AUTHORIZING CUSTOMER PREMISE EQUIPMENT ON A SUB-NETWORK

US 20080301052A1
Filed: 01/07/2008
Published: 12/04/2008
Est. Priority Date: 06/04/2007
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

receiving an encrypted connection request from a customer premise equipment device at a network termination unit, the encrypted connection request being encrypted using a network membership key;

forwarding the encrypted connection request to an authorization server;

receiving an encrypted network membership key from the authorization server, the encrypted network membership key being encrypted using a device access key associated with the network termination unit;

decrypting the encrypted network membership key using the device access key; and

authorizing the customer premise equipment device to join a subnet associated with the network termination unit.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authorizing a customer premise equipment (CPE) device to join a network through a network termination unit (NTU). The CPE device can send an encrypted connection request, and an authorization server can decrypt the connection request and provide a network membership key (NMK) associated with the CPE device to the NTU. The authorization server can encrypt the NMK associated with the CPE device using a device access key (DAK) associated with the NTU.

53 Citations

View as Search Results

22 Claims

1. A computer implemented method comprising:
- receiving an encrypted connection request from a customer premise equipment device at a network termination unit, the encrypted connection request being encrypted using a network membership key;
  
  forwarding the encrypted connection request to an authorization server;
  
  receiving an encrypted network membership key from the authorization server, the encrypted network membership key being encrypted using a device access key associated with the network termination unit;
  
  decrypting the encrypted network membership key using the device access key; and
  
  authorizing the customer premise equipment device to join a subnet associated with the network termination unit.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the encrypted connection request includes a first unique identifier associated with the network termination unit.
  - 3. The method of claim 2, wherein the authorization server is operable to authorize the customer premise equipment based upon decryption of the encrypted connection request using a known network membership key associated with a second unique identifier associated with the customer premise equipment device.
  - 4. The method of claim 3, wherein the authorization server is operable to determine whether the first unique identifier included in the encrypted connection request matches the network termination unit receiving the encrypted connection request.
  - 5. The method of claim 1, wherein the network membership key comprises a unique network membership key.
  - 6. The method of claim 1, further comprising providing a network encryption key to the customer premise equipment device.

7. A computer implemented method comprising:
- receiving a forwarded connection request, the forwarded connection request comprising an encrypted connection request received by a network termination unit forwarded to an authorization server;
  
  inspecting a first unique identifier associated with the forwarded connection request;
  
  identifying a network membership key associated with the first unique identifier;
  
  authorizing the forwarded connection request based on the identified network membership key;
  
  encrypting the network membership key using a device access key associated with the network termination unit;
  
  communicating the encrypted network membership key to the network termination unit.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, further comprising:
    - determining whether a second unique identifier associated with the network termination unit is encrypted within the forwarded connection request;
      
      authorizing the customer premise equipment device based on the determination.
  - 9. The method of claim 7, wherein the network membership key comprises a unique network membership key associated with the customer premise equipment device.
  - 10. The method of claim 7, wherein the network termination unit is operable to provide a network encryption key to the customer premise equipment device.
  - 11. The method of claim 10, wherein the network encryption key is encrypted using the network membership key associated with the customer premise equipment device.
  - 12. The method of claim 11, wherein the network encryption key is unique to the customer premise equipment.
  - 13. The method of claim 7, wherein the method is operable to provide authorization to the customer premise equipment device regardless of which of a plurality of network termination units to which the customer premise equipment device is attached.

14. A system comprising:
- a network termination unit operable to receive an encrypted connection request from a customer premise equipment device, wherein the network termination unit is further operable to forward the encrypted connection request if the network termination unit determines that the customer premise equipment device is not associated with the network termination unit;
  
  an authorization server operable to receive the encrypted connection request from the network termination unit, the authorization server operable to decrypted the encrypted connection request based on a first unique identifier, the first unique identifier being associated with the customer premise equipment device;
  
  wherein the authorization server is further operable to provide a network membership key associated with the first unique identifier address based on decrypting the encrypted connection request.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The system of claim 14, wherein the authorization server is further operable to encrypted the network membership key prior to providing the network membership key to the network termination unit.
  - 16. The system of claim 15, wherein the network membership key is encrypted using a device access key associated with the network termination unit.
  - 17. The system of claim 14, wherein the encrypted connection request includes a second unique identifier, and the authorization server is operable to authorize the encrypted connection request based on whether an identifier associated with the network termination unit matches the second unique identifier.
  - 18. The system of claim 14, wherein the network termination unit is operable to provide a network encryption key to the customer premise equipment device based upon receipt of the network membership key.
  - 19. The system of claim 18, wherein the network encryption key provided to the customer premise equipment device is encrypted using the network membership key obtained from the authorization server.
  - 20. The system of claim 19, wherein the network termination unit is further operable to rotate the network encryption key.
  - 21. The system of claim 20, wherein the rotated network encryption key is accompanied by a counter value that is known to the network termination unit, thereby protecting the network termination unit from a spoofed network encryption key.
  - 22. The system of claim 14, wherein the first unique identifier comprises a media access control address associated with the customer premise equipment device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Intellon Corporation (Qualcomm, Inc.)
Inventors
KRISHNAM, MANJUNATH, YONGE, LAWRENCE W. III, KATAR, SRINIVAS

Granted Patent

US 8,112,358 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/50
CPC Class Codes

H04B 2203/5445   Local network

H04L 12/2801   Broadband local area networks

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/413   with random access, e.g. ca...

H04L 12/44   Star or tree networks

H04L 45/12   Shortest path evaluation

H04L 45/121   by minimising delays

H04L 45/122   by minimising distances, e....

H04L 45/123   Evaluation of link metrics ...

H04L 45/125   based on throughput or band...

H04L 45/16   Multipoint routing

H04L 47/787   Bandwidth trade among domains

AUTHORIZING CUSTOMER PREMISE EQUIPMENT ON A SUB-NETWORK

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHORIZING CUSTOMER PREMISE EQUIPMENT ON A SUB-NETWORK

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links