FORM 2
THE PATENTS ACT, 1970
(39 OF 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)
“METHOD AND SYSTEM FOR AUTHENTICATING A HOME
GATEWAY (HGW) IN A BROADBAND NETWORK”
We, Jio Platforms Limited, an Indian National, of Office - 101, Saffron, Nr.
Centre Point, Panchwati 5 Rasta, Ambawadi, Ahmedabad - 380006, Gujarat, India.
The following specification particularly describes the invention and the manner in
which it is to be performed.
2
METHOD AND SYSTEM FOR AUTHENTICATING A HOME
GATEWAY (HGW) IN A BROADBAND NETWORK
FIELD OF INVENTION
5 [0001] The present disclosure generally relatesto wireless communication systems.
More particularly, embodiments of the present disclosure relate to a method and a
system for authenticating a home gateway (HGW) in a broadband network.
BACKGROUND
10
[0002] The following description of the related art is intended to provide
background information pertaining to the field of the disclosure. This section may
include certain aspects of the art that may be related to various features of the
present disclosure. However, it should be appreciated that this section is used only
15 to enhance the understanding of the reader with respect to the present disclosure,
and not as admissions of the prior art.
[0003] Wireless communication technology has rapidly evolved over the past few
decades, with each generation bringing significant improvements and
20 advancements. The first generation of wireless communication technology was
based on analog technology and offered only voice services. However, with the
advent of the second-generation (2G) technology, digital communication and data
services became possible, and text messaging was introduced. 3G technology
marked the introduction of high-speed internet access, mobile video calling, and
25 location-based services. The fourth-generation (4G) technology revolutionized
wireless communication with faster data speeds, better network coverage, and
improved security. Currently, the fifth-generation (5G) technology is being
deployed, promising even faster data speeds, low latency, and the ability to connect
multiple devices simultaneously. With each generation, wireless communication
3
technology has become more advanced, sophisticated, and capable of delivering
more services to its users.
[0004] Registering a device identifier and a user identifier associated with a
5 designated Outdoor Customer Premise Equipment (ODCPE) at a subscriber profile
repository (SPR) server is necessary to allow the device to use services such as
Internet service, voice service, video service, /TV service, etc. A PCF server can
authenticate the device identifier only when the user identifier such as subscription
permanent identifier (SUPI) of the ODCPE and device identifier (media access
10 control identifier (MAC ID)) registration has been performed at the SPR server. The
device identifier is a unique identifier assigned to a network interface card (NIC)
and used for device identification within the network. It is well known that SUPI is
a unique user identifier assigned to each subscriber within a network, such as but
not limited to 5G network. It is used to manage and track subscriber’s information.
15 For a single SUPI, there can be multiple unique device identifiers for a broadband
network. Thus, the problem is to identify the subscriber for the corresponding
unique identifier when there are multiple unique device identifiers associated with
the subscriber.
20 [0005] Thus, in view of the above-mentioned problems, there exists an imperative
need in the art of a system and a method for authenticating a device (e.g., home
gateway) with the device identifier (MAC ID) in a broadband network.
SUMMARY
25
[0006] This section is provided to introduce certain aspects of the present disclosure
in a simplified form that are further described below in the detailed description.
This summary is not intended to identify the key features or the scope of the claimed
subject matter.
30
4
[0007] An aspect of the present disclosure may relate to a method for authenticating
a home gateway (HGW) in a broadband network. The method includes
provisioning, by a provisioning unit, a plurality of media access control identifiers
(MAC IDs) and a plurality of subscription permanent identifiers (SUPIs) in a
5 subscriber profile repository (SPR). The method further includes receiving, by a
transceiver unit at a policy control function (PCF) server, a session management
(SM) policy control create request from a session management function (SMF), the
request comprising at least one MAC ID and at least one SUPI of the HGW. The
method further includes comparing, by a comparator unit at the PCF server, the
10 received at least one MAC ID with the plurality of MAC IDs stored in the SPR to
verify a match. The method further includes authenticating, by an authentication
unit at the PCF server, the HGW to allow access to network services if the at least
one MAC ID successfully matches with any of the stored plurality of MAC IDs in
the SPR.
15
[0008] In an exemplary aspect of the present disclosure, the at least one MAC ID
is a unique identifier assigned to a network interface card of the HGW.
[0009] In an exemplary aspect of the present disclosure, the at least one SUPI is a
20 unique identifier assigned to each subscriber within a communication network.
[0010] In an exemplary aspect of the present disclosure, the method further
comprises storing, by a cache memory unit at the PCF server, the at least one SUPI
and the at least one MAC ID as keys for facilitating subsequent authentication
25 requests.
[0011] In an exemplary aspect of the present disclosure, the provisioning of the
plurality of MAC IDs and the plurality of SUPIs is performed via at least one of a
packet gateway (PGW), a service management platform (SMP), and a command
30 line interface (CLI).
5
[0012] In an exemplary aspect of the present disclosure, the method further
comprises the step of denying access to the HGW if the at least one MAC ID does
not match with any of the stored plurality of MAC IDs in the SPR by sending an
error response.
5
[0013] In an exemplary aspect of the present disclosure, if the received at least one
MAC ID does not match with any of the plurality of MAC IDs in the SPR, the PCF
sends a response indicating a mismatch to the SMF.
10 [0014] In an exemplary aspect of the present disclosure, authenticating the HGW
is further based on a successful matching of the received at least one SUPI with any
of the plurality of SUPIs stored in the SPR.
