Terayon Modems Get New VeriSign Protection

VeriSign Inc. has unveiled what it calls the industry's first set of cable-modem authentication services, offering up technology designed to thwart broadband pirates from cloning cable modems and tapping free, unfettered access to high-speed cable services.

In concert with the product launch, VeriSign also announced that Terayon Communication Systems Inc. agreed to be the first cable-modem vendor to deploy its cloning-security measures.

VeriSign said its product provides cryptographic keys and corresponding digital certificates that "burn" credentials directly into the read-only memory of cable modems prior to shipment.

Those "unforgeable" credentials are then used to authenticate the identity of each individual cable modem with the cable operator before the equipment's owner is permitted to access the broadband network.

Just as pirates can clone satellite dishes or cellular phones to filch services, they can also clone the software inside cable modems to do the same, explained Anil Pereira, vice president of VeriSign's Internet-services group.

"Cable-modem cloning leads cable operators to believe that they're connecting to a qualified subscriber when, in fact, they're not," he said.

Cable-modem-cloning prevention is not a fresh concern. In fact, Cable Television Laboratories Inc.'s Data Over Cable Service Interface Specification versions 1.0 and 1.1 already approach piracy issues with a security designation called "BPI+" (Baseline Privacy Plus) that is built on a public-key infrastructure CableLabs sublicenses from RSA Security Inc.

If those keys are duplicated, though, there's a possibility that pirates can clone the devices and circumvent monthly high-speed-access charges.

By embedding unique digital certificates that authenticate cable modems, VeriSign believes its solution is virtually tamperproof.

As part of its "Cable Modem Authentication Services" suite, VeriSign generates and delivers keys and certificates in batches that mirror production-run requirements of cable-modem manufacturers.

That's important because the security of those certificates could be compromised if they are downloaded over a cable network, Motorola Broadband Communications Sector senior director of cable-modem engineering Don Hopp said.

VeriSign, meanwhile, is mum on whether additional modem vendors are set to deploy its digital-certification solution.

More could be on the way if VeriSign's Cable Modem Authentication Services find a permanent place on the DOCSIS 1.1 menu. An industry source said two companies are vying to become the industry's standard certificate-verification authority for cable modems: VeriSign and Microsoft Corp.