Networking as a service: delivering network services using remote appliances controlled via a hosted, multi-tenant management system
First Claim
1. A hosted multi-tenant centralized network management system (NMS) for delivering network services, said centralized NMS being adapted to authenticate customer premises equipment (CPE), wherein said CPE is deployed without a pre-shared key (PSK) or certificate, said CPE being coupled to an end user computer, said centralized NMS comprising:
- a login server, a memory device and a network management server;
wherein said login server is adapted to generate a temporary PSK, store said temporary PSK associated with an identity of said CPE in a database in said memory device, and send a prompt for a device password to said end user computer, the generation of a temporary PSK being in response to receipt of an automatic authentication request over an internet connection from said end user computer, said automatic authentication request including said identity of said CPE;
wherein said login server is further adapted to validate said device password received from said end user computer and send said temporary PSK to said CPE;
wherein said network management server is adapted to validate said temporary PSK received from said CPE, and send an encrypted version of said device password to said CPE, said validation including identifying said CPE identity in said database, said encrypted version of said device password being an authentication token for subsequent communications between said CPE and said centralized NMS.
6 Assignments
0 Petitions
Accused Products
Abstract
Networking as a Service (NaaS) delivers network services using remote appliances controlled by a hosted, multi-tenant management system. The system may include a heartbeating process for communication between a web-based server and appliances, in which the appliances periodically contact the management system on the server. The heartbeating process allows the appliances to maintain a completely up-to-date configuration. Furthermore, heartbeating allows for comprehensive monitoring of appliances and for software distribution. The system may also include means for authenticating appliances, without the need for pre-installed PSKs or certificates.
61 Citations
21 Claims
-
1. A hosted multi-tenant centralized network management system (NMS) for delivering network services, said centralized NMS being adapted to authenticate customer premises equipment (CPE), wherein said CPE is deployed without a pre-shared key (PSK) or certificate, said CPE being coupled to an end user computer, said centralized NMS comprising:
-
a login server, a memory device and a network management server; wherein said login server is adapted to generate a temporary PSK, store said temporary PSK associated with an identity of said CPE in a database in said memory device, and send a prompt for a device password to said end user computer, the generation of a temporary PSK being in response to receipt of an automatic authentication request over an internet connection from said end user computer, said automatic authentication request including said identity of said CPE; wherein said login server is further adapted to validate said device password received from said end user computer and send said temporary PSK to said CPE; wherein said network management server is adapted to validate said temporary PSK received from said CPE, and send an encrypted version of said device password to said CPE, said validation including identifying said CPE identity in said database, said encrypted version of said device password being an authentication token for subsequent communications between said CPE and said centralized NMS. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of authenticating a customer premises equipment (CPE), wherein said CPE is deployed without a pre-shared key (PSK) or certificate, said CPE being coupled to an end user computer, said method comprising:
-
generating a temporary PSK by a login server of a centralized network management system (NMS) in response to receiving over an internet connection an automatic authentication request from said end user computer, said request including a device identity of said CPE; storing said temporary PSK associated with said identity of said CPE in a database of said centralized NMS; sending from said login server to said end user computer a prompt for a device password; validating said device password by said login server in response to said password being transmitted from said end user computer to said login server; sending said temporary PSK to said CPE by said login server; receiving said temporary PSK from said CPE by a network management server of said centralized NMS; validating said temporary PSK by said network management server, wherein said validation includes identifying said CPE identity in said database; and sending by said network management server an encrypted version of said device password to said CPE; wherein said CPE uses said encrypted version of said device password as an authentication token for subsequent communications with said centralized NMS. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
receiving an automatic authentication request from a network device on a network at a network management system (NMS) for authenticating the network device on the network, wherein the request includes an identifier of the network device; generating at a login server of the NMS a temporary pre-shared key (PSK) in response to receiving the authentication request; storing by the login server of the NMS the temporary PSK in association with the identifier of the network device in a datastore of the NMS; sending from the login server of the NMS a prompt for a device password to an end user computer; receiving at the login server of the NMS a device password from the end user computer in response to the prompt for a device password; validating by the login server of the NMS the device password; sending from the login server of the NMS the temporary PSK to the network device; receiving at a network management server of the NMS a key from the network device; validating the key by the network management server of the NMS, wherein said validation includes determining the key matches the temporary PSK in the datastore of the NMS and identifying the identifier of the network device in the datastore of the centralized NMS; sending from the network management server of the NMS an encrypted version of the device password to the network device; wherein the NMS uses said the encrypted version of the device password as an authentication token for subsequent communications with the network device.
-
Specification