Data-Over-Cable Service Interface Specifications (“DOCSIS”) has been established by cable television network operators to facilitate transporting data traffic, primarily internet traffic, over existing community antenna television (“CATV”) networks. In addition to transporting data traffic as well as television content signals over a CATV network, multiple services operators (“MSO”) also use their CATV network infrastructure for carrying voice, video on demand (“VoD”) and video conferencing traffic signals, among other types.
An MSO may use what is known in the art as PacketCable for providing telephony services to users. PacketCable™, which is a trademark of CableLabs®, facilitates the presentation of a transparent interface to a user with respect to operation of the network. In other words, a user plugs a standard telephone into a user device, which presents to the telephone what appears to be a traditional plain old telephony service (“POTS”) line card interface. However, the user device transforms analog POTS signals to and from the telephone from/to internet packets.
Such a user device typically includes a media terminal adaptor (“MTA”) that performs processing of signals between the telephone and the network interface portions of the user device. When a user device, such as one containing an MTA, performs processing of telephony signals for transport over a network according to PacketCable, secure provisioning of the MTA device is performed according to procedures set forth in the PacketCable specification. Such secure provisioning ensures that the device securely receives information that allows it to confirm with the network that it is the device it purports to be. Transporting of the user device configuration data as specified in the PacketCable specification is typically performed securely according to protocols and procedures that prevent unauthorized access to information related to the user device and associated user.
However, some MSOs, which may operate a DOCSIS network for communicating data over a communication network, may want to provide telephony services over the same network without conforming to the PacketCable specification related to device security. A user device attempting to register with the provisioning server must demonstrate to the provisioning server that it is authorized to do so before a configuration file is sent to the user device attempting to register. For example, PacketCable specifies the use of Kerberized Key Management, in combination with SNMPv3 to secure the device provisioning process. Kerberized Key Management is familiar to those skilled in the art. For further definition of terms and the requirements of PacketCable MTA security requirements, the reader may refer to section 5 of PacketCable™ MTA Device Provisioning Specification. This document has document number PKT-SP-PROV-I11-.050812, which may be found at http://www.packetcable.com/downloads/specs/PKT-SP-PROV-I11-050812.pdf, is referred to elsewhere herein as PacketCable sec. 5, and is incorporated herein by reference in its entirety for purposes of providing background information.
For a variety of reasons, an MSO may not wish to implement secure provisioning according to PacketCable sec 5, or later versions thereof. These reasons may include, but are not limited to, reluctance or inability to purchase network equipment required to implement the PacketCable sec. 5 specified security procedures. Another reason may be that that an MSO may encounter difficulty in integrating existing equipment used in providing telephony according to PacketCable with the network equipment required for providing secure provisioning according to PacketCable sec. 5.
An operator may, for example, wish to establish a session initiation protocol (“SIP”) communication session without using the PacketCable method for securely transmitting configuration information to a user device. To authenticate a user device in a SIP session, a password is sent from the user device to a provisioning server. However, before the device sends the password to the provisioning server, the password should be provided to the user device such that it is not susceptible to being discovered by other entities. As discussed above, the operator may not want to use the PacketCable-specified method for securely transmitting confidential information to the user device.
Thus, there is a need in the art for a method and system for securely distributing information used to initialize a user device according to PacketCable in general, but not in accordance with PacketCable-specified security, an example of which is described in PacketCable sec. 5, as discussed above.