[go: up one dir, main page]

TWI668971B - A modem device and a method for verifying data - Google Patents

A modem device and a method for verifying data Download PDF

Info

Publication number
TWI668971B
TWI668971B TW107104930A TW107104930A TWI668971B TW I668971 B TWI668971 B TW I668971B TW 107104930 A TW107104930 A TW 107104930A TW 107104930 A TW107104930 A TW 107104930A TW I668971 B TWI668971 B TW I668971B
Authority
TW
Taiwan
Prior art keywords
certificate
public key
modem
processing unit
text string
Prior art date
Application number
TW107104930A
Other languages
Chinese (zh)
Other versions
TW201935885A (en
Inventor
李昆育
Original Assignee
和碩聯合科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 和碩聯合科技股份有限公司 filed Critical 和碩聯合科技股份有限公司
Priority to TW107104930A priority Critical patent/TWI668971B/en
Priority to CN201910110073.9A priority patent/CN110166245B/en
Application granted granted Critical
Publication of TWI668971B publication Critical patent/TWI668971B/en
Publication of TW201935885A publication Critical patent/TW201935885A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2801Broadband local area networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)

Abstract

本揭露提供了一種具有驗證資料功能數據機裝置。此數據機裝置具有通訊單元、儲存單元及處理單元。通訊單元會接收及傳輸訊號。儲存單元會儲存參考驗證資訊及裝置驗證資訊。處理單元耦接於通訊單元儲存單元。當處理單元接收到模擬連線數據機終端系統檢查指令時,處理單元依據參考驗證資訊,以驗證裝置驗證資訊是否合法。參考驗證資訊具有數據機終端系統的憑證資訊。本揭露並提供了相應的驗證資料的方法。The disclosure provides a modem device with a verification data function. The modem device has a communication unit, a storage unit and a processing unit. The communication unit receives and transmits signals. The storage unit stores reference authentication information and device authentication information. The processing unit is coupled to the communication unit storage unit. When the processing unit receives a check instruction from the analog connection modem terminal system, the processing unit verifies whether the device verification information is valid according to the reference verification information. The reference authentication information has the certificate information of the modem terminal system. This disclosure and the corresponding method of verifying the information.

Description

數據機裝置及驗證資料的方法Modem device and method for verifying data

本發明是有關於一種資料驗證技術,且特別是有關於一種具有資料驗證機制的數據機裝置及驗證資料的方法。The invention relates to a data verification technology, and in particular to a data machine device and a method for verifying data with a data verification mechanism.

為了維護數據機裝置與數據機終端系統(Cable modem termination system,CMTS)間資料傳輸的安全性,現有的數據機裝置與數據機終端系統之間的資料傳輸採用有線電纜數據服務接口規範(Data-Over-Cable service interface specifications,DOCSIS),並遵守其所制定的安全規範。為此,數據機裝置中會對應儲存多筆驗證資料,以藉由驗證資料對欲傳輸的資料進行加解密。此外,當數據機裝置進行韌體更新時,數據機裝置也會依據驗證資料判斷韌體的來源是否正確。In order to maintain the security of the data transmission between the modem device and the cable modem termination system (CMTS), the data transmission between the existing modem device and the modem terminal system adopts the wired cable data service interface specification (Data- Over-Cable service interface specifications (DOCSIS) and adhere to the security specifications that they have developed. To this end, the modem device stores a plurality of verification data correspondingly, so as to encrypt and decrypt the data to be transmitted by the verification data. In addition, when the modem device performs a firmware update, the modem device also determines whether the source of the firmware is correct based on the verification data.

在製造數據機裝置的過程中,為了確保數據機裝置所儲存的驗證資料為正確的,製造商會讓數據機裝置實際與數據機終端系統進行連線並進行一連串的驗證,以確保驗證資料的正確性。然而,進行驗證的過程耗時又費力,特別是,若在生產線上進行驗證會耗費大量時間資源,降低生產效益。基此,如何能夠提供更簡單的驗證方法為本領域技術人員所致力的課題。In the process of manufacturing the modem device, in order to ensure that the verification data stored in the modem device is correct, the manufacturer will actually connect the modem device to the modem terminal system and perform a series of verifications to ensure the correctness of the verification data. Sex. However, the verification process is time-consuming and labor-intensive. In particular, if verification is performed on the production line, it will consume a lot of time and resources and reduce production efficiency. Based on this, how to provide a simpler verification method is a subject devoted by those skilled in the art.

本發明提供一種數據機裝置及驗證資料的方法,以在不連線至數據機終端系統的情形下進行驗證資料,藉此簡化驗證資料的過程與時間。The invention provides a modem device and a method for verifying data, so as to verify the data without being connected to the terminal system of the modem, thereby simplifying the process and time of verifying the data.

本揭露的驗證資料的方法適用於數據機裝置。此數據機裝置儲存有參考驗證資訊及裝置驗證資訊。此驗證資料的方法具有步驟:接收檢查指令;依據參考驗證資訊,驗證裝置驗證資訊是否合法,其中,參考驗證資訊儲存於數據機裝置,且包括數據機終端系統的憑證資訊。The method for verifying data disclosed in this disclosure is applicable to modem devices. This modem device stores reference verification information and device verification information. The method for verifying data has the steps of: receiving a check instruction; verifying whether the device verification information is legal according to the reference verification information, wherein the reference verification information is stored in the modem device and includes the credential information of the modem terminal system.

本揭露的數據機裝置具有驗證資料的功能。此數據機裝置具有通訊單元、儲存單元及處理單元。通訊單元會接收及傳輸訊號。儲存單元會儲存參考驗證資訊及裝置驗證資訊。處理單元耦接於通訊單元儲存單元。當處理單元接收到模擬連線數據機終端系統檢查指令時,處理單元依據參考驗證資訊,以驗證裝置驗證資訊是否合法。參考驗證資訊具有數據機終端系統的憑證資訊。The modem device disclosed herein has a function of verifying data. The modem device has a communication unit, a storage unit and a processing unit. The communication unit receives and transmits signals. The storage unit stores reference authentication information and device authentication information. The processing unit is coupled to the communication unit storage unit. When the processing unit receives a check instruction from the analog connection modem terminal system, the processing unit verifies whether the device verification information is valid according to the reference verification information. The reference authentication information has the certificate information of the modem terminal system.

基於上述,於本揭露的數據機裝置與驗證資料的方法中,由於數據機裝置儲存了對應數據機終端系統的參考驗證資訊,數據機裝置會在不連線至數據機終端系統的情形下,透過參考驗證資訊而對數據機裝置的裝置驗證資訊進行驗證。基此,本揭露的數據機裝置與驗證資料的方法簡化了驗證資料的方法,並減少耗費的時間。Based on the foregoing, in the disclosed modem device and verification data method, since the modem device stores reference verification information corresponding to the modem terminal system, the modem device will not be connected to the modem terminal system. The device verification information of the modem device is verified by referring to the verification information. Based on this, the disclosed modem device and method for verifying data simplifies the method for verifying data and reduces the time consumed.

為讓本發明的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above features and advantages of the present invention more comprehensible, embodiments are hereinafter described in detail with reference to the accompanying drawings.

請參照圖1,圖1繪示本揭露一實施例之數據機裝置的系統架構圖。數據機裝置100為使用者端的數據機,提供用戶連網功能,舉例來說,數據機裝置100可以連線至數據機終端系統(Cable modem termination system,CMTS),而與其他伺服器、數據機進行資料交換。Please refer to FIG. 1. FIG. 1 is a system architecture diagram of a modem device according to an embodiment of the present disclosure. The modem device 100 is a user-side modem, which provides a user networking function. For example, the modem device 100 can be connected to a cable modem termination system (CMTS), and communicate with other servers and modems. Data exchange.

在本揭露的一實施例中,數據機裝置100適用於以同軸電纜(Hybrid fiber-coaxial,HFC)連接的網路環境中。數據機裝置100可以應用為纜線數據機(Cable Modem,CM),或者是支援語音通話的嵌入式多媒體終端適配器(Embedded multimedia terminal adapter,eMTA)。In an embodiment of the present disclosure, the modem device 100 is suitable for a network environment connected by a coaxial cable (Hybrid fiber-coaxial, HFC). The modem device 100 can be applied as a cable modem (CM) or an embedded multimedia terminal adapter (eMTA) that supports voice calls.

