server.
36. system according to claim 34, wherein said control module comprises the edge site server that is configured to provide near a plurality of buildings the service for checking credentials, this edge site server has many industrial sidings, every industrial siding is connected to one of corresponding building, described processor module is configured at a plurality of unique digital certificates of described data memory module stored, and each digital certificate is linked with the corresponding industrial siding that is connected to the building that is associated with described digital certificate.
37. according to the system of claim 36, wherein said authentication server is the utility company's server that is linked to described edge site server.
38. system according to claim 36, wherein also be included in the utility company's server that is linked to this edge site server on utility company's network, this authentication server comprise be linked to utility company's server in case with the alone server of described edge site server communication.
39. according to the system of claim 34, wherein also comprise the gateway module in the building that is connected to described industrial siding, this gateway module is linked to subscriber equipment.
40. according to the system of claim 39, wherein also comprise a plurality of additional customer's equipment in the described building, described processor module be configured to described building in described additional customer's devices communicating.
41. according to the system of claim 34, wherein said security component is the safety box of physical connection to the construction package of building, and described control module is comprised in the described safety box, described processor module is configured to and described communications of user equipment.
42. system according to claim 41, wherein said control module also comprises and is connected to described processor module so that the position transducer of geographical position coordinates is provided, described processor module is configured to described geographical position coordinates is passed to described authentication server, and described authentication server is configured to use described geographical position coordinates to check the situation of building.
43. according to the system of claim 34, wherein said control module also comprises the first hardware security element of harmonizing with described digital certificate password.
44. according to the system of claim 43, wherein said subscriber equipment has the second hardware security element of harmonizing with the described first hardware security element password.
CNA2006800327604A 2005-07-20 2006-07-20 Network user authentication system and method Pending CN101467131A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US70123905P 2005-07-20 2005-07-20
US60/701,239 2005-07-20
US60/803,679 2006-06-01

Publications (1)

Publication Number Publication Date
CN101467131A true CN101467131A (en) 2009-06-24

Family

ID=40806656

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2006800327604A Pending CN101467131A (en) 2005-07-20 2006-07-20 Network user authentication system and method

Country Status (1)

Country Link
CN (1) CN101467131A (en)

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101958889A (en) * 2009-07-16 2011-01-26 株式会社日立制作所 Information processing method and information processing system
CN102025503A (en) * 2010-11-04 2011-04-20 北京曙光天演信息技术有限公司 Data security implementation method in cluster environment and high-security cluster
CN102316078A (en) * 2010-06-30 2012-01-11 中华电信股份有限公司 Authentication login method
CN102648618A (en) * 2009-12-03 2012-08-22 阿尔卡特朗讯 Method for use in telecommunications networks, central offices and network termination units
CN102656576A (en) * 2009-12-04 2012-09-05 阿尔特拉公司 Preventing information leakage between components on a programmable chip in the presence of faults
CN102932171A (en) * 2012-10-22 2013-02-13 烽火通信科技股份有限公司 Optical network unit (ONU) certification authorization management method based on License resource control
CN102932492A (en) * 2011-09-12 2013-02-13 微软公司 Correlation of users to ip address lease events
CN103039039A (en) * 2010-08-03 2013-04-10 西门子公司 Method and device for integrating a device into a network
CN103430183A (en) * 2010-11-04 2013-12-04 思飞信智能电网公司 Physically secured authorization for utility applications
CN104094272A (en) * 2012-02-07 2014-10-08 联邦印刷有限公司 Method for communication of energy consumption-specific measurement data elements between a smart meter device and a computer system of a utility company and/or operator of a measuring system
WO2016086666A1 (en) * 2014-12-04 2016-06-09 华为技术有限公司 Cable modem register method and device
CN105929426A (en) * 2016-04-21 2016-09-07 北京元心科技有限公司 Method and device for GPS positioning in multiple systems
CN106054957A (en) * 2011-10-17 2016-10-26 谷歌公司 Methods, systems, and related architectures for managing network connected thermostats
CN107251003A (en) * 2014-11-04 2017-10-13 Gt系统私人有限公司 Media distribution and management system and apparatus
CN107333264A (en) * 2017-08-21 2017-11-07 上海掌门科技有限公司 A kind of method and apparatus for being used to carry out user equipment wireless connection pre-authorization
CN108183553A (en) * 2015-09-15 2018-06-19 柳超 A kind of data test and acquisition monitoring device, intelligent grid and its user terminal
CN108449568A (en) * 2018-01-31 2018-08-24 苏州科达科技股份有限公司 Identity identifying method and device for video conference
CN108737155A (en) * 2017-04-14 2018-11-02 国际索拉温兹公司 Network state estimation
CN108923846A (en) * 2018-07-23 2018-11-30 中天宽带技术有限公司 A kind of novel device of optical network unit
CN109474577A (en) * 2018-10-17 2019-03-15 太原市高远时代科技有限公司 A kind of Internet of Things network edge O&M equipment with safety permission function
CN111149324A (en) * 2017-09-21 2020-05-12 Lg电子株式会社 Cryptographic method and system for managing digital certificates having linked values
CN111614709A (en) * 2019-02-26 2020-09-01 傲为信息技术(江苏)有限公司 Blockchain-based partition transaction method and system
CN111970074A (en) * 2020-07-07 2020-11-20 深圳市拔超科技有限公司 Test method of HDCP repeater
CN112448945A (en) * 2019-09-04 2021-03-05 皇家Kpn公司 Controlling network access of customer premises equipment
CN113434882A (en) * 2021-06-30 2021-09-24 平安普惠企业管理有限公司 Communication protection method and device of application program, computer equipment and storage medium
CN114428976A (en) * 2020-10-29 2022-05-03 潘塔安全系统公司 Apparatus and method for managing pseudonymous certificates
CN114500066A (en) * 2022-02-08 2022-05-13 北京沃东天骏信息技术有限公司 Information processing method, gateway and communication system
CN116648702A (en) * 2020-12-22 2023-08-25 微软技术许可有限责任公司 Secure network access at edge sites with trusted network devices

