AUTHENTICATION FOR DEVICES LOCATED IN CABLE NETWORKS
First Claim
Patent Images
1. A method comprising:
- receiving an authorization response over a cable network that includes a cable modem address and one or more authentication criteria for a cable modem;
extracting a forwarding message from the authorization response;
sending the forwarding message over a packet switched network to a server;
receiving back a communication to establish a session key on the cable modem; and
forwarding a representation of the communication to the cable modem for establishment of the session key on the cable modem.
1 Assignment
0 Petitions
Accused Products
Abstract
An extensible authentication framework is used in cable networks such as Data Over Cable Service Interface Specification (DOCSIS) cable networks. The authentication scheme allows for centralized authentication of cable modems, as well as authentication of the cable network by cable modems. Additionally, the authentication scheme allows a Cable Modem Termination System (CMTS) to authenticate devices downstream from cable modems, such as Customer Premise Equipment (CPE) devices.
-
Citations
32 Claims
-
1. A method comprising:
-
receiving an authorization response over a cable network that includes a cable modem address and one or more authentication criteria for a cable modem; extracting a forwarding message from the authorization response; sending the forwarding message over a packet switched network to a server; receiving back a communication to establish a session key on the cable modem; and forwarding a representation of the communication to the cable modem for establishment of the session key on the cable modem. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising.
extracting one or more network authentication criteria from an authorization request received over a cable network; -
validating the network authentication criteria using a locally stored authentication value; sending back an authorization response that includes one or more cable modem authentication criteria when the network authentication criteria corresponds to the locally stored authentication value; and receiving a state change notification message corresponding to a local logical cable modem port. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
means for sending an authentication criterion request containing a network identity to a cable modem; means for validating the network identity at the cable modem; means for authenticating a source of the validated network identity; means for sending one or more authentication criteria to the authenticated source of the authentication criterion request; means for authenticating the cable modem; and means for changing a state of a port on the authenticated cable modem to allow the cable modem to send layer three communications. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A Cable Modem Termination System (CMTS) comprising;
-
one or more processors; and a memory coupled to the one or more processors comprising instructions executable by the processors, the processors operable when executing the instructions to; receive an authorization response over a cable network, the authorization response including a device identification and one or more authentication criteria; extract a forwarding message from the authorization response; send the forwarding message to a server located in the packet switched network; receive back an authorization message to establish a session key on a device having the device identification; and forward a representation of the authorization message to the device. - View Dependent Claims (21, 22, 23, 24)
-
-
25. An apparatus comprising;
-
one or more processors; and a memory coupled to the one or more processors comprising instructions executable by the processors, the processors operable when executing the instructions to; extract a first authentication criterion from an authorization request received over a cable network; validate the first authentication criterion with a stored authentication value; send back a response that includes a device identification and a second authentication criterion when the first authentication criterion matches the stored authentication value; and receive back a message that locally provides a session key after sending the response. - View Dependent Claims (26, 27, 28)
-
-
29. An authentication device, comprising:
-
a memory storing one or more authentication values; and one or more processors to receive an authorization response that includes a cable modem address and one or more cable modem certificates, the processors to extract a first packet that corresponds to the Extensible Authentication Protocol (EAP) framework, to extract the cable modem address and the one or more cable modem certificates from the first packet, to compare the cable modem address and the one or more cable modem certificates to the one or more locally stored authentication values, to send a session key establishment message to the cable modem address when the cable modem address and the one or more cable modem certificates correspond to one or more locally stored authentication values. - View Dependent Claims (30, 31, 32)
-
Specification