Activation, initialization, authentication, and authorization for a multi-services gateway device at user premises
First Claim
1. A method of putting a first gateway device into service, the first gateway device having an application service module and a network module enabling communications between the first gateway device and an activation manager across a wide area network, the application service module controlled by an application services provider and residing on a user premises side of a network service provider demarcation, the method comprising:
- providing the first gateway device in a non-activated state, wherein the first gateway device includes;
a service manager configured to control an activation and authentication process of the first gateway device, the service manager further configured to associate an endpoint device and a user of the endpoint device with the first gateway device;
a state manager configured to store a state status of the first gateway device that is utilized by the service manager in controlling the activation and authentication process of the first gateway device, wherein the state status is at least one of non-activated, activation pending, activated, and authenticated;
a connection client configured to form a secure communication channel between the first gateway device and the activation manager across the wide area network; and
a service interface module in communication with the connection client and configured to interface with the wide area network to form the secure communication channel between the first gateway device and the activation manager, the service interface module further configured to provide activation status indications to the endpoint device associated with the first gateway device;
assigning to the first gateway device a unique serial number, an activation certificate, a private key, and an activation code, wherein the unique serial number, the activation certificate, the private key, and the activation code are all different from each other, wherein the activation certificate certifies that the first gateway device is trusted by the activation manager;
initiating, by the service manager of the first gateway device, the activation and authentication process independent of the user of the endpoint device performing any user navigation steps on a user interface associated with either the endpoint device or the first gateway device;
forming, by the connection client of the first gateway device, the secure communication channel between the first gateway device and the activation manager across the wide area network by utilizing the service interface module;
sending, by the first gateway device, a first activation request to the activation manager via the secure communication channel for activation and authentication of the first gateway device, the first activation request including the unique serial number and the activation certificate;
determining by the activation manager, after the sending of the first activation request to the activation manager, that the user of the endpoint device was provided the activation code;
sending, by the activation manager, a request for the activation code to the first gateway device via the secure communication channel;
sending, by the endpoint device associated with the first gateway device, the activation code to the service interface module of the first gateway device;
sending, by the service manager of the first gateway device, a second activation request to the activation manager via the secure communication channel, the second activation request including the unique serial number, the activation certificate, and the activation code received from the endpoint device;
verifying, by the activation manager, the first gateway device using the unique serial number, the activation certificate, and the activation code from the second activation request;
sending, by the activation manager, the second activation request to an authentication manager after the first gateway device has been verified by the activation manager in order to activate and authenticate the first gateway device;
verifying, by the authentication manager, the first gateway device using the unique serial number, the activation certificate, and the activation code from the second activation request;
generating, by the authentication manager, a service authentication key associated with the first gateway device after the first gateway device has been verified by the authentication manager to confirm that the first gateway device is activated and authenticated;
storing the service authentication key and an indication that the associated gateway device status is activated in a database, the database being external to the user premises;
determining a subscription information of the first gateway device, the subscription information includes application services available to the first gateway device provided by the application service provider;
sending, by the activation manager, the service authentication key and an identification of the available services to the first gateway device;
after the first gateway device has received the service authentication key, sending, by the service manager of the first gateway device, a gateway authentication certificate request to the activation manager via the secure communication channel; and
sending, by the activation manager, a gateway authentication certificate to the first gateway device, the gateway authentication certificate representing transfer of the application service provider'"'"'s trust to the first gateway device such that whenever the endpoint device accesses the first gateway device the gateway authentication certificate assures the endpoint device that the first gateway device is trusted by the application service provider.
10 Assignments
0 Petitions
Accused Products
Abstract
A method of putting a first gateway device into service, the first gateway device having an application service module and a network module enabling communications between the first gateway device and the activation manager, the application service module residing on a user premises side of a network service provider demarcation. The method comprises identifying, at the first gateway device disposed at a user premises, an activation manager in communication with the first gateway device, transmitting, from the first gateway device, an activation certificate to the activation manager for verification and authentication, generating a service authentication key associated with the first gateway device, storing the service authentication key and an indication that the associated gateway device status is activated in a database, determining the services available to the first gateway device, and transmitting the service authentication key and an identification of the available services to the first gateway device.
