TWI423643B - Cable modem and certificate testing method thereof - Google Patents

Cable modem and certificate testing method thereof Download PDF

Info

Publication number
TWI423643B
TWI423643B TW98136773A TW98136773A TWI423643B TW I423643 B TWI423643 B TW I423643B TW 98136773 A TW98136773 A TW 98136773A TW 98136773 A TW98136773 A TW 98136773A TW I423643 B TWI423643 B TW I423643B
Authority
TW
Taiwan
Prior art keywords
digital certificate
certificate
voucher
data machine
authorized
Prior art date
Application number
TW98136773A
Other languages
Chinese (zh)
Other versions
TW201116026A (en
Inventor
Chi Fu Koh
Original Assignee
Hon Hai Prec Ind Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hon Hai Prec Ind Co Ltd filed Critical Hon Hai Prec Ind Co Ltd
Priority to TW98136773A priority Critical patent/TWI423643B/en
Publication of TW201116026A publication Critical patent/TW201116026A/en
Application granted granted Critical
Publication of TWI423643B publication Critical patent/TWI423643B/en

Links

Landscapes

  • Maintenance And Management Of Digital Transmission (AREA)
  • Storage Device Security (AREA)

Description

纜線數據機及其憑證測試方法 Cable data machine and its certificate test method

本發明涉及網路接入裝置及其測試方法,尤其涉及一種纜線數據機及其憑證測試方法。 The present invention relates to a network access device and a test method thereof, and more particularly to a cable data machine and a certificate testing method thereof.

過去工廠在生產纜線數據機(Cable Modem,CM)時,有可能會存入不正確的數位憑證(certificate)及媒體訪問控制(Media Access Control,MAC)位址等重要資訊,當這些不合格的產品流入到用戶端,在用戶端才發現這些重要資訊的設定錯誤時,往往只能藉由退貨授權(Return Material Authorization,RMA)流程才能解決問題,然,RMA流程的成本非常高。 In the past, when the factory was producing Cable Modem (CM), it was possible to store important information such as incorrect digital certificate and Media Access Control (MAC) address. The product flows into the user terminal. When the user terminal finds that the setting of these important information is wrong, the problem can only be solved by the Return Material Authorization (RMA) process. However, the cost of the RMA process is very high.

並且,習知技術中也一直沒有形成一個快速的檢查機制,以檢查纜線數據機所存入的憑證及MAC位址等重要資訊,若要檢查纜線數據機的數位憑證時,就必須借助額外的設備,例如纜線數據機頭端系統(Cable Modem Termination Systems,CMTS)、特定伺服器(Provisioning Server)等才能執行檢查的動作,因此,工廠在生產的過程中對存入纜線數據機的重要資訊進行檢查存在測試效率低的問題。 Moreover, the prior art has not formed a rapid inspection mechanism to check important information such as credentials and MAC addresses stored in the cable modem. To check the digital certificate of the cable modem, it is necessary to Additional equipment, such as Cable Modem Termination Systems (CMTS), Specific Server (Provisioning Server), etc., can perform inspections. Therefore, the factory deposits cable data generators during production. The important information to check for is the problem of low test efficiency.

有鑒於此,需提供一種纜線數據機,能對存入其中的憑證進行全 面檢查,有效提高纜線數據機的測試效率。 In view of this, it is necessary to provide a cable data machine that can perform all the documents stored therein. Face inspection, effectively improve the testing efficiency of the cable data machine.

另外,還需提供一種測試方法,能對存入到纜線數據機的憑證進行全面檢查,有效提高纜線數據機的測試效率。 In addition, a test method is needed to thoroughly check the credentials stored in the cable modem to effectively improve the testing efficiency of the cable modem.

一種纜線數據機,用於對該纜線數據機中的憑證進行測試,其中該憑證包括根數位憑證授權的憑證及公開密鑰,製造商數位憑證授權的憑證,以及纜線數據機的數位憑證、公開密鑰和私有密鑰。纜線數據機包括存儲模組、根數位憑證測試模組、製造商數位憑證測試模組及纜線數據機數位憑證測試模組。存儲模組用於儲存該憑證。根數位憑證測試模組用於讀取該根數位憑證授權的公開密鑰,並判斷該根數位憑證授權的公開密鑰是否符合公開密鑰的行業標準。製造商數位憑證測試模組用於在該根數位憑證授權的公開密鑰符合公開密鑰的行業標準時,判斷該製造商數位憑證授權的憑證是否由該根數位憑證授權的憑證產生。纜線數據機數位憑證測試模組用於在該製造商數位憑證授權的憑證由該根數位憑證授權的憑證產生時,判斷該纜線數據機的數位憑證是否由該製造商數位憑證授權的憑證產生,並在該纜線數據機的數位憑證由該製造商數位憑證授權的憑證產生時,判斷該纜線數據機的數位憑證是否符合數位憑證的行業標準,並在該纜線數據機的數位憑證符合數位憑證的行業標準時,判斷纜線數據機的公開密鑰和私有密鑰是否匹配,以及纜線數據機的公開密鑰和私有密鑰相匹配時,返回該憑證測試成功的資訊。 A cable modem for testing a voucher in a cable modem, wherein the voucher includes a voucher and a public key authorized by the root voucher, a voucher authorized by the manufacturer digital voucher, and a digit of the cable modem Credentials, public keys, and private keys. The cable data machine includes a storage module, a root digital certificate test module, a manufacturer digital certificate test module, and a cable data machine digital certificate test module. The storage module is used to store the voucher. The root digital certificate test module is configured to read the public key of the root digital certificate authorization, and determine whether the public key authorized by the root digital certificate meets the industry standard of the public key. The manufacturer digital certificate test module is configured to determine whether the certificate authorized by the manufacturer digital certificate is generated by the certificate authorized by the root digital certificate when the public key authorized by the root digital certificate meets the industry standard of the public key. The cable data machine digital certificate test module is configured to determine, when the certificate authorized by the manufacturer digital certificate is generated by the certificate authorized by the root digital certificate, whether the digital certificate of the cable data machine is authorized by the manufacturer digital certificate Generating, and when the digital certificate of the cable data machine is generated by the certificate authorized by the manufacturer digital certificate, determining whether the digital certificate of the cable data machine meets the industry standard of the digital certificate, and the digit of the cable data machine When the voucher meets the industry standard of the digital voucher, it is judged whether the public key and the private key of the cable data machine match, and when the public key and the private key of the cable data machine match, the information that the voucher test succeeds is returned.