Cited By (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101958889B (en) * 2009-07-16 2013-11-20 株式会社日立制作所 Information processing method and information processing system
CN101958889A (en) * 2009-07-16 2011-01-26 株式会社日立制作所 Information processing method and information processing system
CN102648618A (en) * 2009-12-03 2012-08-22 阿尔卡特朗讯 Method for use in telecommunications networks, central offices and network termination units
CN102656576A (en) * 2009-12-04 2012-09-05 阿尔特拉公司 Preventing information leakage between components on a programmable chip in the presence of faults
CN102656576B (en) * 2009-12-04 2015-11-25 阿尔特拉公司 Leakage of information when preventing fault between programmable chip upper-part
CN102316078A (en) * 2010-06-30 2012-01-11 中华电信股份有限公司 Authentication login method
US9361265B2 (en) 2010-08-03 2016-06-07 Siemens Aktiengesellschaft Method and device for integrating a device into a network
CN103039039A (en) * 2010-08-03 2013-04-10 西门子公司 Method and device for integrating a device into a network
CN103039039B (en) * 2010-08-03 2016-01-20 西门子公司 Method and device for integrating devices in a network
CN102025503B (en) * 2010-11-04 2014-04-16 曙光云计算技术有限公司 Data security implementation method in cluster environment and high-security cluster
CN102025503A (en) * 2010-11-04 2011-04-20 北京曙光天演信息技术有限公司 Data security implementation method in cluster environment and high-security cluster
US10609562B2 (en) 2010-11-04 2020-03-31 Itron Networked Solutions, Inc. Physically secured authorization for utility applications
CN103430183A (en) * 2010-11-04 2013-12-04 思飞信智能电网公司 Physically secured authorization for utility applications
CN103430183B (en) * 2010-11-04 2016-04-20 思飞信智能电网公司 For the physical security mandate of utility application
US10455420B2 (en) 2010-11-04 2019-10-22 Itron Networked Solutions, Inc. Physically secured authorization for utility applications
US9961550B2 (en) 2010-11-04 2018-05-01 Itron Networked Solutions, Inc. Physically secured authorization for utility applications
CN102932492A (en) * 2011-09-12 2013-02-13 微软公司 Correlation of users to ip address lease events
US10873632B2 (en) 2011-10-17 2020-12-22 Google Llc Methods, systems, and related architectures for managing network connected devices
CN106054957A (en) * 2011-10-17 2016-10-26 谷歌公司 Methods, systems, and related architectures for managing network connected thermostats
CN104094272A (en) * 2012-02-07 2014-10-08 联邦印刷有限公司 Method for communication of energy consumption-specific measurement data elements between a smart meter device and a computer system of a utility company and/or operator of a measuring system
CN104094272B (en) * 2012-02-07 2017-08-18 联邦印刷有限公司 For the method for the computer system that energy consumption particular measurement data item is sent to energy supplier and/or instrument operator from intelligent meter mechanism
CN102932171A (en) * 2012-10-22 2013-02-13 烽火通信科技股份有限公司 Optical network unit (ONU) certification authorization management method based on License resource control
CN102932171B (en) * 2012-10-22 2015-07-01 烽火通信科技股份有限公司 Optical network unit (ONU) certification authorization management method based on License resource control
CN107251003A (en) * 2014-11-04 2017-10-13 Gt系统私人有限公司 Media distribution and management system and apparatus
CN107251003B (en) * 2014-11-04 2021-02-09 Gt系统私人有限公司 Media distribution and management system and apparatus
WO2016086666A1 (en) * 2014-12-04 2016-06-09 华为技术有限公司 Cable modem register method and device
CN108183553A (en) * 2015-09-15 2018-06-19 柳超 A kind of data test and acquisition monitoring device, intelligent grid and its user terminal
CN108183553B (en) * 2015-09-15 2021-04-06 宁夏隆基宁光仪表股份有限公司 Data testing and collecting monitoring device, smart power grid and user side thereof
CN105929426A (en) * 2016-04-21 2016-09-07 北京元心科技有限公司 Method and device for GPS positioning in multiple systems
CN105929426B (en) * 2016-04-21 2019-04-02 北京元心科技有限公司 Method and device for GPS positioning in multiple systems
CN108737155B (en) * 2017-04-14 2022-08-30 国际索拉温兹公司 Network state evaluation method and device
CN108737155A (en) * 2017-04-14 2018-11-02 国际索拉温兹公司 Network state estimation
CN107333264A (en) * 2017-08-21 2017-11-07 上海掌门科技有限公司 A kind of method and apparatus for being used to carry out user equipment wireless connection pre-authorization
CN111149324B (en) * 2017-09-21 2023-12-29 Lg电子株式会社 Cryptography method and system for managing digital certificates with linked values
CN111149324A (en) * 2017-09-21 2020-05-12 Lg电子株式会社 Cryptographic method and system for managing digital certificates having linked values
CN108449568A (en) * 2018-01-31 2018-08-24 苏州科达科技股份有限公司 Identity identifying method and device for video conference
CN108923846A (en) * 2018-07-23 2018-11-30 中天宽带技术有限公司 A kind of novel device of optical network unit
CN109474577A (en) * 2018-10-17 2019-03-15 太原市高远时代科技有限公司 A kind of Internet of Things network edge O&M equipment with safety permission function
CN111614709A (en) * 2019-02-26 2020-09-01 傲为信息技术(江苏)有限公司 Blockchain-based partition transaction method and system
CN111614709B (en) * 2019-02-26 2022-12-16 傲为有限公司 Partition transaction method and system based on block chain
CN112448945A (en) * 2019-09-04 2021-03-05 皇家Kpn公司 Controlling network access of customer premises equipment
CN112448945B (en) * 2019-09-04 2023-03-28 皇家Kpn公司 Controlling network access of customer premises equipment
CN111970074A (en) * 2020-07-07 2020-11-20 深圳市拔超科技有限公司 Test method of HDCP repeater
CN114428976A (en) * 2020-10-29 2022-05-03 潘塔安全系统公司 Apparatus and method for managing pseudonymous certificates
CN116648702A (en) * 2020-12-22 2023-08-25 微软技术许可有限责任公司 Secure network access at edge sites with trusted network devices
CN113434882A (en) * 2021-06-30 2021-09-24 平安普惠企业管理有限公司 Communication protection method and device of application program, computer equipment and storage medium
CN114500066A (en) * 2022-02-08 2022-05-13 北京沃东天骏信息技术有限公司 Information processing method, gateway and communication system