169 Citations
42 Claims
-
1. A method of putting a first gateway device into service, the first gateway device having an application service module and a network module enabling communications between the first gateway device and an activation manager across a wide area network, the application service module controlled by an application services provider and residing on a user premises side of a network service provider demarcation, the method comprising:
-
providing the first gateway device in a non-activated state, wherein the first gateway device includes; a service manager configured to control an activation and authentication process of the first gateway device, the service manager further configured to associate an endpoint device and a user of the endpoint device with the first gateway device; a state manager configured to store a state status of the first gateway device that is utilized by the service manager in controlling the activation and authentication process of the first gateway device, wherein the state status is at least one of non-activated, activation pending, activated, and authenticated; a connection client configured to form a secure communication channel between the first gateway device and the activation manager across the wide area network; and a service interface module in communication with the connection client and configured to interface with the wide area network to form the secure communication channel between the first gateway device and the activation manager, the service interface module further configured to provide activation status indications to the endpoint device associated with the first gateway device; assigning to the first gateway device a unique serial number, an activation certificate, a private key, and an activation code, wherein the unique serial number, the activation certificate, the private key, and the activation code are all different from each other, wherein the activation certificate certifies that the first gateway device is trusted by the activation manager; initiating, by the service manager of the first gateway device, the activation and authentication process independent of the user of the endpoint device performing any user navigation steps on a user interface associated with either the endpoint device or the first gateway device; forming, by the connection client of the first gateway device, the secure communication channel between the first gateway device and the activation manager across the wide area network by utilizing the service interface module; sending, by the first gateway device, a first activation request to the activation manager via the secure communication channel for activation and authentication of the first gateway device, the first activation request including the unique serial number and the activation certificate; determining by the activation manager, after the sending of the first activation request to the activation manager, that the user of the endpoint device was provided the activation code; sending, by the activation manager, a request for the activation code to the first gateway device via the secure communication channel; sending, by the endpoint device associated with the first gateway device, the activation code to the service interface module of the first gateway device; sending, by the service manager of the first gateway device, a second activation request to the activation manager via the secure communication channel, the second activation request including the unique serial number, the activation certificate, and the activation code received from the endpoint device; verifying, by the activation manager, the first gateway device using the unique serial number, the activation certificate, and the activation code from the second activation request; sending, by the activation manager, the second activation request to an authentication manager after the first gateway device has been verified by the activation manager in order to activate and authenticate the first gateway device; verifying, by the authentication manager, the first gateway device using the unique serial number, the activation certificate, and the activation code from the second activation request; generating, by the authentication manager, a service authentication key associated with the first gateway device after the first gateway device has been verified by the authentication manager to confirm that the first gateway device is activated and authenticated; storing the service authentication key and an indication that the associated gateway device status is activated in a database, the database being external to the user premises; determining a subscription information of the first gateway device, the subscription information includes application services available to the first gateway device provided by the application service provider; sending, by the activation manager, the service authentication key and an identification of the available services to the first gateway device; after the first gateway device has received the service authentication key, sending, by the service manager of the first gateway device, a gateway authentication certificate request to the activation manager via the secure communication channel; and sending, by the activation manager, a gateway authentication certificate to the first gateway device, the gateway authentication certificate representing transfer of the application service provider'"'"'s trust to the first gateway device such that whenever the endpoint device accesses the first gateway device the gateway authentication certificate assures the endpoint device that the first gateway device is trusted by the application service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 20, 21, 22)
-
-
18. A system comprising:
-