數據機裝置100具有通訊單元110、儲存單元120以及處理單元130。The modem device 100 includes a communication unit 110, a storage unit 120, and a processing unit 130.

通訊單元110是以通訊晶片進行實作,通訊晶片可為支援全球行動通信(Global System for Mobile communication, GSM)、個人手持式電話系統(Personal Handy-phone System, PHS)、碼多重擷取(Code Division Multiple Access, CDMA)系統、寬頻碼分多址(Wideband Code Division Multiple Access, WCDMA)系統、長期演進(Long Term Evolution, LTE)系統、全球互通微波存取(Worldwide interoperability for Microwave Access, WiMAX)系統、無線保真(Wireless Fidelity, Wi-Fi)系統或藍牙的信號傳輸的元件。The communication unit 110 is implemented by a communication chip. The communication chip can support Global System for Mobile Communication (GSM), Personal Handy-phone System (PHS), and Code Multiple Acquisition (Code). Division Multiple Access (CDMA) system, Wideband Code Division Multiple Access (WCDMA) system, Long Term Evolution (LTE) system, Worldwide Interoperability for Microwave Access (WiMAX) system , Wireless fidelity (Wi-Fi) system or Bluetooth signal transmission components.

儲存單元120儲存運行數據機裝置100的必要程式碼與資料,此儲存單元可以是任何型態的固定或可移動隨機存取記憶體(Random Access Memory,RAM)、唯讀記憶體(Read-Only Memory,ROM)、快閃記憶體(flash memory)、硬碟(Hard Disk Drive,HDD)、固態硬碟(Solid State Drive,SSD)或類似元件或上述元件的組合。The storage unit 120 stores necessary codes and data for operating the modem device 100. The storage unit may be any type of fixed or removable Random Access Memory (RAM), Read-Only (Read-Only) Memory (ROM), flash memory (Hard Disk Drive, HDD), solid state drive (SSD) or similar components or a combination of the above components.

在本實施例中,數據機裝置100與數據機終端系統的資料交換會遵守有線電纜數據服務接口規範(Data-Over-Cable service interface specifications,DOCSIS)。DOCSIS中定義了基線私人介面(Baseline Privacy Interface,BPI),以對傳輸的資料進行加密。因此,儲存單元120儲存了裝置驗證資訊122。藉由裝置驗證資訊122,處理單元130得以將欲傳送的資料進行加密及解密,以滿足BPI所定義的規範。In this embodiment, the data exchange between the modem device 100 and the modem terminal system will comply with the data-over-cable service interface specifications (DOCSIS) of the cable. DOCSIS defines a Baseline Privacy Interface (BPI) to encrypt transmitted data. Therefore, the storage unit 120 stores the device verification information 122. With the device verification information 122, the processing unit 130 is able to encrypt and decrypt the data to be transmitted to meet the specifications defined by the BPI.

裝置驗證資訊122至少包括BPI所規範的驗證資料,例如:根憑證、授權裝置憑證、製造商憑證、數據裝置憑證、私鑰等資料,但不限於此。由於DOCSIS具有多種不同的版本,且在不同的DOCSIS版本中所對應的BPI規範並不相同。因此,裝置驗證資訊122實際所記載的資料會因為設計與實作上而調整,本揭露並不限於此。The device verification information 122 includes at least verification data regulated by the BPI, such as: root certificate, authorized device certificate, manufacturer certificate, data device certificate, private key and other data, but is not limited thereto. Because DOCSIS has many different versions, and the corresponding BPI specifications are not the same in different DOCSIS versions. Therefore, the data actually recorded in the device verification information 122 may be adjusted due to design and implementation, and the disclosure is not limited thereto.

處理單元130連接於通訊單元110與儲存單元120,並用以運行數據機裝置100的程式碼與必要功能。處理單元可以是中央處理單元(Central Processing Unit,CPU),或是其他可程式化之一般用途或特殊用途的微處理器(Microprocessor)、數位信號處理器(Digital Signal Processor,DSP)、可程式化控制器、特殊應用積體電路(Application Specific Integrated Circuit,ASIC)或其他類似元件或上述元件的組合,本揭露不限於此。The processing unit 130 is connected to the communication unit 110 and the storage unit 120 and is used to run codes and necessary functions of the modem device 100. The processing unit can be a central processing unit (CPU), or other programmable general purpose or special purpose microprocessor (Microprocessor), digital signal processor (DSP), programmable A controller, an Application Specific Integrated Circuit (ASIC) or other similar components or a combination of the above components, the disclosure is not limited thereto.

為了確保數據機裝置所儲存的裝置驗證資訊為正確的,於製造完成後,製造商會讓數據機裝置100實際與數據機終端系統進行連線,以確認裝置驗證資訊122的正確性。由於驗證的過程耗費大量時間資源,在本揭露中,儲存單元120儲存了參考驗證資訊124。In order to ensure that the device verification information stored in the modem device is correct, after the manufacturing is completed, the manufacturer will actually connect the modem device 100 with the modem terminal system to confirm the correctness of the device verification information 122. Since the verification process consumes a lot of time resources, in the present disclosure, the storage unit 120 stores the reference verification information 124.

參考驗證資訊124具有纜線電視實驗室(Cable Television Laboratories,CableLabs)所發放的多種不同憑證,並具有數據機終端系統的憑證資訊,憑證資訊例如但不限於,根憑證(DOCSIS Root CA Certificate or Service Provider Root CA Certificate)、根公鑰(Root Public Key)。The reference verification information 124 has a variety of different certificates issued by Cable Television Laboratories (CableLabs), and has the certificate information of the modem terminal system. The certificate information such as, but not limited to, the DOCSIS Root CA Certificate or Service Provider Root CA Certificate), Root Public Key.

由於儲存單元120儲存了參考驗證資訊124,數據機裝置100可以藉由參考驗證資訊124驗證裝置驗證資訊122的合法性與正確性,進而取代數據機終端系統所執行的驗證過程。Since the storage unit 120 stores the reference verification information 124, the modem device 100 can verify the legitimacy and correctness of the device verification information 122 by referring to the verification information 124, thereby replacing the verification process performed by the modem terminal system.

具體來說,請參照圖2,圖2繪示本揭露一實施例驗證資料的方法的流程圖。Specifically, please refer to FIG. 2, which illustrates a flowchart of a method for verifying data according to an embodiment of the present disclosure.

在步驟S210,處理單元130會接收模擬連線數據機終端系統檢查指令。模擬連線數據機終端系統檢查指令是用以檢查數據機裝置100所儲存的裝置驗證資訊122是否正確,以通過裝置驗證資訊122建立連線。此模擬連線數據機終端系統檢查指令的程式碼會內建於數據機裝置100,或者是儲存於韌體中,並透過命令行界面(Command-line interface,CLI)的指令輸入並執行此模擬連線數據機終端系統檢查指令。In step S210, the processing unit 130 receives an analog connection modem terminal system check instruction. The analog connection modem terminal system check command is used to check whether the device verification information 122 stored in the modem device 100 is correct, so as to establish a connection through the device verification information 122. The code of the simulation connection modem terminal system check command is built into the modem device 100, or is stored in the firmware, and the simulation is input and executed through a command-line interface (CLI) command Wire modem terminal system check instruction.

在步驟S220,處理單元130依據儲存單元120中所儲存的參考驗證資訊124,驗證裝置驗證資訊122是否合法。In step S220, the processing unit 130 verifies whether the device verification information 122 is valid according to the reference verification information 124 stored in the storage unit 120.

具體來說,參考驗證資訊124儲存的是由CableLabs所授權的憑證資訊,裝置驗證資訊122儲存的是數據機裝置100所持有的驗證資訊。因此,若數據機裝置100所持有的裝置驗證資訊122為合法,則其會與參考驗證資訊124所夾帶的憑證資訊相同,或者是裝置驗證資訊122可以透過參考驗證資訊124進行雙向的加密與解密。Specifically, the reference verification information 124 stores credential information authorized by CableLabs, and the device verification information 122 stores verification information held by the modem device 100. Therefore, if the device verification information 122 held by the modem device 100 is valid, it will be the same as the certificate information carried by the reference verification information 124, or the device verification information 122 may be bidirectionally encrypted and encrypted through the reference verification information 124. Decrypt.

