Ethernet Connectivity Fault Management With User Verification Option

US 20090158388A1
Filed: 12/13/2007
Published: 06/18/2009
Est. Priority Date: 12/13/2007
Status: Active Grant

First Claim

Patent Images

1. A method for obtaining a trusted verification of a non-trusted device, said method comprising the steps of:

filtering an up-stream message initiated by the non-trusted device;

intercepting the filtered up-stream message if the filtered up-stream message is a connectivity fault management message;

inserting a trusted identification into the intercepted up-stream message; and

outputting the intercepted up-stream message with the inserted trusted identification.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access node (e.g., DSLAM, OLT/ONT) is described herein that implements a trust verification method comprising the steps of: (a) filtering an up-stream message initiated by a non-trusted device (e.g., CPE); (b) intercepting the filtered up-stream message if the filtered up-stream message is a connectivity fault management message (e.g., LB message, LBR message, CC message); (c) inserting a trusted identification into the intercepted up-stream message; and (d) outputting the intercepted up-stream message with the inserted trusted identification. Thereafter, a trusted device (e.g., BRAS) receives and analyzes the outputted up-stream message with the inserted trusted identification message to ascertain a trustworthiness of the non-trusted device (e.g., CPE). Several different ways that an access network (e.g., IPTV network) can implement the trust verification method are also described herein.

Citations

20 Claims

1. A method for obtaining a trusted verification of a non-trusted device, said method comprising the steps of:
- filtering an up-stream message initiated by the non-trusted device;
  
  intercepting the filtered up-stream message if the filtered up-stream message is a connectivity fault management message;
  
  inserting a trusted identification into the intercepted up-stream message; and
  
  outputting the intercepted up-stream message with the inserted trusted identification.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein a trusted device performs the filtering step, the intercepting step, the inserting step and the outputting step.
  - 3. The method of claim 2, wherein said trusted device includes a Digital Subscriber Line Access Multiplexer or an Optical Line Termination-Optical Network Termination.
  - 4. The method of claim 2, wherein said trusted identification indicates a user port at the trusted device behind which there is located the non-trusted device, and wherein said trusted identification is a selected one of the following:
    - a Dynamic Host Configuration Protocol (DHCP) option 82; and
      
      a MD/MA/MEP identification associated with the trusted device.
  - 5. The method of claim 1, wherein said intercepting step further includes a step of analyzing an Ethertype of the filtered up-stream message to determine whether or not the filtered up-stream message is the connectivity fault management message.
  - 6. The method of claim 1, wherein said connectivity fault management message includes a continuity check message, a loopback message, or a loopback reply message.
  - 7. The method of claim 1, wherein said non-trusted device is a consumer premises equipment.

8. An access node, comprising:
- a processor; and
  
  a memory, where said processor retrieves instructions from said memory and processes those instructions to enable the following;
  
  filtering an up-stream message initiated by the non-trusted device;
  
  intercepting the filtered up-stream message if the filtered up-stream message is a connectivity fault management message;
  
  inserting a trusted identification into the intercepted up-stream message; and
  
  outputting the intercepted up-stream message with the inserted trusted identification.
- View Dependent Claims (9, 10, 11)
- - 9. The access node of claim 8, wherein said processor enables the intercepting operation by analyzing an Ethertype of the filtered up-stream message to determine whether or not the filtered up-stream message is the connectivity fault management message.
  - 10. The access node of claim 8, wherein said connectivity fault management message includes a continuity check message, a loopback message, or a loopback reply message.
  - 11. The access node of claim 8, wherein said trusted identification indicates a user port at the access node behind which there is located the non-trusted device, and wherein said trusted identification is a selected one of the following:
    - a Dynamic Host Configuration Protocol (DHCP) option 82; and
      
      a MD/MA/MEP identification associated with the trusted device.

12. A method for obtaining a trusted verification of a non-trusted device which is part of an access system that also includes a trusted edge router and a trusted access node, said method comprising the steps of:
- sending a multicast loopback message from the edge router towards the non-trusted device;
  
  sending a unicast loopback reply message from the non-trusted device after the non-trusted device receives the multicast loopback message;
  
  intercepting the unicast loopback reply message at the access node;
  
  inserting a trusted identification into the intercepted unicast loopback reply message at the access node;
  
  outputting the unicast loopback reply message with the trusted identification from the access node;
  
  receiving the outputted unicast loopback reply message with the trusted identification at the edge router; and
  
  enabling the edge router to analyze the received unicast loopback reply message with the trusted identification to ascertain a trustworthiness of the non-trusted device.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein:
    - said access node includes a Digital Subscriber Line Access Multiplexer or an Optical Line Termination-Optical Network Termination; and
      
      said non-trusted device is a consumer premises equipment.
  - 14. The method of claim 12, wherein said intercepting step further includes a step of analyzing an Ethertype of the unicast loopback reply message to determine whether or not the unicast loopback reply message is a connectivity fault management message.
  - 15. The method of claim 12, wherein said trusted identification indicates a user port at the access node behind which there is located the non-trusted device, and wherein said trusted identification is a selected one of the following:
    - a Dynamic Host Configuration Protocol (DHCP) option 82; and
      
      a MD/MA/MEP identification associated with the trusted device.

16. A method for obtaining a trusted verification of a non-trusted device which is part of an access system that also includes a trusted edge router and a trusted access node, said method comprising the steps of:
- sending a connectivity fault management message from the non-trusted device towards the edge router;
  
  intercepting the connectivity fault management message at the access node;
  
  inserting a trusted identification into the intercepted connectivity fault management message at the access node;
  
  outputting the connectivity fault management message with the trusted identification from the access node;
  
  receiving the outputted connectivity fault management message with the trusted identification at the edge router; and
  
  enabling the edge router to analyze information in the received connectivity fault management message with the trusted identification to ascertain a trustworthiness of the non-trusted device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein:
    - said access node includes a Digital Subscriber Line Access Multiplexer or an Optical Line Termination-Optical Network Termination; and
      
      said non-trusted device is a consumer premises equipment.
  - 18. The method of claim 16, wherein said connectivity fault management message is a continuity check message or a loopback message.
  - 19. The method of claim 16, wherein said intercepting step further includes a step of analyzing an Ethertype of the connectivity fault management message.
  - 20. The method of claim 16, wherein said trusted identification indicates a user port at the access node behind which there is located the non-trusted device, and wherein said trusted identification is a selected one of the following:
    - a Dynamic Host Configuration Protocol (DHCP) option 82; and
      
      a MD/MA/MEP identification associated with the trusted device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Pauwels, Ludwig, Sridhar, Kamakshi, Ooghe, Sven

Granted Patent

US 8,161,541 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

H04L 41/0604   using filtering, e.g. reduc...

H04L 43/0811   by checking connectivity

H04L 63/0876   based on the identity of th...

H04L 63/1441   Countermeasures against mal...

H04L 63/162   at the data link layer

Ethernet Connectivity Fault Management With User Verification Option

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Ethernet Connectivity Fault Management With User Verification Option

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links