a remote service manager coupled to a network; an activation manager coupled to the network, the activation manager being independent of the remote service manager, the activation manager operable to; determine whether a user of an endpoint device was provided an activation code; send a request for the activation code to a gateway device; verify the gateway device using a unique serial number of the gateway device, an activation certificate, and the activation code sent to the activation manager from the gateway device; communicate with an authentication manager after the gateway device has been verified by the activation manager in order to activate and authenticate the gateway device and receive a service authentication key; and send the service authentication key and an identification of the available services to the gateway device; the authentication manager in communication with the activation manager and operable to; verify the gateway device using the unique serial number, the activation certificate, and the activation code sent from the activation manager to the authentication manager; generate the service authentication key associated with the gateway device after the gateway device has been verified by the activation manager to confirm that the gateway device is activated and authenticated; and send a gateway authentication certificate to the activation manager, the gateway authentication certificate representing transfer of an application service provider'"'"'s trust to the gateway device; the gateway device disposed at a user premises and in communication with the activation manager via the network, the gateway device comprises; an application service module residing on a user premises side of a network service provider demarcation of the network; a network module having a connection to the network that enables bi-directional communications with the activation manager; a connection client configured to form a secure communication channel between the gateway device and the activation manager across the network; and a service interface module in communication with the connection client and configured to interface with the network to form the secure communication channel between the gateway device and the activation manager, the service interface module further configured to provide activation status indications to the endpoint device associated with the gateway device; a storage operable to store the unique serial number, the activation certificate, a private key, and the activation code assigned to the gateway device, wherein the unique serial number, the activation certificate, the private key, and the activation code are all different from each other, wherein the activation certificate certifies that the gateway device is trusted by the activation manager; a service manager operable to; control an activation and authentication process of the gateway device; associate an endpoint device and a user of the endpoint device with the gateway device; initiate the activation and authentication process independent of the user of the endpoint device performing any user navigation steps on a user interface associated with either the endpoint device or the gateway device; send a first activation request to the activation manager via the secure communication channel for activation and authentication of the gateway device, the first activation request including the unique serial number and the activation certificate; send the request for the activation code to the endpoint device of the gateway device such that the endpoint device prompts the user for the activation code independent of the user invoking any service or navigation requests on a user interface associated with either the endpoint device or the gateway device; send a second activation request to the activation manager via the secure communication channel in response to receiving the request for the activation code from the activation manager, the second activation request including the unique serial number, the activation certificate, and the activation code received from the endpoint device; receive the service authentication key and the identification of available services to the gateway device from the activation manager using the network module; send the gateway authentication certificate request to the activation manager via the secure communication channel after the gateway device has received the service authentication key, and receive the gateway authentication certificate from the authentication manger, the gateway authentication certificate representing transfer of the application service provider'"'"'s trust to the gateway device such that whenever the endpoint device accesses the gateway device the gateway authentication certificate assures the endpoint device that the gateway device is trusted by the application service provider; a state manager configured to store a state status of the gateway device that is utilized by the service manager in controlling the activation and authentication process of the gateway, wherein the state status is at least one of non-activated, activation pending, activated, and authenticated, wherein the gateway device is unassociated with and non-managed by the remote service manager until the activation manager assigns the gateway device to the remote service manager.
-
-
19. A system comprising:
-
a remote service manager coupled to a network; an application service provider coupled to the network; an activation manager coupled to the network, the activation manager operable to; verify a gateway device using a unique serial number of the gateway device and an activation certificate sent to the activation manager from the gateway device; communicate with an authentication manager after the gateway device has been verified by the activation manager in order to activate and authenticate the gateway device and receive a service authentication key; and send the service authentication key and an identification of the available services to the gateway device; the authentication manager in communication with the activation manager and operable to; verify the gateway device using the unique serial number and the activation certificate sent from the activation manager to the authentication manager; generate the service authentication key associated with the gateway device after the gateway device has been verified by the activation manager to confirm that the gateway device is activated and authenticated; and send a gateway authentication certificate to the activation manager, the gateway authentication certificate representing transfer of the application service provider'"'"'s trust to the gateway device; a gateway device disposed at a user premises and in communication with the activation manager via the network, the gateway device being agnostic to the remote service manager and the application service provider, the gateway device comprises; an application service module residing on a user premises side of a network service provider demarcation of the network; a network module having a connection to the network that enables bi-directional communications with the activation manager; and a connection client configured to form a secure communication channel between the first gateway device and the activation manager across the network; and a service interface module in communication with the connection client and configured to interface with the network to form the secure