以下將進一步對步驟S220中,處理單元130驗證裝置驗證資訊122是否合法的步驟進一步說明。然,由於在不同版本的DOCSIS所規範的加密方式並不相同,以下將針對DOCSIS不同版本的規範以不同的實施例進行說明。The steps of the processing unit 130 verifying whether the device verification information 122 is legal in step S220 will be further described below. Of course, because the encryption methods specified in different versions of DOCSIS are not the same, the following will describe the specifications of different versions of DOCSIS in different embodiments.

請參照圖3,圖3繪示本揭露一實施例驗證資料的方法的細部流程圖。在圖3的實施例中,數據機裝置100和數據機終端系統之間採用DOCSIS3.1的版本進行資料交換。Please refer to FIG. 3, which is a detailed flowchart of a method for verifying data according to an embodiment of the present disclosure. In the embodiment of FIG. 3, the data machine device 100 and the data machine terminal system use DOCSIS 3.1 version for data exchange.

在此實施例中,參考驗證資訊124所儲存的憑證資訊包括數據機終端系統的參考根憑證(ROOT CA Certificate)以及參考授權裝置憑證(Device CA Certificate)。裝置驗證資訊122包括根憑證、授權裝置憑證、數據裝置憑證(Cable Modem Certificate,CM Certificate)以及私鑰(CM Private Key)。In this embodiment, the credential information stored in the reference verification information 124 includes a reference root certificate (ROOT CA Certificate) and a reference authorized device certificate (Device CA Certificate) of the modem terminal system. The device authentication information 122 includes a root certificate, an authorized device certificate, a data device certificate (Cable Modem Certificate, CM Certificate), and a CM Private Key.

在步驟S310,處理單元130比對參考根憑證與根憑證的每一個位元是否相同,以判斷根憑證是否合法。具體來說,參考根憑證為CableLabs所授權發行的公開憑證(DOCSIS 3.1 Root CA Certificate)。儲存單元120所儲存的根憑證應與參考根憑證一致。若有任何一個位元不相同,表示參考根憑證與根憑證不一致,根憑證為錯誤的。並且,處理單元130執行步驟S380,判斷驗證資訊錯誤,並產生錯誤提示(例如:以聲音、燈號或者在顯示螢幕中顯示文字提示,本揭露不限於此)。In step S310, the processing unit 130 compares each bit of the reference root certificate with the root certificate to determine whether the root certificate is valid. Specifically, refer to the public certificate (DOCSIS 3.1 Root CA Certificate) issued by CableLabs as the root certificate. The root certificate stored in the storage unit 120 should be consistent with the reference root certificate. If any one bit is different, it means that the reference root certificate is inconsistent with the root certificate, and the root certificate is wrong. In addition, the processing unit 130 executes step S380 to determine that the verification information is incorrect, and generates an error prompt (for example, a sound prompt, a light signal, or a text prompt is displayed on a display screen, and the present disclosure is not limited thereto).

在步驟S320,處理單元130比對參考授權裝置憑證與授權裝置憑證的每一個位元是否相同,以判斷授權裝置憑證是否合法。In step S320, the processing unit 130 compares whether each bit of the reference authorized device certificate and the authorized device certificate are the same to determine whether the authorized device certificate is legitimate.

參考授權裝置憑證為CableLabs所授權發行的公開憑證(DOCSIS 3.1 Device CA Certificate)。儲存單元120所儲存的授權裝置憑證應與參考授權裝置憑證一致。若有任何一個位元不相同,表示授權裝置憑證為錯誤的授權裝置憑證。此時,處理單元130亦執行步驟S380。The reference device certificate is a public certificate issued by CableLabs (DOCSIS 3.1 Device CA Certificate). The authorized device certificate stored in the storage unit 120 should be consistent with the reference authorized device certificate. If any one bit is different, it means that the authorized device certificate is the wrong authorized device certificate. At this time, the processing unit 130 also executes step S380.

在步驟S330,處理單元130依據授權裝置憑證檢查數據裝置憑證的來源是否合法,並判斷數據裝置憑證的媒體存取位址與數據機裝置的媒體存取位址是否相同。In step S330, the processing unit 130 checks whether the source of the data device certificate is legal according to the authorized device certificate, and determines whether the media access address of the data device certificate is the same as the media access address of the modem device.

在本實施例中,數據裝置憑證會基於授權裝置憑證以及每一台數據機裝置100的媒體存取位址(Media Access Control Address,MAC address)來核發。因此,處理單元130會擷取授權裝置憑證中所夾帶的公鑰(Device CA Public Key),並透過非對稱加密演算法(如:RSA演算法)驗證數據裝置憑證來源的數位簽名(CM Certificate Signature)是否正確。此外,處理單元130會進一步比對正在測試的數據機裝置100的媒體存取控制位址(CM MAC address)與數據裝置憑證中的媒體存取控制位址(CM Certificate MAC address)。若數據裝置憑證來源的數位簽名是正確的,且媒體存取控制位址也為正確的,則處理單元130則判斷數據裝置憑證為合法的。In this embodiment, the data device certificate is issued based on the authorized device certificate and the media access control address (MAC address) of each modem device 100. Therefore, the processing unit 130 retrieves the Device CA Public Key carried in the authorized device certificate, and verifies the digital signature (CM Certificate Signature) of the source of the data device certificate through an asymmetric encryption algorithm (such as: RSA algorithm). )is it right or not. In addition, the processing unit 130 further compares the media access control address (CM MAC address) of the modem device 100 being tested with the media access control address (CM Certificate MAC address) in the data device certificate. If the digital signature of the data device certificate source is correct and the media access control address is also correct, the processing unit 130 determines that the data device certificate is legitimate.

反之,若處理單元130判斷數據裝置憑證來源的數位簽名或媒體存取控制位址任一為不正確的,則此數據裝置憑證為不合法,處理單元130執行步驟S380。Conversely, if the processing unit 130 determines that either the digital signature of the data device certificate source or the media access control address is incorrect, the data device certificate is illegal, and the processing unit 130 executes step S380.

須說明的是,透過非對稱加密演算法(如:RSA演算法)驗證數據裝置憑證來源的數位簽名是否正確的運算方法為本領域技術人員所熟知的技術,此處即不再贅述。It should be noted that the operation method for verifying whether the digital signature of the data device credential source is correct through an asymmetric encryption algorithm (such as: RSA algorithm) is a technique well known to those skilled in the art, and is not repeated here.

在步驟S340,處理單元130判斷數據裝置憑證的公鑰(CM Certification Public Key)與數據機裝置100儲存的公鑰(CM Public Key)是否相同,以判斷數據機裝置儲存的公鑰是否正確。In step S340, the processing unit 130 determines whether the public key (CM Certification Public Key) of the data device certificate is the same as the public key (CM Public Key) stored by the modem device 100 to determine whether the public key stored by the modem device is correct.

具體來說,每一個數據機裝置100都會有屬於自己的公鑰與私鑰,且數據裝置憑證中會夾帶屬於數據機裝置100的公鑰。因此,處理單元130會判斷數據裝置憑證的公鑰與數據機裝置100的公鑰是否為一致的。若不一致,則表示此數據裝置憑證並不屬於測試中的數據機裝置100,此數據裝置憑證的公鑰並不正確。此時,處理單元130執行步驟S380。透過公鑰、私鑰加解密資料,並透過憑證交換公鑰為本領域技術人員所熟知的技術,此處即不贅述。Specifically, each modem device 100 will have its own public key and private key, and the data device certificate will carry the public key belonging to the modem device 100. Therefore, the processing unit 130 determines whether the public key of the data device certificate is consistent with the public key of the data device device 100. If not, it means that the data device certificate does not belong to the modem device 100 under test, and the public key of the data device certificate is incorrect. At this time, the processing unit 130 executes step S380. Encrypting and decrypting data by using a public key and a private key, and exchanging a public key by a certificate are techniques well known to those skilled in the art, and are not repeated here.

