EARLY AUTHENTICATION IN CABLE MODEM INITIALIZATION

US 20080028437A1
Filed: 07/27/2006
Published: 01/31/2008
Est. Priority Date: 07/27/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

sending messages from and receiving messages by a cable modem termination system (CMTS) to establish a link layer connection between a cable modem and said CMTS;

sending messages from and receiving messages by said CMTS to authenticate of said cable modem on a primary service flow;

sending messages from and receiving messages by said CMTS to establish IP connectivity between said cable modem and said CMTS after said cable modem has been authenticated; and

sending messages from and receiving messages by said CMTS to register said cable modem with the CMTS after said IP connectivity has been established.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that eliminates some of the security vulnerabilities in the prior art systems by using a new sequence of steps to perform initialization of the cable modem: Instead of performing authentication after the cable modem has been registered, the cable modem authentication step is performed immediately after the cable modem completes ranging. Thus an early authentication method and system are provided. The control of authentication is shifted from the cable modem to the CMTS. Instead of the CMTS relying on a Registration Request message (REG-REQ) to determine whether a cable modem must perform authentication (that is to determine if BPI+ is enabled) the CMTS configuration is what determines whether a cable modem must perform authentication.

39 Citations

View as Search Results

20 Claims

1. A method comprising:
- sending messages from and receiving messages by a cable modem termination system (CMTS) to establish a link layer connection between a cable modem and said CMTS;
  
  sending messages from and receiving messages by said CMTS to authenticate of said cable modem on a primary service flow;
  
  sending messages from and receiving messages by said CMTS to establish IP connectivity between said cable modem and said CMTS after said cable modem has been authenticated; and
  
  sending messages from and receiving messages by said CMTS to register said cable modem with the CMTS after said IP connectivity has been established.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising interrogating a configuration file in said CMTS to determine if early authentication prior to registration is enabled on said CMTS.
  - 3. The method of claim 1 including:
    - determining by messages sent from or received by said CMTS if authentication prior to registration is enabled on said cable modem and if authentication prior to registration is not enabled, dropping all messages except authentication messages from the cable modem until it is successfully authenticated.
  - 4. The method of claim 1 wherein if the cable modem fails authentication prior to registration, the method further comprising directing cable modem provisioning messages received by said CMTS to a secured storage area.
  - 5. The method of claim 1 including determining from messages sent from and received by said CMTS if authentication prior to registration is enabled on said cable modem and if authentication prior to registration is not enabled, authenticating said modem after said modem is registered.

6. An apparatus comprising:
- means in a cable modem termination system (CMTS) for establishing a link layer connection between said cable modem and said CMTS;
  
  means in a CMTS for authenticating said cable modem prior to registration of said cable modem;
  
  means in a CMTS for establishing IP connectivity between said modem and said CMTS; and
  
  means in a CMTS for registering the cable modem with said CMTS.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus of claim 6 further comprising means in said CMTS for determining if authentication prior to registration is enabled on said CMTS.
  - 8. The apparatus of claim 6 including means in said CMTS for dropping all messages except authentication messages from the cable modem until said cable modem is successfully authenticated.
  - 9. The apparatus of claim 6 including means in said CMTS operable if authentication fails for directing cable modem provisioning messages to a secured storage area.
  - 10. The apparatus of claim 6 including means in said CMTS for providing dynamic host configuration protocol (DHCP) provisioning messages, time of day (ToD) provisioning messages, and trivial file transfer protocol (TFTP) provisioning messages.

11. A cable modem termination system (CMTS) including a processor configured to:
- establish a link layer connection to a cable modem;
  
  authenticate said cable modem prior to registration of said cable modem;
  
  establish IP connectivity between said CMTS and said cable modem after said registration is complete; and
  
  register said cable modem after said connectivity has been established.
- View Dependent Claims (12, 13, 14, 15, 19, 20)
- - 12. The CMTS of claim 11, wherein said processor is configured to provide traffic encryption keys for encryption on at least one secondary service flow.
  - 13. The CMTS of claim 11, wherein said processor is configured to drop all messages except authentication messages from the cable modem until the cable modem is successfully authenticated.
  - 14. The CMTS of claim 11, wherein said processor is configured to interrogate a configuration file stored on said CMTS to determine if authentication prior to registration is enabled on said CMTS.
  - 15. The CMTS of claim 11, wherein said processor is configured to send and receive dynamic host configuration protocol (DHCP) provisioning messages, time of day (ToD) provisioning messages, and trivial file transfer protocol (TFTP) provisioning messages.
  - 19. The CMTS recited in claim 11 wherein said processor is configured to send and receive messages to determine if a cable modem is configured for authentication prior to registration.
  - 20. The CMTS recited in claim 11 wherein said processor is configured to send all messages from said cable modem to a secure area if authentication prior to registration fails.

16. A cable modem including:
- a port to communicate over a link layer connection with a cable modem termination system (CMTS);
  
  a processor adapted to;
  
  receive messages from said CMTS via said port to conduct authentication of said cable modem on a primary service flow prior to registration of said modem;
  
  establish IP connectivity with said CMTS, andregister said modem with said CMTS after said authentication is complete.
- View Dependent Claims (17, 18)
- - 17. The cable modem of claim 16 wherein said processor is further adapted to utilize encryption keys for encryption on at least one secondary service flow.
  - 18. The cable modem of claim 16 wherein said cable modem includes a configuration file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
ZENG, SHENGYOU

Granted Patent

US 8,255,682 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 2221/2129   Authenticate client device ...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04N 7/104   Switchers or splitters

EARLY AUTHENTICATION IN CABLE MODEM INITIALIZATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

EARLY AUTHENTICATION IN CABLE MODEM INITIALIZATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links