一種纜線數據機的測試方法,用於對該纜線數據機中的憑證進行測試,其中該憑證包括根數位憑證授權的憑證及公開密鑰,製造商數位憑證授權的憑證,以及纜線數據機的數位憑證、公開密鑰 和私有密鑰。該方法包括:讀取該根數位憑證授權的公開密鑰,並判斷該根數位憑證授權的公開密鑰是否符合公開密鑰的行業標準;若該根數位憑證授權的公開密鑰符合公開密鑰的行業標準,則判斷該製造商數位憑證授權的憑證是否由該根數位憑證授權的憑證產生;若該製造商數位憑證授權的憑證由該根數位憑證授權的憑證產生,則判斷該纜線數據機的數位憑證是否由該製造商數位憑證授權的憑證產生;若該纜線數據機的數位憑證由該製造商數位憑證授權的憑證產生,則讀取該纜線數據機的數位憑證中的欄位,並判斷該纜線數據機的數位憑證是否符合數位憑證的行業標準;若該纜線數據機的數位憑證符合數位憑證的行業標準,則判斷該纜線數據機的公開密鑰和私有密鑰是否匹配;及若該纜線數據機的公開密鑰和私有密鑰相匹配,則返回該憑證測試成功的資訊。 A cable data machine test method for testing a voucher in a cable data machine, wherein the voucher includes a voucher and a public key authorized by a root digital certificate, a voucher authorized by a manufacturer digital certificate, and cable data Digital certificate, public key And private key. The method includes: reading a public key authorized by the root digital certificate, and determining whether the public key authorized by the root digital certificate meets an industry standard of a public key; if the public key authorized by the root digital certificate conforms to a public key The industry standard determines whether the certificate authorized by the manufacturer digital certificate is generated by the certificate authorized by the root digital certificate; if the certificate authorized by the manufacturer digital certificate is generated by the certificate authorized by the root digital certificate, determining the cable data Whether the digital certificate of the machine is generated by the certificate authorized by the manufacturer digital certificate; if the digital certificate of the cable data machine is generated by the certificate authorized by the manufacturer digital certificate, the column in the digital certificate of the cable data machine is read And determine whether the digital certificate of the cable data machine conforms to the industry standard of the digital certificate; if the digital certificate of the cable data machine conforms to the industry standard of the digital certificate, determine the public key and private secret of the cable data machine Whether the key matches; and if the public key of the cable modem matches the private key, the information that the voucher test is successful is returned.

藉由以下對具體實施方式詳細的描述結合附圖,將可輕易的瞭解上述內容及此項發明之諸多優點。 The above and many advantages of the invention will be readily apparent from the following detailed description of the preferred embodiments.

10‧‧‧纜線數據機 10‧‧‧ Cable Data Machine

100‧‧‧存儲模組 100‧‧‧ memory module

102‧‧‧根數位憑證測試模組 102‧‧‧root digital certificate test module

104‧‧‧製造商數位憑證測試模組 104‧‧‧Manufacturer Digital Voucher Test Module

106‧‧‧纜線數據機數位憑證測試模組 106‧‧‧ Cable Data Machine Digital Voucher Test Module

108‧‧‧位址測試模組 108‧‧‧ address test module

圖1為本發明一實施方式中纜線數據機的結構示意圖。 1 is a schematic structural view of a cable data machine according to an embodiment of the present invention.

圖2為本發明一實施方式中數位憑證授權結構示意圖。 FIG. 2 is a schematic diagram of a digital certificate authorization structure according to an embodiment of the present invention.

圖3為本發明一實施方式中纜線數據機的測試方法的流程圖。 3 is a flow chart of a test method of a cable data machine in an embodiment of the present invention.

請參閱圖1,所示為本發明一實施方式中纜線數據機(Cable Modem)10的結構示意圖。纜線數據機10包括多種需測試的重要資訊,如憑證、媒體訪問控制(Media Access Control,MAC)位址等,纜線數據機10除完成正常的網路接入的功能外,還能完 成憑證、MAC位址等重要資訊的測試。 Referring to FIG. 1, a schematic structural diagram of a cable modem 10 according to an embodiment of the present invention is shown. The cable modem 10 includes a variety of important information to be tested, such as credentials, Media Access Control (MAC) addresses, etc., and the cable modem 10 can complete the normal network access function. Test the important information such as credentials and MAC address.

在本實施方式中,纜線數據機10包括存儲模組100、根數位憑證測試模組102、製造商數位憑證測試模組104及纜線數據機數位憑證測試模組106。 In the present embodiment, the cable data machine 10 includes a storage module 100, a root digital certificate testing module 102, a manufacturer digital certificate testing module 104, and a cable data machine digital certificate testing module 106.

存儲模組100用於儲存纜線數據機10的憑證。在本實施方式中,憑證包括根數位憑證授權(Root Certificate Authority,Root CA)的憑證、公開密鑰(Public Key)及私有密鑰(Private Key),製造商數位憑證授權(Manufacture Certificate Authority,MFG CA)的憑證、公開密鑰及私有密鑰,以及纜線數據機的數位憑證、公開密鑰及私有密鑰。 The storage module 100 is used to store credentials of the cable modem 10. In this embodiment, the certificate includes a root certificate authority (Root CA) certificate, a public key (Public Key), and a private key (Private Key), and a manufacturer's certificate authority (MMG). CA) credentials, public key and private key, as well as digital credentials, public key and private key of the cable modem.

在本實施方式中,纜線數據機10所存儲的Root CA憑證,MFG CA憑證及纜線數據機憑證分為三個層次的結構,如圖2所示,其憑證之間的授權關係為,MFG CA憑證由Root CA憑證授權產生,纜線數據機憑證由MFG CA憑證授權產生。 In this embodiment, the Root CA certificate, the MFG CA certificate and the cable data machine certificate stored by the cable data machine 10 are divided into three levels of structures, as shown in FIG. 2, and the authorization relationship between the certificates is The MFG CA credentials are generated by the Root CA credentials and the cable modem credentials are generated by the MFG CA credentials.

根憑證測試模組102用於讀取Root CA的公開密鑰,並判斷Root CA的公開密鑰是否符合公開密鑰的行業標準。目前,公開密鑰存在歐洲標準和美國標準等兩種行業標準,因此,在生產纜線數據機的過程中一般會存儲歐洲標準的公開密鑰或存儲美國標準的公開密鑰,亦或者同時存儲兩種標準的公開密鑰。在本實施方式中,兩種標準的公開密鑰均是27個位元組(27bytes),不同點在於,歐洲標準的公開密鑰與美國標準的公開密鑰所包含的欄位及其內容不同。 The root credential test module 102 is configured to read the public key of the Root CA and determine whether the public key of the Root CA conforms to the industry standard of the public key. At present, public keys exist in two industry standards, such as European standards and US standards. Therefore, in the process of producing cable data machines, public keys of European standards or public keys storing US standards are generally stored, or simultaneously stored. Two standard public keys. In the present embodiment, the two standard public keys are 27 bytes (27 bytes), except that the public key of the European standard is different from the field and content of the public key of the US standard. .

在本實施方式中,只有當該公開密鑰所包含的欄位及其內容都與 歐洲標準或者美國標準的公開密鑰相同時,才能判斷其符合歐洲標準或者美國標準。若Root CA的公開密鑰不符合歐洲標準或者美國標準,則返回該憑證測試失敗的資訊,並狀態報告失敗。 In this embodiment, only when the public key contains the field and its content are When the public key of the European standard or the US standard is the same, it can be judged that it meets the European standard or the American standard. If the public key of the Root CA does not comply with European standards or US standards, the information that the voucher test failed is returned, and the status report fails.