在步驟S350,處理單元130使用私鑰加密文字串,並使用數據機裝置儲存的公鑰解密經加密的文字串,以獲得解密後的文字串。依據密碼學領域應用公鑰、私鑰的相關技術,使用私鑰加密的資料應可透過公鑰進行解密。因此,處理單元130會直接以步驟S340所驗證過的公鑰與私鑰實際對測試文字進行加解密。In step S350, the processing unit 130 encrypts the text string using the private key, and decrypts the encrypted text string using the public key stored in the modem device to obtain the decrypted text string. According to the technology of applying public and private keys in the field of cryptography, the data encrypted with the private key should be able to be decrypted by the public key. Therefore, the processing unit 130 directly directly encrypts and decrypts the test text with the public key and the private key verified in step S340.

在步驟S360,處理單元130判斷文字串與解密後的文字串是否相同。若文字串與解密後的文字串相同,則表示私鑰是正確的。反之,若文字串與解密後的文字串不相同,則表示此對公鑰私鑰沒辦法正常的進行加解密,處理單元130執行步驟S380。In step S360, the processing unit 130 determines whether the character string is the same as the decrypted character string. If the text string is the same as the decrypted text string, it means that the private key is correct. Conversely, if the text string is different from the decrypted text string, it means that the public key and private key cannot be encrypted and decrypted normally, and the processing unit 130 executes step S380.

在步驟S370,處理單元130判斷私鑰正確,表示裝置驗證資訊中的所有資訊都為合法的資訊,結束驗證的流程。In step S370, the processing unit 130 determines that the private key is correct, indicating that all information in the device verification information is legal information, and ends the verification process.

請參照圖4,圖4繪示本揭露另一實施例驗證資料的方法的細部流程圖。在圖4的實施例中,數據機裝置100和數據機終端系統之間採用DOCSIS3.0、DOCSIS2.0或DOCSIS 1.1的版本進行資料交換。Please refer to FIG. 4, which is a detailed flowchart of a method for verifying data according to another embodiment of the present disclosure. In the embodiment of FIG. 4, the data device 100 and the data terminal system use DOCSIS 3.0, DOCSIS 2.0, or DOCSIS 1.1 to perform data exchange.

圖3與圖4的實施例相似,差異在於,圖4的實施例的參考驗證資訊124與裝置驗證資訊122不具有參考根憑證與根憑證,以及參考授權裝置憑證和授權裝置憑證。然而,相較於圖3的實施例,圖4的實施例的參考驗證資訊124的憑證資訊包括參考根公鑰(ROOT Public Key)。裝置驗證資訊122包括根公鑰、製造商憑證(Manufacturer CA Certification)、數據裝置憑證(Cable Modem Certificate,CM Certificate)以及私鑰(Cable Modem Private Key,CM Private Key)。3 is similar to the embodiment of FIG. 4 except that the reference authentication information 124 and the device authentication information 122 of the embodiment of FIG. 4 do not have a reference root certificate and a root certificate, and a reference authorized device certificate and an authorized device certificate. However, compared with the embodiment of FIG. 3, the credential information of the reference verification information 124 in the embodiment of FIG. 4 includes a reference root public key (ROOT Public Key). The device verification information 122 includes a root public key, a manufacturer CA certification, a data device certificate (Cable Modem Certificate, CM Certificate), and a private key (Cable Modem Private Key, CM Private Key).

在步驟S410,處理單元130比對參考根公鑰與根公鑰的每一個位元是否相同,以判斷根公鑰是否合法。舉例來說,參考根公鑰為CableLabs所授權發行的公開公鑰(例如:DOCSIS 3.0 Root Public Key)。儲存單元120所儲存的根公鑰應與參考根公鑰一致。若有任何一個位元不相同,表示參考根公鑰與根公鑰不一致,根公鑰為錯誤的。並且,處理單元130執行步驟S480。步驟S480的具體內容與圖3的步驟S380一致,於此即不贅述。In step S410, the processing unit 130 compares whether the reference root public key and each bit of the root public key are the same to determine whether the root public key is valid. For example, the reference public key is a public public key authorized by CableLabs (for example: DOCSIS 3.0 Root Public Key). The root public key stored in the storage unit 120 should be consistent with the reference root public key. If any one bit is different, it means that the reference root public key is not the same as the root public key, and the root public key is wrong. And, the processing unit 130 executes step S480. The specific content of step S480 is consistent with step S380 of FIG. 3, and details are not described herein again.

在步驟S420,處理單元130會依據根公鑰驗證製造商憑證的來源是否合法。具體來說,處理單元130會依據根公鑰,以透過非對稱加密演算法(如:RSA演算法)驗證製造商憑證的數位簽名(Manufacturer CA Certification Signature)是否正確。若製造商憑證的數位簽名正確,表示製造商憑證的來源合法。然若製造商憑證的數位簽名為錯誤的,此時,處理單元130執行步驟S480。In step S420, the processing unit 130 verifies whether the source of the manufacturer certificate is valid according to the root public key. Specifically, the processing unit 130 verifies whether the digital signature (Manufacturer CA Certification Signature) of the manufacturer certificate is correct through an asymmetric encryption algorithm (such as an RSA algorithm) according to the root public key. If the digital signature of the manufacturer's certificate is correct, it indicates that the source of the manufacturer's certificate is legitimate. However, if the digital signature of the manufacturer certificate is incorrect, at this time, the processing unit 130 executes step S480.

在步驟S430,處理單元130依據製造商憑證檢查數據裝置憑證的來源是否合法,並判斷數據裝置憑證的媒體存取位址與數據機裝置的媒體存取位址是否相同。In step S430, the processing unit 130 checks whether the source of the data device certificate is legal according to the manufacturer certificate, and determines whether the media access address of the data device certificate is the same as the media access address of the modem device.

在本實施例中,數據裝置憑證會基於製造商憑證以及每一台數據機裝置100的媒體存取位址(Media Access Control Address,MAC address)來核發。因此,相似於步驟S330,處理單元130會擷取製造商憑證中所夾帶的公鑰(Manufacturer CA Certificate Public Key),並透過非對稱加密演算法(如:RSA演算法)驗證製造商憑證來源的數位簽名(CM Certificate Signature)是否正確。此外,處理單元130會進一步比對正在測試的數據機裝置100的媒體存取控制位址(CM MAC address)與數據裝置憑證中的媒體存取控制位址(CM Certificate MAC address)是否一致。若數據裝置憑證來源的數位簽名是正確的,且媒體存取控制位址也為一致的,則處理單元130則判斷數據裝置憑證為合法的。然,若處理單元130判斷數據裝置憑證為不合法,處理單元130執行步驟S480。In this embodiment, the data device certificate is issued based on the manufacturer's certificate and the media access control address (MAC address) of each modem device 100. Therefore, similar to step S330, the processing unit 130 retrieves the manufacturer CA Certificate Public Key carried in the manufacturer certificate, and verifies the source of the manufacturer certificate through an asymmetric encryption algorithm (such as: RSA algorithm). Is the digital signature (CM Certificate Signature) correct? In addition, the processing unit 130 further compares whether the media access control address (CM MAC address) of the modem device 100 under test is consistent with the media access control address (CM Certificate MAC address) in the data device certificate. If the digital signature of the data device certificate source is correct and the media access control address is also consistent, the processing unit 130 determines that the data device certificate is legitimate. However, if the processing unit 130 determines that the data device certificate is illegal, the processing unit 130 executes step S480.

圖4實施例的步驟S440至S480的細節與流程都與圖3的步驟S340至S380相同,此處不再贅述。The details and processes of steps S440 to S480 in the embodiment of FIG. 4 are the same as steps S340 to S380 of FIG. 3, and details are not described herein again.

請參照圖5,圖5繪示本揭露再一實施例的驗證資料的方法的細部流程圖。在此實施例中,數據機裝置100應用於支援語音通話的嵌入式多媒體終端適配器(Embedded multimedia terminal adapter,eMTA)中。Please refer to FIG. 5, which illustrates a detailed flowchart of a method for verifying data according to another embodiment of the present disclosure. In this embodiment, the modem device 100 is applied to an embedded multimedia terminal adapter (eMTA) that supports voice calls.

