Activation, Initialization, Authentication, and Authorization for a Multi-Services Gateway Device at User Premises

US 20080189774A1
Filed: 12/28/2007
Published: 08/07/2008
Est. Priority Date: 12/29/2006
Status: Active Grant

First Claim

Patent Images

1. A method of putting a first gateway device into service, the first gateway device having an application service module and a network module enabling communications between the first gateway device and the activation manager, the application service module residing on a user premises side of a network service provider demarcation, the method comprising:

identifying, at the first gateway device disposed at a user premises, an activation manager in communication with the first gateway device;

transmitting, from the first gateway device, an activation certificate to the activation manager for verification and authentication;

generating a service authentication key associated with the first gateway device;

storing the service authentication key and an indication that the associated gateway device status is activated in a database;

determining the services available to the first gateway device; and

transmitting the service authentication key and an identification of the available services to the first gateway device.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of putting a first gateway device into service, the first gateway device having an application service module and a network module enabling communications between the first gateway device and the activation manager, the application service module residing on a user premises side of a network service provider demarcation. The method comprises identifying, at the first gateway device disposed at a user premises, an activation manager in communication with the first gateway device, transmitting, from the first gateway device, an activation certificate to the activation manager for verification and authentication, generating a service authentication key associated with the first gateway device, storing the service authentication key and an indication that the associated gateway device status is activated in a database, determining the services available to the first gateway device, and transmitting the service authentication key and an identification of the available services to the first gateway device.

Citations

43 Claims

1. A method of putting a first gateway device into service, the first gateway device having an application service module and a network module enabling communications between the first gateway device and the activation manager, the application service module residing on a user premises side of a network service provider demarcation, the method comprising:
- identifying, at the first gateway device disposed at a user premises, an activation manager in communication with the first gateway device;
  
  transmitting, from the first gateway device, an activation certificate to the activation manager for verification and authentication;
  
  generating a service authentication key associated with the first gateway device;
  
  storing the service authentication key and an indication that the associated gateway device status is activated in a database;
  
  determining the services available to the first gateway device; and
  
  transmitting the service authentication key and an identification of the available services to the first gateway device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, further comprising:
    - transmitting, from the first gateway device, a request for a gateway authentication certificate to the activation manager; and
      
      issuing a gateway authentication certificate and transmitting the gateway authentication certificate to the first gateway device, the gateway authentication certificate to be used to for peer-to-peer authentication of a second gateway device.
  - 3. The method of claim 1, further comprising:
    - transmitting, from the first gateway device, a request for a gateway authentication certificate to the activation manager; and
      
      issuing a gateway authentication certificate and presenting the gateway authentication certificate to an endpoint device.
  - 4. The method of claim 1, further comprising:
    - transmitting, from the first gateway device, a request for a gateway authentication certificate to the activation manager; and
      
      issuing a gateway authentication certificate and presenting the gateway authentication certificate to a remote endpoint device external to the user premises.
  - 5. The method of claim 1, further comprising:
    - receiving, from the activation manager, a request for an activation code;
      
      prompting a user for the activation code and transmitting the activation code to the activation manager;
      
      transmitting, from the activation manager, the unique identifier, the set of security codes, and the activation code to an authentication manager; and
      
      verifying, at the authentication manager, the received activation certificate, and the activation code.
  - 6. The method of claim 1, wherein generating a service authentication key comprises generating the service authentication key at the authentication manager.
  - 7. The method of claim 1, wherein transmitting, from the first gateway device, the activation certificate comprises transmitting a set of data encryption codes.
  - 8. The method of claim 1, wherein transmitting the activation certificate comprises transmitting a public key certificate and a private key.
  - 9. The method of claim 1, wherein transmitting the activation certificate comprises transmitting a user identifier.
  - 10. The method of claim 1, wherein transmitting the activation certificate comprises transmitting a serial identifier uniquely associated with the first gateway device.
  - 11. The method of claim 1, further comprising transmitting an activation code.
  - 12. The method of claim 1, further comprising associating the first gateway device with a particular user.
  - 13. The method of claim 1, further comprising associating the first gateway device with an application service provider.
  - 14. The method of claim 1, further comprising transmitting, from the activation manager, the request to a certificate manager for issuance of the gateway authentication certificate.
  - 15. The method of claim 1, further comprising directing the first gateway device to an assigned application service provider in response to the identification of the available services to the first gateway device.
  - 16. The method of claim 1, wherein the first gateway device and the activation manager communicate via a secure network link.
  - 17. The method of claim 1, wherein the first gateway device and the activation manager communicate via a non-secure network link.
  - 18. The method of claim 1, wherein the activation manager is external to the user premises and independent of any application service provider.
  - 19. The method of claim 1, further comprising:
    - establishing a connection, at the first gateway device, to a remote service manager;
      
