Distributed authentication functionality
First Claim
1. A method, comprising:
- inhibiting transmission of non-authentication messages until an identity of an entity seeking to send said non-authentication messages is authenticated;
enabling transmission of non-authentication messages in response to receiving an entity authentication confirmation to an entity authentication request; and
authenticating the identity of the entity wherein said authenticating is performed by at least one Optical Line Terminal (OLT) and an authentication server, which cooperates with the OLT wherein the OLT plays an active role in authenticating the identity of the entity;
characterized in that said inhibiting transmission of non-authentication messages is performed by an Optical Network Terminal (ONT) and said enabling transmission of non-authentication messages is performed by the ONT and the ONT and wherein the entity, at the control of a supplicant, sends an EAP-Start Message for reception by the connected ONT;
in response to the ONT receiving the EAP-Start Message, the ONT sends an EAP-Request Identity Message for reception by the entity;
in response to the entity receiving the EAP-Request Identity Message, the entity sends an EAP-Response Message;
in response to the ONT receiving the EAP-Response Message, the ONT forwards the EAP-Response Message for reception by the OLT that serves the ONT;
the OLT receives the EAP-Response Message and then forwards the EAP-Response Message for reception by the authentication server;
the authentication server receives the EAP-Response Message and determines the identity authenticity of the supplicant;
if the identity of the supplicant is determined to be authentic, the authentication server sends an Accept Message for reception by the entity via the OLT and the ONT;
if the identity of the supplicant is determined to be non-authentic, the authentication server sends a Reject Message for reception by the entity via the OLT and the ONT;
in the case of the identity of the supplicant being determined to be authentic and the authentication server sending the Accept Message for reception by the entity via the OLT and the ONT, the OLT receives the Accept Message and then forwards the Accept Message for reception by the ONT and the ONT forwards the Accept Message for reception by the entity and enables transmission of non-EAP Messages at a controlled port of the ONT and the entity receives the Accept Message while the entity sends a Log-off Message for reception by the ONT at some point after the ONT enables transmission of non-EAP Messages to the controlled port of the ONT and in response to receiving the Log-off Message, the ONT inhibits transmission of non-EAP messages; and
in the case of the identity of the supplicant being determined to be non-authentic and the authentication server sending the Reject Message for reception by the entity via the OLT and the ONT, the OLT receives the Reject Message and forwards the Reject Message for reception by the ONT and the ONT forwards the Reject Message for reception by the entity.
6 Assignments
0 Petitions
Accused Products
Abstract
A Passive Optical Network (PON) includes an Optical Network Terminal (ONT) and an Optical Line Terminal (OLT). The ONT is configured for providing controlled port operations of authenticator Port Access Entity (PAE) functionality and the OLT is configured for providing entity authentication operations of the authenticator PAE functionality. The controlled port operations of authenticator PAE functionality includes inhibiting transmission of non-authentication messages from the ONT, transmitting a supplicant authentication request to the OLT and enabling transmission of non-authentication messages from the ONT in response to receiving supplicant authentication confirmation. The entity authentication operations of the authenticator PAE functionality include facilitating authentication of an identity of the supplicant and facilitating transmission of supplicant authentication confirmation for reception by the ONT in response to the identity being authenticated.
-
Citations
13 Claims
-
1. A method, comprising:
-
inhibiting transmission of non-authentication messages until an identity of an entity seeking to send said non-authentication messages is authenticated; enabling transmission of non-authentication messages in response to receiving an entity authentication confirmation to an entity authentication request; and authenticating the identity of the entity wherein said authenticating is performed by at least one Optical Line Terminal (OLT) and an authentication server, which cooperates with the OLT wherein the OLT plays an active role in authenticating the identity of the entity;
characterized in that said inhibiting transmission of non-authentication messages is performed by an Optical Network Terminal (ONT) and said enabling transmission of non-authentication messages is performed by the ONT and the ONT and wherein the entity, at the control of a supplicant, sends an EAP-Start Message for reception by the connected ONT;in response to the ONT receiving the EAP-Start Message, the ONT sends an EAP-Request Identity Message for reception by the entity; in response to the entity receiving the EAP-Request Identity Message, the entity sends an EAP-Response Message; in response to the ONT receiving the EAP-Response Message, the ONT forwards the EAP-Response Message for reception by the OLT that serves the ONT; the OLT receives the EAP-Response Message and then forwards the EAP-Response Message for reception by the authentication server; the authentication server receives the EAP-Response Message and determines the identity authenticity of the supplicant; if the identity of the supplicant is determined to be authentic, the authentication server sends an Accept Message for reception by the entity via the OLT and the ONT; if the identity of the supplicant is determined to be non-authentic, the authentication server sends a Reject Message for reception by the entity via the OLT and the ONT; in the case of the identity of the supplicant being determined to be authentic and the authentication server sending the Accept Message for reception by the entity via the OLT and the ONT, the OLT receives the Accept Message and then forwards the Accept Message for reception by the ONT and the ONT forwards the Accept Message for reception by the entity and enables transmission of non-EAP Messages at a controlled port of the ONT and the entity receives the Accept Message while the entity sends a Log-off Message for reception by the ONT at some point after the ONT enables transmission of non-EAP Messages to the controlled port of the ONT and in response to receiving the Log-off Message, the ONT inhibits transmission of non-EAP messages; and in the case of the identity of the supplicant being determined to be non-authentic and the authentication server sending the Reject Message for reception by the entity via the OLT and the ONT, the OLT receives the Reject Message and forwards the Reject Message for reception by the ONT and the ONT forwards the Reject Message for reception by the entity. - View Dependent Claims (2, 3, 4)