在此實施例中,參考驗證資訊124的憑證資訊包括參考根憑證(Service Provider Root CA Certificate)以及參考公鑰(Root CA Certificate Public Key)。裝置驗證資訊122包括根憑證、製造商憑證(MTA Manufacturer CA Certificate)以及數據裝置憑證(MTA Device Certificate)。In this embodiment, the certificate information of the reference verification information 124 includes a reference root certificate (Service Provider Root CA Certificate) and a reference public key (Root CA Certificate Public Key). The device verification information 122 includes a root certificate, a MTA Manufacturer CA Certificate, and a data device certificate.

在步驟S510,處理單元130比對參考根憑證與根憑證的每一個位元是否相同,以判斷根憑證是否合法。In step S510, the processing unit 130 compares each bit of the reference root certificate with the root certificate to determine whether the root certificate is valid.

參考根憑證為CableLabs所授權發行予服務提供者的公開憑證(Service Provider Root CA Certificate)。儲存單元120所儲存的根憑證應與參考根憑證一致。若有任何一個位元不相同,表示參考根憑證與根憑證不一致,根憑證為錯誤的。並且,處理單元130執行步驟S580,判斷驗證資訊錯誤,並產生錯誤提示。步驟S580的具體內容與圖3的步驟S380一致,於此即不贅述。The reference root certificate is a Service Provider Root CA Certificate issued by CableLabs to the service provider. The root certificate stored in the storage unit 120 should be consistent with the reference root certificate. If any one bit is different, it means that the reference root certificate is inconsistent with the root certificate, and the root certificate is wrong. In addition, the processing unit 130 executes step S580 to determine that the verification information is incorrect, and generates an error prompt. The specific content of step S580 is consistent with step S380 of FIG. 3, and details are not described herein again.

在步驟S520,處理單元130依據參考公鑰檢查製造商憑證的來源是否合法。In step S520, the processing unit 130 checks whether the source of the manufacturer certificate is legitimate according to the reference public key.

具體來說,CableLabs採用PacketCable的技術規範。而此技術規範具有對應的中介憑證(PacketCable Root CA Certificate)。在本實施例中,製造商憑證(MTA Manufacturer CA Certificate)是由此中介憑證來核發。為了簡化驗證程序,在本實施例中,於數據機裝置100中會預先儲存此中介憑證的公鑰於數據機裝置100韌體的命令行介面中,以作為參考公鑰。Specifically, CableLabs uses the technical specifications of PacketCable. And this technical specification has a corresponding intermediary certificate (PacketCable Root CA Certificate). In this embodiment, a MTA Manufacturer CA Certificate is issued from this intermediary certificate. In order to simplify the verification process, in this embodiment, the public key of the intermediary certificate is stored in the modem device 100 in advance in the command line interface of the firmware of the modem device 100 as a reference public key.

基此,於執行步驟S520時,處理單元130會依據參考公鑰,並透過非對稱加密演算法(如:RSA演算法)驗證製造商憑證來源的數位簽名是否正確。若正確,則判斷製造商憑證是經中介憑證核發的合法製造商憑證。反之,則處理單元130執行步驟S580。Based on this, when step S520 is executed, the processing unit 130 verifies whether the digital signature of the manufacturer's certificate source is correct according to the reference public key and an asymmetric encryption algorithm (such as an RSA algorithm). If it is correct, the manufacturer's certificate is judged to be a legitimate manufacturer's certificate issued by an intermediary certificate. Otherwise, the processing unit 130 executes step S580.

在步驟S530,處理單元130依據製造商憑證判斷數據裝置憑證是否合法,並判斷數據裝置憑證的媒體存取位址與數據機裝置的媒體存取位址是否相同。In step S530, the processing unit 130 determines whether the data device certificate is valid according to the manufacturer certificate, and determines whether the media access address of the data device certificate is the same as the media access address of the data device.

在本實施例中,數據裝置憑證(MTA Device Certificate)會基於製造商憑證以及每一台數據機裝置100的媒體存取位址(Media Access Control Address,MAC address)來核發。因此,相似於步驟S430,處理單元130會擷取製造商憑證中所夾帶的公鑰(MTA Manufacturer CA Public Key),並透過非對稱加密演算法(如:RSA演算法)驗證數據裝置憑證的來源的數位簽名(MTA Device Certificate Signature)是否正確。此外,處理單元130會進一步比對正在測試的數據機裝置100的媒體存取控制位址(MTA Device MAC Address)與數據裝置憑證中的媒體存取控制位址(MTA Device Certificate MAC Address)是否一致,以檢查數據裝置憑證中的媒體存取控制位置是否正確。若數據裝置憑證來源的數位簽名是正確的,且數據裝置憑證的媒體存取控制位址也為正確的,則處理單元130則判斷數據裝置憑證為合法的。若處理單元130判斷數據裝置憑證為不合法,處理單元130執行步驟S580。In this embodiment, the MTA Device Certificate is issued based on the manufacturer's certificate and the media access control address (MAC address) of each modem device 100. Therefore, similar to step S430, the processing unit 130 will retrieve the public key (MTA Manufacturer CA Public Key) carried in the manufacturer certificate, and verify the source of the data device certificate through an asymmetric encryption algorithm (such as: RSA algorithm) Is the digital signature (MTA Device Certificate Signature) correct? In addition, the processing unit 130 further compares whether the media access control address (MTA Device MAC Address) of the modem device 100 being tested is consistent with the media access control address (MTA Device Certificate MAC Address) in the data device certificate. To check if the media access control location in the data device certificate is correct. If the digital signature of the data device certificate source is correct and the media access control address of the data device certificate is also correct, the processing unit 130 determines that the data device certificate is legitimate. If the processing unit 130 determines that the data device certificate is illegal, the processing unit 130 executes step S580.

在步驟S540,處理單元130判斷數據裝置憑證的公鑰(MTA Device Certificate Public Key)與數據機裝置100儲存的公鑰(MTA Device Public Key)是否相同,以判斷數據裝置儲存的公鑰是否正確。In step S540, the processing unit 130 determines whether the public key (MTA Device Certificate Public Key) of the data device certificate is the same as the public key (MTA Device Public Key) stored by the modem device 100 to determine whether the public key stored by the data device is correct.

在步驟S550,處理單元130使用私鑰加密文字串,並使用數據機裝置儲存的公鑰解密經加密的文字串,以獲得解密後的文字串。In step S550, the processing unit 130 encrypts the text string using the private key, and decrypts the encrypted text string using the public key stored in the modem device to obtain the decrypted text string.

在步驟S560,處理單元130判斷文字串與解密後的文字串是否相同。若文字串與解密後的文字串相同,則表示私鑰是正確的。反之,若文字串與解密後的文字串不相同,則表示此對公鑰私鑰沒辦法正常的進行加解密,處理單元130執行步驟S580。In step S560, the processing unit 130 determines whether the character string is the same as the decrypted character string. If the text string is the same as the decrypted text string, it means that the private key is correct. Conversely, if the text string is different from the decrypted text string, it means that the public key and private key cannot be encrypted and decrypted normally, and the processing unit 130 executes step S580.

在步驟S570,處理單元130判斷私鑰正確,表示裝置驗證資訊中的所有資訊都為合法的資訊,結束驗證的流程。In step S570, the processing unit 130 determines that the private key is correct, indicating that all information in the device verification information is legal information, and ends the verification process.

須說明的是,在本揭露的其他實施例中,驗證資料正確性的程式亦可透過計算機裝置上可執行的獨立程式所實現。例如,讓電腦與數據機裝置100直接以有線的方式連接,並於電腦中執行獨立程式而檢測數據機內的裝置驗證資訊122。本揭露並不限於此。It should be noted that, in other embodiments of the present disclosure, the program for verifying the correctness of the data may also be implemented by an independent program executable on the computer device. For example, the computer and the modem device 100 are directly connected in a wired manner, and an independent program is executed in the computer to detect the device verification information 122 in the modem. This disclosure is not limited to this.

此外,由於本揭露的儲存單元120已儲存了參考驗證資訊,因此,在處理單元130執行模擬連線數據機終端系統檢查指令時,通訊單元100不須與數據機終端系統連接。In addition, since the reference verification information has been stored in the storage unit 120 of the present disclosure, the communication unit 100 does not need to be connected to the modem terminal system when the processing unit 130 executes the analog connection modem terminal system inspection instruction.

