The present invention relates to communications in computer networks. More specifically, it relates to methods for restricting access of network devices to subscription services in a data-over-cable system.
Cable television networks such as those provided by Comcast Cable Communications, Inc., of Philadelphia, Pa., Cox Communications of Atlanta, Ga., Tele-Communications, Inc., of Englewood Colo., Time-Warner Cable, of Marietta Ga., Continental Cablevision, Inc., of Boston Mass., and others provide cable television services to a large number of subscribers over a large geographical area. The cable television networks typically are interconnected by cables such as coaxial cables or a Hybrid Fiber/Coaxial (xe2x80x9cHFCxe2x80x9d) cable system which have data rates of about 10 Mega-bits-per-second (xe2x80x9cMbpsxe2x80x9d) to about 30+ Mbps.
The Internet, a world-wide-network of interconnected computers, provides multi-media content including audio, video, graphics and text that typically requires a large bandwidth for downloading and viewing. Most Internet Service Providers (xe2x80x9cISPsxe2x80x9d) allow customers to connect to the Internet via a serial telephone line from a Public Switched Telephone Network (xe2x80x9cPSTNxe2x80x9d) at data rates including 14,400 bps, 28,800 bps, 33,600 bps, 56,000 bps and others that are much slower than the about 10 Mbps to about 30+ Mbps available on a coaxial cable or HFC cable system on a cable television network.
With the explosive growth of the Internet, many customers have desired to use the larger bandwidth of a cable television network to connect to the Internet and other computer networks.
Cable modems, such as those provided by 3Com Corporation, of Santa Clara, Calif., Motorola Corporation, of Arlington Heights, Ill., Hewlett-Packard Co., of Palo Alto, Calif., Bay Networks, of Santa Clara, Calif., Scientific-Atlanta, of Norcross, Ga. and others offer customers higher-speed connectivity to the Internet, an intranet, Local Area Networks (xe2x80x9cLANsxe2x80x9d) and other computer networks via cable television networks. These cable modems currently support a data connection to the Internet and other computer networks via a cable television network with a data rate of up to about 30+ Mbps, which is a much larger data rate than can be supported by a modem used over a serial telephone line.
However, many cable television networks provide only unidirectional cable systems, supporting only a xe2x80x9cdownstreamxe2x80x9d cable data path. A downstream data path is the flow of data from a cable system xe2x80x9cheadendxe2x80x9d to a customer. A cable system headend is a central location in the cable television network that is responsible for sending cable signals in the downstream direction. A return data path via a telephone network (i.e., a xe2x80x9ctelephony returnxe2x80x9d), such as a public switched telephone network provided by ATandT, GTE, Sprint, MCI and others, is typically used for an xe2x80x9cupstreamxe2x80x9d data path. An upstream data path is the flow of data from the customer back to the cable system headend. A cable television system with an upstream connection to a telephony network is called a xe2x80x9cdata-over-cable system with telephony return.xe2x80x9d
An exemplary data-over-cable system with telephony return includes customer premise equipment (e.g., a customer computer), a cable modem, a cable modem termination system, a cable television network, a public switched telephone network, a telephony remote access concentrator and a data network (e.g., the Internet). The cable modem termination system and the telephony remote access concentrator together are called a xe2x80x9ctelephony return termination system.xe2x80x9d
The cable modem termination system receives data packets from the data network and transmits them downstream via the cable television network to a cable modem attached to the customer premise equipment. The customer premise equipment sends response data packets to the cable modem, which sends response data packets upstream via public switched telephone network to the telephony remote access concentrator, which sends the response data packets back to the appropriate host on the data network.
In a two-way cable system without telephony return, the customer premise equipment sends response data packets to the cable modem, which sends the data packets upstream via the cable television network to the cable modem termination system. The cable modem termination system sends the data packets to appropriate hosts on the data network. The cable modem termination system sends the response data packets back to the appropriate cable modem.
