AUTHORIZING STATIONS INTO A CENTRALLY MANAGED NETWORK

US 20080298594A1
Filed: 01/07/2008
Published: 12/04/2008
Est. Priority Date: 06/04/2007
Status: Active Grant

First Claim

Patent Images

1. A computer implemented authentication method comprising:

generating a network membership key request;

communicating the network membership key request to an authorization server, the network membership key request including a unique identifier associated with the requesting station, the unique identifier being unencrypted;

receiving the network membership key based on the network membership key request;

wherein the network membership key is received in encrypted format based upon a device access key; and

wherein the network membership key is received based upon a stored device access key associated with the unique identifier matching the device access key used to encrypt the network membership key request.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for connecting new stations to a secure network. New stations can send connection requests to a headend device. The headend device can retrieve a device access key associated with the new station and can provide a network membership key to the new station based upon authentication of the new station using the device access key.

127 Citations

25 Claims

1. A computer implemented authentication method comprising:
- generating a network membership key request;
  
  communicating the network membership key request to an authorization server, the network membership key request including a unique identifier associated with the requesting station, the unique identifier being unencrypted;
  
  receiving the network membership key based on the network membership key request;
  
  wherein the network membership key is received in encrypted format based upon a device access key; and
  
  wherein the network membership key is received based upon a stored device access key associated with the unique identifier matching the device access key used to encrypt the network membership key request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer implemented method of claim 1, wherein generating a network membership key request comprises encrypting a network membership key request using the device access key, the device access key being associated with a requesting station.
  - 3. The computer implemented method of claim 1, wherein the core network membership key comprises a unique network membership key associated with the requesting station.
  - 4. The computer implemented method of claim 3, further comprising communicating a network encryption key to each of a plurality of stations, including the requesting station, using the unique network membership key respectively associated with each of the plurality of stations.
  - 5. The computer implemented method of claim 4, further comprising communicating to other stations in a core network using the network encryption key.
  - 6. The computer implemented method of claim 4, further comprising rotating the network encryption key using the network membership key.
  - 7. The computer implemented method of claim 4, further comprising:
    - determining that the station has been compromised;
      
      transmitting a new network encryption key to a group of stations not compromised using the unique network membership keys respectively associated with each of the stations comprising the group.
  - 8. The computer implemented method of claim 1, wherein the unique identifier comprises a media access control address associated with the requesting station
  - 9. The computer implemented method of claim 1, wherein the unique network membership key comprises a substantially unique network membership key

10. A computer implemented authorization method comprising:
- receiving an encrypted network membership key request from a station;
  
  receiving an unencrypted unique identifier associated with the encrypted network membership key request;
  
  determining whether the encrypted network membership key request is authentic based upon the unique identifier;
  
  encrypting a network membership key using a device access key associated with the station; and
  
  communicating the encrypted network membership key to the station.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer implemented method of claim 10, wherein determining whether the encrypted network membership key is authentic comprises:
    - identifying a stored device access key associated with the unique identifier;
      
      attempting to decrypt the encrypted network membership key request using the stored device access key; and
      
      authenticating the encrypted network membership key request based on the attempt.
  - 12. The computer implemented method of claim 10, further comprising:
    - encrypting a network encryption key using the network membership key associated with the station; and
      
      communicating the encrypted network encryption key to the station.
  - 13. The computer implemented method of claim 12, wherein the network membership key comprises a unique network membership key associated with a specific station among a plurality of stations.
  - 14. The computer implemented method of claim 13, further comprising:
    - determining that the station has been compromised;
      
      communicating a new network encryption key using unique network membership keys respectively associated with those stations not compromised.

15. An authentication system comprising:
- a plurality of stations, each of the stations being operable to generate an encrypted network membership key request, the encrypted network membership key requests including an unencrypted unique identifiers respectively associated with the station generating the encrypted network membership key request;
  
  an authorization server operable to receive the encrypted network membership key requests and to identify stored device access keys based upon the unique identifiers respectively associated with each of the network membership key requests, the authorization server authenticating the station based upon successful decryption of the network membership key requests based on the stored device access keys respectively associated with each of the unique identifiers, the authorization server being further operable to encrypt a network membership key using the device access key and to communicate the encrypted network membership key to the stations based upon authenticating the station.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The system of claim 15, wherein the stations comprise headend units, repeaters, and network termination units.
  - 17. The system of claim 15, wherein the network membership key comprises a unique network membership key, each of the unique network membership keys being respectively associated with each of the plurality of stations.
  - 18. The system of claim 17, wherein the authorization server is further operable to rotate the unique network membership key.
  - 19. The system of claim 17, wherein the authorization server is operable to provide a network encryption key to each of the plurality of stations by encrypting the network encryption key using the unique network membership key associated with each respective station.
  - 20. The system of claim 19, wherein the authorization server is operable to rotate the network encryption key.
  - 21. The system of claim 20, wherein the authorization server is operable to include an encrypted counter value with the rotated network encryption key, and wherein the stations are operable to determine whether the rotated network encryption key is authentic based upon the encrypted counter value.
  - 22. The system of claim 21, wherein a previous counter value is communicated to the stations prior to communication of the rotated network encryption key, and the stations are operable to increment the counter to a present value and to compare the present value to the encrypted counter value to authenticate the rotated network encryption key.
  - 23. The system of claim 19, wherein the authorization server is further operable to generate a new network encryption key responsive to notification of a compromised station, the authorization server being operable to communicate the new network encryption key using the unique network membership keys of those stations not compromised.
  - 24. The system of claim 15, wherein the plurality of stations and the authorization server comprise a broadband over powerline network.
  - 25. The system of claim 15, wherein the authorization server is further operable to refuse connection to a station if the stored device access key associated with the unique identifier of an encrypted network membership key request does not match the device access key used to encrypt the encrypted network membership key request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm Atheros Incorporated (Qualcomm, Inc.)
Original Assignee
Intellon Corporation (Qualcomm, Inc.)
Inventors
YONGE, LAWRENCE W. III, Krishnam, Manjunath, Katar, Srinivas

Granted Patent

US 9,521,090 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04B 2203/5445   Local network

H04L 12/2801   Broadband local area networks

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/413   with random access, e.g. ca...

H04L 12/44   Star or tree networks

H04L 45/12   Shortest path evaluation

H04L 45/121   by minimising delays

H04L 45/122   by minimising distances, e....

H04L 45/123   Evaluation of link metrics ...

H04L 45/125   based on throughput or band...

H04L 45/16   Multipoint routing

H04L 47/787   Bandwidth trade among domains

AUTHORIZING STATIONS INTO A CENTRALLY MANAGED NETWORK

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

127 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHORIZING STATIONS INTO A CENTRALLY MANAGED NETWORK

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links