綜上所述,於本揭露的數據機裝置與驗證資料的方法中,由於數據機裝置儲存了對應數據機終端系統的參考驗證資訊,數據機裝置會在不連線至數據機終端系統的情形下,透過參考驗證資訊而對數據機裝置的裝置驗證資訊進行驗證。基此,本揭露的數據機裝置與驗證資料的方法簡化了驗證資料的方法,並減少耗費的時間。In summary, in the modem device and verification method disclosed in the present disclosure, since the modem device stores the reference verification information corresponding to the modem terminal system, the modem device will not be connected to the modem terminal system. Next, the device verification information of the modem device is verified by referring to the verification information. Based on this, the disclosed modem device and method for verifying data simplifies the method for verifying data and reduces the time consumed.

雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed as above with the examples, it is not intended to limit the present invention. Any person with ordinary knowledge in the technical field can make some modifications and retouching without departing from the spirit and scope of the present invention. The protection scope of the present invention shall be determined by the scope of the attached patent application.

100‧‧‧數據機裝置100‧‧‧ modem device

110‧‧‧通訊單元110‧‧‧ communication unit

120‧‧‧儲存單元120‧‧‧Storage unit

122‧‧‧參考驗證資訊122‧‧‧Reference Verification Information

124‧‧‧裝置驗證資訊124‧‧‧Device verification information

130‧‧‧處理單元130‧‧‧processing unit

S210~S220、S310~S380、S410~S480、S510~S580‧‧‧驗證資料正確性的步驟S210 ~ S220, S310 ~ S380, S410 ~ S480, S510 ~ S580‧‧‧Steps to verify the correctness of the data

圖1繪示本揭露一實施例之數據機裝置的系統架構圖。 圖2繪示本揭露一實施例驗證資料的方法的流程圖。 圖3繪示本揭露一實施例驗證資料的方法的細部流程圖。 圖4繪示本揭露另一實施例驗證資料的方法的細部流程圖 圖5繪示本揭露再一實施例的驗證資料的方法的細部流程圖。FIG. 1 is a system architecture diagram of a modem device according to an embodiment of the disclosure. FIG. 2 is a flowchart of a method for verifying data according to an embodiment of the disclosure. FIG. 3 is a detailed flowchart of a method for verifying data according to an embodiment of the disclosure. FIG. 4 is a detailed flowchart of a method for verifying data according to another embodiment of the present disclosure. FIG. 5 is a detailed flowchart of a method for verifying data according to another embodiment of the present disclosure.

Claims (8)