      sending an authentication request to the remote service manager;
      
      transmitting the authentication request to the authentication manager;
      
      verifying, by the authentication manager, the service authentication key and that the first gateway device status is activated; and
      
      confirm the established connection to the first gateway device.
  - 20. The method of claim 1, wherein generating a service authentication key further comprises generating a key for application services.
  - 21. The method of claim 1, wherein generating a service authentication key further comprises generating at least one service key for at least one of web service, voice service, movie service, music service, file-sharing service, file-backup service, gaming service, advertising service, and food-ordering service.
  - 22. The method of claim 1, wherein generating a service authentication key further comprises generating the service authentication key with a validation parameter.
  - 23. The method of claim 1, wherein generating a service authentication key further comprises generating a new service authentication key on a periodic basis.
  - 24. The method of claim 1, further comprising sending a renewal request to renew the service authentication key.
  - 25. The method of claim 1, further comprising sending a current service configuration to the first gateway device.
  - 26. The method of claim 1, wherein generating a service authentication key comprises generating a plurality of service authentication keys for a plurality of gateway devices.

27. A gateway device for operation at a user premises having at least one endpoint device associated with the gateway device, the gateway device being in communication with a remote service manager, the gateway device comprising:
- a user module providing bi-directional communications with the at least one endpoint device;
  
  a network module having the connection that enables bi-directional communications with the remote service manager;
  
  a service manager disposed on the network module side of an interface boundary between the application service module and the network module forming a network service provider demarcation, and operable to;
  
  transmit an activation certificate to a remote activation manager for verification and authentication; and
  
  receive a service authentication key and an identification of available services to the gateway device from the activation manager.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 28. The gateway device of claim 27, wherein the service manager is further operable to:
    - receive, from the activation manager, a request for an activation code;
      
      prompt a user for the activation code and transmitting the activation code to the activation manager.
  - 29. The gateway device of claim 27, wherein the service manager is operable to transmit a set of data encryption codes.
  - 30. The gateway device of claim 27, wherein the service manager is operable to transmit a public key certificate and a private key.
  - 31. The gateway device of claim 27, wherein the service manager is operable to transmit a serial identifier uniquely associated with the gateway device.
  - 32. The gateway device of claim 27, wherein the service manager is operable to receive an identification of an assigned application service provider in response to the identification of the available services to the first gateway device.
  - 33. The gateway device of claim 27, wherein the service manager is further operable to:
    - establish a connection to the remote service manager;
      
      sending an authentication request to the remote service manager; and
      
      receive a confirmation of the established connection to the remote service manager.
  - 34. The gateway device of claim 27, wherein the service manager is operable to further receive a service key.
  - 35. The gateway device of claim 27, wherein the service manager is operable to receive at least one service key for at least one of web service, voice service, movie service, music service, file-sharing service, file-backup service, gaming service, advertising service, and food-ordering service.
  - 36. The gateway device of claim 27, wherein the service manager is operable to further receive the service authentication key with a validation parameter.
  - 37. The gateway device of claim 27, wherein the service manager is operable to further receive a new service authentication key on a periodic basis.
  - 38. The gateway device of claim 27, wherein the service manager is operable to further send a renewal request to renew the service authentication key.
  - 39. The gateway device of claim 27, wherein the service manager is operable to further send a request for a service configuration update.

40. A system comprising:
- at least one remote service manager coupled to a network;
  
  at least one activation manager coupled to the network, the at least one activation manager being independent of the at least one remote service manager;
  
  at least one gateway device disposed at a user premises and in communication with the at least one remote service manager and the at least one activation manager via the network, the at least one gateway device comprises;
  
  an application service module residing on a user premises side of a network service provider demarcation;
  
  a network module having the connection that enables bi-directional communications with the at least one remote service manager; and
  
  a service manager operable to;
  
  transmit an activation certificate to a remote activation manager for verification and authentication; and
  
  receive a service authentication key and an identification of available services to the gateway device from the activation manager.

