Recent years have seen a continuing increase in the usage of the Internet for connecting testing equipment to a central office for dynamically reporting test results.
By way of example, U.S. Pat. No. 7,111,318 issued on Sep. 19, 2006 in the name of Vitale et al., incorporated herein by reference, teaches a method of performing work on a CATV communication system by a remote test device exchanging information with a central office.
Community Antenna Television (“CATV”) systems are communication systems that transmit and distribute television signals to end users, or subscribers. In general, CATV systems comprise a headend facility, also referred to as a central office, and a distribution network. The headend facility obtains television signals associated with a plurality of CATV channels and generates a broadband CATV signal therefrom. The distribution network then delivers the CATV broadband signal to television receivers located within the residences and business establishments of subscribers.
The operation and maintenance of CATV networks requires a significant amount of field work, or in other words, operations performed in portions of the distribution network, away from the headend facility. Examples of field operations include installation of new cable service, installation of new network components, troubleshooting subscriber complaints, and general maintenance of the network. Many field operations are performed by technicians that travel from network location to network location performing a variety of the above described tasks.
A handheld meter is an important tool used by field network technicians to test cable modem services, digital video, analog video, and VoIP signals. The meter, when connected to a coaxial cable of a cable network, acts as a customer's modem enabling the validation of network services available to the customer. The testing may involve monitoring ongoing traffic; injection of predetermined test messages to monitor the system's response; measuring operational parameters, such as bit error rates, message travel times and the like; or monitoring the operation of individual components of the system. On the physical level, CATV meters perform various types of measurements, depending on the channel type, in a CATV system including, but not limited to: Signal strength, Signal quality, Distance to a cable break, Ingress (interference from external sources entering the cable line), and Tilt (the natural loss of signal strength as frequency increases).
In general, a centralized facility registers or defines the tasks to be performed, and then allocates the various field tasks, referred to herein as work assignments, to the various technicians. A work assignment may be a new subscriber installation, an upgrade to a subscriber installation, or a trouble ticket. A work assignment may also be an instruction to perform general measurements at select areas of the distribution network. Systems that perform allocation of work assignments to technicians are known. Each technician then performs the work assignments allocated to him or her during the course of the work day.
One issue that arises in connection with the performance of measurements in connection with work assignments relates to customer privacy, since a work assignment includes customer identification in the form of a name, a billing number, social security number, account number or the like. Another issue relates to measured data sent to the headend that affects customer billing, and therefore should be protected from tampering therewith.
Currently, the CATV industry uses File Transfer Protocol (FTP) to send data between meters in the field and a central office. The measurement and configuration data transferred via FTP is not encrypted, so it is not only easy to read, but easy to alter, as well. Furthermore, CATV service providers prefer not to enable FTP connectivity from a client location outside a firewall to central office computers behind the firewall. Thus, a server accumulating measurement data is often placed outside a firewall rendering it vulnerable to malicious attacks. Therefore, there is a need for a method of secure communication between CATV meters and the central office.
It is desirable to employ cryptography for providing confidentiality, authentication, integrity and non-repudiation for communication between CATV meters and the central office over public communication channels.
In a public-key scheme, each user has a key pair consisting of a public key that is made publicly available, and a private key that is kept secret. The two keys are related by a hard one-way function, so as to make it infeasible to determine the private key from the public key. The public-key scheme allows a signature in the form of a digital signature to accompany a message.
A digital signature is a cryptographic primitive that provides a means for a user or an entity to bind its identity to a piece of information. A digital signature of a message is a sequence of bytes dependent on some secret known only to the signer, and, additionally, on the content of the message being signed. Such signatures must be verifiable, if a dispute arises as to whether a party signed a document. The process of signing entails transforming the message and a key unique to a particular user into a tag called a digital signature. A digital signature may be used to prove the identity of the sender and the integrity of data. To verify the digital signature, a recipient of a digitally signed message can use a verification rule associated with the digital signature scheme. Any attempt to modify the contents of the message or forge a signature will be detected when the signature is verified.
An additional issue associated with the portable meters is the problem of a lost or stolen meter, which could be used to gain access to the central office. Furthermore, the Public Key Infrastructure (PKI) can be curtailed by a compromised certificate obtained from the lost or stolen portable meter. Accordingly, it is desirable to disable access of the lost meter to the central office as soon the loss is reported. The PKM provides a mechanism for certificate revocation; however, revoking a certificate requires a restart of the http server forcing any currently connected meters to lose their connection requiring them to retry at a later time. Therefore, it is desirable to enable an additional filter to prevent connection by an actual meter which had been lost or a third party using the valid certificate obtained from lost meter without the need for certificate revocation and without the requirement of restarting the server.
It is an object of the present invention to overcome the shortcomings of the prior art and provide a method of secure communication between a central office and a portable meter at a customer location. It is another object to provide a system including a portable meter and a central office in secure communication for performing measurements at a customer location. Yet another object of the instant invention is to provide a secure system for dynamic meter access management and monitoring.