[0015] Another aspect of the present disclosure may relate to a system for
15 authenticating a home gateway (HGW) in a broadband network. The system
comprises a provisioning unit configured to provision a plurality of media access
control identifiers (MAC IDs) and a plurality of subscription permanent identifiers
(SUPIs) in a subscriber profile repository (SPR). The system further comprises a
transceiver unit connected at least with the provisioning unit. The transceiver unit
20 is configured to receive, at a policy control function (PCF) server, a session
management (SM) policy control create request from a session management
function (SMF), the request comprising at least one MAC ID and at least one SUPI
of the HGW. The system further comprises a comparator unit connected at least
with the transceiver unit. The comparator unit is configured to compare, at the PCF
25 server, the received at least one MAC ID with the plurality of MAC IDs stored in
the SPR to verify a match. The system further comprises an authentication unit
connected at least with the comparator unit, the authentication unit is configured to
authenticate, at the PCF server, the HGW to allow access to network services if the
at least one MAC ID successfully matches with any of the stored plurality of MAC
30 IDs in the SPR.
6
[0016] Yet another aspect of the present disclosure may relate to a non-transitory
computer readable storage medium storing instructions for authenticating a home
gateway (HGW) in a broadband network, the instructions include executable code
which, when executed by one or more units of a system, causes a provisioning unit
5 to provision a plurality of media access control identifiers (MAC IDs) and a
plurality of subscription permanent identifiers (SUPIs) in a subscriber profile
repository (SPR). The executable code when executed further causes a transceiver
unit to receive, at a policy control function (PCF) server, a session management
(SM) policy control create request from a session management function (SMF), the
10 request comprising at least one MAC ID and at least one SUPI of the HGW. The
executable code when executed further causes a comparator unit to compare, at the
PCF server, the received at least one MAC ID with the plurality of MAC IDs stored
in the SPR to verify a match. The executable code when executed further causes an
authentication unit to authenticate, at the PCF server, the HGW to allow access to
15 network services if the at least one MAC ID successfully matches with any of the
stored plurality of MAC IDs in the SPR.
OBJECTS OF THE DISCLOSURE
20 [0017] Some of the objects of the present disclosure, which at least one
embodiment disclosed herein satisfies are listed herein below.
[0018] It is an object of the present disclosure to provide a system and a method for
authenticating a home gateway (HGW) in a broadband network.
25
[0019] It is another object of the present disclosure to provide a solution that allows
multiple device identifiers (e.g., MAC IDs) to be associated with one unique user
identifier (e.g., SUPI).
30 BRIEF DESCRIPTION OF THE DRAWINGS
7
[0020] The accompanying drawings, which are incorporated herein, and constitute
a part of this disclosure, illustrate exemplary embodiments of the disclosed methods
and systems in which like reference numerals refer to the same parts throughout the
different drawings. Components in the drawings are not necessarily to scale,
5 emphasis instead being placed upon clearly illustrating the principles of the present
disclosure. Also, the embodiments shown in the figures are not to be construed as
limiting the disclosure, but the possible variants of the method and system
according to the disclosure are illustrated herein to highlight the advantages of the
disclosure. It will be appreciated by those skilled in the art that disclosure of such
10 drawings includes disclosure of electrical components or circuitry commonly used
to implement such components.
[0021] FIG. 1 illustrates an exemplary block diagram representation of 5th
generation core (5GC) network architecture.
15
[0022] FIG. 2 illustrates an exemplary block diagram of a computing device upon
which the features of the present disclosure may be implemented in accordance with
exemplary implementation of the present disclosure.
20 [0023] FIG. 3 illustrates an exemplary block diagram of a system for authenticating
a home gateway (HGW) in a broadband network, in accordance with exemplary
implementations of the present disclosure.
[0024] FIG. 4 illustrates a method flow diagram for authenticating a home gateway
25 (HGW) in a broadband network, in accordance with exemplary implementations of
the present disclosure.
[0025] FIG. 5 illustrates a process flow diagram for authenticating a home gateway
(HGW) in a broadband network, in accordance with exemplary implementations of
30 the present disclosure.
8
[0026] The foregoing shall be more apparent from the following more detailed
description of the disclosure.
DETAILED DESCRIPTION
5
[0027] In the following description, for the purposes of explanation, various
specific details are set forth in order to provide a thorough understanding of
embodiments of the present disclosure. It will be apparent, however, that
embodiments of the present disclosure may be practiced without these specific
10 details. Several features described hereafter may each be used independently of one
another or with any combination of other features. An individual feature may not
address any of the problems discussed above or might address only some of the
problems discussed above.
15 [0028] The ensuing description provides exemplary embodiments only, and is not
intended to limit the scope, applicability, or configuration of the disclosure. Rather,
the ensuing description of the exemplary embodiments will provide those skilled in
the art with an enabling description for implementing an exemplary embodiment.
It should be understood that various changes may be made in the function and
20 arrangement of elements without departing from the spirit and scope of the
disclosure as set forth.
[0029] Specific details are given in the following description to provide a thorough
understanding of the embodiments. However, it will be understood by one of
25 ordinary skill in the art that the embodiments may be practiced without these
specific details. For example, circuits, systems, processes, and other components
may be shown as components in block diagram form in order not to obscure the
embodiments in unnecessary detail.
30 [0030] Also, it is noted that individual embodiments may be described as a process
which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure
9
diagram, or a block diagram. Although a flowchart may describe the operations as
a sequential process, many of the operations may be performed in parallel or
concurrently. In addition, the order of the operations may be re-arranged. A process
is terminated when its operations are completed but could have additional steps not
5 included in a figure.
[0031] The word “exemplary” and/or “demonstrative” is used herein to mean
serving as an example, instance, or illustration. For the avoidance of doubt, the
subject matter disclosed herein is not limited by such examples. In addition, any
10 aspect or design described herein as “exemplary” and/or “demonstrative” is not
necessarily to be construed as preferred or advantageous over other aspects or
designs, nor is it meant to preclude equivalent exemplary structures and techniques
known to those of ordinary skill in the art. Furthermore, to the extent that the terms
“includes,” “has,” “contains,” and other similar words are used in either the detailed
15 description or the claims, such terms are intended to be inclusive—in a manner
similar to the term “comprising” as an open transition word—without precluding
any additional or other elements.