41. A system comprising:
- at least one remote service manager coupled to a network;
  
  at least one application service provider coupled to the network;
  
  at least one activation manager coupled to the network;
  
  at least one gateway device disposed at a user premises and in communication with the at least one remote service manager and the at least one activation manager via the network, the at least one gateway device being agnostic to the at least one remote service manager and the at least one application service provider, the at least one gateway device comprises;
  
  an application service module residing on a user premises side of a network service provider demarcation;
  
  a network module having the connection that enables bi-directional communications with the at least one remote service manager; and
  
  a service manager operable to;
  
  transmit an activation certificate to a remote activation manager for verification and authentication; and
  
  transmit an activation certificate to a remote activation manager for verification and authentication; and
  
  receive a service authentication key and an identification of available services to the gateway device from the activation manager.

42. A method of peer-to-peer gateway device authentication, comprising:
- activating a first gateway device;
  
  transmitting, from the first gateway device, a request for a gateway authentication certificate to an activation manager; and
  
  issuing a gateway authentication certificate and transmitting the gateway authentication certificate to the first gateway device; and
  
  transmitting the gateway authentication certificate from the first gateway device to a second gateway device to establish accessibility of resources associated with the second gateway device from the first gateway device.
- View Dependent Claims (43)
- - 43. A method of claim 42, wherein activating the first gateway device comprises:
    - receiving an activation certificate from the first gateway device;
      
      verifying and validating the activation certificate;
      
      assigning the first gateway device to a remote service manager;
      
      verifying and validating the identity of the first gateway device;
      
      verifying and validating the association of a user to the first gateway device; and
      
      verifying and validating services authorized for the first gateway device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Prodea Automation LLC (f/k/a Kip Prod P1) (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
Prodea Systems, Inc.
Inventors
Erhart, Wesley R., McQuarters, Alvin R., Ramayya, Jude P., Nicholls, Leon E., Masina, Ramprakash, Cowgill, George A., Ansari, Amir, Raissyan, Atousa, Cooper, Michael P.

Granted Patent

US 8,205,240 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G05B 15/02   electric

G05B 19/042   using digital processors G0...

G05B 2219/2642   Domotique, domestic, home c...

G06F 16/64   Browsing; Visualisation the...

G06F 16/68   Retrieval characterised by ...

G06Q 30/04   Billing or invoicing

G08B 13/19656   Network used to communicate...

G10L 15/22   Procedures used during a sp...

G10L 2015/223   Execution procedure of a sp...

H04L 12/2803   Home automation networks

H04L 12/2807   Exchanging configuration in...

H04L 12/2812   describing content present ...

H04L 12/2814   Exchanging control software...

H04L 12/2816   Controlling appliance servi...

H04L 12/2818   from a device located outsi...

H04L 12/66   Arrangements for connecting...

H04L 2012/2849   Audio/video appliances

H04L 41/0803   Configuration setting

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 47/80 : Actions related to the user...

H04L 47/83 : based on usage prediction

H04L 49/25 : Routing or path finding in ...

H04L 51/04 : Real-time or near real-time...

H04L 51/046 : Interoperability with other...

H04L 61/4552 : Lookup mechanisms between a...

H04L 63/02 : for separating internal fro...

H04L 63/06 : for supporting key manageme...

H04L 63/08 : for authentication of entit...

H04L 63/0876 : based on the identity of th...

H04L 63/10 : for controlling access to d...

H04L 63/20 : for managing network securi...

H04L 65/102 : Gateways arrangements for c...

H04L 65/1101 : Session protocols

H04L 65/1108 : Web based protocols, e.g. w...

H04L 67/01 : Protocols

H04L 67/104 : Peer-to-peer [P2P] networks

H04L 67/125 : involving control of end-de...

H04L 67/141 : Setup of application sessio...

H04L 67/51 : Discovery or management the...

H04L 67/53 : using third party service p...

H04L 69/325 : in the network layer [OSI l...

H04N 21/00 : Selective content distribut...

H04N 21/40 : Client devices specifically...

H04N 7/181 : for receiving images from a...

H04W 12/00 : Security arrangements; Auth...

H04W 12/033 : of the user plane, e.g. use...

H04W 12/0431 : Key distribution or pre-dis...

H04W 12/06 : Authentication

H04W 12/065 : Continuous authentication

H04W 12/08 : Access security

H04W 12/35 : Protecting application or s...

H04W 4/80 : Services using short range ...

Y10S 370/911 : Bridge, e.g. brouter, bus e...

View All

Activation, Initialization, Authentication, and Authorization for a Multi-Services Gateway Device at User Premises

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Activation, Initialization, Authentication, and Authorization for a Multi-Services Gateway Device at User Premises

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links