一種驗證資料的方法,適用於一數據機裝置,該驗證資料的方法包括:接收一模擬連線數據機終端系統檢查指令;以及依據一參考驗證資訊,驗證一裝置驗證資訊是否合法,該參考驗證資訊及該裝置驗證資訊儲存於該數據機裝置,且該參考驗證資訊包括數據機終端系統的憑證資訊、參考根憑證以及參考授權裝置憑證,該裝置驗證資訊包括根憑證、授權裝置憑證、數據裝置憑證以及私鑰,其中,於依據該參考驗證資訊驗證該裝置驗證資訊合法的步驟中,包括:比對該參考根憑證與該根憑證的每一個位元是否相同,以判斷該根憑證是否合法;當該根憑證為合法,比對該參考授權裝置憑證與該授權裝置憑證的每一個位元是否相同,以判斷該授權裝置憑證是否合法,當該授權裝置憑證為合法,依據該授權裝置憑證檢查該數據裝置憑證的來源是否合法,且判斷該數據裝置憑證的媒體存取位址與該數據機裝置的媒體存取位址是否相同,以判斷該數據裝置憑證是否合法;當該數據裝置憑證為合法,判斷該數據裝置憑證的公鑰與該數據機裝置儲存的公鑰是否相同,以判斷該數據機裝置儲存的該公鑰是否正確;當該數據機裝置儲存的該公鑰為正確時,使用該私鑰加密一文字串,並使用該數據裝置憑證的該公鑰解密經加密的該文字串,以獲得一解密後的文字串;判斷該文字串與該解密後的文字串是否相同;以及若該文字串與該解密後的文字串相同,判斷該私鑰正確。A method for verifying data is applicable to a modem device. The method for verifying data includes: receiving an analog connection modem terminal system check instruction; and verifying whether a device verification information is legal according to a reference verification information, the reference verification Information and the device authentication information are stored in the modem device, and the reference authentication information includes the modem terminal system's certificate information, the reference root certificate, and the reference authorized device certificate. The device authentication information includes the root certificate, the authorized device certificate, and the data device. The certificate and the private key, wherein the step of verifying that the device verification information is legal according to the reference verification information includes comparing whether the reference root certificate is the same as each bit of the root certificate to determine whether the root certificate is legitimate ; When the root certificate is legal, compare whether the reference authorized device certificate and each bit of the authorized device certificate are the same to determine whether the authorized device certificate is legal. When the authorized device certificate is legal, according to the authorized device certificate Check whether the source of the data device certificate is legal and determine Whether the media access address of the data device certificate is the same as the media access address of the data device device to determine whether the data device certificate is legal; when the data device certificate is valid, determine the public key of the data device certificate and Whether the public key stored by the modem device is the same to determine whether the public key stored by the modem device is correct; when the public key stored by the modem device is correct, use the private key to encrypt a text string and use the The public key of the data device certificate decrypts the encrypted text string to obtain a decrypted text string; determines whether the text string is the same as the decrypted text string; and if the text string is the decrypted text string Same, judge that the private key is correct. 如申請專利範圍第1項所述的驗證資料的方法,其中該參考驗證資訊包括參考根公鑰,該裝置驗證資訊包括根公鑰、製造商憑證、數據裝置憑證以及私鑰,其中於依據該參考驗證資訊驗證該裝置驗證資訊合法的步驟中包括:比對該參考根公鑰與該根公鑰的每一個位元是否相同,以判斷該根公鑰是否合法,當該根公鑰為合法,依據該根公鑰驗證該製造商憑證是否合法;當該製造商憑證為合法,依據該製造商憑證檢查該數據裝置憑證的來源是否合法,並判斷該數據裝置憑證的媒體存取位址與該數據機裝置的媒體存取位址是否相同,以判斷該數據裝置憑證是否合法;當該數據裝置憑證為合法,判斷該數據裝置憑證的公鑰與該數據機裝置儲存的公鑰是否相同,以判斷該數據機裝置儲存的該公鑰是否正確;當該數據機裝置儲存的該公鑰為正確時,使用該私鑰加密一文字串,並使用該數據機裝置儲存的該公鑰解密經加密的該文字串,以獲得一解密後的文字串;判斷該文字串與該解密後的文字串是否相同;以及若該文字串與該解密後的文字串相同,判斷該私鑰正確。The method for verifying data according to item 1 of the scope of patent application, wherein the reference verification information includes a reference root public key, and the device verification information includes a root public key, a manufacturer certificate, a data device certificate, and a private key. The step of referencing the verification information to verify that the verification information of the device is valid includes: comparing whether the reference root public key and each bit of the root public key are the same to determine whether the root public key is legal. When the root public key is legal , Verify whether the manufacturer's certificate is legal based on the root public key; when the manufacturer's certificate is legal, check whether the source of the data device certificate is legitimate according to the manufacturer certificate, and determine the media access address of the data device certificate and Whether the media device address of the modem device is the same to determine whether the data device certificate is legitimate; when the data device certificate is valid, determine whether the public key of the data device certificate is the same as the public key stored by the modem device, To determine whether the public key stored by the modem device is correct; when the public key stored by the modem device is correct, use the private key plus Encrypt a text string, and use the public key stored by the modem device to decrypt the encrypted text string to obtain a decrypted text string; determine whether the text string is the same as the decrypted text string; and if the text The string is the same as the decrypted text string, and it is determined that the private key is correct. 如申請專利範圍第1項所述的驗證資料的方法,其中該參考驗證資訊包括參考根憑證以及參考公鑰,該裝置驗證資訊包括根憑證、製造商憑證以及數據裝置憑證,其中於依據該參考驗證資訊驗證該裝置驗證資訊合法時的步驟中包括:比對該參考根憑證與該根憑證的每一個位元是否相同,以判斷該根憑證是否合法;當該根憑證為合法,依據該參考公鑰檢查該製造商憑證的來源是否合法;當該製造商憑證為合法,依據該製造商憑證的公鑰判斷該數據裝置憑證是否合法,並判斷該數據裝置憑證的媒體存取位址與該數據機裝置的媒體存取位址是否相同,以判斷該數據裝置憑證是否合法;以及當該數據裝置憑證為合法,判斷該數據裝置憑證的公鑰與該數據機裝置儲存的公鑰是否相同,以判斷該數據機裝置儲存的該公鑰是否正確;當該數據機裝置儲存的該公鑰為正確時,使用該私鑰加密一文字串,並使用該數據機裝置儲存的該公鑰解密經加密的該文字串,以獲得一解密後的文字串;判斷該文字串與該解密後的文字串是否相同;若該文字串與該解密後的文字串相同,判斷該私鑰正確。The method for verifying data according to item 1 of the scope of patent application, wherein the reference verification information includes a reference root certificate and a reference public key, and the device verification information includes a root certificate, a manufacturer certificate, and a data device certificate. The verification information includes the steps of verifying that the verification information of the device is valid: comparing whether the reference root certificate is the same as each bit of the root certificate to determine whether the root certificate is valid; when the root certificate is valid, according to the reference The public key checks whether the source of the manufacturer's certificate is legitimate; when the manufacturer's certificate is legitimate, the data device certificate is judged to be legitimate based on the public key of the manufacturer certificate, and the media access address of the data device certificate and the Whether the media access address of the modem device is the same to determine whether the data device certificate is legal; and when the data device certificate is valid, determine whether the public key of the data device certificate is the same as the public key stored by the modem device, To determine whether the public key stored by the modem device is correct; when the public key stored by the modem device is When correct, use the private key to encrypt a text string, and use the public key stored in the modem device to decrypt the encrypted text string to obtain a decrypted text string; determine the text string and the decrypted text string Whether they are the same; if the text string is the same as the decrypted text string, it is judged that the private key is correct. 如申請專利範圍第1項所述的驗證資料的方法,其中於依據該模擬連線數據機終端系統檢查指令驗證該裝置驗證資訊是否合法時,該數據機裝置不與該數據機終端系統連接。The method for verifying data according to item 1 of the scope of patent application, wherein the modem device is not connected to the modem terminal system when verifying whether the device verification information is legal according to the analog connection modem terminal system check instruction. 一種數據機裝置,包括:通訊單元,接收及傳輸訊號;儲存單元,儲存參考驗證資訊及裝置驗證資訊;以及處理單元,耦接於該通訊單元及該儲存單元,當該處理單元接收一模擬連線數據機終端系統檢查指令,該處理單元依據該參考驗證資訊,驗證該裝置驗證資訊是否合法,其中該參考驗證資訊包括數據機終端系統的憑證資訊、參考根憑證以及參考授權裝置憑證,該裝置驗證資訊包括根憑證、授權裝置憑證、數據裝置憑證以及私鑰,其中當該處理單元依據該參考驗證資訊驗證該裝置驗證資訊合法時,該處理單元比對該參考根憑證與該根憑證的每一個位元是否相同,以判斷該根憑證是否合法,當該根憑證為合法,該處理單元比對該參考授權裝置憑證與該授權裝置憑證的每一個位元是否相同,以判斷該授權裝置憑證是否合法,當該授權裝置憑證為合法,該處理單元依據該授權裝置憑證檢查該數據裝置憑證的來源是否合法,且該處理單元判斷該數據裝置憑證的媒體存取位址與該數據機裝置的媒體存取位址是否相同,以判斷該數據裝置憑證是否合法,當該數據裝置憑證為合法,該處理單元判斷該數據裝置憑證的公鑰與該數據機裝置儲存的公鑰是否相同,以判斷該數據機裝置儲存的該公鑰是否正確,當該數據機裝置儲存的該公鑰為正確時,該處理單元使用該私鑰加密一文字串,並使用該數據機裝置儲存的該公鑰解密經加密的該文字串,以獲得一解密後的文字串,該處理單元判斷該文字串與該解密後的文字串是否相同,若該文字串與該解密後的文字串相同,該處理單元判斷該私鑰正確。A modem device includes: a communication unit that receives and transmits signals; a storage unit that stores reference verification information and device verification information; and a processing unit that is coupled to the communication unit and the storage unit, and when the processing unit receives an analog connection Line modem terminal system check instruction, the processing unit verifies whether the device verification information is legal according to the reference verification information, wherein the reference verification information includes the certificate information of the modem terminal system, the reference root certificate, and the reference authorized device certificate, the device The authentication information includes a root certificate, an authorized device certificate, a data device certificate, and a private key. When the processing unit verifies that the device authentication information is valid according to the reference authentication information, the processing unit compares each of the reference root certificate with the root certificate. Whether a bit is the same to determine whether the root certificate is valid. When the root certificate is valid, the processing unit compares whether the reference authorized device certificate and each bit of the authorized device certificate are the same to determine the authorized device certificate. Whether it is legal when the authorized device certificate is legal The processing unit checks whether the source of the data device certificate is legitimate according to the authorized device certificate, and the processing unit determines whether the media access address of the data device certificate is the same as the media access address of the modem device to determine the Whether the data device certificate is valid. When the data device certificate is valid, the processing unit determines whether the public key of the data device certificate is the same as the public key stored by the data device device to determine whether the public key stored by the data device device is correct When the public key stored by the modem device is correct, the processing unit uses the private key to encrypt a text string, and uses the public key stored by the modem device to decrypt the encrypted text string to obtain a decrypted The processing unit determines whether the text string is the same as the decrypted text string. If the text string is the same as the decrypted text string, the processing unit determines that the private key is correct. 如申請專利範圍第5項所述的數據機裝置,其中該參考驗證資訊包括參考根公鑰,該裝置驗證資訊包括根公鑰、製造商憑證、數據裝置憑證以及私鑰,其中當該處理單元依據該參考驗證資訊驗證該裝置驗證資訊合法時,該處理單元比對該參考根公鑰與該根公鑰的每一個位元是否相同,以判斷該根憑證是否合法;當該根憑證為合法,該處理單元依據該根公鑰判斷該製造商憑證是否合法;當該製造商憑證為合法,該處理單元依據該製造商憑證檢查該數據裝置憑證的來源是否合法,且該處理單元判斷該數據裝置憑證的媒體存取位址與該數據機裝置的媒體存取位址是否相同,以判斷該數據裝置憑證是否合法;當該數據裝置憑證為合法,該處理單元判斷該數據裝置憑證的公鑰與該數據機裝置儲存的公鑰是否相同,以判斷該數據機裝置儲存的該公鑰是否正確;當該數據機裝置儲存的該公鑰為正確時,該處理單元使用該私鑰加密一文字串,並使用該數據機裝置儲存的該公鑰解密經加密的該文字串,以獲得一解密後的文字串;該處理單元判斷該文字串與該解密後的文字串是否相同;若該文字串與該解密後的文字串相同,該處理單元判斷該私鑰正確。The modem device according to item 5 of the scope of patent application, wherein the reference verification information includes a reference root public key, and the device verification information includes a root public key, a manufacturer certificate, a data device certificate, and a private key, where the processing unit When verifying that the device verification information is valid according to the reference verification information, the processing unit compares whether the reference root public key and each bit of the root public key are the same to determine whether the root certificate is legal; when the root certificate is legal , The processing unit judges whether the manufacturer's certificate is legal based on the root public key; when the manufacturer certificate is legitimate, the processing unit checks whether the source of the data device certificate is legitimate according to the manufacturer certificate, and the processing unit judges the data Whether the media access address of the device certificate is the same as the media access address of the modem device to determine whether the data device certificate is valid; when the data device certificate is valid, the processing unit determines the public key of the data device certificate Whether it is the same as the public key stored in the modem device to determine whether the public key stored in the modem device is correct; When the public key stored by the modem device is correct, the processing unit uses the private key to encrypt a text string, and uses the public key stored by the modem device to decrypt the encrypted text string to obtain a decrypted text The processing unit determines whether the text string is the same as the decrypted text string; if the text string is the same as the decrypted text string, the processing unit determines that the private key is correct. 如申請專利範圍第5項所述的數據機裝置,其中該參考驗證資訊包括參考根憑證以及參考公鑰,該裝置驗證資訊包括根憑證、製造商憑證以及數據裝置憑證,其中當該處理單元依據該參考驗證資訊驗證該裝置驗證資訊合法時,該處理單元比對該參考根憑證與該根憑證的每一個位元是否相同,以判斷該根憑證是否合法;當該根憑證為合法,該處理單元依據該參考公鑰檢查該製造商憑證的來源是否合法;當該製造商憑證為合法,該處理單元依據該製造商憑證的公鑰判斷該數據裝置憑證是否合法,且該處理單元判斷該數據裝置憑證的媒體存取位址與該數據機裝置的媒體存取位址是否相同,以判斷該數據裝置憑證是否合法;當該數據裝置憑證為合法,該處理單元判斷該數據裝置憑證的公鑰與該數據機裝置儲存的公鑰是否相同,以判斷該數據機裝置儲存的該公鑰是否正確;當該數據機裝置儲存的該公鑰為正確時,該處理單元使用該私鑰加密一文字串,並使用該數據機裝置儲存的該公鑰解密經加密的該文字串,以獲得一解密後的文字串;該處理單元判斷該文字串與該解密後的文字串是否相同;若該文字串與該解密後的文字串相同,該處理單元判斷該私鑰正確。The modem device according to item 5 of the scope of patent application, wherein the reference verification information includes a reference root certificate and a reference public key, and the device verification information includes a root certificate, a manufacturer certificate, and a data device certificate, wherein when the processing unit is based on When the reference verification information verifies that the device verification information is valid, the processing unit compares whether the reference root certificate and each bit of the root certificate are the same to determine whether the root certificate is legal; when the root certificate is legal, the processing The unit checks whether the source of the manufacturer certificate is legal according to the reference public key; when the manufacturer certificate is legal, the processing unit judges whether the data device certificate is legal according to the public key of the manufacturer certificate, and the processing unit judges the data Whether the media access address of the device certificate is the same as the media access address of the modem device to determine whether the data device certificate is valid; when the data device certificate is valid, the processing unit determines the public key of the data device certificate Whether it is the same as the public key stored in the modem device to determine the public key stored in the modem device Whether the key is correct; when the public key stored by the modem device is correct, the processing unit uses the private key to encrypt a text string, and uses the public key stored by the modem device to decrypt the encrypted text string to obtain A decrypted text string; the processing unit determines whether the text string is the same as the decrypted text string; if the text string is the same as the decrypted text string, the processing unit determines that the private key is correct. 如申請專利範圍第5項所述的數據機裝置,其中於該處理單元依據該模擬連線數據機終端系統檢查指令驗證該裝置驗證資訊是否合法時,該通訊單元不與該數據機終端系統連接。The modem device according to item 5 of the scope of patent application, wherein the communication unit is not connected to the modem terminal system when the processing unit verifies whether the device verification information is legal according to the analog connection modem terminal system check instruction .
TW107104930A 2018-02-12 2018-02-12 A modem device and a method for verifying data TWI668971B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TW107104930A TWI668971B (en) 2018-02-12 2018-02-12 A modem device and a method for verifying data
CN201910110073.9A CN110166245B (en) 2018-02-12 2019-02-11 Cable modem device and method for verifying data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107104930A TWI668971B (en) 2018-02-12 2018-02-12 A modem device and a method for verifying data