As a cable modem is initialized in a data-over-cable system, it registers with a cable modem termination system to allow the cable modem to receive data over a cable television connection and from a data network (e.g., the Internet or an Intranet). The cable modem forwards configuration information it receives in a configuration file during initialization to the cable modem termination system as part of a registration request message. A cable modem also helps initialize and register any attached customer premise equipment with the cable modem termination system.
A cable modem termination system in a data-over-cable system typically manages connections to tens of thousands of cable modems. Most of the cable modems are attached to host customer premise equipment such as a customer computer. To send and receive data to and from a computer network like the Internet or an intranet, a cable modem and customer premise equipment and other network devices have a network address dynamically assigned on the data-over-cable system. Many data-over-cable systems use a Dynamic Host Configuration Protocol (xe2x80x9cDHCPxe2x80x9d) as a standard messaging protocol to dynamically allocate network addresses such as Internet Protocol (xe2x80x9cIPxe2x80x9d) addresses. As is known in the art, the Dynamic Host Configuration Protocol is a protocol for passing configuration information to network devices on a network. The Internet Protocol is an addressing protocol designed to route traffic within a network or between networks.
Since the cable modem termination system typically manages connections to tens of thousands of cable modems and customer premise equipment, the cable modem termination system provides access to subscription services for the data-over-cable system as well as access to a subscription data network such as the Internet. The are several problems associated with providing access to subscription services in both the data-over-cable system and the data network for tens of thousand of cable modems and customer premise equipment. If the cable modem termination system does not provide security checks, a rogue cable modem could comprise the security of the cable plant and/or connections to the data network.
One solution is to store information about known cable modems that subscribe to a data-over-cable system in one or more cable modem termination system databases. When an individual cable modem requests a connection, the cable modem termination system is able to determine if the individual cable modem is authorized to access the data-over-cable system using the stored information from the databases. However, such a solution cannot be used for new subscribers, or existing subscribers who connect a new type of cable modem to the data-over-cable system, without updating the databases first. Requiring a database update for one or more databases associated with the cable modem termination system may prevent a new user from accessing the data-over-cable system without a delay, and may also prevent an existing subscriber from using a new cable modem without a delay. The delays may lead to user frustration.
Thus, it is desirable to allow a cable modem termination system to provide restricted access to subscription services for a data-over-cable system. The restricted access should not prevent new subscribers or existing subscribers with a new type of cable modem from accessing subscription services on the data-over-cable system without a long delay.
In accordance with preferred embodiments of the present invention, some of the problems associated with restricting access to subscription services a data-over-cable system are overcome. One aspect of the invention includes a method for restricting access to subscription services in a data-over-cable system. The method includes receiving a connection request from a first network device on a second network device on a data-over cable system for a subscription service on the data-over-cable system. It is determined from the second network device, whether information about the first network device is available on the data-over-cable system. If not, a temporary restricted network address is assigned for a restricted connection to the first network device on the data-over-cable system from pre-determined list of restricted network addresses. The temporary network address from the pre-determined list of restricted network addresses provides restricted access to subscription services the data-over-cable system. A connection timer on the data-over-cable system for a restricted connection to the first network device is started. The connection timer restricts access to subscription services the data-over-cable system over a timed interval. A restricted connection is created between the data-over-cable system and the first network device including the temporary restricted network address and connection timer, thereby providing restricted access to the data-over-cable system over a timed interval.
The method may allow a cable modem termination system to provide restricted access for new or unknown cable modems or customer premise equipment, to subscription services on a data-over-cable system. However, other network devices could also be used to provide and obtain restricted access on a data-over-cable system, and the present invention is not limited to cable modem termination systems, cable modems, or customer premise equipment. The restricted access to subscription services to subscription services is provided without a long delay, and limits a new or unknown cable modem to a temporary network address for a limited amount of time. Thus, restricted access may also be provided without compromising the security of the data-over-cable system or the connections to the data network (e.g., the Internet).
The foregoing and other features and advantages of a preferred embodiment of the present invention will be more readily apparent from the following detailed description, which proceeds with references to the accompanying drawings.