Similar Documents

Publication Publication Date Title
CN101467131A (en) Network user authentication system and method
US8181262B2 (en) Network user authentication system and method
US9356940B2 (en) Security and access system based on multi-dimensional location characteristics
JP5860815B2 (en) System and method for enforcing computer policy
US9059842B2 (en) System and method for grid based cyber security
CN103107996B (en) Digital certificate download online method and system, digital certificate are provided platform
US20090144541A1 (en) Method and apparatus of mutual authentication and key distribution for downloadable conditional access system in digital cable broadcasting network
US20110055556A1 (en) Method for providing anonymous public key infrastructure and method for providing service using the same
US8274401B2 (en) Secure data transfer in a communication system including portable meters
CN101479987A (en) Biometric credential verification framework
JP2010114869A (en) Access control system and method based on hierarchical key
CN102438013A (en) Hardware-based credential distribution
CN107204983B (en) A system for safe data transmission of wind farm SCADA system based on SIP protocol
US20110078784A1 (en) Vpn system and method of controlling operation of same
CN113411190A (en) Key deployment, data communication, key exchange and security reinforcement method and system
JP2016521029A (en) Network system comprising security management server and home network, and method for including a device in the network system
CN114390524A (en) Implementation method and device for one-key login service
US20230328047A1 (en) Platform and Method for Automated Moving Target Defense
CN114422266A (en) IDaaS system based on dual verification mechanism
US20090296936A1 (en) System and method for creating a secure billing identity for an end user using an identity association
KR20150005789A (en) Method for Authenticating by using Certificate
KR20020083551A (en) Development and Operation Method of Multiagent Based Multipass User Authentication Systems
KR102086739B1 (en) Electronic re-signing method to support various digital signature algorithms in secure sockets layer decryption device
CN114005190B (en) Face recognition method for class attendance system
Cho et al. Authentication method for privacy protection in smart grid environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20090624