[0032] As used herein, a “processing unit” or “processor” or “operating processor”
20 includes one or more processors, wherein processor refers to any logic circuitry for
processing instructions. A processor may be a general-purpose processor, a special
purpose processor, a conventional processor, a digital signal processor, a plurality
of microprocessors, one or more microprocessors in association with a Digital
Signal Processing (DSP) core, a controller, a microcontroller, Application Specific
25 Integrated Circuits, Field Programmable Gate Array circuits, any other type of
integrated circuits, etc. The processor may perform signal coding data processing,
input/output processing, and/or any other functionality that enables the working of
the system according to the present disclosure. More specifically, the processor or
processing unit is a hardware processor.
30
10
[0033] As used herein, “a user equipment”, “a user device”, “a smart-user-device”,
“a smart-device”, “an electronic device”, “a mobile device”, “a handheld device”,
“a wireless communication device”, “a mobile communication device”, “a
communication device” may be any electrical, electronic and/or computing device
5 or equipment, capable of implementing the features of the present disclosure. The
user equipment/device may include, but is not limited to, a mobile phone, smart
phone, laptop, a general-purpose computer, desktop, personal digital assistant,
tablet computer, wearable device or any other computing device which is capable
of implementing the features of the present disclosure. Also, the user device may
10 contain at least one input means configured to receive an input from unit(s) which
are required to implement the features of the present disclosure.
[0034] As used herein, “storage unit” or “memory unit” refers to a machine or
computer-readable medium including any mechanism for storing information in a
15 form readable by a computer or similar machine. For example, a computer-readable
medium includes read-only memory (“ROM”), random access memory (“RAM”),
magnetic disk storage media, optical storage media, flash memory devices or other
types of machine-accessible storage media. The storage unit stores at least the data
that may be required by one or more units of the system to perform their respective
20 functions.
[0035] As used herein “interface” or “user interface” refers to a shared boundary
across which two or more separate components of a system exchange information
or data. The interface may also be referred to a set of rules or protocols that define
25 communication or interaction of one or more modules or one or more units with
each other, which also includes the methods, functions, or procedures that may be
called.
[0036] All modules, units, components used herein, unless explicitly excluded
30 herein, may be software modules or hardware processors, the processors being a
general-purpose processor, a special purpose processor, a conventional processor, a
11
digital signal processor (DSP), a plurality of microprocessors, one or more
microprocessors in association with a DSP core, a controller, a microcontroller,
Application Specific Integrated Circuits (ASIC), Field Programmable Gate Array
circuits (FPGA), any other type of integrated circuits, etc.
5
[0037] As used herein, the transceiver unit include at least one receiver and at least
one transmitter configured respectively for receiving and transmitting data, signals,
information or a combination thereof between units/components within the system
and/or connected with the system.
10
[0038] As used herein, a home gateway (HGW) is a device that acts as both modem
and router for a home network, combining the features of both in a single piece of
hardware.
15 [0039] As used herein, a subscription permanent identifier (SUPI) is a globally
unique identifier that is assigned to each subscriber in the 5G system, which is
provisioned in the UDM/UDR.
[0040] As used herein, a network interface card (NIC) is typically a circuit board
20 installed on the computer to connect to the network. It works as an indispensable
component for the network connection of computers. The network interface card
function is to facilitate communication between a computer/server and a local area
network (LAN), wide area network (WAN), or the internet.
25 [0041] As used herein, media access control (MAC) identifier (ID) refers to
a unique identifier that is assigned during device manufacturing, the MAC ID or
address is often found on a device's network interface card (NIC). A MAC ID is
required when trying to locate a device or when performing diagnostics on a
network device or authorising any device to access the network.
30
12
[0042] As used herein, a subscriber profile repository (SPR) is a system for storing
and managing subscriber-specific policy control data.
[0043] As used herein, a packet data network gateway (PGW) is a component in
5 the architecture of a mobile network which acts as the interface between
the LTE/5G network and external packet data networks, such as the internet. Its
primary responsibilities include IP address allocation, policy enforcement, routing,
etc.
10 [0044] As used herein, a command-line interface (CLI) is a text-based interface
(UI) used to run programs, manage computer files, and interact with the computer.
[0045] As used herein, cache memory refers to a supplementary memory that
temporarily stores frequently used instructions and data for quicker processing by
15 the central processing unit (CPU) of a computer.
[0046] As discussed in the background section, the current known solutions have
several shortcomings. The present disclosure aims to overcome the abovementioned and other existing problems in this field of technology by providing a
20 method and a system for authenticating a home gateway (HGW) in a broadband
network.
[0047] FIG. 1 illustrates an exemplary block diagram representation of 5th
generation core (5GC) network architecture, in accordance with exemplary
25 implementation of the present disclosure. As shown in FIG. 1, the 5GC network
architecture [100] includes a user equipment (UE) [102], a radio access network
(RAN) [104], an access and mobility management function (AMF) [106], a Session
Management Function (SMF) [108], a Service Communication Proxy (SCP) [110],
an Authentication Server Function (AUSF) [112], a Network Slice Specific
30 Authentication and Authorization Function (NSSAAF) [114], a Network Slice
Selection Function (NSSF) [116], a Network Exposure Function (NEF) [118], a
13
Network Repository Function (NRF) [120], a Policy Control Function (PCF) [122],
a Unified Data Management (UDM) [124], an application function (AF) [126], a
User Plane Function (UPF) [128], a data network (DN) [130], wherein all the
components are assumed to be connected to each other in a manner as obvious to
5 the person skilled in the art for implementing features of the present disclosure.
[0048] As used herein, a Radio Access Network (RAN) [104] is the part of a mobile
telecommunications system that connects user equipment (UE) [102] to the core
network (CN) and provides access to different types of networks (e.g., 5G network).
10 It consists of radio base stations and the radio access technologies that enable
wireless communication.
[0049] As used herein, an Access and Mobility Management Function (AMF) [106]
is a 5G core network function responsible for managing access and mobility
15 aspects, such as UE registration, connection, and reachability. It also handles
mobility management procedures like handovers and paging.
[0050] As used herein, a Session Management Function (SMF) [108] is a 5G core
network function responsible for managing session-related aspects, such as
20 establishing, modifying, and releasing sessions. It coordinates with the User Plane
Function (UPF) for data forwarding and handles IP address allocation and QoS
enforcement.
[0051] As used herein, a Service Communication Proxy (SCP) [110] is a network
25 function in the 5G core network that facilitates communication between other
network functions by providing a secure and efficient messaging service. It acts as
a mediator for service-based interfaces.
[0052] As used herein, an Authentication Server Function (AUSF) [112] is a
30 network function in the 5G core responsible for authenticating UEs during
14
registration and providing security services. It generates and verifies authentication
vectors and tokens.
[0053] As used herein, a Network Slice Specific Authentication and Authorization
5 Function (NSSAAF) [114] is a network function that provides authentication and
authorization services specific to network slices. It ensures that UEs can access only
the slices for which they are authorized.
[0054] As used herein, a Network Slice Selection Function (NSSF) [116] is a
10 network function responsible for selecting the appropriate network slice for a UE
based on factors such as subscription, requested services, and network policies.
[0055] As used herein, a Network Exposure Function (NEF) [118] is a network
function that exposes capabilities and services of the 5G network to external
15 applications, enabling integration with third-party services and applications.
[0056] As used herein, a Network Repository Function (NRF) [120] is a network
function that acts as a central repository for information about available network
functions and services. It facilitates the discovery and dynamic registration of
20 network functions.
[0057] As used herein, a Policy Control Function (PCF) [122] (hereinafter referred
to as PCF server [122]) is a network function responsible for policy control
decisions, such as QoS, charging, and access control, based on subscriber
25 information and network policies.
[0058] As used herein, a Unified Data Management (UDM) [124] is a network
function that centralizes the management of subscriber data, including
authentication, authorization, and subscription information.
30
15
[0059] As used herein, an Application Function (AF) [126] is a network function
that represents external applications interfacing with the 5G core network to access
network capabilities and services.
5 [0060] As used herein, a User Plane Function (UPF) [128] is a network function
responsible for handling user data traffic, including packet routing, forwarding, and
QoS enforcement.
[0061] As used herein, a Data Network (DN) [130] refers to a network that provides
10 data services to user equipment (UE) in a telecommunications system. The data
services may include but are not limited to Internet services, private data network
related services.
[0062] FIG. 2 illustrates an exemplary block diagram of a computing device [200]
15 upon which the features of the present disclosure may be implemented in
accordance with exemplary implementation of the present disclosure. In an
implementation, the computing device [200] may also implement a method for
authenticating a home gateway (HGW) in a broadband network utilising the system
[300]. In another implementation, the computing device [200] itself implements the
20 method for authenticating a home gateway (HGW) in a broadband network using
one or more units configured within the computing device [200], wherein said one
or more units are capable of implementing the features as disclosed in the present
disclosure.
25 [0063] The computing device [200] may include a bus [202] or other
communication mechanism for communicating information, and a hardware
processor [204] coupled with the bus [202] for processing information. The
hardware processor [204] may be, for example, a general-purpose microprocessor.
The computing device [200] may also include a main memory [206], such as a
30 random-access memory (RAM), or other dynamic storage device, coupled to the
bus [202] for storing information and instructions to be executed by the processor
16
[204]. The main memory [206] also may be used for storing temporary variables or
other intermediate information during execution of the instructions to be executed
by the processor [204]. Such instructions, when stored in non-transitory storage
media accessible to the processor [204], render the computing device [200] into a
5 special-purpose machine that is customized to perform the operations specified in
the instructions. The computing device [200] further includes a read only memory
(ROM) [208] or other static storage device coupled to the bus [202] for storing static
information and instructions for the processor [204].
10 [0064] A storage device [210], such as a magnetic disk, optical disk, or solid-state
drive is provided and coupled to the bus [202] for storing information and
instructions. The computing device [200] may be coupled via the bus [202] to a
display [212], such as a cathode ray tube (CRT), Liquid crystal Display (LCD),
Light Emitting Diode (LED) display, Organic LED (OLED) display, etc. for
15 displaying information to a computer user. An input device [214], including
alphanumeric and other keys, touch screen input means, etc. may be coupled to the
bus [202] for communicating information and command selections to the processor
[204]. Another type of user input device may be a cursor controller [216], such as a
mouse, a trackball, or cursor direction keys, for communicating direction
20 information and command selections to the processor [204], and for controlling
cursor movement on the display [212]. The input device typically has two degrees
of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allow
the device to specify positions in a plane.
25 [0065] The computing device [200] may implement the techniques described
herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware
and/or program logic which in combination with the computing device [200] causes
or programs the computing device [200] to be a special-purpose machine.
According to one implementation, the techniques herein are performed by the
30 computing device [200] in response to the processor [204] executing one or more
sequences of one or more instructions contained in the main memory [206]. Such
17
instructions may be read into the main memory [206] from another storage medium,
such as the storage device [210]. Execution of the sequences of instructions
contained in the main memory [206] causes the processor [204] to perform the
process steps described herein. In alternative implementations of the present
5 disclosure, hard-wired circuitry may be used in place of or in combination with
software instructions.
[0066] The computing device [200] also may include a communication interface
[218] coupled to the bus [202]. The communication interface [218] provides a two10 way data communication coupling to a network link [220] that is connected to a
local network [222]. For example, the communication interface [218] may be an
integrated services digital network (ISDN) card, cable modem, satellite modem, or
a modem to provide a data communication connection to a corresponding type of
telephone line. As another example, the communication interface [218] may be a
15 local area network (LAN) card to provide a data communication connection to a
compatible LAN. Wireless links may also be implemented. In any such
implementation, the communication interface [218] sends and receives electrical,
electromagnetic or optical signals that carry digital data streams representing
various types of information.
20
[0067] The computing device [200] can send messages and receive data, including
program code, through the network(s), the network link [220] and the
communication interface [218]. In the Internet example, a server [230] might
transmit a requested code for an application program through the Internet [228], the
25 ISP [226], the local network [222], a host [224] and the communication interface
[218]. The received code may be executed by the processor [204] as it is received,
and/or stored in the storage device [210], or other non-volatile storage for later
execution.
30 [0068] The computing device [200] encompasses a wide range of electronic
devices capable of processing data and performing computations. Examples of
18
computing device [200] include, but are not limited only to, personal computers,
laptops, tablets, smartphones, servers, and embedded systems. The devices may
operate independently or as part of a network and can perform a variety of tasks
such as data storage, retrieval, and analysis. Additionally, computing device [200]
5 may include peripheral devices, such as monitors, keyboards, and printers, as well
as integrated components within larger electronic systems, showcasing their
versatility in various technological applications.
[0069] Referring to FIG. 3, an exemplary block diagram of a system [300] for
10 authenticating a home gateway (HGW) in a broadband network, is shown, in
accordance with the exemplary implementations of the present disclosure. The
system [300] comprises at least one a provisioning unit [302], at least one
transceiver unit [304], at least one a comparator unit [306], at least one
authentication unit [308], and at least one cache memory unit [310]. Also, all of the
15 components/ units of the system [300] are assumed to be connected to each other
unless otherwise indicated below. As shown in the figures all units shown within
the system [300] should also be assumed to be connected to each other. Also, in
FIG. 3 only a few units are shown, however, the system [300] may comprise
multiple such units or the system [300] may comprise any such numbers of said
20 units, as required to implement the features of the present disclosure. Further, in an
implementation, the system [300] may be present in a user device/ user equipment
[102] to implement the features of the present disclosure. The system [300] may be
a part of the user device [102] or may be independent of but in communication with
the user device [102] (may also referred herein as a UE). In another implementation,
25 the system [300] may reside in a server or a network entity. In yet another
implementation, the system [300] may reside partly in the server/ network entity
and partly in the user device.
[0070] The system [300] is configured for authenticating a home gateway (HGW)
30 in a broadband network, with the help of the interconnection between the
components/units of the system [300].
19
[0071] The system [300] comprises a provisioning unit configured to provision a
plurality of media access control identifiers (MAC IDs) and a plurality of
subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR).
5
[0072] The provisioning unit [302] provisions or store the plurality of media access
control identifiers (MAC IDs) and the plurality of subscription permanent
identifiers (SUPIs) in the subscriber profile repository (SPR). In an exemplary
aspect, SPR acts as the repository for storing or provisioning plurality of MAC IDs
10 which are associated with one or more devices (e.g., routers) and the plurality of
SUPIs associated with one or more subscribers.
[0073] In an exemplary aspect, the plurality of MAC IDs and the plurality of SUPIs
are provisioned using at least one of a packet gateway (PGW), a service
15 management platform (SMP), and a command line interface (CLI).
[0074] In an exemplary aspect, the plurality of MAC IDs and the plurality of SUPIs
are provisioned using at least one of a packet gateway (PGW). The PGW acts as the
interface between the LTE/5G network and external packet data networks, such as
20 the Internet. The primary responsibilities of PGW includes IP address allocation
and assigning IP addresses to user devices.
[0075] In an exemplary aspect, the plurality of MAC IDs and the plurality of SUPIs
are further provisioned using service management platform (SMP).
25
[0076] In an exemplary aspect, the plurality of MAC IDs and the plurality of SUPIs
are further provisioned using command line interface (CLI) which help subscribers
or network administrators to manually input the details of the plurality of MAC IDs
and the plurality of SUPIs on a command prompt in order to provision them.
30
20
[0077] The system [300] further comprises a transceiver unit [304] connected at
least with the provisioning unit [302]. The transceiver unit [304] is configured to
receive, at the PCF server [122], a session management (SM) policy control create
request from a session management function (SMF) [108], the request comprising
5 at least one MAC ID and at least one SUPI of the HGW.
[0078] The transceiver unit [304] receives session management (SM) policy control
create request from the session management function (SMF) [108]. The request
comprising at least one MAC ID and at least one SUPI of the HGW which further
10 facilitates the authentication of one or more devices and subscribers respectively.
[0079] In an exemplary aspect, the at least one MAC ID is a unique identifier
assigned to a network interface card of the HGW.
15 [0080] In an exemplary aspect, the session management (SM) policy control create
request includes at least one MAC ID which is essential for identifying the network
interface card of the HGW, enabling secure authentication of the one or more
devices.
20 [0081] In an exemplary aspect, the at least one SUPI is a unique identifier assigned
to each subscriber within a communication network.
[0082] In an exemplary aspect, session management (SM) policy control create
request includes at least one SUPI which is a unique identifier related to each
25 subscriber which further includes subscriber’s details such as but not limited to
subscriber's services, billing information, data usage details, etc. In an exemplary
aspect, when HGW requests access to broadband network services, it includes at
least one SUPI in its request which helps in verification of the subscriber’s identity
to further ascertain whether the subscriber is authorized to have access to the
30 requested services.
21
[0083] The system [300] further comprises a comparator unit [306] connected at
least with the transceiver unit [304]. The comparator unit [306] is configured to
compare, at the PCF server [122], the received at least one MAC ID with the
plurality of MAC IDs stored in the SPR to verify a match.
5
[0084] The comparator unit [306] compares the received at least one MAC ID with
the plurality of MAC IDs stored in the SPR to verify the match at the PCF server
[122]. In an exemplary aspect, the comparator unit [306] checks whether the
received MAC ID matches any of the MAC IDs in the SPR ensuring that only
10 authorized devices have access to broadband network services.
[0085] In an exemplary aspect, if the received at least one MAC ID does not match
with any of the plurality of MAC IDs in the SPR, the PCF [122] sends a response
indicating a mismatch to the SMF [108].
15
[0086] In an exemplary aspect, the PCF server [122] sends the response indicating
the mismatch to the SMF [108], if the received at least one MAC ID does not match
with any of the plurality of MAC IDs in the SPR.
20 [0087] The system [300] further comprises an authentication unit [308] connected
at least with the comparator unit [306]. The authentication unit [308] is configured
to authenticate, at the PCF server [122], the HGW to allow access to network
services if the at least one MAC ID successfully matches with any of the stored
plurality of MAC IDs in the SPR.
25
[0088] If the at least one MAC ID successfully matches with any of the stored
plurality of MAC IDs in the SPR, the authentication unit [308] authenticates the
HGW to have access to network services.
30 [0089] In an exemplary aspect, the comparator unit [306] checks whether the
received MAC ID corresponds to any of the MAC IDs in the SPR. In case a match
22
is found, the authentication unit [308] may indicate that the devices are authorized
to have access to various broadband network service. Similarly, if no match is
found, the authentication unit [308] may indicate that the devices are not authorized
to have access to various broadband network services.
5
[0090] The authentication unit [308] is further configured to deny access to the
HGW if the at least one MAC ID does not match with any of the stored plurality of
MAC IDs in the SPR by sending an error response.
10 [0091] The authentication unit [308] denies access to the HGW if the at least one
MAC ID does not match with any of the stored plurality of MAC IDs in the SPR
by sending an error response. In an exemplary aspect, the error response may be in
the form of “Error response 403 request forbidden request”.
15 [0092] The authentication unit [308] is further configured to authenticate the HGW
based on a successful matching of the received at least one SUPI with any of the
plurality of SUPIs stored in the SPR The authentication unit [308] further considers
the successful matching of the received at least one SUPI with any of the plurality
of SUPIs stored in the SPR to authenticate the HGW and to allow the HGW to
20 access broadband network services.
[0093] The system [300] further comprises a cache memory unit [310] configured
to store, at the PCF server [122], the at least one SUPI and the at least one MAC ID
as keys for facilitating subsequent authentication requests.
25
[0094] The cache memory unit [310] stores the at least one SUPI and the at least
one MAC ID as keys for enabling subsequent authentication requests at the PCF
server [122]. By storing the at least one SUPI and the at least one MAC ID as keys,
the system [300] provides a quick access to the subscribers and devices, such that
30 during subsequent authentication requests they are connected instantly without the
23
need to reauthenticate the devices and subscriber thereby increasing the overall
authentication process of the broadband services.
[0095] Referring to FIG. 4, an exemplary method flow diagram [400] for
5 authenticating a home gateway (HGW) in a broadband network, in accordance with
exemplary implementations of the present disclosure is shown. In an
implementation the method [400] is performed by the system [300]. Further, in an
implementation, the system [300] may be present in a server device to implement
the features of the present disclosure. Also, as shown in FIG. 4, the method [400]
10 starts at step [402].
[0096] At step 404, the method [400] comprises provisioning, by a provisioning
unit [304], a plurality of media access control identifiers (MAC IDs) and a plurality
of subscription permanent identifiers (SUPIs) in a subscriber profile repository
15 (SPR).
[0097] The provisioning unit [302] provisions the plurality of media access control
identifiers (MAC IDs) and the plurality of subscription permanent identifiers
(SUPIs) in the subscriber profile repository (SPR). In exemplary aspect, SPR acts
20 as the repository for storing plurality of MAC IDs which are associated with one or
more device and plurality of SUPI which is information associated with one or more
subscriber at the PCF server [122].
[0098] In an exemplary aspect, the provisioning of the plurality of MAC IDs and
25 the plurality of SUPIs is performed via at least one of a packet gateway (PGW), a
service management platform (SMP), and a command line interface (CLI).
[0099] At step 406, the method [400] further comprises receiving, by a transceiver
unit [304] at the PCF server [122], a session management (SM) policy control create
30 request from a session management function (SMF) [108], the request comprising
at least one MAC ID and at least one SUPI of the HGW.
24
[0100] The transceiver unit [304] receives session management (SM) policy control
create request from the session management function (SMF) [108]. The request
comprising at least one MAC ID and at least one SUPI of the HGW which further
5 facilitates the authentication of one or more devices and subscribers respectively.
[0101] In an exemplary aspect, the at least one MAC ID is a unique identifier
assigned to a network interface card of the HGW.
10 [0102] In an exemplary aspect, the session management (SM) policy control create
request includes at least one MAC ID which is essential for identifying the network
interface card of the HGW, enabling secure authentication of the one or more
devices.
15 [0103] In an exemplary aspect, the at least one SUPI is a unique identifier assigned
to each subscriber within a communication network.
[0104] In an exemplary aspect, session management (SM) policy control create
request includes at least one SUPI which is a unique identifier related to each
20 subscriber which further includes subscriber’s details such as but not limited to
subscriber's services, billing information, data usage details etc. In an exemplary
aspect, when HGW requests access to broadband network services, it includes at
least one SUPI in its request which helps verify the subscriber’s identity to further
ascertain whether the subscriber is authorized to have access to the requested
25 services.
[0105] At step 408, the method [400] further comprises comparing, by a
comparator unit [306] at the PCF server [122], the received at least one MAC ID
with the plurality of MAC IDs stored in the SPR to verify a match.
30
25
[0106] The comparator unit [306] compares the received at least one MAC ID with
the plurality of MAC IDs stored in the SPR to verify the match at the PCF server
[122]. In an exemplary aspect, the comparator unit [306] checks whether the
received MAC ID matches any of the MAC IDs in the SPR ensuring that only
5 authorized devices have access broadband network services.
[0107] In an exemplary aspect, if the received at least one MAC ID does not match
with any of the plurality of MAC IDs in the SPR, the PCF server [122] sends a
response indicating a mismatch to the SMF [108].
10
[0108] In an exemplary aspect, the PCF server [122] sends the response indicating
the mismatch to the SMF [108], if the received at least one MAC ID does not match
with any of the plurality of MAC IDs in the SPR.
15 [0109] At step 410, the method further comprises authenticating, by an
authentication unit [308] at the PCF server [122], the HGW to allow access to
network services if the at least one MAC ID successfully matches with any of the
stored plurality of MAC IDs in the SPR.
20 [0110] If the at least one MAC ID successfully matches with any of the stored
plurality of MAC IDs in the SPR, the authentication unit [308] authenticates the
HGW to have access to network services.
[0111] In an example, the comparator unit [306] checks whether the received MAC
25 ID (e.g., XYZ) corresponds to any of the plurality of MAC IDs (e.g., XYZ, YZW,
ABC) provisioned in the SPR. If the received MAC ID (e.g., XYZ) matches with
one (e.g., XYZ) of the plurality of provisioned MAC IDs (e.g., XYZ, YZW, ABC),
then the authentication unit authenticate the HGW to have access to network
services.
30
26
[0112] In an exemplary aspect, the comparator unit [306] checks whether the
received MAC ID corresponds to any of the MAC IDs in the SPR. In case a match
is found, the authentication unit [308] may indicate that the devices are authorized
to have access to various broadband network service. Similarly, if no match is
5 found, the authentication unit [308] may indicate that the devices have are not
authorized to have access to various broadband network services.
[0113] The method [400] further comprises comprising the step of denying access
to the HGW if the at least one MAC ID does not match with any of the stored
10 plurality of MAC IDs in the SPR by sending an error response.
[0114] The authentication unit [308] denies access to the HGW if the at least one
MAC ID does not match with any of the stored plurality of MAC IDs in the SPR
by sending an error response. In an exemplary aspect, the error response may be in
15 the form of “Error response 403 request forbidden request”.
[0115] In an exemplary aspect, authenticating the HGW is further based on a
successful matching of the received at least one SUPI with any of the plurality of
SUPIs stored in the SPR.
20
[0116] The authentication unit [308] authenticates the HGW based on the
successful matching of the received at least one SUPI with any of the plurality of
SUPIs stored in the SPR.
25 [0117] The method [400] further comprises storing, by a cache memory unit [310]
at the PCF server [122], the at least one SUPI and the at least one MAC ID as keys
for facilitating subsequent authentication requests.
[0118] The cache memory [310] unit stores the at least one SUPI and the at least
30 one MAC ID as keys for enabling subsequent authentication requests at the PCF
server [122]. By storing at least one SUPI and the at least one MAC ID as keys, the
27
system [300] provides a quick access to the subscribers and devices, such that
during subsequent authentication requests they are connected instantly without the
need to reauthenticate the devices and subscriber thereby increasing the overall
authentication process of the broadband services.
5
[0119] Thereafter, at step [412], the method [400] is terminated.
[0120] Referring to FIG. 5, an exemplary process flow diagram [500] for
authenticating a home gateway (HGW) in a broadband network, in accordance with
10 exemplary implementations of the present disclosure is shown.
[0121] At step S1, the process [500] comprises provisioning, by at least one Home
Gateway in the SPR [504], a plurality of media access control identifiers (MAC
IDs), a plurality of subscription permanent identifiers (SUPIs) in a subscriber
15 profile repository (SPR) [504] by using at least one service management platform,
command line interface, and packet gateway.
[0122] At step S2, the process [500] comprises receiving at the PCF server [122],
session management (SM) policy control create request (e.g., in JSON format) from
20 a session management function (SMF) [108], the request comprising at least one
MAC ID and at least one SUPI of the HGW. In an example, the at least one MAC
ID received in the policy control create request is prefix with an extra field of
“hgwMac” to differentiate between the various other difference MAC IDs.
25 [0123] At step S3, the process [500] comprises fetching, by the PCF server [122]
from the SPR [504], the provisioned plurality of media access control identifiers
(MAC IDs) and the plurality of subscription permanent identifiers (SUPIs).
[0124] At step S4, the process [500] comprises receiving, at the PCF server [122]
30 from the SPR [504] the fetched plurality of media access control identifiers (MAC
IDs) and the plurality of subscription permanent identifiers (SUPIs).
28
[0125] In an exemplary aspect, the process [500] further comprises comparing, at
the PCF server [122], the received at least one MAC ID (e.g., hgwMAC) from the
SMF [108] with the fetched plurality of MAC IDs stored in the SPR [504] to verify
5 the match.
[0126] At step S5, if the at least one MAC ID (e.g., hgwMAC) successfully matches
with any (e.g., hgwMAC) of the stored plurality of MAC IDs in the SPR [504], the
PCF server [122] validates the HGW allowing it to have access to network service.
10
[0127] At step S6, if the at least one MAC ID doesn’t match with any of the stored
plurality of MAC IDs in the SPR [504], the PCF server [122] invalidates the HGW
[502] denying access to network services by displaying “Error Response 403
request forbidden”.
15
[0128] The present disclosure further discloses a non-transitory computer readable
storage medium storing instructions for authenticating a home gateway (HGW) in
a broadband network, the instructions include executable code which, when
executed by one or more units of a system, causes a provisioning unit to provision
20 a plurality of media access control identifiers (MAC IDs) and a plurality of
subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR)
The executable code when executed further causes a transceiver unit to receive, at
a policy control function (PCF) server, a session management (SM) policy control
create request from a session management function (SMF), the request comprising
25 at least one MAC ID and at least one SUPI of the HGW. The executable code when
executed further causes a comparator unit to compare, at the PCF server, the
received at least one MAC ID with the plurality of MAC IDs stored in the SPR to
verify a match. The executable code when executed further causes an authentication
unit to authenticate, at the PCF server, the HGW to allow access to network services
30 if the at least one MAC ID successfully matches with any of the stored plurality of
MAC IDs in the SPR.
29
[0129] As is evident from the above, the present disclosure provides a technically
advanced solution for authenticating a home gateway (HGW) in a broadband
network. As the unique user identifier is an essential part of the authentication and
5 authorization process in a network, multiples device identifiers can be associated
with one unique user identifier. PCF server then allows communication with a
device identifier only when there is a registration available for said device identifier
and corresponding unique user identifier with SPR server. As a result,
authentication by PCF server will not allow unknown device identifiers to latch
10 onto a network.
[0130] Further, in accordance with the present disclosure, it is to be acknowledged
that the functionality described for the various components/units can be
implemented interchangeably. While specific embodiments may disclose a
15 particular functionality of these units for clarity, it is recognized that various
configurations and combinations thereof are within the scope of the disclosure. The
functionality of specific units as disclosed in the disclosure should not be construed
as limiting the scope of the present disclosure. Consequently, alternative
arrangements and substitutions of units, provided they achieve the intended
20 functionality described herein, are considered to be encompassed within the scope
of the present disclosure.
[0131] While considerable emphasis has been placed herein on the disclosed
implementations, it will be appreciated that many implementations can be made and
25 that many changes can be made to the implementations without departing from the
principles of the present disclosure. These and other changes in the implementations
of the present disclosure will be apparent to those skilled in the art, whereby it is to
be understood that the foregoing descriptive matter to be implemented is illustrative
and non-limiting.
30
30
We Claim:
1. A method for authenticating a home gateway (HGW) in a broadband network,
comprising:
5 provisioning, by a provisioning unit [302], a plurality of media access
control identifiers (MAC IDs) and a plurality of subscription permanent
identifiers (SUPIs) in a subscriber profile repository (SPR);
receiving, by a transceiver unit [304] at a policy control function (PCF)
server [122], a session management (SM) policy control create request from
10 a session management function (SMF) [108], the request comprising at least
one MAC ID and at least one SUPI of the HGW;
comparing, by a comparator unit [306] at the PCF server [122], the
received at least one MAC ID with the plurality of MAC IDs stored in the
SPR to verify a match; and
15 authenticating, by an authentication unit [308] at the PCF server [122],
the HGW to allow access to network services if the at least one MAC ID
successfully matches with any of the stored plurality of MAC IDs in the SPR.
2. The method as claimed in claim 1, wherein the at least one MAC ID is a
unique identifier assigned to a network interface card of the HGW.
20 3. The method as claimed in claim 1, wherein the at least one SUPI is a unique
identifier assigned to each subscriber within a communication network.
4. The method as claimed in claim 1, further comprising storing, by a cache
memory unit [310] at the PCF server [122], the at least one SUPI and the at
least one MAC ID as keys for facilitating subsequent authentication requests.
25 5. The method as claimed in claim 1, wherein the provisioning of the plurality
of MAC IDs and the plurality of SUPIs is performed via at least one of a
31
packet gateway (PGW), a service management platform (SMP), and a
command line interface (CLI).
6. The method as claimed in claim 1, further comprising the step of denying
access to the HGW if the at least one MAC ID does not match with any of the
5 stored plurality of MAC IDs in the SPR by sending an error response.
7. The method as claimed in claim 1, wherein if the received at least one MAC
ID does not match with any of the plurality of MAC IDs in the SPR, the PCF
server [122] sends a response indicating a mismatch to the SMF [108].
8. The method as claimed in claim 1, wherein authenticating the HGW is further
10 based on a successful matching of the received at least one SUPI with any of
the plurality of SUPIs stored in the SPR.
9. A system for authenticating a home gateway (HGW) in a broadband network,
the system comprising:
a provisioning unit [302] configured to: provision a plurality of media
15 access control identifiers (MAC IDs) and a plurality of subscription
permanent identifiers (SUPIs) in a subscriber profile repository (SPR);
a transceiver unit [304] connected at least with the provisioning unit [302],
the transceiver unit [304] is configured to:
receive, at a policy control function (PCF) server [122], a session
20 management (SM) policy control create request from a session management
function (SMF) [108], the request comprising at least one MAC ID and at
least one SUPI of the HGW;
a comparator unit [306] connected at least with the transceiver unit [304], the
comparator unit [306] is configured to:
25 compare, at the PCF server [122], the received at least one MAC ID
with the plurality of MAC IDs stored in the SPR to verify a match; and
32
an authentication unit [308] connected at least with the comparator unit [306],
the authentication unit [308] is configured to:
authenticate, at the PCF server [122], the HGW to allow access to
network services if the at least one MAC ID successfully matches with any
5 of the stored plurality of MAC IDs in the SPR.
10. The system as claimed in claim 9, wherein the at least one MAC ID is a unique
identifier assigned to a network interface card of the HGW.
11. The system as claimed in claim 9, wherein the at least one SUPI is a unique
identifier assigned to each subscriber within a communication network.
10 12. The system as claimed in claim 9, further comprising a cache memory unit
configured to store, at the PCF server [122], the at least one SUPI and the at
least one MAC ID as keys for facilitating subsequent authentication requests.
13. The system as claimed in claim 9, wherein the plurality of MAC IDs and the
plurality of SUPIs are provisioned via at least one of a packet gateway
15 (PGW), a service management platform (SMP), and a command line interface
(CLI).
14. The system as claimed in claim 9, wherein the authentication unit [308] is
further configured to deny access to the HGW if the at least one MAC ID
does not match with any of the stored plurality of MAC IDs in the SPR by
20 sending an error response.
15. The system as claimed in claim 9, wherein if the received at least one MAC
ID does not match with any of the plurality of MAC IDs in the SPR, the PCF
server [122] sends a response indicating a mismatch to the SMF [108].
16. The system as claimed in claim 9, wherein the authentication unit [308] further configured to authenticate the HGW based on a successful matching of the received at least one SUPI with any of the plurality of SUPIs stored in
the SPR.