Authentication for devices located in cable networks
First Claim
Patent Images
1. A method, comprising:
- receiving at a Cable Modem Termination System (CMTS) a proactively generated and transmitted authentication request from a cable modem, said authentication request including an attribute specifying a physical address of the cable modem and initiating an authentication process involving the cable modem, the CMTS, and a centralized server, wherein the authentication process is initiated by the cable modem generating and transmitting the authentication request;
as part of the authentication process initiated by the cable modem, forwarding at least a portion of said authentication request to the centralized server to cause a network certificate to be received by the cable modem;
as part of the authentication process initiated by the cable modem, after the network certificate is received by the cable modem, receiving at the CMTS an authorization response from the cable modem, wherein the authorization response includes an authentication criterion for the cable modem;
as part of the authentication process initiated by the cable modem, extracting a forwarding message from the authorization response and sending the forwarding message to the centralized server;
as part of the authentication process initiated by the cable modem, receiving back a communication to establish a session key on the cable modem and forwarding a representation of the communication to the cable modem for establishment of the session key on the cable modem;
completing ranging with the cable modem before sending a certificate request that elicits the authorization response; and
registering the cable modem after the authentication process.
1 Assignment
0 Petitions
Accused Products
Abstract
An extensible authentication framework is used in cable networks such as Data Over Cable Service Interface Specification (DOCSIS) cable networks. The authentication scheme allows for centralized authentication of cable modems, as well as authentication of the cable network by cable modems. Additionally, the authentication scheme allows a Cable Modem Termination System (CMTS) to authenticate devices downstream from cable modems, such as Customer Premise Equipment (CPE) devices.
-
Citations
13 Claims
-
1. A method, comprising:
-
receiving at a Cable Modem Termination System (CMTS) a proactively generated and transmitted authentication request from a cable modem, said authentication request including an attribute specifying a physical address of the cable modem and initiating an authentication process involving the cable modem, the CMTS, and a centralized server, wherein the authentication process is initiated by the cable modem generating and transmitting the authentication request; as part of the authentication process initiated by the cable modem, forwarding at least a portion of said authentication request to the centralized server to cause a network certificate to be received by the cable modem; as part of the authentication process initiated by the cable modem, after the network certificate is received by the cable modem, receiving at the CMTS an authorization response from the cable modem, wherein the authorization response includes an authentication criterion for the cable modem; as part of the authentication process initiated by the cable modem, extracting a forwarding message from the authorization response and sending the forwarding message to the centralized server; as part of the authentication process initiated by the cable modem, receiving back a communication to establish a session key on the cable modem and forwarding a representation of the communication to the cable modem for establishment of the session key on the cable modem; completing ranging with the cable modem before sending a certificate request that elicits the authorization response; and registering the cable modem after the authentication process. - View Dependent Claims (3, 4, 5, 6, 7, 8)
-
-
2. The method of claim h further comprising forwarding an acknowledgement to the centralized server, the acknowledgement indicating that the cable modem successfully established the session key using private credentials stored on the cable modem.
-
9. A Cable Modem Termination System (CMTS), comprising;
-
a processing device; and a memory coupled to the processing device comprising instructions executable by the processing device, the processing device operable when executing the instructions to; receive at the CMTS a proactively generated and transmitted authentication request from a remote device over the cable network, said authentication request initiating an authentication process involving the remote device, the CMTS, and a centralized server, wherein the authentication process is initiated by the remote device generating and transmitting the authentication request; as part of the authentication process initiated by the remote device, forward at least a portion of said authentication request to the centralized server to cause a network certificate to be received by the remote device; as part of the authentication process initiated by the remote device, receive an authorization response over the cable network, wherein the authorization response includes a device identification for the remote device and an authentication criterion; as part of the authentication process initiated by the remote device, extract a forwarding message from the authorization response and send the forwarding message to the centralized server; and as part of the authentication process initiated by the remote device, receive back an authorization message to establish a session key on the remote device and forward a representation of the authorization message to the remote device; wherein the remote device is a cable modem, and wherein the processing device is operable when executing the instructions to; complete ranging with the remote device before sending a certificate request that elicits the authorization response; and register the remote device as an authenticated cable modem after authenticating the remote device. - View Dependent Claims (10, 11, 12, 13)
-
Specification