communication channel between the gateway device and the activation manager, the service interface module further configured to provide activation status indications to the endpoint device associated with the gateway device; a storage operable to store the unique serial number, the activation certificate, and a private key, wherein the unique serial number, the activation certificate, and the private key are all different from each other, wherein the activation certificate certifies that the gateway device is trusted by the activation manager; a service manager operable to; control an activation and authentication process of the gateway device; associate an endpoint device and a user of the endpoint device with the gateway device; initiate the activation and authentication process independent of the user of the endpoint device performing any user navigation steps on a user interface associated with either the endpoint device or the gateway device; send an activation request to the activation manager via the secure communication channel for activation and authentication of the gateway device, the activation request including the unique serial number and the activation certificate; receive the service authentication key and the identification of available services to the gateway device from the activation manager using the network module; send the gateway authentication certificate request to the activation manager via the secure communication channel after the gateway device has received the service authentication key, and receive the gateway authentication certificate from the authentication manger, the gateway authentication certificate representing transfer of the application service provider'"'"'s trust to the gateway device such that whenever the endpoint device accesses the gateway device the gateway authentication certificate assures the endpoint device that the gateway device is trusted by the application service provider, a state manager configured to store a state status of the gateway device that is utilized by a service manager in controlling the activation and authentication of the gateway, wherein the state status is at least one of non-activated, activation pending, activated, and authenticated. - View Dependent Claims (23)
-
-
24. A method comprising:
-
providing a gateway device in a non-activated state, wherein the gateway device includes; a service manager configured to control an activation and authentication process of the gateway device, the service manager further configured to associate an endpoint device and a user of the endpoint device with the gateway device; a state manager configured to store a state status of the gateway device that is utilized by the service manager in controlling the activation and authentication process of the gateway device, wherein the state status is at least one of non-activated, activation pending, activated, and authenticated; a connection client configured to form a secure communication channel between the gateway device and an activation manager across a wide area network; and a service interface module in communication with the connection client and configured to interface with a wide area network to form the secure communication channel between the gateway device and the activation manager, the service interface module further configured to provide activation status indications to the endpoint device associated with the gateway device; assigning to the gateway device a unique serial number, an activation certificate, and a private key, wherein the unique serial number, the activation certificate, and the private key are all being different from each other, wherein the activation certificate certifies that the gateway device is trusted by the activation manager; initiating, by the service manager of the gateway device, the activation and authentication process independent of the user of the endpoint device performing any user navigation steps on a user interface associated with either the endpoint device or the gateway device; forming, by the connection client of the gateway device, the secure communication channel between the gateway device and the activation manager across the wide area network by utilizing the service interface module; sending, by the gateway device, an activation request to the activation manager via the secure communication channel for activation and authentication of the gateway device, the activation request including the unique serial number and the activation certificate; verifying, by the activation manager, the gateway device using the unique serial number and the activation certificate from the activation request; sending, by the activation manager, the activation request to an authentication manager after the gateway device has been verified by the activation manager in order to activate and authenticate the gateway device; verifying, by the authentication manager, the gateway device using the unique serial number and the activation certificate from the activation request; generating, by the authentication manager, a service authentication key associated with the gateway device after the gateway device has been verified by the activation manager to confirm that the gateway device is activated and authenticated; determining a subscription information of the gateway device, the subscription information includes an identification of application services available to the gateway device provided by an application service provider; sending, by the activation manager, the service authentication key and the identification of the application services available to the gateway device; after the gateway device has received the service authentication key, sending, by the service manager of the gateway device, a gateway authentication certificate request to the activation manager via the secure communication channel; and sending, by the activation manager, a gateway authentication certificate to the gateway device, the gateway authentication certificate representing transfer of the application service provider'"'"'s trust to the gateway device such that whenever the endpoint device accesses the gateway device the gateway authentication certificate assures the endpoint device that the gateway device is trusted by the application service provider. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
-
-
32. A method comprising:
-
