Network device authentication
First Claim
1. A method comprising:
- generating, via a first optical network device of an optical network, a notification message indicating that the first optical network device requires authentication to access the optical network;
transmitting, via the first optical network device, the notification message to a second optical network device in the optical network;
receiving, via the first optical network device, a first authentication message from the second optical network device in response to the notification message, wherein the first authentication message comprises first message data and a first authentication code generated by the second optical network device based on the first message data and a first key;
generating, via the first optical network device, a second authentication message comprising second message data and a second authentication code generated based on the second message data and a second key;
transmitting, via the first optical network device, the second authentication message to the second optical network device; and
receiving, via the first optical network device, an authentication complete message from the second optical network device indicating that the first optical network device has been authenticated based on the second authentication message and is able to access the optical network.
9 Assignments
0 Petitions
Accused Products
Abstract
In general, this disclosure relates to maintaining security between an optical network terminal (ONT) and an optical network aggregation device in an Active Ethernet network. An optical network aggregation device includes one or more optical Ethernet switches that can be adaptively configured to support authentication of one or more ONTs. For example, the optical network aggregation device may include a controller with an authentication unit for managing ONT authentication and an optical Ethernet interface for transmitting and receiving data over the optical network. The authentication unit may exchange authentication request messages via the optical Ethernet interface with an ONT and grant the ONT access to the provider network based on the exchange, thereby preventing rogue devices from gaining access to the provider network.
-
Citations
29 Claims
-
1. A method comprising:
-
generating, via a first optical network device of an optical network, a notification message indicating that the first optical network device requires authentication to access the optical network; transmitting, via the first optical network device, the notification message to a second optical network device in the optical network; receiving, via the first optical network device, a first authentication message from the second optical network device in response to the notification message, wherein the first authentication message comprises first message data and a first authentication code generated by the second optical network device based on the first message data and a first key; generating, via the first optical network device, a second authentication message comprising second message data and a second authentication code generated based on the second message data and a second key; transmitting, via the first optical network device, the second authentication message to the second optical network device; and receiving, via the first optical network device, an authentication complete message from the second optical network device indicating that the first optical network device has been authenticated based on the second authentication message and is able to access the optical network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An optical network device of an optical network comprising a processor configured to:
-
generate a notification message indicating that the optical network device requires authentication to access the optical network; transmit the notification message to a second optical network device in the optical network; receive a first authentication message from the second optical network device in response to the notification message, wherein the first authentication message comprises first message data and a first authentication code, wherein the first authentication code is generated by the second optical network device based on the first message data and a first key; generate a second authentication message comprising second message data and a second authentication code generated based on the second message data and a second key; transmit the second authentication message to the second optical network device; and receive an authentication complete message from the second optical network device indicating that the optical network device has been authenticated based on the second authentication message and is able to access the optical network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium comprising instructions that, upon execution, cause one or more processors to:
-
generate, via a first optical network device of an optical network, a notification message indicating that the first optical network device requires authentication to access the optical network; transmit, via the first optical network device, the notification message to a second optical network device in the optical network; receive, via the first optical network device, a first authentication message from the second optical network device in response to the notification message, wherein the first authentication message comprises first message data and a first authentication code generated by the second optical network device based on the first message data and a first key; generate, via the first optical network device, a second authentication message comprising second message data and a second authentication code generated based on the second message data and a second key; transmit, via the first optical network device, the second authentication message to the second optical network device; and receive, via the first optical network device, an authentication complete message from the second optical network device indicating that the first optical network device has been authenticated based on the second authentication message and is able to access the optical network. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. An optical network device of an optical network comprising:
-
means for generating a notification message indicating that the optical network device requires authentication to access the optical network; means for transmitting the notification message to a second optical network device in the optical network; means for receiving a first authentication message from the second optical network device in response to the notification message, wherein the first authentication message comprises first message data and a first authentication code generated by the second optical network device based on the first message data and a first key; means for generating a second authentication message comprising second message data and a second authentication code generated based on the second message data and a second key; means for transmitting the second authentication message to the second optical network device; and means for receiving an authentication complete message from the second optical network device indicating that the optical network device has been authenticated based on the second authentication message and is able to access the optical network. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
-
29. A system comprising:
-
an optical network aggregation device included within an optical network; and an optical network termination device included within the optical network, wherein the optical network termination device comprises a processor configured to; generate a notification message indicating that the optical network termination device requires authentication to access the optical network; transmit the notification message to the optical network aggregation device; receive a first authentication message from the optical network aggregation device in response to the notification message, wherein the first authentication message comprises first message data and a first authentication code generated by the optical network aggregation device based on the first message data and a first key; generate a second authentication message comprising second message data and a second authentication code generated based on the second message data and a second key; transmit the second authentication message to the optical network aggregation device; and receive an authentication complete message from the optical network aggregation device indicating that the optical network termination device has been authenticated based on the second authentication message and is able to access the optical network.
-
Specification