Authorizing customer premise equipment into a network

US 8,429,406 B2
Filed: 01/07/2008
Issued: 04/23/2013
Est. Priority Date: 06/04/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented authorization method, comprising:

providing a public network membership key associated with a network;

receiving a connection request encrypted using the public network membership key from a device;

permitting limited access to the network from the device based on the connection request being encrypted using the public network membership key, wherein the limited access comprises limiting content accessible by a user associated with the device, wherein the content accessible by the user comprises a registration site used to exchange registration information;

receiving, during a device registration process, registration information from the user associated with the device, wherein the registration information comprises payment information and service level information, wherein the service level information indicates at least one of a plurality of types of service to be provided to the device; and

providing a unique network membership key based on receipt of the registration information.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authorizing customer premise equipment into a network. A publicly available network membership key can be provided to enable initial connection to the network. Unique network membership keys associated with various customer premise equipment can be provided to enable service level access to the network and/or authorization into a sub-cell associated with the network.

Citations

41 Claims

1. A computer implemented authorization method, comprising:
- providing a public network membership key associated with a network;
  
  receiving a connection request encrypted using the public network membership key from a device;
  
  permitting limited access to the network from the device based on the connection request being encrypted using the public network membership key, wherein the limited access comprises limiting content accessible by a user associated with the device, wherein the content accessible by the user comprises a registration site used to exchange registration information;
  
  receiving, during a device registration process, registration information from the user associated with the device, wherein the registration information comprises payment information and service level information, wherein the service level information indicates at least one of a plurality of types of service to be provided to the device; and
  
  providing a unique network membership key based on receipt of the registration information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, further comprising:
    - encrypting the unique network membership key prior to transmitting the unique network membership key.
  - 3. The method of claim 2, wherein the unique network membership key is encrypted using a device access key.
  - 4. The method of claim 3, further comprising receiving the device access key prior to an authorization server providing the unique network membership key.
  - 5. The method of claim 4, further comprising using a secure mechanism to receive the device access key.
  - 6. The method of claim 5, wherein the secure mechanism comprises a secure hypertext transfer protocol.
  - 7. The method of claim 5, wherein the secure mechanism comprises an IP security protocol.
  - 8. The method of claim 2, wherein the unique network membership key is provided to the device using a secure transmission mechanism.
  - 9. The method of claim 8, wherein the secure transmission mechanism comprises a high layer protocol.
  - 10. The method of claim 9, wherein the high layer protocol comprises a secure hypertext transfer protocol.
  - 11. The method of claim 9, wherein the high layer protocol comprises an IP security protocol.
  - 12. The method of claim 1, further comprising:
    - receiving a packet encrypted using the unique network membership key;
      
      using at least a portion of the network to communicate the packet to a destination associated with the packet.
  - 13. The method of claim 12, wherein the at least a portion of the network comprises a broadband over powerline network.
  - 14. The method of claim 1, wherein the unique network membership key is associated with the device by an authorization system using a unique identifier associated with the device.
  - 15. The method of claim 14, wherein the unique identifier comprises a media access control address.
  - 16. The method of claim 1, wherein the network is a broadband over powerline network.
  - 17. The method of claim 1, wherein the unique network membership key is a substantially unique network membership key.
  - 18. The method of claim 1, wherein the limited access comprises:
    - tagging one or more packets originating from the device; and
      
      handling the one or more tagged packets differently from packets that are not tagged.
  - 19. The method of claim 1, wherein the limited access comprises limiting a duration of time during which the device can access the network.
  - 20. The method of claim 1, wherein the limited access comprises limiting a bandwidth associated with the device accessing the network.
  - 21. The method of claim 1, further comprising periodically rotating the unique network membership key.
  - 22. The method of claim 1, further comprising:
    - receiving a second connection request encrypted using the unique network membership key; and
      
      determining whether a media access control address associated with the second connection request matches a known media access control address;
      
      providing a service level based upon the determination and based upon the unique network membership key received.
  - 23. The method of claim 1, further comprising binding a service level to the unique network membership key and a media access control address associated with the device.
  - 24. The method of claim 1, wherein the public network membership key is publicly available.
  - 25. The method of claim 1, wherein the public network membership key is available from a web site.

26. An authorization system comprising:
- a network termination unit operable to receive a network connection request from a customer premise equipment device, the network termination unit being operable to provide limited access to the customer premise equipment device based upon the network connection request being encrypted using a public network membership key, wherein the limited access comprises limiting content accessible by a user associated with the customer premise equipment device, wherein the content accessible by the user comprises a registration site used to exchange registration information;
  
  a registration system operable to exchange registration information with the user associated with the customer premise equipment device, wherein the registration information comprises payment information associated with the user of the customer premise equipment device and service level information, wherein the service level information indicates at least one of a plurality of types of service to be provided to the customer premise equipment device;
  