-
-
5. A Passive Optical Network (PON) comprising:
-
an Optical Network Terminal (ONT) including; at least one data processing device; memory connected to said at least one data processing device of the ONT; an authentication server; and an Optical Line Terminal (OLT) including at least one data processing device and memory connected to said at least one data processing device of the OLT wherein said OLT and said authentication server are adapted to facilitate authenticating the identity of an entity in cooperation wherein the OLT plays an active role in authenticating the identity of the entity;
characterized in that said at least one data processing device of the ONT is adapted to inhibit transmission of non-authentication messages from the ONT until the identity of the entity seeking to send said non-authentication messages is authenticated; and
said at least one data processing device of the ONT is further adapted to enable transmission of non-authentication messages from the ONT in response to receiving an entity authentication confirmation to an entity authentication request and wherein the entity, at the control of a supplicant, sends an EAP-Start Message for reception by the connected ONT;in response to the ONT receiving the EAP-Start Message, the ONT sends an EAP-Request Identity Message for reception by the entity; in response to the entity receiving the EAP-Request Identity Message, the entity sends an EAP-Response Message; in response to the ONT receiving the EAP-Response Message, the ONT forwards the EAP-Response Message for reception by the OLT that serves the ONT; the OLT receives the EAP-Response Message and then forwards the EAP-Response Message for reception by the authentication server; the authentication server receives the EAP-Response Message and determines the identity authenticity of the supplicant; if the identity of the supplicant is determined to be authentic, the authentication server sends an Accept Message for reception by the entity via the OLT and the ONT; if the identity of the supplicant is determined to be non-authentic, the authentication server sends a Reject Message for reception by the entity via the OLT and the ONT; in the case of the identity of the supplicant being determined to be authentic and the authentication server sending the Accept Message for reception by the entity via the OLT and the ONT, the OLT receives the Accept Message and then forwards the Accept Message for reception by the ONT and the ONT forwards the Accept Message for reception by the entity and enables transmission of non-EAP Messages at a controlled port of the ONT and the entity receives the Accept Message while the entity sends a Log-off Message for reception by the ONT at some point after the ONT enables transmission of non-EAP Messages to the controlled port of the ONT and in response to receiving the Log-off Message, the ONT inhibits transmission of non-EAP messages; and in the case of the identity of the supplicant being determined to be non-authentic and the authentication server sending the Reject Message for reception by the entity via the OLT and the ONT, the OLT receives the Reject Message and forwards the Reject Message for reception by the ONT and the ONT forwards the Reject Message for reception by the entity. - View Dependent Claims (6, 7, 8)
-
-
9. A Passive Optical Network (PON), comprising:
-
an Optical Network Terminal (ONT) configured for providing controlled port operations of authenticator Port Access Entity (PAE) functionality; and an Optical Line Terminal (OLT) configured for providing entity authentication operations of said authenticator Port Access Entity (PAE) functionality, wherein the OLT is connected to the ONT for enabling interaction therebetween and to an authentication server that cooperates with the OLT for providing entity authentication operations wherein the OLT plays an active role in providing entity authentication operations and wherein an entity, at the control of a supplicant, sends an EAP-Start Message for reception by the connected ONT; in response to the ONT receiving the EAP-Start Message, the ONT sends an EAP-Request Identity Message for reception by the entity; in response to the entity receiving the EAP-Request Identity Message, the entity sends an EAP-Response Message; in response to the ONT receiving the EAP-Response Message, the ONT forwards the EAP-Response Message for reception by the OLT that serves the ONT; the OLT receives the EAP-Response Message and then forwards the EAP-Response Message for reception by the authentication server; the authentication server receives the EAP-Response Message and determines the identity authenticity of the supplicant; if the identity of the supplicant is determined to be authentic, the authentication server sends an Accept Message for reception by the entity via the OLT and the ONT; if the identity of the supplicant is determined to be non-authentic, the authentication server sends a Reject Message for reception by the entity via the OLT and the ONT; in the case of the identity of the supplicant being determined to be authentic and the authentication server sending the Accept Message for reception by the entity via the OLT and the ONT, the OLT receives the Accept Message and then forwards the Accept Message for reception by the ONT and the ONT forwards the Accept Message for reception by the entity and enables transmission of non-EAP Messages at a controlled port of the ONT and the entity receives the Accept Message while the entity sends a Log-off Message for reception by the ONT at some point after the ONT enables transmission of non-EAP Messages to the controlled port of the ONT and in response to receiving the Log-off Message, the ONT inhibits transmission of non-EAP messages; and in the case of the identity of the supplicant being determined to be non-authentic and the authentication server sending the Reject Message for reception by the entity via the OLT and the ONT, the OLT receives the Reject Message and forwards the Reject Message for reception by the ONT and the ONT forwards the Reject Message for reception by the entity. - View Dependent Claims (10, 11, 12, 13)
-
Specification