製造商數位憑證測試模組104用於判斷MFG CA的憑證是否由該Root CA的憑證產生。在本實施方式中,MFG CA包括第一簽名值(First Signature Value),其中,製造商數位憑證測試模組104判斷MFG CA的憑證是否由Root CA的憑證產生的詳細步驟為:首先為MFG CA計算第一檢驗和值(First Checksum Value),並藉由該Root CA的公開密鑰對該MFG CA的第一簽名值進行解密,以得到第一解密值(First Decrypting Value),其次判斷該第一解密值是否與該第一檢驗和值相同,若相同,則表明MFG CA是由Root CA產生,若不相同,則表明纜線數據機10所存入的憑證存在問題,此時報告狀態失敗,以供工廠做進一步處理。在本實施方式中,該第一檢驗和值為安全雜湊演算法(Secure Hash Algorithm,SHA)檢驗和值。 The manufacturer digital voucher test module 104 is configured to determine whether the voucher of the MFG CA is generated by the voucher of the Root CA. In this embodiment, the MFG CA includes a first signature value (First Signature Value), wherein the manufacturer digital certificate test module 104 determines whether the MFG CA certificate is generated by the Root CA certificate. The detailed steps are: first, MFG CA Calculating a first checksum value, and decrypting the first signature value of the MFG CA by using the public key of the Root CA to obtain a first decryption value (First Decrypting Value), and secondly determining the first Whether the decrypted value is the same as the first checksum value. If they are the same, it indicates that the MFG CA is generated by the Root CA. If they are not the same, it indicates that there is a problem with the certificate stored in the cable modem 10, and the report status fails. For further processing by the factory. In this embodiment, the first checksum value is a Secure Hash Algorithm (SHA) checksum value.

纜線數據機數位憑證測試模組106用於判斷纜線數據機的數位憑證是否由MFG CA的憑證產生。在本實施方式中,纜線數據機的數位憑證包括第二簽名值(Second Signature Value),其中,纜線數據機數位憑證測試模組106判斷纜線數據機的數位憑證是否由MFG CA的憑證產生的詳細步驟為:首先為該纜線數據機的數位憑證計算第二檢驗和值(Second Checksum Value),並藉由該MFG CA的公開密鑰對該纜線數據機的數位憑證的第二簽名值進行解密,以得到第二解密值(Second Decrypting Value),其次判斷該第二解密值是否與該第二檢驗和值相同,若相同,則表明 纜線數據機憑證是由MFG CA產生,若不相同,則表明纜線數據機所存入的憑證存在問題,此時報告狀態失敗。在本實施方式中,該第二檢驗和值為安全雜湊演算法(Secure Hash Algorithm,SHA)檢驗和值。 The cable modem digital voucher test module 106 is configured to determine whether the digital voucher of the cable modem is generated by the voucher of the MFG CA. In this embodiment, the digital certificate of the cable data machine includes a second signature value (Second Signature Value), wherein the cable data machine digital certificate test module 106 determines whether the digital certificate of the cable data machine is used by the MFG CA certificate. The detailed steps generated are: first calculating a second checksum value for the digital certificate of the cable modem, and secondizing the digital certificate of the cable data machine by the public key of the MFG CA Decrypting the signature value to obtain a second decryption value (Second Decrypting Value), and secondly determining whether the second decrypted value is the same as the second checksum value, if the same, indicating The cable modem credentials are generated by the MFG CA. If they are not the same, it indicates that there is a problem with the credentials stored in the cable modem, and the report status fails. In this embodiment, the second checksum value is a Secure Hash Algorithm (SHA) checksum value.

在本實施方式中,纜線數據機數位憑證測試模組106還用於判斷纜線數據機的數位憑證是否符合數位憑證的行業標準。在本實施方式中,行業標準是指在習知技術中纜線數據機的數位憑證所通用的標準,如X.509標準。在本實施方式中,纜線數據機數位憑證測試模組106先判斷該纜線數據機的數位憑證是否包括有X.509標準下規定的所有基本欄位,再判斷其中每個欄位上是否都存儲有相關內容。 In the present embodiment, the cable data machine digital voucher test module 106 is further configured to determine whether the digital voucher of the cable data machine conforms to the industry standard of the digital voucher. In the present embodiment, the industry standard refers to a standard common to digital certificates of cable data machines in the prior art, such as the X.509 standard. In this embodiment, the cable data machine digital voucher test module 106 first determines whether the digital voucher of the cable data machine includes all the basic fields specified in the X.509 standard, and then determines whether each of the fields is All have relevant content stored.

在本實施方式中,只有當該纜線數據機的數位憑證包括有X.509標準下規定的所有基本欄位,且每個欄位都存儲有相關內容時,才能判斷該纜線數據機的數位憑證是符合數位憑證的行業標準。在本實施方式中,若纜線數據機的數位憑證中的欄位與X.509標準中所規定的所有基本欄位不相同,或者纜線數據機數位憑證中存在有欄位沒有存儲相關內容,則返回憑證測試失敗的資訊。藉由這種測試方式,可以檢查出設備憑證中所漏存的欄位,並能及時發現以做進一步處理。 In this embodiment, the cable data machine can be judged only when the digital certificate of the cable data machine includes all the basic fields specified under the X.509 standard, and each field stores related content. Digital certificates are the industry standard for digital certificates. In this embodiment, if the field in the digital certificate of the cable data machine is different from all the basic fields specified in the X.509 standard, or there is a field in the cable data machine digital certificate, the related content is not stored. , returns the information that the credential test failed. With this test method, the fields that are missing from the device credentials can be checked and found in time for further processing.

纜線數據機數位憑證測試模組106還用於判斷公開密鑰與私有密鑰是否匹配。在本實施方式中,纜線數據機數位憑證測試模組106纜線數據機的數位憑證符合數位憑證的行業標準時,先利用纜線數據機的私有密鑰對預設資料進行加密,再利用纜線數據機的公開密鑰對加密的資料進行解密,然後判斷解密之後的資料與 加密之前的預設資料是否相同,在解密之後的資料與加密之前的預設資料相同時,返回憑證測試成功的資訊,或者在解密之後的資料與加密之前的該預設資料不相同時,返回憑證測試失敗的資訊。在本實施方式中,該預設的資料既可以為輸入到纜線數據機的特定資料,也可以為纜線數據機本身所存儲的相關數位憑證資料。藉由這種方式,可以檢查出存入纜線數據機的數位憑證中的錯誤資訊,並能及時發現以做進一步處理。 The cable modem digital voucher test module 106 is further configured to determine whether the public key matches the private key. In the embodiment, when the digital certificate of the cable data machine of the cable data machine digital certificate test module 106 conforms to the industry standard of the digital certificate, the preset data is encrypted by using the private key of the cable data machine, and then the cable is used. The public key of the line data machine decrypts the encrypted data, and then judges the data after decryption Whether the preset data before encryption is the same, and the information after the decryption is the same as the preset data before the encryption, and returns the information of the successful test of the voucher, or returns the data after the decryption is different from the preset data before the encryption. Information that the voucher test failed. In this embodiment, the preset data may be specific data input to the cable data machine, or related digital certificate data stored by the cable data machine itself. In this way, the error information in the digital certificate stored in the cable modem can be checked and found in time for further processing.

纜線數據機10還包括位址測試模組108。在本實施方式中,纜線數據機10除了可以測試憑證之外,還可以測試MAC位址。 The cable modem 10 also includes an address testing module 108. In the present embodiment, the cable modem 10 can test the MAC address in addition to the test credential.

位址測試模組108用於測試纜線數據機中所有硬體電路模組的MAC位址的連續性。在本實施方式中,纜線數據機包括有多個硬體電路模組,例如USB介面電路模組、WiFi介面電路模組等,而每個硬體電路模組都具有唯一的MAC位址,且纜線數據機中所有硬體電路模組的MAC位址一般具有連續性。在本實施方式中,如果檢查到纜線數據機中所包含的所有硬體電路模組的MAC位址不具有連續性,則表明在生產纜線數據機時,所存入的MAC位址有錯誤或者有部分硬體電路模組的MAC位址漏存,藉由這種方式可以檢查出纜線數據機中MAC位址是否有存入錯誤,或是漏存,或者被修改等,並能及時做進一步的處理。在本實施方式中,如果檢查到纜線數據機中所包含的所有硬體電路模組的MAC位址具有連續性,則返回纜線數據機測試成功的消息。 The address test module 108 is used to test the continuity of the MAC address of all hardware circuit modules in the cable modem. In this embodiment, the cable data machine includes a plurality of hardware circuit modules, such as a USB interface circuit module, a WiFi interface circuit module, and the like, and each hardware circuit module has a unique MAC address. And the MAC address of all hardware circuit modules in the cable modem is generally continuous. In this embodiment, if it is checked that the MAC address of all the hardware circuit modules included in the cable data machine does not have continuity, it indicates that the MAC address stored in the cable data machine is stored. The error or the MAC address of some hardware circuit modules is missed. In this way, it can be checked whether the MAC address in the cable data machine is stored incorrectly, or is leaked, or modified, etc. Do further processing in a timely manner. In this embodiment, if it is checked that the MAC address of all the hardware circuit modules included in the cable data machine has continuity, the message that the cable data machine test is successful is returned.

請參閱圖3,所示為本發明一實施方式中纜線數據機的測試方法的流程圖。在本實施方式中,該方法藉由圖1所示的各個模組來實現。 Referring to FIG. 3, a flow chart of a test method for a cable data machine according to an embodiment of the present invention is shown. In the present embodiment, the method is implemented by each module shown in FIG.

在步驟S300中,根憑證測試模組102讀取存儲模組100中的Root CA的公開密鑰並判斷Root CA的公開密鑰是否符合公開密鑰行業標準。在本實施方式中,該公開密鑰的行業標準包括歐洲標準或者美國標準,若Root CA的公開密鑰不符合歐洲標準或者美國標準,則根憑證測試模組102返回該憑證測試失敗的資訊。 In step S300, the root credential test module 102 reads the public key of the Root CA in the storage module 100 and determines whether the public key of the Root CA conforms to the public key industry standard. In this embodiment, the industry standard of the public key includes a European standard or a US standard. If the public key of the Root CA does not conform to the European standard or the US standard, the root certificate testing module 102 returns information that the voucher test failed.

若根憑證測試模組102判斷Root CA的公開密鑰符合行業標準,則在步驟S302中,製造商數位憑證測試模組104判斷MFG CA的憑證是否由該Root CA的憑證產生。在本實施方式中,MFG CA包括第一簽名值(First Signature Value),其中,製造商數位憑證測試模組104判斷MFG CA的憑證是否由Root CA的憑證產生的詳細步驟如下:首先,為MFG CA計算第一檢驗和值(First Checksum Value),其次,藉由該Root CA的公開密鑰對該MFG CA的第一簽名值進行解密,以得到第一解密值(First Decrypting Value),再次,判斷該第一解密值是否與該第一檢驗和值相同,若相同,則表明MFG CA是由Root CA產生,若不相同,則表明纜線數據機所存入的憑證存在問題,此時製造商數位憑證測試模組104則返回該憑證測試失敗的資訊,以供工廠做進一步處理。在本實施方式中,該第一檢驗和值為安全雜湊演算法(Secure Hash Algorithm,SHA)檢驗和值。 If the root voucher test module 102 determines that the public key of the Root CA conforms to the industry standard, then in step S302, the manufacturer digital voucher test module 104 determines whether the voucher of the MFG CA is generated by the voucher of the Root CA. In this embodiment, the MFG CA includes a first signature value (First Signature Value), wherein the manufacturer digital certificate test module 104 determines whether the MFG CA certificate is generated by the Root CA certificate. The detailed steps are as follows: First, the MFG The CA calculates a first checksum value, and secondly, decrypts the first signature value of the MFG CA by the public key of the Root CA to obtain a first decryption value (First Decrypting Value), again, Determining whether the first decrypted value is the same as the first checksum value. If they are the same, it indicates that the MFG CA is generated by the Root CA. If they are not the same, it indicates that there is a problem with the certificate stored in the cable data machine. The quotient digit voucher test module 104 returns information that the voucher test failed for further processing by the factory. In this embodiment, the first checksum value is a Secure Hash Algorithm (SHA) checksum value.

若製造商數位憑證測試模組104判斷MFG CA的憑證是由Root CA的憑證產生,則在步驟S304中,纜線數據機數位憑證測試模組106判斷纜線數據機的數位憑證是否由MFG CA的憑證產生。在本實施方式中,纜線數據機的數位憑證包括第二簽名值(Second Signature Value),其中,纜線數據機數位憑證測試模組106判 斷纜線數據機的數位憑證是否由MFG CA的憑證產生的詳細步驟如下:首先,為該纜線數據機的數位憑證計算第二檢驗和值(Second Checksum Value),其次,藉由該MFG CA的公開密鑰對該纜線數據機的數位憑證的第二簽名值進行解密,以得到第二解密值(Second Decrypting Value),再次,判斷該第二解密值是否與該第二檢驗和值相同,若相同,則表明纜線數據機憑證是由MFG CA產生,若不相同,則表明纜線數據機所存入的憑證存在問題,此時纜線數據機數位憑證測試模組106則返回該憑證測試失敗的資訊,以供工廠做進一步處理。在本實施方式中,該第二檢驗和值為安全雜湊演算法(Secure Hash Algorithm,SHA)檢驗和值。 If the manufacturer digital certificate test module 104 determines that the certificate of the MFG CA is generated by the certificate of the Root CA, then in step S304, the cable data machine digital certificate test module 106 determines whether the digital certificate of the cable data machine is determined by the MFG CA. The voucher is generated. In this embodiment, the digital certificate of the cable data machine includes a second signature value (Second Signature Value), wherein the cable data machine digital certificate test module 106 determines The detailed steps of whether the digital certificate of the broken cable data machine is generated by the MFG CA certificate is as follows: First, a second checksum value is calculated for the digital certificate of the cable data machine, and secondly, by the MFG CA The public key decrypts the second signature value of the digital certificate of the cable modem to obtain a second decryption value (Second Decrypting Value), and again, determines whether the second decrypted value is the same as the second checksum value If the same, it indicates that the cable modem certificate is generated by the MFG CA. If it is not the same, it indicates that there is a problem with the certificate stored in the cable modem. At this time, the cable modem digital certificate test module 106 returns the The information that the voucher test failed for further processing by the factory. In this embodiment, the second checksum value is a Secure Hash Algorithm (SHA) checksum value.

若纜線數據機的數位憑證是由MFG CA的憑證產生,則在步驟S306中,纜線數據機數位憑證測試模組106判斷該纜線數據機的數位憑證是否符合數位憑證的行業標準。在本實施方式中,行業標準是指在現有技術中纜線數據機的數位憑證所通用的標準,如X.509標準。在本實施方式中,纜線數據機數位憑證測試模組106判斷該纜線數據機的數位憑證是否符合數位憑證的行業標準的具體步驟如下:先判斷該纜線數據機的數位憑證是否包括有X.509標準下規定的所有基本欄位,再判斷其中每個欄位上是否都存儲有相關內容。在本實施方式中,只有當該纜線數據機的數位憑證包括有X.509標準下規定的所有基本欄位,且每個欄位都存儲有相關內容時,才能判斷該纜線數據機的數位憑證是符合數位憑證的行業標準。在本實施方式中,若纜線數據機的數位憑證中的欄位與X.509標準中所規定的所有基本欄位不相同,或者纜線數據機數位憑證中存在有欄位沒有存儲相關內容,則纜線數據機數位 憑證測試模組106返回憑證測試失敗的資訊,如步驟S316所示。藉由這種測試方式,可以檢查出設備憑證中所漏存的欄位,並能及時發現以做進一步處理。 If the digital voucher of the cable modem is generated by the voucher of the MFG CA, then in step S306, the cable modem digital voucher test module 106 determines whether the digital voucher of the cable modem meets the industry standard for the digital voucher. In the present embodiment, the industry standard refers to a standard common to digital certificates of cable data machines in the prior art, such as the X.509 standard. In this embodiment, the specific steps of the cable data machine digital certificate testing module 106 determining whether the digital certificate of the cable data machine meets the industry standard of the digital certificate is as follows: first determining whether the digital certificate of the cable data machine includes All the basic fields specified in the X.509 standard, and then determine whether each of the fields stores relevant content. In this embodiment, the cable data machine can be judged only when the digital certificate of the cable data machine includes all the basic fields specified under the X.509 standard, and each field stores related content. Digital certificates are the industry standard for digital certificates. In this embodiment, if the field in the digital certificate of the cable data machine is different from all the basic fields specified in the X.509 standard, or there is a field in the cable data machine digital certificate, the related content is not stored. , cable data machine digital The voucher test module 106 returns information that the voucher test failed, as shown in step S316. With this test method, the fields that are missing from the device credentials can be checked and found in time for further processing.

若纜線數據機的數位憑證符合數位憑證的行業標準,則在步驟S308中,纜線數據機數位憑證測試模組106判斷纜線數據機的私有密鑰與公有密鑰是否匹配。在本實施方式中,纜線數據機數位憑證測試模組106先利用纜線數據機的私有密鑰對預設資料進行加密,然後利用纜線數據機的公開密鑰對加密的資料進行解密,再判斷解密之後的資料與加密之前的預設資料是否相同。在本實施方式中,如果解密之後的資料與加密之前的預設資料相同,表示纜線數據機的私有密鑰與公有密鑰匹配,則在步驟S310返回該憑證測試成功的資訊,以表明存入纜線數據機的憑證資訊符合要求。反之,如果解密之後的資料與加密之前的預設資料不相同,則表示纜線數據機的私有密鑰與公有密鑰不匹配,此時,返回憑證錯誤的資訊。藉由這種方式,可以檢查出存入纜線數據機的數位憑證中的錯誤資訊,並能及時發現以做進一步處理。在本實施方式中,該預設的資料既可以為輸入到纜線數據機的特定資料,也可以為纜線數據機本身所存儲的相關數位憑證資料。 If the digital certificate of the cable modem meets the industry standard for the digital certificate, then in step S308, the cable modem digital voucher test module 106 determines whether the private key of the cable modem matches the public key. In this embodiment, the cable data machine digital voucher test module 106 first encrypts the preset data by using the private key of the cable data machine, and then decrypts the encrypted data by using the public key of the cable data machine. It is judged whether the data after decryption is the same as the preset data before encryption. In this embodiment, if the data after decryption is the same as the preset data before encryption, indicating that the private key of the cable data machine matches the public key, then the information of the successful verification of the voucher is returned in step S310 to indicate The voucher information of the incoming cable modem meets the requirements. On the other hand, if the decrypted data is different from the preset data before encryption, it means that the private key of the cable data machine does not match the public key, and at this time, the information of the wrong certificate is returned. In this way, the error information in the digital certificate stored in the cable modem can be checked and found in time for further processing. In this embodiment, the preset data may be specific data input to the cable data machine, or related digital certificate data stored by the cable data machine itself.

在步驟S312中,位址測試模組108判斷該纜線數據機中所有硬體電路模組的MAC位址是否連續。在本實施方式中,纜線數據機中的所有硬體電路模組的MAC位址一般具有連續性。在本實施方式中,如果檢查到纜線數據機中所包含的所有硬體電路模組的MAC位址不具有連續性,則進入步驟S316中,返回憑證測試失敗的資訊,表明纜線數據機所存入的MAC位址有錯誤或者有部分硬體電 路模組的MAC位址漏存,藉由這種方式可以檢查出纜線數據機中MAC位址是否有存入錯誤,或是漏存,或者被修改等,並能及時做進一步的處理。在本實施方式中,如果檢查到纜線數據機中所包含的所有硬體電路模組的MAC位址具有連續性,則進入步驟S314中,返回纜線數據機測試成功的資訊,以表明該纜線數據機所存入的憑證、MAC位址等重要資訊符合要求。 In step S312, the address test module 108 determines whether the MAC addresses of all the hardware circuit modules in the cable modem are continuous. In this embodiment, the MAC addresses of all the hardware circuit modules in the cable modem are generally continuous. In this embodiment, if it is checked that the MAC address of all the hardware circuit modules included in the cable data machine does not have continuity, then the process proceeds to step S316, and the information of the failure of the voucher test is returned, indicating that the cable data machine The stored MAC address is incorrect or has some hardware The MAC address of the road module is missed. In this way, it can be checked whether the MAC address in the cable data machine is stored incorrectly, or is leaked, or modified, and can be further processed in time. In this embodiment, if it is checked that the MAC address of all the hardware circuit modules included in the cable data machine has continuity, the process proceeds to step S314, and the information of the cable data machine test success is returned to indicate the The important information such as the certificate and MAC address stored in the cable modem meets the requirements.

本發明實施方式所提供的纜線數據機及其憑證測試方法,內建於線纜調製解調內部對其憑證進行測試,從而可以不必借助CMTS等額外的設備對存入到纜線數據機的憑證進行全面檢查,提高產品的測試效率。 The cable data machine and the certificate testing method thereof provided by the embodiments of the present invention are built in the cable modem to test the certificate thereof, so that the device data can be stored in the cable data machine without using an additional device such as the CMTS. The voucher is thoroughly checked to improve the testing efficiency of the product.

綜上所述,本發明符合發明專利要件,爰依法提出專利申請。惟,以上所述僅為本發明之較佳實施例,舉凡熟悉本案技藝之人士,在爰依本案發明精神所作之等效修飾或變化,皆應包含於以下之申請專利範圍內。 In summary, the present invention complies with the requirements of the invention patent and submits a patent application according to law. The above description is only the preferred embodiment of the present invention, and equivalent modifications or variations made by those skilled in the art will be included in the following claims.

10‧‧‧纜線數據機 10‧‧‧ Cable Data Machine

100‧‧‧存儲模組 100‧‧‧ memory module

102‧‧‧根數位憑證測試模組 102‧‧‧root digital certificate test module

104‧‧‧製造商數位憑證測試模組 104‧‧‧Manufacturer Digital Voucher Test Module

106‧‧‧纜線數據機數位憑證測試模組 106‧‧‧ Cable Data Machine Digital Voucher Test Module

108‧‧‧位址測試模組 108‧‧‧ address test module

Claims (25)

一種纜線數據機,用於對該纜線數據機中的憑證進行測試,其中該憑證包括根數位憑證授權的憑證及公開密鑰,製造商數位憑證授權的憑證,以及纜線數據機的數位憑證、公開密鑰和私有密鑰,該纜線數據機包括:存儲模組,用於儲存該憑證;根數位憑證測試模組,用於讀取該根數位憑證授權的公開密鑰,並判斷該根數位憑證授權的公開密鑰是否符合公開密鑰的行業標準;製造商數位憑證測試模組,用於在該根數位憑證授權的公開密鑰符合公開密鑰的行業標準時,判斷該製造商數位憑證授權的憑證是否由該根數位憑證授權的憑證產生;纜線數據機數位憑證測試模組,用於在該製造商數位憑證授權的憑證由該根數位憑證授權的憑證產生時,判斷該纜線數據機的數位憑證是否由該製造商數位憑證授權的憑證產生,並在該纜線數據機的數位憑證由該製造商數位憑證授權的憑證產生時,判斷該纜線數據機的數位憑證是否符合數位憑證的行業標準,並在該纜線數據機的數位憑證符合數位憑證的行業標準時,判斷該纜線數據機的公開密鑰和私有密鑰是否匹配,以及在該纜線數據機的公開密鑰和私有密鑰相匹配時,返回該憑證測試成功的資訊;位址測試模組,用於判斷該纜線數據機中所有硬體電路模組的媒體訪問控制位址是否連續,並在該纜線數據機中所有硬體電路模組的媒體訪問控制位址不連續時,返回憑證測試失敗的資訊,以及在該纜線數據機中所有硬體電路模組的媒體訪問控制位址是連續時,返回纜線數據機測試 成功的資訊。 A cable modem for testing a voucher in a cable modem, wherein the voucher includes a voucher and a public key authorized by the root voucher, a voucher authorized by the manufacturer digital voucher, and a digit of the cable modem a voucher, a public key and a private key, the cable data machine comprising: a storage module for storing the voucher; and a root digital voucher test module for reading the public key authorized by the root digital certificate and determining Whether the public key authorized by the root digital certificate meets the industry standard of the public key; the manufacturer digital certificate test module is used to judge the manufacturer when the public key authorized by the root digital certificate meets the industry standard of the public key Whether the certificate authorized by the digital certificate is generated by the certificate authorized by the root digital certificate; the cable data machine digital certificate test module is configured to determine when the certificate authorized by the manufacturer digital certificate is generated by the certificate authorized by the root digital certificate Whether the digital certificate of the cable modem is generated by the certificate authorized by the manufacturer digital certificate, and the digital certificate of the cable data machine is manufactured by the When the voucher authorized by the digital voucher is generated, it is judged whether the digital voucher of the cable data machine conforms to the industry standard of the digital voucher, and when the digital voucher of the cable data machine conforms to the industry standard of the digital voucher, judging the disclosure of the cable data machine Whether the key and the private key match, and when the public key and the private key of the cable data machine match, return information that the voucher test succeeds; the address test module is used to judge the cable data machine Whether the media access control address of all the hardware circuit modules is continuous, and when the media access control address of all the hardware circuit modules in the cable data machine is discontinuous, the information of the voucher test failure is returned, and Return cable data machine test when the media access control address of all hardware circuit modules in the cable data machine is continuous Successful information. 如申請專利範圍第1項所述之纜線數據機,其中該根數位憑證測試模組還用於在該根數位憑證授權的公開密鑰不符合該公開密鑰的行業標準時,返回該憑證測試失敗的資訊。 The cable data machine of claim 1, wherein the root digital certificate testing module is further configured to return the voucher test when the public key authorized by the root digital certificate does not meet the industry standard of the public key. Failure information. 如申請專利範圍第1項所述之纜線數據機,其中該製造商數位憑證授權的憑證包括第一簽名值。 The cable data machine of claim 1, wherein the certificate of the manufacturer digital certificate authorization includes a first signature value. 如申請專利範圍第3項所述之纜線數據機,其中該製造商數位憑證測試模組還用於為該製造商數位憑證授權的憑證計算第一檢驗和值,並藉由該根數位憑證授權的公開密鑰對該製造商數位憑證授權的憑證的第一簽名值進行解密,以得到第一解密值,同時判斷該第一解密值是否與該第一檢驗和值相同,並在相同時,判定該製造商數位憑證授權的憑證是由該根數位憑證授權的憑證產生。 The cable data machine of claim 3, wherein the manufacturer digital certificate test module is further configured to calculate a first checksum value for the certificate authorized by the manufacturer digital certificate, and by using the root digital certificate The authorized public key decrypts the first signature value of the certificate authorized by the manufacturer digital certificate to obtain the first decrypted value, and determines whether the first decrypted value is the same as the first checksum value, and at the same time Determining that the certificate of the manufacturer's digital certificate authorization is generated by the certificate authorized by the root digital certificate. 如申請專利範圍第4項所述之纜線數據機,其中該第一檢驗和值為安全雜湊演算法檢驗和值。 The cable modem of claim 4, wherein the first checksum value is a security hash algorithm checksum value. 如申請專利範圍第1項所述之纜線數據機,其中,該憑證還包括製造商數位憑證授權的公開密鑰,該纜線數據機的數位憑證包括第二簽名值。 The cable data machine of claim 1, wherein the certificate further comprises a public key authorized by the manufacturer digital certificate, and the digital certificate of the cable data machine includes a second signature value. 如申請專利範圍第6項所述之纜線數據機,其中該纜線數據機數位憑證測試模組還用於為該纜線數據機的數位憑證計算第二檢驗和值,並藉由該製造商數位憑證授權的公開密鑰對該纜線數據機的數位憑證的第二簽名值進行解密,以得到第二解密值,同時判斷該第二解密值是否與該第二檢驗和值相同,並在相同時,判定該纜線數據機的憑證是由該製造商數位憑證授權的憑證產生。 The cable data machine of claim 6, wherein the cable data machine digital voucher test module is further configured to calculate a second checksum value for the digital voucher of the cable data machine, and by using the manufacturing The public key authorized by the quotient digit certificate decrypts the second signature value of the digital certificate of the cable data machine to obtain a second decrypted value, and determines whether the second decrypted value is the same as the second checksum value, and At the same time, it is determined that the credentials of the cable modem are generated by the certificate authorized by the manufacturer digital certificate. 如申請專利範圍第7項所述之纜線數據機,其中該第二檢驗和值為安全雜湊演算法檢驗和值。 The cable data machine of claim 7, wherein the second checksum value is a security hash algorithm checksum value. 如申請專利範圍第1項所述之纜線數據機,其中該製造商數位憑證測試模 組還用於在該製造商數位憑證授權的憑證不是由該根數位憑證授權的憑證產生時,返回該憑證測試失敗的資訊。 The cable data machine of claim 1, wherein the manufacturer digital certificate test mode The group is also used to return information that the voucher test failed when the voucher authorized by the manufacturer digital certificate is not generated by the voucher authorized by the root digital certificate. 如申請專利範圍第1項所述之纜線數據機,其中該纜線數據機數位憑證測試模組還用於在該纜線數據機的數位憑證不是由該製造商數位憑證授權的憑證產生時,返回該憑證測試失敗的資訊。 The cable data machine of claim 1, wherein the cable data machine digital voucher test module is further configured to: when the digital voucher of the cable data machine is not generated by the certificate authorized by the manufacturer digital certificate; Returns the information that the voucher test failed. 如申請專利範圍第1項所述之纜線數據機,其中該纜線數據機數位憑證測試模組還用於判斷該纜線數據機的數位憑證中的欄位是否與該行業標準中所規定的欄位相同並且是否都存儲了內容,並在該纜線數據機的數位憑證中的欄位與該行業標準中所規定的欄位不相同,或在該纜線數據機數位憑證中有欄位未存儲內容時,返回該憑證測試失敗的資訊。 The cable data machine of claim 1, wherein the cable data machine digital certificate test module is further configured to determine whether a field in the digital certificate of the cable data machine is stipulated in the industry standard. The fields are the same and whether the content is stored, and the field in the digital certificate of the cable modem is different from the field specified in the industry standard, or there is a column in the cable data voucher When the content is not stored, the information that the voucher test failed is returned. 如申請專利範圍第1項所述之纜線數據機,其中該纜線數據機數位憑證測試模組還用於利用該纜線數據機的私有密鑰對預設資料進行加密,並利用該纜線數據機的公開密鑰對加密的資料進行解密,同時判斷解密之後的資料與加密之前的該預設資料是否相同,並在解密之後的資料與加密之前的該預設資料相同時,判定該纜線數據機的公開密鑰和私有密鑰匹配。 The cable data machine of claim 1, wherein the cable data machine digital certificate test module is further configured to encrypt the preset data by using the private key of the cable data machine, and use the cable The public key of the line data machine decrypts the encrypted data, and determines whether the decrypted data is the same as the preset data before encryption, and determines that the decrypted data is the same as the preset data before encryption. The public key of the cable modem matches the private key. 如申請專利範圍第12項所述之纜線數據機,其中該纜線數據機數位憑證測試模組還用於在解密之後的資料與加密之前的該預設資料不相同時,返回該憑證測試失敗的資訊。 The cable data machine of claim 12, wherein the cable data machine digital voucher test module is further configured to return the voucher test when the decrypted data is different from the preset data before encryption. Failure information. 