  an authorization server operable provide a unique network membership key based upon receipt of customer registration information and to instruct the network termination unit and an associated headend station to provide limited access to the network based upon the public network membership key and to provide a service level access based upon the unique network membership key and a unique identifier associated with the customer premise equipment device.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 27. The authorization system of claim 26, wherein the authorization server provides the unique network membership key associated with the customer premise equipment device to the network termination unit in an encrypted format using a network termination unit network membership key.
  - 28. The authorization system of claim 27, wherein the authorization server is operable to periodically rotate the unique network membership key.
  - 29. The authorization system of claim 27, wherein the network termination unit uses the network membership key to authorize the customer premise equipment device into a sub-network associated with the network termination unit.
  - 30. The authorization system of claim 26, wherein the authorization server is operable to instruct the network termination unit and the associated headend station to provide different service levels based upon the unique network membership key and the unique identifier.
  - 31. The authorization system of claim 30, wherein the provision of different service levels is based upon a combination of the unique network membership key and a media access control address associated with the customer premise equipment device.
  - 32. The authorization system of claim 26, wherein the authorization server is operable to encrypt the unique network membership key using a device access key associated with the customer premise equipment device.
  - 33. The authorization system of claim 32, wherein the device access key is received by the authorization server prior to the authorization server providing the public network membership key.
  - 34. The authorization system of claim 26, wherein the authorization server is operable to determine that the network connection request is encrypted using the public network membership key based upon a media access control address associated with the network connection request.
  - 35. The authorization system of claim 26, wherein the headend station includes a gateway from a broadband over powerline network to a packet switched network.

36. An authorization method comprising:
- receiving a first connection request encrypted using a public network membership key from a device, the first connection request comprising a unique identifier associated with the device;
  
  determining that the device is authorized for service level access based upon the unique identifier based, at least in part, on registration information received from a user associated with the device, wherein the registration information comprises payment information and service level information, wherein the service level information indicates at least one of a plurality of types of service to be provided to the device;
  
  retrieving a device access key associated with the unique identifier;
  
  providing a unique network membership key encrypted using the retrieved device access key;
  
  receiving, from the device, a second connection request encrypted using the unique network membership key, the second connection request comprising the unique identifier associated with the device;
  
  determining whether the unique identifier received in the second connection request from the device matches a known unique identifier;
  
  providing the service level access to the device based on determining that the unique identifier received in the second connection request from the device matches a known unique identifier and based upon the unique network membership key received in the second connection request.
- View Dependent Claims (37, 38)
- - 37. The authorization method of claim 36, further comprising receiving the first connection request at an authorization server via a network termination unit.
  - 38. The authorization method of claim 36, wherein the device is a network termination unit sending the first connection request on behalf of a customer premise equipment device, and an authorization server is operable to encrypt the unique network membership key using the device access key associated with the network termination unit.

39. One or more non-transitory machine-readable storage media, having instructions stored therein, which when executed by one or more processors causes the one or more processors to perform operations that comprise:
- providing a public network membership key associated with a network;
  
  receiving a connection request encrypted using the public network membership key from a device;
  
  permitting limited access to the network from the device based on the connection request being encrypted using the public network membership key, wherein the limited access comprises limiting content accessible by a user, wherein the content accessible by the user comprises a registration site used to exchange registration information;
  
  receiving, during a device registration process, registration information from the user associated with the device, wherein the registration information comprises payment information and service level information, wherein the service level information indicates at least one of a plurality of types of service to be provided to the device; and
  
  providing a unique network membership key based on receipt of the registration information.
- View Dependent Claims (40, 41)
- - 40. The machine-readable storage medium of claim 39, wherein the operations further comprise:
    - receiving a second connection request encrypted using the unique network membership key; and
      
      determining whether a media access control address associated with the second connection request matches a known media access control address;
      
      providing a service level based upon the determination and based upon the unique network membership key received.
  - 41. The machine-readable storage medium of claim 39, wherein the operations further comprise binding a service level to the unique network membership key and a media access control address associated with the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm Atheros Incorporated (Qualcomm, Inc.)
Original Assignee
Qualcomm Atheros Incorporated (Qualcomm, Inc.)
Inventors
Yonge, Lawrence W., Katar, Srinivas, Krishnam, Manjunath
Primary Examiner(s)
GOODCHILD, WILLIAM J

Application Number

US11/970,271
Publication Number

US 20080301446A1
Time in Patent Office

1,933 Days
Field of Search

None
US Class Current

713/171
CPC Class Codes

H04B 2203/5445   Local network

H04L 12/2801   Broadband local area networks

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/413   with random access, e.g. ca...

H04L 12/44   Star or tree networks

H04L 45/12   Shortest path evaluation

H04L 45/121   by minimising delays

H04L 45/122   by minimising distances, e....

H04L 45/123   Evaluation of link metrics ...

H04L 45/125   based on throughput or band...

H04L 45/16   Multipoint routing

H04L 47/787   Bandwidth trade among domains

Authorizing customer premise equipment into a network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Authorizing customer premise equipment into a network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links