providing a gateway device in a non-activated state, wherein the gateway device includes; a service manager configured to control an activation and authentication process of the gateway device, the service manager further configured to associate an endpoint device and a user of the endpoint device with the gateway device; a state manager configured to store a state status of the gateway device that is utilized by the service manager in controlling the activation and authentication of the gateway device, wherein the state status is at least one of non-activated, activation pending, activated, and authenticated; a connection client configured to form a secure communication channel between the gateway device and an activation manager across the wide area network; a control channel module configured to form a control channel between the gateway device and a designated service management center across the wide area network, the control channel being different than the secure communication channel and be configured for requesting service configuration updates for the gateway device from the designated service management center; a service interface module in communication with the connection client and configured to interface with the wide area network to form the secure communication channel between the gateway device and the activation manager, the service interface module further configured to provide activation status indications to the endpoint device associated with the gateway device; assigning to the gateway device a unique serial number, an activation certificate, a private key, and an activation code, wherein the unique serial number, the activation certificate, the private key, and the activation code are all different from each other, wherein the activation certificate is assigned to the gateway device at time of manufacturing and the activation certificate certifies that the gateway device is trusted by the activation manager; initiating, by the service manager of the gateway device, the activation and authentication process independent of the user of the endpoint device performing any user navigation steps on a user interface associated with either the endpoint device or the gateway device; sending, by the service manager of the gateway device, a first activation request to the connection client; forming, by the connection client of the gateway device, the secure communication channel between the gateway device and the activation manager across the wide area network by utilizing the service interface module in response to the first activation request; sending, by the gateway device, the first activation request to the activation manager via the secure communication channel for activation and authentication of the gateway device independent of the user of the endpoint device performing any user navigation steps on the user interface associated with either the endpoint device or the gateway device, the first activation request including the unique serial number and the activation certificate; determining by the activation manager, after the sending of the first activation request to the activation manager, that the user of the endpoint device was provided the activation code; sending, by the activation manager, a request for the activation code to the gateway device via the secure communication channel; providing an activation status indication on the endpoint device requesting the activation code from the user of the endpoint device; sending, by the endpoint device associated with the gateway device, the activation code to the service interface module of the gateway device; sending, by the service manager of the gateway device, a second activation request to the activation manager via the secure communication channel, the second activation request including the unique serial number, the activation certificate, and the activation code received from the endpoint device; verifying, by the activation manager, the gateway device using the unique serial number, the activation certificate, and the activation code from the second activation request; sending, by the activation manager, the second activation request to an authentication manager after the gateway device has been verified by the activation manager in order to activate the gateway device; verifying, by the authentication manager, the gateway device using the unique serial number, the activation certificate, and the activation code from the second activation request; generating, by the authentication manager, a service authentication key associated with the gateway device after the gateway device has been verified by the activation manager to confirm that the gateway device is activated and authenticated; storing the service authentication key and an indication that the associated gateway device status is activated in a database, the database being external to the user premises; sending, by the authentication manager, the service authentication key to the activation manager; determining a subscription information of the gateway device, the subscription information includes an application service available to the gateway device provided by an application service provider; sending, by the activation manager, the service authentication key and an identification of the available services to the gateway device; storing the service authentication key in a storage area on the gateway device, the service authentication key enables authorization for receiving services at the endpoint device being obtained through the gateway device without having to resort to the activation manager and the authentication manager; updating, by the service manager of the gateway device, the state status of the gateway device to activated after receiving the service authentication key; after updating the state status of the gateway device to activated, sending, by the service manager of the gateway device, a gateway authentication certificate request to the activation manager via the secure communication channel; sending, by the activation manager, the gateway authentication certificate request to a certificate server; verifying, by the certificate server, the gateway device and generating, once verified, a gateway authentication certificate for the gateway device; sending, by the certificate server, the gateway authentication certificate to the activation manager; and sending, by the activation manager, the gateway authentication certificate to the gateway device, the gateway authentication certificate representing transfer of the application service provider'"'"'s trust to the gateway device such that whenever the endpoint device accesses the gateway device the gateway authentication certificate assures the endpoint device that the gateway device is trusted by the application service provider. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification