Abstract: An extensible authentication framework is used in cable networks such as Data Over Cable Service Interface Specification (DOCSIS) cable networks. The authentication scheme allows for centralized authentication of cable modems, as well as authentication of the cable network by cable modems. Additionally, the authentication scheme allows a Cable Modem Termination System (CMTS) to authenticate devices downstream from cable modems, such as Customer Premise Equipment (CPE) devices.

Abstract: A CMTS or other data aggregation component having a DHCPv6 relay agent extracts a Media Access Control (MAC) address of an end device from a data packet received from an end device. A DHCPv6 data frame is created for transmission to a DHCPv6 server. The MAC address may be inserted into a specific option of the DHCPv6 data frame, where data in the option may not be processed by the server and are echoed back to the aggregation component or CMTS. The DHCPv6 data frame is transmitted to the DHCPv6 server. The component receives a response message from the server that may contain the MAC address or similar client hardware address as it was sent to the server by the network component. The network component may determine an outgoing port interface from which the response message should be sent, utilizing the MAC address and an interface bundling table. In this manner, interface bundling may be enabled.

Abstract: A system that eliminates some of the security vulnerabilities in the prior art systems by using a new sequence of steps to perform initialization of the cable modem: Instead of performing authentication after the cable modem has been registered, the cable modem authentication step is performed immediately after the cable modem completes ranging. Thus an early authentication method and system are provided. The control of authentication is shifted from the cable modem to the CMTS. Instead of the CMTS relying on a Registration Request message (REG-REQ) to determine whether a cable modem must perform authentication (that is to determine if BPI+ is enabled) the CMTS configuration is what determines whether a cable modem must perform authentication.

Abstract: A hierarchical cable modem clone detection system: A cable modem clone detection system uses a cable modem media access control (MAC) address and physical location information such as information relating to a cable interface, upstream and downstream port numbers, fiber node information, and load balancing group descriptors to determine if a cable modem is a clone. The hierarchical approach first make a clone determination at a cable modem termination system, then at a regional operations center and finally at a network operations center.

Abstract: An extensible authentication framework is used in cable networks such as Data Over Cable Service Interface Specification (DOCSIS) cable networks. The authentication scheme allows for centralized authentication of cable modems, as well as authentication of the cable network by cable modems. Additionally, the authentication scheme allows a Cable Modem Termination System (CMTS) to authenticate devices downstream from cable modems, such as Customer Premise Equipment (CPE) devices.

Abstract: An extensible authentication framework is used in cable networks such as Data Over Cable Service Interface Specification (DOCSIS) cable networks. The authentication scheme allows for centralized authentication of cable modems, as well as authentication of the cable network by cable modems. Additionally, the authentication scheme allows a Cable Modem Termination System (CMTS) to authenticate devices downstream from cable modems, such as Customer Premise Equipment (CPE) devices.

Abstract: A provisioning server has a port to receive a request for a network address including an indication that a remote device is wideband capable. The provisioning server also has a processor to respond to the request with a network address and include an address for a configuration file and to provide a configuration file that allows wideband service. A cable modem has a port to request a network address and indicate wideband capability. The cable modem also has a processor to receive a response to that request that includes a network address and an address for a configuration file. The processor also receives a configuration file and allows the cable modem to be configured for wideband service.

Abstract: A CMTS or other data aggregation component having a DHCPv6 relay agent extracts a Media Access Control (MAC) address of an end device from a data packet received from an end device. A DHCPv6 data frame is created for transmission to a DHCPv6 server. The MAC address may be inserted into a specific option of the DHCPv6 data frame, where data in the option may not be processed by the server and are echoed back to the aggregation component or CMTS. The DHCPv6 data frame is transmitted to the DHCPv6 server. The component receives a response message from the server that may contain the MAC address or similar client hardware address as it was sent to the server by the network component. The network component may determine an outgoing port interface from which the response message should be sent, utilizing the MAC address and an interface bundling table. In this manner, interface bundling may be enabled.

Abstract: A hierarchical cable modem clone detection system: A cable modem clone detection system uses a cable modem media access control (MAC) address and physical location information such as information relating to a cable interface, upstream and downstream port numbers, fiber node information, and load balancing group descriptors to determine if a cable modem is a clone.

Abstract: An extensible authentication framework is used in cable networks such as Data Over Cable Service Interface Specification (DOCSIS) cable networks. The authentication scheme allows for centralized authentication of cable modems, as well as authentication of the cable network by cable modems. Additionally, the authentication scheme allows a Cable Modem Termination System (CMTS) to authenticate devices downstream from cable modems, such as Customer Premise Equipment (CPE) devices.

Abstract: A system that eliminates some of the security vulnerabilities in the prior art systems by using a new sequence of steps to perform initialization of the cable modem: Instead of performing authentication after the cable modem has been registered, the cable modem authentication step is performed immediately after the cable modem completes ranging. Thus an early authentication method and system are provided. The control of authentication is shifted from the cable modem to the CMTS. Instead of the CMTS relying on a Registration Request message (REG-REQ) to determine whether a cable modem must perform authentication (that is to determine if BPI+ is enabled) the CMTS configuration is what determines whether a cable modem must perform authentication.

Abstract: The innovation discloses an AAA-based key/credential distribution system and methodology that is enhanced for establishing a trust relationship between an end device and network application servers which are known at the time of end device authentication. This enhancement can reduce the complexity of key distribution while increasing performance and computational efficiency. By using information that is typically accessible to an AAA server with respect to which instance of a service a client should use based upon load, location, etc., the subject innovation can proactively distribute credentials to an end device. This proactive distribution enables the end device to directly prompt authentication with a network entity.

Abstract: A provisioning server has a port to receive a request for a network address including an indication that a remote device is wideband capable. The provisioning server also has a processor to respond to the request with a network address and include an address for a configuration file and to provide a configuration file that allows wideband service. A cable modem has a port to request a network address and indicate wideband capability. The cable modem also has a processor to receive a response to that request that includes a network address and an address for a configuration file. The processor also receives a configuration file and allows the cable modem to be configured for wideband service.