NETWORK SECURITY SYSTEM AND METHOD

Description

BRIEF DESCRIPTION OF THE DRAWINGS

The details of the present invention, both as to its structure and operation, may be gleaned in part by study of the accompanying drawings, in which like reference numerals refer to like parts, and in which:

FIG. 1 is a block diagram illustrating a network with a real or authorized client device and some cloned client devices communicating with a server in one embodiment of a security system for detecting potential cloned client devices;

FIG. 2A is a diagram illustrating data fields in a prior art user logon message;

FIG. 2B is a diagram illustrating data fields in one embodiment of a user message containing a covert identifier used at the server in one embodiment of a system for detecting potential cloned client devices;

FIG. 3 is a block diagram illustrating a client device configured to insert a covert identifier in messages according to one embodiment;

FIG. 4 is a flow diagram illustrating one embodiment of a method of detecting a cloned client device;

FIGS. 5A and 5B are flow diagrams illustrating one embodiment of the clone detecting method;

FIGS. 6A to 6F illustrate messages generated at various stages in the method of FIGS. 5A and 5B;

FIG. 7 is a flow diagram illustrating an embodiment of a method for inserting covert identifiers in messages between a client device and a server;

FIG. 8 is a flow diagram illustrating one embodiment of a service renewal method using covert identifiers; and

FIG. 9 is a flow diagram illustrating a modification of the method of FIG. 8 for use in a one way network environment having no return channel from a client device.

Claims

1. A method of detecting cloned client devices communicating over a network, comprising: storing at a server at least one covert identifier for a client device having credentials registered at a server;receiving a message from a client device at the server, the message containing a covert identifier derived from at least one operational event of the client device;determining whether the covert identifier received in the message matches a covert identifier for the client device having the same credentials stored at the server; andreporting detection of a clone of a real client device if at least part of the covert identifier in the message does not match the covert identifier stored for the client device at the server.
2. The method of claim 1, wherein the covert identifier comprises selected covert data values generated by operational events at a client device, and detection of a clone of a real client device is reported if covert data values in a covert identifier received from a client device do not match any covert data values in a covert identifier stored at the server.
3. The method of claim 1, wherein the covert identifier comprises a code based on selected covert data values generated by different operational events at a client device.
4. The method of claim 1, wherein the covert identifier is at least partially based on at least one token provided by the server to the client device.
5. The method of claim 1, wherein the covert identifier is based on covert data values generated by the client device.
6. The method of claim 1, wherein the covert identifier is based on covert data generated by the server and provided by the server in a message to the client device.
7. The method of claim 1, wherein the covert identifier is based on covert data values generated by the client device and the server.
8. The method of claim 1, further comprising updating the covert identifier periodically at a client device based on predetermined event triggers and providing the updated covert identifier in a message to the server.
9. The method of claim 8, wherein at least one event trigger comprises installation of updated firmware on a client device.
10. The method of claim 8, wherein at least one event trigger comprises receipt of a predetermined number of a particular type of message from the server.
11. The method of claim 8, wherein at least one event trigger comprises sending a predetermined number of a particular type of message from the client device.
12. The method of claim 8, wherein at least one event trigger comprises a predetermined number of channel changes at the client device.
13. The method of claim 2, wherein the step of storing at least one covert identifier at the server comprises storing a first covert data value at the server on receipt of a predetermined message from a client device, and storing an updated, second covert data value when a subsequent predetermined message is received from a client device having the same credentials, and the step of determining whether a covert identifier received in a subsequent message from a client device matches a previously stored covert identifier comprises comparing a covert data value in the message with the first and second covert data values stored at the server, whereby detection of a cloned client device using the same credentials is reported if the covert data value in the subsequent message does not match at least one of the first and second covert data values.
14. The method of claim 13, wherein the covert data values are based on the time of sending the predetermined messages.
15. The method of claim 13, wherein the covert data values stored at the server are based on covert data values received in messages from at least one client device.
16. The method of claim 2, further comprising periodically changing at least one covert data value to a different covert data value based on a different operational event at a client device.
17. A method of renewing subscriber client devices on a network, comprising: creating a covert identifier at a client device based on operational events at the client device;receiving a service renewal message at the client device;providing the covert identifier to the service provider in response to the service renewal message;receiving a renewal code message at the client device over the network, the renewal code message containing a renewal unlock code based on the covert identifier; andprocessing the renewal unlock code using the covert identifier to receive continued services from the service provider.
18. The method of claim 17, further comprising receiving an update covert identifier message at the client device prior to the service renewal message, and updating the covert identifier at the client device before providing the updated covert identifier to the service provider.
19. The method of claim 17, wherein the covert identifier comprises a code based on selected covert data values generated by different operational events at a client device.
20. The method of claim 17, wherein the step of providing the covert identifier to the service provider comprises sending the covert identifier in a message over the network to a server associated with the service provider.
21. A system for detecting cloned client devices on a network, comprising: a server having a communication module which communicates with client devices over a network;a data storage module associated with the server which stores a client identifier associated with at least one real client device registered for service with the server and at least one covert identifier received from a client device having the same client identifier; anda clone detection module associated with the server and data storage module which compares at least one covert identifier in a message received from a client device with the stored covert identifier associated with the same client identifier, and which creates a clone detection report if the covert identifiers do not match.
22. The system of claim 21, further comprising a plurality of client devices communicating with the server over the network.
23. The system of claim 22 wherein the client devices are smart cards.
24. The system of claim 22, wherein at least some of the client devices include smart cards.
25. The system of claim 22, wherein at least some of the client devices are set top boxes.
26. The system of claim 22, wherein at least some of the client devices are mobile communication devices.
27. The system of claim 22, wherein at least some of the client devices are personal computers.
28. The system of claim 22, wherein each client device has a covert identifier generating module which generates a covert identifier based on at least one covert data value corresponding to an operational event at the client device, a covert data storage module which stores covert data values, and a message formatting module which embeds the covert identifier in at least one message sent to the server over the network.
29. The system of claim 28, wherein the covert identifier comprises at least one actual covert data value.
30. The system of claim 28, wherein the covert identifier comprises a transformed version of at least one covert data value.
31. The system of claim 28, wherein the covert identifier comprises a plurality of covert data values corresponding to different operational events at the client device.
32. The system of claim 28, wherein the covert identifier comprises a transformed version of a plurality of covert data values corresponding to different operational events at the client device.
33. A client device for communicating over a network, comprising: a communication module which communicates with at least one server over a network;a covert identifier generating module which creates at least one covert identifier based on at least one covert data value of an operational event at the client device; anda data storage module associated with the covert data generating module which stores the covert data value.
34. The client device of claim 33, further comprising a message formatting module associated with the communication module and data storage module which creates at least one message containing the covert identifier for communication to the server.
35. The client device of claim 33, wherein the data storage module stores a covert data table of different covert data values of different operational events and the covert identifier is based on the covert data table.
36. The client device of claim 35, wherein the covert identifier comprises at least some of the covert data values in the covert data table.
37. The client device of claim 35, wherein the covert identifier is a transformation of at least some of the covert data values.
38. The client device of claim 35, further comprising a covert data update module configured to update the table of covert data values with at least some new covert data values in response to at least one predetermined covert data trigger.
39. The client device of claim 33, wherein the covert identifier generating module is configured to generate an updated client identifier based on new covert data values in response to a command.
40. The client device of claim 39, wherein the command comprises an update command received in a network message.
41. The client device of claim 39, wherein the command comprises a covert data trigger.
42. The client device of claim 39, further comprising a renewal module which responds to a renewal message received from a server of over the network by sending a current covert identifier to the server.
43. The client device of claim 33, comprising a smart card having an integral processor containing the communication module, covert identifier generating module, and data storage module.
44. The client device of claim 33, wherein the device is selected from the group consisting of set top boxes, personal computers, personal digital assistants, portable communication devices, media playing devices, and smart cards.
45. The client device of claim 33, wherein the client device is a silicon chip including a covert identifier generating module and data storage module.
46. The method of claim 1, wherein the covert identifier is at least partially based on at least one encryption key provided by the server to the client device.
47. The method of claim 1, wherein the covert identifier is at least partially based on at least one encryption key provided by the server to the client device and wherein said client uses the said server provided encryption key to encryption communications between said client and said server.
48. The method of claim 1, further comprising adding additional covert identifiers periodically at a client device based on predetermined event triggers wherein the said additional covert identifiers adds to the previous covert identifiers.
49. The method of claim 1, wherein the covert identifier is based on the time of day an event occurred in the client device.

Provisional Applications (1)

	Number	Date	Country
	60760475	Jan 2006	US

NETWORK SECURITY SYSTEM AND METHOD

Information

Publication Number

Date Filed

Date Published

Inventors

Original Assignees

CPC

US Classifications

International Classifications

Abstract

Description

Claims

Provisional Applications (1)