Publications (2)

Publication Number Publication Date
TWI668971B true TWI668971B (en) 2019-08-11
TW201935885A TW201935885A (en) 2019-09-01

Family

ID=67645339

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107104930A TWI668971B (en) 2018-02-12 2018-02-12 A modem device and a method for verifying data

Country Status (2)

Country Link
CN (1) CN110166245B (en)
TW (1) TWI668971B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200632333A (en) * 2005-03-02 2006-09-16 Askey Computer Corp Inspection system of cable modem
US7454616B2 (en) * 2005-01-07 2008-11-18 General Instrument Corporation Code authentication upon bootup for cable modems
TW201029411A (en) * 2009-01-16 2010-08-01 Hon Hai Prec Ind Co Ltd Cable modem and method for reissuing a digital certificate
US8453216B2 (en) * 2006-08-24 2013-05-28 Cisco Technology, Inc. Authentication for devices located in cable networks
TWI423643B (en) * 2009-10-29 2014-01-11 Hon Hai Prec Ind Co Ltd Cable modem and certificate testing method thereof
TW201419827A (en) * 2012-11-12 2014-05-16 Compal Broadband Networks Inc Certification method and computer system for cable modem
CN104769909A (en) * 2012-08-30 2015-07-08 艾诺威网络有限公司 Internetwork authentication
CN105024843A (en) * 2014-04-29 2015-11-04 国基电子(上海)有限公司 Cable modem, server and method for upgrading firmware

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8255682B2 (en) * 2006-07-27 2012-08-28 Cisco Technology, Inc. Early authentication in cable modem initialization
CN104702593A (en) * 2015-01-16 2015-06-10 苏州江河行信息技术有限公司 Electronic certificate online and offline integrated verification system and method
CN105991566B (en) * 2015-02-06 2020-02-11 中国移动通信集团四川有限公司 Method, equipment and system for processing service

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7454616B2 (en) * 2005-01-07 2008-11-18 General Instrument Corporation Code authentication upon bootup for cable modems
TW200632333A (en) * 2005-03-02 2006-09-16 Askey Computer Corp Inspection system of cable modem
US8453216B2 (en) * 2006-08-24 2013-05-28 Cisco Technology, Inc. Authentication for devices located in cable networks
TW201029411A (en) * 2009-01-16 2010-08-01 Hon Hai Prec Ind Co Ltd Cable modem and method for reissuing a digital certificate
TWI423643B (en) * 2009-10-29 2014-01-11 Hon Hai Prec Ind Co Ltd Cable modem and certificate testing method thereof
CN104769909A (en) * 2012-08-30 2015-07-08 艾诺威网络有限公司 Internetwork authentication
TW201419827A (en) * 2012-11-12 2014-05-16 Compal Broadband Networks Inc Certification method and computer system for cable modem
CN105024843A (en) * 2014-04-29 2015-11-04 国基电子(上海)有限公司 Cable modem, server and method for upgrading firmware

Also Published As

Publication number Publication date
CN110166245A (en) 2019-08-23
TW201935885A (en) 2019-09-01
CN110166245B (en) 2022-04-19

Similar Documents

Publication Publication Date Title
TWI487359B (en) Secure key generation
US10057221B2 (en) Field replaceable unit authentication system
US10437985B2 (en) Using a second device to enroll a secure application enclave
CN109710315B (en) BIOS (basic input output System) flash writing method and BIOS mirror image file processing method
CN102025716B (en) Method for updating seeds of dynamic password token
US20170134373A1 (en) Trusted management controller firmware
CN109639427A (en) A kind of method and apparatus that data are sent
KR20170133463A (en) Proof of Peer to Peer
CN104836784B (en) A kind of information processing method, client and server
CN106302379A (en) The authentication method of vehicle mounted electrical apparatus, system and its apparatus
KR102389727B1 (en) Method and apparatus for evaluating security of electronic controller in vehicle
US20240187262A1 (en) Encrypted and authenticated firmware provisioning with root-of-trust based security
CN106411902A (en) Data secure transmission method and system
WO2019047375A1 (en) Authentication method, device, server and storage medium for preventing automated gift farming
CN111510448A (en) Communication encryption method, device and system in OTA (over the air) upgrade of automobile
WO2018166163A1 (en) Pos terminal control method, pos terminal, server and storage medium
CN108256355A (en) The method and device of BIOS integralities is verified when refreshing BIOS outside a kind of band
CN104394467A (en) Method for downloading set-top box application program and set-top box
CN115348107A (en) Internet of things device security login method, device, computer equipment and storage medium
TWI668971B (en) A modem device and a method for verifying data
WO2019120231A1 (en) Method and device for determining trust state of tpm, and storage medium
CN104683101A (en) SSL certificate generating and introducing device and method
US8949598B2 (en) Method and apparatus for secured embedded device communication
CN108228219A (en) The method and device of BIOS legitimacies is verified when refreshing BIOS outside a kind of band
CN114553542A (en) Data packet encryption method and device and electronic equipment