一種纜線數據機的測試方法,用於對該纜線數據機中的憑證進行測試,其中該憑證包括根數位憑證授權的憑證及公開密鑰,製造商數位憑證授權的憑證,以及纜線數據機的數位憑證、公開密鑰和私有密鑰,該方法包括:讀取該根數位憑證授權的公開密鑰,並判斷該根數位憑證授權的公開密鑰是否符合公開密鑰的行業標準; 若該根數位憑證授權的公開密鑰符合公開密鑰的行業標準,則判斷該製造商數位憑證授權的憑證是否由該根數位憑證授權的憑證產生;若該製造商數位憑證授權的憑證由該根數位憑證授權的憑證產生,則判斷該纜線數據機的數位憑證是否由該製造商數位憑證授權的憑證產生;若該纜線數據機的數位憑證由該製造商數位憑證授權的憑證產生,則讀取該纜線數據機的數位憑證中的欄位,並判斷該纜線數據機的數位憑證是否符合數位憑證的行業標準;若該纜線數據機的數位憑證符合數位憑證的行業標準,則判斷該纜線數據機的公開密鑰和私有密鑰是否匹配;若該纜線數據機的公開密鑰和私有密鑰相匹配,則返回該憑證測試成功的資訊;若該纜線數據機中所有硬體電路模組的媒體訪問控制位址不連續,則返回憑證測試失敗的資訊;及若在該纜線數據機中所有硬體電路模組的媒體訪問控制位址是連續時,返回纜線數據機測試成功的資訊。 A cable data machine test method for testing a voucher in a cable data machine, wherein the voucher includes a voucher and a public key authorized by a root digital certificate, a voucher authorized by a manufacturer digital certificate, and cable data The digital certificate, the public key and the private key of the machine, the method comprising: reading the public key authorized by the root digital certificate, and determining whether the public key authorized by the root digital certificate meets the industry standard of the public key; If the public key authorized by the root digital certificate meets the industry standard of the public key, it is determined whether the certificate authorized by the manufacturer digital certificate is generated by the certificate authorized by the root digital certificate; if the certificate of the manufacturer digital certificate is authorized by the If the certificate of the root digital certificate authorization is generated, it is determined whether the digital certificate of the cable data machine is generated by the certificate authorized by the manufacturer digital certificate; if the digital certificate of the cable data machine is generated by the certificate authorized by the manufacturer digital certificate, And reading the field in the digital certificate of the cable data machine, and determining whether the digital certificate of the cable data machine meets the industry standard of the digital certificate; if the digital certificate of the cable data machine meets the industry standard of the digital certificate, Determining whether the public key and the private key of the cable data machine match; if the public key of the cable data machine matches the private key, returning information that the voucher test succeeds; if the cable data machine If the media access control addresses of all the hardware circuit modules are not continuous, the information of the voucher test failure is returned; and if in the cable data machine Media Access Control address is a hardware circuit module continuously, the test is successful return cable modem information. 如申請專利範圍第14項所述之纜線數據機的測試方法,還包括若該根數位憑證授權的公開密鑰不符合公開密鑰的行業標準,則返回憑證測試失敗的資訊。 The method for testing a cable modem as described in claim 14 further includes returning the information of the failure of the voucher test if the public key authorized by the root digital certificate does not conform to the industry standard of the public key. 如申請專利範圍第14項所述之纜線數據機的測試方法,其中該製造商數位憑證授權的憑證包括第一簽名值。 The method of testing a cable modem as described in claim 14, wherein the certificate of the manufacturer digital certificate authorization includes a first signature value. 如申請專利範圍第16項所述之纜線數據機的測試方法,該判斷該製造商數位憑證授權的憑證是否由該根數位憑證授權的憑證產生的步驟包括:為該製造商數位憑證授權的憑證計算第一檢驗和值;藉由該根數位憑證授權的公開密鑰對該製造商數位憑證授權的憑證的第一簽名值進行解密,以得到第一解密值; 判斷該第一解密值是否與該第一檢驗和值相同;及若相同,則表明該製造商數位憑證授權的憑證是由該根數位憑證授權的憑證產生的。 The method for testing a cable modem according to claim 16, wherein the step of determining whether the certificate authorized by the manufacturer digital certificate is generated by the certificate authorized by the digital certificate comprises: authorizing the manufacturer digital certificate The voucher calculates a first checksum value; decrypting, by the public key authorized by the root digital voucher, the first signature value of the voucher authorized by the manufacturer digital voucher to obtain a first decrypted value; Determining whether the first decrypted value is the same as the first checksum value; and if the same, indicating that the certificate of the manufacturer digital certificate authorization is generated by the certificate authorized by the root digital certificate. 如申請專利範圍第17項所述之纜線數據機的測試方法,其中,該第一檢驗和值為安全雜湊演算法檢驗和值。 The test method of the cable data machine of claim 17, wherein the first checksum value is a security hash algorithm checksum value. 如申請專利範圍第14項所述之纜線數據機的測試方法,其中,該憑證還包括製造商數位憑證授權的公開密鑰,該纜線數據機的數位憑證包括第二簽名值。 The method of testing a cable modem as described in claim 14, wherein the certificate further comprises a public key authorized by the manufacturer digital certificate, and the digital certificate of the cable modem includes a second signature value. 如申請專利範圍第19項所述之纜線數據機的測試方法,其中,該判斷該纜線數據機的數位憑證是否由該製造商數位憑證授權的憑證產生的步驟包括:為該纜線數據機的數位憑證計算第二檢驗和值;藉由該製造商數位憑證授權的公開密鑰對該纜線數據機的數位憑證的第二簽名值進行解密,以得到第二解密值;判斷該第二解密值是否與該第二檢驗和值相同;及若相同,則表明該纜線數據機的憑證是由該製造商數位憑證授權的憑證產生的。 The method for testing a cable modem according to claim 19, wherein the step of determining whether the digital certificate of the cable modem is generated by the certificate authorized by the manufacturer digital certificate comprises: for the cable data The digital certificate of the machine calculates a second checksum value; the second signature value of the digital certificate of the cable data machine is decrypted by the public key authorized by the manufacturer digital certificate to obtain a second decrypted value; Whether the second decrypted value is the same as the second checksum value; and if the same, it indicates that the credential of the cable modem is generated by the certificate authorized by the manufacturer digital certificate. 如申請專利範圍第20項所述之纜線數據機的測試方法,其中該第二檢驗和值為安全雜湊演算法檢驗和值。 A test method for a cable modem as described in claim 20, wherein the second checksum value is a security hash algorithm checksum value. 如申請專利範圍第14項所述之纜線數據機的測試方法,其中該判斷該纜線數據機的數位憑證是否符合數位憑證的行業標準的步驟包括:判斷該纜線數據機的數位憑證中的欄位是否與該行業標準中所規定的欄位相同並且是否都存儲有相關內容;及若該纜線數據機的數位憑證中的欄位與該行業標準中所規定的欄位不相同,或者該纜線數據機數位憑證中存在有欄位沒有存儲相關內容,則返 回憑證測試失敗的資訊。 The method for testing a cable data machine according to claim 14, wherein the step of determining whether the digital certificate of the cable data machine conforms to an industry standard of the digital certificate comprises: determining a digital certificate of the cable data machine Whether the field is the same as the field specified in the industry standard and whether the relevant content is stored; and if the field in the digital certificate of the cable modem is different from the field specified in the industry standard, Or if there is a field in the digital data voucher of the cable data machine that does not store related content, then Back to the information that the voucher test failed. 如申請專利範圍第14項所述之纜線數據機的測試方法,還包括:若該製造商數位憑證授權的憑證不是由該根數位憑證授權的憑證產生,則返回憑證測試失敗的資訊。 The method for testing a cable modem according to claim 14, further comprising: if the certificate authorized by the manufacturer digital certificate is not generated by the certificate authorized by the root certificate, returning information of the failure of the certificate test. 如申請專利範圍第14項所述之纜線數據機的測試方法,還包括:若該纜線數據機的數位憑證不是由該製造商數位憑證授權的憑證產生,則返回憑證測試失敗的資訊。 The method for testing a cable modem according to claim 14, further comprising: if the digital certificate of the cable modem is not generated by the certificate authorized by the manufacturer digital certificate, returning information of the failure of the certificate test. 如申請專利範圍第14項所述之纜線數據機的測試方法,其中該判斷該纜線數據機的公開密鑰和私有密鑰是否匹配的步驟包括:利用該纜線數據機的私有密鑰對預設資料進行加密;利用該纜線數據機的公開密鑰對加密的資料進行解密,並判斷解密之後的資料與加密之前的該預設資料是否相同;若解密之後的資料與加密之前的該預設資料相同,則表明該纜線數據機的公開密鑰和私有密鑰相匹配;及若解密之後的資料與加密之前的該預設資料不相同,則返回憑證測試失敗的資訊。 The test method of the cable data machine of claim 14, wherein the step of determining whether the public key and the private key of the cable data machine match comprises: utilizing a private key of the cable data machine Encrypting the preset data; decrypting the encrypted data by using the public key of the cable data machine, and determining whether the decrypted data is the same as the preset data before encryption; if the decrypted data is before the encryption If the preset data is the same, it indicates that the public key of the cable data machine matches the private key; and if the decrypted data is different from the preset data before the encryption, the information that the voucher test fails is returned.
TW98136773A 2009-10-29 2009-10-29 Cable modem and certificate testing method thereof TWI423643B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98136773A TWI423643B (en) 2009-10-29 2009-10-29 Cable modem and certificate testing method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98136773A TWI423643B (en) 2009-10-29 2009-10-29 Cable modem and certificate testing method thereof

