Authorizing equipment on a sub-network

US 9,130,888 B2
Filed: 11/23/2011
Issued: 09/08/2015
Est. Priority Date: 06/04/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving, at an authorization server, an encrypted request for a connection;

identifying, by the authorization server, a first unique identifier associated with the encrypted request;

identifying, by the authorization server, a network membership key associated with the first unique identifier;

authorizing, by the authorization server, the encrypted request based on the network membership key;

creating, by the authorization server, an encrypted network membership key, said creating including encrypting the network membership key using a device access key associated with a network termination unit; and

communicating, by the authorization server, the encrypted network membership key to the network termination unit.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authorizing a customer premise equipment (CPE) device to join a network through a network termination unit (NTU). The CPE device can send an encrypted connection request, and an authorization server can decrypt the connection request and provide a network membership key (NMK) associated with the CPE device to the NTU. The authorization server can encrypt the NMK associated with the CPE device using a device access key (DAK) associated with the NTU.

Citations

26 Claims

1. A method comprising:
- receiving, at an authorization server, an encrypted request for a connection;
  
  identifying, by the authorization server, a first unique identifier associated with the encrypted request;
  
  identifying, by the authorization server, a network membership key associated with the first unique identifier;
  
  authorizing, by the authorization server, the encrypted request based on the network membership key;
  
  creating, by the authorization server, an encrypted network membership key, said creating including encrypting the network membership key using a device access key associated with a network termination unit; and
  
  communicating, by the authorization server, the encrypted network membership key to the network termination unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - determining whether a second unique identifier associated with the network termination unit is encrypted within the encrypted request; and
      
      authorizing a customer premise equipment device based, at least in part, on the determination.
  - 3. The method of claim 1, wherein the network membership key comprises a unique network membership key associated with a customer premise equipment device.
  - 4. The method of claim 1, further comprising providing, by the network termination unit, a network encryption key to a customer premise equipment device.
  - 5. The method of claim 4, wherein the network encryption key is encrypted using the network membership key.
  - 6. The method of claim 4, wherein the network encryption key is unique to the customer premise equipment device.
  - 7. The method of claim 1, wherein authorizing the encrypted request authorizes a customer premise equipment device regardless of which of a plurality of network termination units to which the customer premise equipment device is attached.
  - 8. The method of claim 1, further comprising transmitting information to a headend device indicating that a customer premise equipment device is authorized to access a network communicably coupled to the headend device.
  - 9. The method of claim 8, wherein the information further includes a restriction on the use of the network by the customer premise equipment device.

10. An apparatus comprising:
- one or more processors;
  
  a network interface communicably coupled to the one or more processors; and
  
  a non-transitory computer-readable storage medium having stored thereon instructions that when executed cause the one or more processors to perform operations comprising;
  
  receiving, using the network interface, an encrypted request for a connection,identifying a first unique identifier associated with the encrypted request,identifying a network membership key associated with the first unique identifier,authorizing the encrypted request based on the network membership key,creating an encrypted network membership key, wherein said creating includes encrypting the network membership key using a device access key associated a network termination unit, andcommunicating the encrypted network membership key to the network termination unit.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus of claim 10, wherein the operations further include:
    - determining whether a second unique identifier associated with the network termination unit is encrypted within the encrypted request; and
      
      authorizing a customer premise equipment device based, at least in part, on the determination.
  - 12. The apparatus of claim 10, wherein the network membership key comprises a unique network membership key associated with a customer premise equipment device.
  - 13. The apparatus of claim 10, wherein the network termination unit is configured to provide a network encryption key to a customer premise equipment device.
  - 14. The apparatus of claim 13, wherein the network encryption key is encrypted using the network membership key.
  - 15. The apparatus of claim 13, wherein the network encryption key is unique to the customer premise equipment device.
  - 16. The apparatus of claim 10, wherein the operations further include transmitting information to a headend device indicating that a customer premise equipment device is authorized to access a network communicably coupled to the headend device.
  - 17. The apparatus of claim 16, wherein the information further includes a restriction on the use of the network by the customer premise equipment device.

18. A non-transitory computer-readable storage medium having stored thereon computer-executable instructions that when executed cause one or more processors to perform operations comprising:
- receiving an encrypted request for a connection;
  
  identifying a first unique identifier associated with the encrypted request;
  
  identifying a network membership key associated with the first unique identifier;
  
  authorizing the encrypted request based on the network membership key;
  
  creating an encrypted network membership key, wherein said creating includes encrypting the network membership key using a device access key associated with a network termination unit; and
  
  communicating the encrypted network membership key to the network termination unit.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The non-transitory computer-readable storage medium of claim 18, wherein the operations further comprise:
    - determining whether a second unique identifier associated with the network termination unit is encrypted within the encrypted request; and
      
      authorizing a customer premise equipment device based, at least in part, on the determination.
  - 20. The non-transitory computer-readable storage medium of claim 18, wherein the network membership key comprises a unique network membership key associated with a customer premise equipment device.
  - 21. The non-transitory computer-readable storage medium of claim 18, wherein the operations further comprise transmitting a network encryption key to a customer premise equipment device.
  - 22. The non-transitory computer-readable storage medium of claim 21, wherein the network encryption key is encrypted using the network membership key.
  - 23. The non-transitory computer-readable storage medium of claim 21, wherein the network encryption key is unique to the customer premise equipment device.
  - 24. The non-transitory computer-readable storage medium of claim 18, wherein said authorizing the encrypted request includes providing authorization to a customer premise equipment device regardless of which of a plurality of network termination units to which the customer premise equipment device is attached.
  - 25. The non-transitory computer-readable storage medium of claim 18, wherein the operations further comprise transmitting information to a headend device indicating that a customer premise equipment device is authorized to access a network communicably coupled to the headend device.
  - 26. The non-transitory computer-readable storage medium of claim 25, wherein the information further includes a restriction on the use of the network by the customer premise equipment device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm Atheros Incorporated (Qualcomm, Inc.)
Original Assignee
Qualcomm, Inc.
Inventors
Yonge, Lawrence W. III, Katar, Srinivas, Krishnam, Manjunath A.
Primary Examiner(s)
Hewitt, II, Calvin L
Assistant Examiner(s)
MCINTYRE, CHARLES AARON

Application Number

US13/303,913
Publication Number

US 20120072715A1
Time in Patent Office

1,385 Days
Field of Search

370/218, 709/242
US Class Current

1/1
CPC Class Codes

H04B 2203/5445   Local network

H04L 12/2801   Broadband local area networks

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/413   with random access, e.g. ca...

H04L 12/44   Star or tree networks

H04L 45/12   Shortest path evaluation

H04L 45/121   by minimising delays

H04L 45/122   by minimising distances, e....

H04L 45/123   Evaluation of link metrics ...

H04L 45/125   based on throughput or band...

H04L 45/16   Multipoint routing

H04L 47/787   Bandwidth trade among domains

Authorizing equipment on a sub-network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Authorizing equipment on a sub-network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links