Publications (2)

Publication Number Publication Date
TW201116026A TW201116026A (en) 2011-05-01
TWI423643B true TWI423643B (en) 2014-01-11

Family

ID=44934664

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98136773A TWI423643B (en) 2009-10-29 2009-10-29 Cable modem and certificate testing method thereof

Country Status (1)

Country Link
TW (1) TWI423643B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI668971B (en) * 2018-02-12 2019-08-11 和碩聯合科技股份有限公司 A modem device and a method for verifying data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7114070B1 (en) * 2001-01-26 2006-09-26 3Com Corporation System and method for automatic digital certificate installation on a network device in a data-over-cable system
US20080065883A1 (en) * 2006-08-24 2008-03-13 Cisco Technology, Inc. Authentication for devices located in cable networks
TW200910987A (en) * 2007-05-01 2009-03-01 Qualcomm Inc Application logging interface for a mobile device
US20090086977A1 (en) * 2007-09-27 2009-04-02 Verizon Data Services Inc. System and method to pass a private encryption key

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7114070B1 (en) * 2001-01-26 2006-09-26 3Com Corporation System and method for automatic digital certificate installation on a network device in a data-over-cable system
US20080065883A1 (en) * 2006-08-24 2008-03-13 Cisco Technology, Inc. Authentication for devices located in cable networks
TW200910987A (en) * 2007-05-01 2009-03-01 Qualcomm Inc Application logging interface for a mobile device
US20090086977A1 (en) * 2007-09-27 2009-04-02 Verizon Data Services Inc. System and method to pass a private encryption key

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI668971B (en) * 2018-02-12 2019-08-11 和碩聯合科技股份有限公司 A modem device and a method for verifying data

Also Published As

Publication number Publication date
TW201116026A (en) 2011-05-01

Similar Documents

Publication Publication Date Title
JP5839659B2 (en) Semiconductor device
JP5770026B2 (en) Semiconductor device
CN103246842B (en) For verifying the method and apparatus with data encryption
TWI488477B (en) Method and system for electronically securing an electronic device using physically unclonable functions
KR100670005B1 (en) Apparatus for verifying memory integrity remotely for mobile platform and system thereof and method for verifying integrity
CN101145906B (en) Method and system for authenticating legality of receiving terminal in unidirectional network
CN106571951B (en) Audit log obtaining method, system and device
KR101752083B1 (en) Device authenticity determination system and device authenticity determination method
JP5793709B2 (en) Key implementation system
JP2008507203A (en) Method for transmitting a direct proof private key in a signed group to a device using a distribution CD
US9042553B2 (en) Communicating device and communicating method
EP2858006A1 (en) Memory device and memory system
CN103269271A (en) Method and system for back-upping private key in electronic signature token
CN108418834A (en) A kind of internet of things equipment auth method
CN103326866A (en) Authentication method and system based on equipment MAC address
US20080104403A1 (en) Methods and apparatus for data authentication with multiple keys
US7979628B2 (en) Re-flash protection for flash memory
CN102196317A (en) Set-top box protection method and set-top box
CN102270285B (en) Key authorization information management method and device
US8418256B2 (en) Memory control apparatus, content playback apparatus, control method and recording medium
CN102045280B (en) Cable modem (CM) and certificate test method thereof
CN103605919A (en) Method and device for generating software authentication files and method and device for authenticating software
CN101582765A (en) User bound portable trusted mobile device
CN100437422C (en) System and method for enciphering and protecting software using right
TWI423643B (en) Cable modem and certificate testing method thereof

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees