Method and system for authenticating a home gateway (HGW) in a broadband network

EP4767686A1Pending Publication Date: 2026-07-01JIO PLATFORMS LTD

Patent Information

Authority / Receiving Office
EP · EP
Patent Type
Applications
Current Assignee / Owner
JIO PLATFORMS LTD
Filing Date
2024-09-26
Publication Date
2026-07-01

AI Technical Summary

Technical Problem

In broadband networks, authenticating a home gateway (HGW) with multiple unique device identifiers associated with a single subscriber is challenging, as existing systems struggle to identify the correct subscriber for a given device identifier.

Method used

A method and system that provision multiple media access control identifiers (MAC IDs) and subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR), allowing a Policy Control Function (PCF) server to authenticate a HGW by matching received MAC IDs and SUPIs with stored values, ensuring only authorized devices access network services.

Benefits of technology

This solution effectively authenticates HGWs in broadband networks by ensuring that only authorized devices with matching MAC IDs and SUPIs gain access, thereby enhancing network security and preventing unauthorized access.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure IN2024051866_03042025_PF_FP_ABST
    Figure IN2024051866_03042025_PF_FP_ABST
Patent Text Reader

Abstract

The present disclosure relates to a method and a system for authenticating a home gateway (HGW) in a broadband network The present disclosure encompasses provisioning, by a provisioning unit, a plurality of MAC IDs and a plurality of SUPIs in a SPR; receiving, by a transceiver unit at a PCF server, a session management (SM) policy control create request from a SMF, the request comprising at least one MAC ID and at least one SUPI of the HGW; comparing, by a comparator unit at the PCF server, the received at least one MAC ID with plurality of MAC IDs stored in the SPR to verify a match; authenticating, by an authentication unit at the PCF server, the HGW to allow access to network services if the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR.
Need to check novelty before this filing date? Find Prior Art

Description

METHOD AND SYSTEM FOR AUTHENTICATING A HOME GATEWAY (HGW) IN A BROADBAND NETWORKFIELD OF INVENTION

[0001] The present disclosure generally relates to wireless communication systems. More particularly, embodiments of the present disclosure relate to a method and a system for authenticating a home gateway (HGW) in a broadband network.BACKGROUND

[0002] The following description of the related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of the prior art.

[0003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. 3G technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth-generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth-generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication technology has become more advanced, sophisticated, and capable of delivering more services to its users.

[0004] Registering a device identifier and a user identifier associated with a designated Outdoor Customer Premise Equipment (ODCPE) at a subscriber profile repository (SPR) server is necessary to allow the device to use services such as Internet service, voice service, video service, / TV service, etc. A PCF server can authenticate the device identifier only when the user identifier such as subscription permanent identifier (SUPI) of the ODCPE and device identifier (mediaaccess control identifier (MAC ID)) registration has been performed at the SPR server. The device identifier is a unique identifier assigned to a network interface card (NIC) and used for device identification within the network. It is well known that SUPI is a unique user identifier assigned to each subscriber within a network, such as but not limited to 5G network. It is used to manage and track subscriber’s information. For a single SUPI, there can be multiple unique device identifiers for a broadband network. Thus, the problem is to identify the subscriber for the corresponding unique identifier when there are multiple unique device identifiers associated with the subscriber.

[0005] Thus, in view of the above-mentioned problems, there exists an imperative need in the art of a system and a method for authenticating a device (e.g., home gateway) with the device identifier (MAC ID) in a broadband network.SUMMARY

[0006] This section is provided to introduce certain aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.

[0007] An aspect of the present disclosure may relate to a method for authenticating a home gateway (HGW) in a broadband network. The method includes provisioning, by a provisioning unit, a plurality of media access control identifiers (MAC IDs) and a plurality of subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR). The method further includes receiving, by a transceiver unit at a policy control function (PCF) server, a session management (SM) policy control create request from a session management function (SMF), the request comprising at least one MAC ID and at least one SUPI of the HGW. The method further includes comparing, by a comparator unit at the PCF server, the received at least one MAC ID with the plurality of MAC IDs stored in the SPR to verify a match. The method further includes authenticating, by an authentication unit at the PCF server, the HGW to allow access to network services if the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR.

[0008] In an exemplary aspect of the present disclosure, the at least one MAC ID is a unique identifier assigned to a network interface card of the HGW.

[0009] In an exemplary aspect of the present disclosure, the at least one SUPI is a unique identifier assigned to each subscriber within a communication network.

[0010] In an exemplary aspect of the present disclosure, the method further comprises storing, by a cache memory unit at the PCF server, the at least one SUPI and the at least one MAC ID as keys for facilitating subsequent authentication requests.

[0011] In an exemplary aspect of the present disclosure, the provisioning of the plurality of MAC IDs and the plurality of SUPIs is performed via at least one of a packet gateway (PGW), a service management platform (SMP), and a command line interface (CLI).

[0012] In an exemplary aspect of the present disclosure, the method further comprises the step of denying access to the HGW if the at least one MAC ID does not match with any of the stored plurality of MAC IDs in the SPR by sending an error response.

[0013] In an exemplary aspect of the present disclosure, if the received at least one MAC ID does not match with any of the plurality of MAC IDs in the SPR, the PCF sends a response indicating a mismatch to the SMF.

[0014] In an exemplary aspect of the present disclosure, authenticating the HGW is further based on a successful matching of the received at least one SUPI with any of the plurality of SUPIs stored in the SPR.

[0015] Another aspect of the present disclosure may relate to a system for authenticating a home gateway (HGW) in a broadband network. The system comprises a provisioning unit configured to provision a plurality of media access control identifiers (MAC IDs) and a plurality of subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR). The system further comprises a transceiver unit connected at least with the provisioning unit. The transceiver unit is configured to receive, at a policy control function (PCF) server, a session management (SM) policy control create request from a session management function (SMF), the request comprising at least one MAC ID and at least one SUPI of the HGW. The system further comprises a comparator unit connected at least with the transceiver unit. The comparator unit is configured to compare, at the PCF server, the received at least one MAC ID with the plurality of MAC IDs stored in the SPR to verify a match. The system further comprises an authentication unit connected at least with the comparator unit, the authentication unit is configured to authenticate, at the PCF server, the HGWto allow access to network services if the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR.

[0016] Yet another aspect of the present disclosure may relate to a non-transitory computer readable storage medium storing instructions for authenticating a home gateway (HGW) in a broadband network, the instructions include executable code which, when executed by one or more units of a system, causes a provisioning unit to provision a plurality of media access control identifiers (MAC IDs) and a plurality of subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR). The executable code when executed further causes a transceiver unit to receive, at a policy control function (PCF) server, a session management (SM) policy control create request from a session management function (SMF), the request comprising at least one MAC ID and at least one SUPI of the HGW. The executable code when executed further causes a comparator unit to compare, at the PCF server, the received at least one MAC ID with the plurality of MAC IDs stored in the SPR to verify a match. The executable code when executed further causes an authentication unit to authenticate, at the PCF server, the HGW to allow access to network services if the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR.OBJECTS OF THE DISCLOSURE

[0017] Some of the objects of the present disclosure, which at least one embodiment disclosed herein satisfies are listed herein below.

[0018] It is an object of the present disclosure to provide a system and a method for authenticating a home gateway (HGW) in a broadband network.

[0019] It is another object of the present disclosure to provide a solution that allows multiple device identifiers (e.g., MAC IDs) to be associated with one unique user identifier (e.g., SUPI).BRIEF DESCRIPTION OF THE DRAWINGS

[0020] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating theprinciples of the present disclosure. Also, the embodiments shown in the figures are not to be construed as limiting the disclosure, but the possible variants of the method and system according to the disclosure are illustrated herein to highlight the advantages of the disclosure. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components or circuitry commonly used to implement such components.

[0021] FIG. 1 illustrates an exemplary block diagram representation of 5thgeneration core (5GC) network architecture.

[0022] FIG. 2 illustrates an exemplary block diagram of a computing device upon which the features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure.

[0023] FIG. 3 illustrates an exemplary block diagram of a system for authenticating a home gateway (HGW) in a broadband network, in accordance with exemplary implementations of the present disclosure.

[0024] FIG. 4 illustrates a method flow diagram for authenticating a home gateway (HGW) in a broadband network, in accordance with exemplary implementations of the present disclosure.

[0025] FIG. 5 illustrates a process flow diagram for authenticating a home gateway (HGW) in a broadband network, in accordance with exemplary implementations of the present disclosure.

[0026] The foregoing shall be more apparent from the following more detailed description of the disclosure.DETAILED DESCRIPTION

[0027] In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter may each be used independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address only some of the problems discussed above.

[0028] The ensuing description provides exemplary embodiments only, and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth.

[0029] Specific details are given in the following description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail.

[0030] Also, it is noted that individual embodiments may be described as a process which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations may be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure.

[0031] The word “exemplary” and / or “demonstrative” is used herein to mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and / or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent that the terms “includes,” “has,” “contains,” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive — in a manner similar to the term “comprising” as an open transition word — without precluding any additional or other elements.

[0032] As used herein, a “processing unit” or “processor” or “operating processor” includes one or more processors, wherein processor refers to any logic circuitry for processing instructions. A processor may be a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor, a plurality of microprocessors, one or more microprocessors in association with a Digital Signal Processing (DSP) core, a controller, a microcontroller,Application Specific Integrated Circuits, Field Programmable Gate Array circuits, any other type of integrated circuits, etc. The processor may perform signal coding data processing, input / output processing, and / or any other functionality that enables the working of the system according to the present disclosure. More specifically, the processor or processing unit is a hardware processor.

[0033] As used herein, “a user equipment”, “a user device”, “a smart-user-device”, “a smartdevice”, “an electronic device”, “a mobile device”, “a handheld device”, “a wireless communication device”, “a mobile communication device”, “a communication device” may be any electrical, electronic and / or computing device or equipment, capable of implementing the features of the present disclosure. The user equipment / device may include, but is not limited to, a mobile phone, smart phone, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, wearable device or any other computing device which is capable of implementing the features of the present disclosure. Also, the user device may contain at least one input means configured to receive an input from unit(s) which are required to implement the features of the present disclosure.

[0034] As used herein, “storage unit” or “memory unit” refers to a machine or computer-readable medium including any mechanism for storing information in a form readable by a computer or similar machine. For example, a computer-readable medium includes read-only memory (“ROM”), random access memory (“RAM”), magnetic disk storage media, optical storage media, flash memory devices or other types of machine-accessible storage media. The storage unit stores at least the data that may be required by one or more units of the system to perform their respective functions.

[0035] As used herein “interface” or “user interface” refers to a shared boundary across which two or more separate components of a system exchange information or data. The interface may also be referred to a set of rules or protocols that define communication or interaction of one or more modules or one or more units with each other, which also includes the methods, functions, or procedures that may be called.

[0036] All modules, units, components used herein, unless explicitly excluded herein, may be software modules or hardware processors, the processors being a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor (DSP), a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, amicrocontroller, Application Specific Integrated Circuits (ASIC), Field Programmable Gate Array circuits (FPGA), any other type of integrated circuits, etc.

[0037] As used herein, the transceiver unit include at least one receiver and at least one transmitter configured respectively for receiving and transmitting data, signals, information or a combination thereof between units / components within the system and / or connected with the system.

[0038] As used herein, a home gateway (HGW) is a device that acts as both modem and router for a home network, combining the features of both in a single piece of hardware.

[0039] As used herein, a subscription permanent identifier (SUPI) is a globally unique identifier that is assigned to each subscriber in the 5G system, which is provisioned in the UDM / UDR.

[0040] As used herein, a network interface card (NIC) is typically a circuit board installed on the computer to connect to the network. It works as an indispensable component for the network connection of computers. The network interface card function is to facilitate communication between a computer / server and a local area network (LAN), wide area network (WAN), or the internet.

[0041] As used herein, media access control (MAC) identifier (ID) refers to a unique identifier that is assigned during device manufacturing, the MAC ID or address is often found on a device's network interface card (NIC). A MAC ID is required when trying to locate a device or when performing diagnostics on a network device or authorising any device to access the network.

[0042] As used herein, a subscriber profile repository (SPR) is a system for storing and managing subscriber-specific policy control data.

[0043] As used herein, a packet data network gateway (PGW) is a component in the architecture of a mobile network which acts as the interface between the LTE / 5G network and external packet data networks, such as the internet. Its primary responsibilities include IP address allocation, policy enforcement, routing, etc.

[0044] As used herein, a command-line interface (CLI) is a text-based interface (UI) used to run programs, manage computer files, and interact with the computer.

[0045] As used herein, cache memory refers to a supplementary memory that temporarily stores frequently used instructions and data for quicker processing by the central processing unit (CPU) of a computer.

[0046] As discussed in the background section, the current known solutions have several shortcomings. The present disclosure aims to overcome the above-mentioned and other existing problems in this field of technology by providing a method and a system for authenticating a home gateway (HGW) in a broadband network.

[0047] FIG. 1 illustrates an exemplary block diagram representation of 5thgeneration core (5GC) network architecture, in accordance with exemplary implementation of the present disclosure. As shown in FIG. 1, the 5GC network architecture

[0100] includes a user equipment (UE)

[0102] , a radio access network (RAN)

[0104] , an access and mobility management function (AMF)

[0106] , a Session Management Function (SMF)

[0108] , a Service Communication Proxy (SCP)

[0110] , an Authentication Server Function (AUSF)

[0112] , a Network Slice Specific Authentication and Authorization Function (NSSAAF)

[0114] , a Network Slice Selection Function (NSSF)

[0116] , a Network Exposure Function (NEF)

[0118] , a Network Repository Function (NRF)

[0120] , a Policy Control Function (PCF)

[0122] , a Unified Data Management (UDM)

[0124] , an application function (AF)

[0126] , a User Plane Function (UPF)

[0128] , a data network (DN)

[0130] , wherein all the components are assumed to be connected to each other in a manner as obvious to the person skilled in the art for implementing features of the present disclosure.

[0048] As used herein, a Radio Access Network (RAN)

[0104] is the part of a mobile telecommunications system that connects user equipment (UE)

[0102] to the core network (CN) and provides access to different types of networks (e.g., 5G network). It consists of radio base stations and the radio access technologies that enable wireless communication.

[0049] As used herein, an Access and Mobility Management Function (AMF)

[0106] is a 5G core network function responsible for managing access and mobility aspects, such as UE registration, connection, and reachability. It also handles mobility management procedures like handovers and paging.

[0050] As used herein, a Session Management Function (SMF)

[0108] is a 5G core network function responsible for managing session-related aspects, such as establishing, modifying, andreleasing sessions. It coordinates with the User Plane Function (UPF) for data forwarding and handles IP address allocation and QoS enforcement.

[0051] As used herein, a Service Communication Proxy (SCP)

[0110] is a network function in the 5G core network that facilitates communication between other network functions by providing a secure and efficient messaging service. It acts as a mediator for service-based interfaces.

[0052] As used herein, an Authentication Server Function (AUSF)

[0112] is a network function in the 5G core responsible for authenticating UEs during registration and providing security services. It generates and verifies authentication vectors and tokens.

[0053] As used herein, a Network Slice Specific Authentication and Authorization Function (NSSAAF)

[0114] is a network function that provides authentication and authorization services specific to network slices. It ensures that UEs can access only the slices for which they are authorized.

[0054] As used herein, a Network Slice Selection Function (NSSF)

[0116] is a network function responsible for selecting the appropriate network slice for a UE based on factors such as subscription, requested services, and network policies.

[0055] As used herein, a Network Exposure Function (NEF)

[0118] is a network function that exposes capabilities and services of the 5G network to external applications, enabling integration with third-party services and applications.

[0056] As used herein, a Network Repository Function (NRF)

[0120] is a network function that acts as a central repository for information about available network functions and services. It facilitates the discovery and dynamic registration of network functions.

[0057] As used herein, a Policy Control Function (PCF)

[0122] (hereinafter referred to as PCF server

[0122] ) is a network function responsible for policy control decisions, such as QoS, charging, and access control, based on subscriber information and network policies.

[0058] As used herein, a Unified Data Management (UDM)

[0124] is a network function that centralizes the management of subscriber data, including authentication, authorization, and subscription information.

[0059] As used herein, an Application Function (AF)

[0126] is a network function that represents external applications interfacing with the 5G core network to access network capabilities and services.

[0060] As used herein, a User Plane Function (UPF)

[0128] is a network function responsible for handling user data traffic, including packet routing, forwarding, and QoS enforcement.

[0061] As used herein, a Data Network (DN)

[0130] refers to a network that provides data services to user equipment (UE) in a telecommunications system. The data services may include but are not limited to Internet services, private data network related services.

[0062] FIG. 2 illustrates an exemplary block diagram of a computing device

[0200] upon which the features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure. In an implementation, the computing device

[0200] may also implement a method for authenticating a home gateway (HGW) in a broadband network utilising the system

[0300] , In another implementation, the computing device

[0200] itself implements the method for authenticating a home gateway (HGW) in a broadband network using one or more units configured within the computing device

[0200] , wherein said one or more units are capable of implementing the features as disclosed in the present disclosure.

[0063] The computing device

[0200] may include a bus

[0202] or other communication mechanism for communicating information, and a hardware processor

[0204] coupled with the bus

[0202] for processing information. The hardware processor

[0204] may be, for example, a general-purpose microprocessor. The computing device

[0200] may also include a main memory

[0206] , such as a random-access memory (RAM), or other dynamic storage device, coupled to the bus

[0202] for storing information and instructions to be executed by the processor

[0204] , The main memory

[0206] also may be used for storing temporary variables or other intermediate information during execution of the instructions to be executed by the processor

[0204] , Such instructions, when stored in non-transitory storage media accessible to the processor

[0204] , render the computing device

[0200] into a special-purpose machine that is customized to perform the operations specified in the instructions. The computing device

[0200] further includes a read only memory (ROM)

[0208] or other static storage device coupled to the bus

[0202] for storing static information and instructions for the processor

[0204] ,

[0064] A storage device

[0210] , such as a magnetic disk, optical disk, or solid-state drive is provided and coupled to the bus

[0202] for storing information and instructions. The computing device

[0200] may be coupled via the bus

[0202] to a display

[0212] , such as a cathode ray tube (CRT), Liquid crystal Display (LCD), Light Emitting Diode (LED) display, Organic LED (OLED) display, etc. for displaying information to a computer user. An input device

[0214] , including alphanumeric and other keys, touch screen input means, etc. may be coupled to the bus

[0202] for communicating information and command selections to the processor

[0204] , Another type of user input device may be a cursor controller

[0216] , such as a mouse, a trackball, or cursor direction keys, for communicating direction information and command selections to the processor

[0204] , and for controlling cursor movement on the display

[0212] , The input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allow the device to specify positions in a plane.

[0065] The computing device

[0200] may implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware and / or program logic which in combination with the computing device

[0200] causes or programs the computing device

[0200] to be a special-purpose machine. According to one implementation, the techniques herein are performed by the computing device

[0200] in response to the processor

[0204] executing one or more sequences of one or more instructions contained in the main memory

[0206] , Such instructions may be read into the main memory

[0206] from another storage medium, such as the storage device

[0210] , Execution of the sequences of instructions contained in the main memory

[0206] causes the processor

[0204] to perform the process steps described herein. In alternative implementations of the present disclosure, hard-wired circuitry may be used in place of or in combination with software instructions.

[0066] The computing device

[0200] also may include a communication interface

[0218] coupled to the bus

[0202] , The communication interface

[0218] provides a two-way data communication coupling to a network link

[0220] that is connected to a local network

[0222] , For example, the communication interface

[0218] may be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, the communication interface

[0218] may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, the communication interface

[0218] sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.

[0067] The computing device

[0200] can send messages and receive data, including program code, through the network(s), the network link

[0220] and the communication interface

[0218] , In the Internet example, a server

[0230] might transmit a requested code for an application program through the Internet

[0228] , the ISP

[0226] , the local network

[0222] , a host

[0224] and the communication interface

[0218] , The received code may be executed by the processor

[0204] as it is received, and / or stored in the storage device

[0210] , or other non-volatile storage for later execution.

[0068] The computing device

[0200] encompasses a wide range of electronic devices capable of processing data and performing computations. Examples of computing device

[0200] include, but are not limited only to, personal computers, laptops, tablets, smartphones, servers, and embedded systems. The devices may operate independently or as part of a network and can perform a variety of tasks such as data storage, retrieval, and analysis. Additionally, computing device

[0200] may include peripheral devices, such as monitors, keyboards, and printers, as well as integrated components within larger electronic systems, showcasing their versatility in various technological applications.

[0069] Referring to FIG. 3, an exemplary block diagram of a system

[0300] for authenticating a home gateway (HGW) in a broadband network, is shown, in accordance with the exemplary implementations of the present disclosure. The system

[0300] comprises at least one a provisioning unit

[0302] , at least one transceiver unit

[0304] , at least one a comparator unit

[0306] , at least one authentication unit

[0308] , and at least one cache memory unit

[0310] , Also, all of the components / units of the system

[0300] are assumed to be connected to each other unless otherwise indicated below. As shown in the figures all units shown within the system

[0300] should also be assumed to be connected to each other. Also, in FIG. 3 only a few units are shown, however, the system

[0300] may comprise multiple such units or the system

[0300] may comprise any such numbers of said units, as required to implement the features of the present disclosure. Further, in an implementation, the system

[0300] may be present in a user device / user equipment

[0102] to implement the features of the present disclosure. The system

[0300] may be a part of the user device

[0102] or may be independent of but in communication with the user device

[0102] (may also referred herein as a UE). In another implementation, the system

[0300] may reside in a server or a network entity. In yet another implementation, the system

[0300] may reside partly in the server / network entity and partly in the user device.

[0070] The system

[0300] is configured for authenticating a home gateway (HGW) in a broadband network, with the help of the interconnection between the components / units of the system

[0300] ,

[0071] The system

[0300] comprises a provisioning unit configured to provision a plurality of media access control identifiers (MAC IDs) and a plurality of subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR).

[0072] The provisioning unit

[0302] provisions or store the plurality of media access control identifiers (MAC IDs) and the plurality of subscription permanent identifiers (SUPIs) in the subscriber profile repository (SPR). In an exemplary aspect, SPR acts as the repository for storing or provisioning plurality of MAC IDs which are associated with one or more devices (e.g., routers) and the plurality of SUPIs associated with one or more subscribers.

[0073] In an exemplary aspect, the plurality of MAC IDs and the plurality of SUPIs are provisioned using at least one of a packet gateway (PGW), a service management platform (SMP), and a command line interface (CLI).

[0074] In an exemplary aspect, the plurality of MAC IDs and the plurality of SUPIs are provisioned using at least one of a packet gateway (PGW). The PGW acts as the interface between the LTE / 5G network and external packet data networks, such as the Internet. The primary responsibilities of PGW includes IP address allocation and assigning IP addresses to user devices.

[0075] In an exemplary aspect, the plurality of MAC IDs and the plurality of SUPIs are further provisioned using service management platform (SMP).

[0076] In an exemplary aspect, the plurality of MAC IDs and the plurality of SUPIs are further provisioned using command line interface (CLI) which help subscribers or network administrators to manually input the details of the plurality of MAC IDs and the plurality of SUPIs on a command prompt in order to provision them.

[0077] The system

[0300] further comprises a transceiver unit

[0304] connected at least with the provisioning unit

[0302] , The transceiver unit

[0304] is configured to receive, at the PCF server

[0122] , a session management (SM) policy control create request from a session management function (SMF)

[0108] , the request comprising at least one MAC ID and at least one SUPI of the HGW.

[0078] The transceiver unit

[0304] receives session management (SM) policy control create request from the session management function (SMF)

[0108] , The request comprising at least one MAC ID and at least one SUPI of the HGW which further facilitates the authentication of one or more devices and subscribers respectively.

[0079] In an exemplary aspect, the at least one MAC ID is a unique identifier assigned to a network interface card of the HGW.

[0080] In an exemplary aspect, the session management (SM) policy control create request includes at least one MAC ID which is essential for identifying the network interface card of the HGW, enabling secure authentication of the one or more devices.

[0081] In an exemplary aspect, the at least one SUPI is a unique identifier assigned to each subscriber within a communication network.

[0082] In an exemplary aspect, session management (SM) policy control create request includes at least one SUPI which is a unique identifier related to each subscriber which further includes subscriber’s details such as but not limited to subscriber's services, billing information, data usage details, etc. In an exemplary aspect, when HGW requests access to broadband network services, it includes at least one SUPI in its request which helps in verification of the subscriber’s identity to further ascertain whether the subscriber is authorized to have access to the requested services.

[0083] The system

[0300] further comprises a comparator unit

[0306] connected at least with the transceiver unit

[0304] , The comparator unit

[0306] is configured to compare, at the PCF server

[0122] , the received at least one MAC ID with the plurality of MAC IDs stored in the SPR to verify a match.

[0084] The comparator unit

[0306] compares the received at least one MAC ID with the plurality of MAC IDs stored in the SPR to verify the match at the PCF server

[0122] , In an exemplary aspect, the comparator unit

[0306] checks whether the received MAC ID matches any of the MAC IDs in the SPR ensuring that only authorized devices have access to broadband network services.

[0085] In an exemplary aspect, if the received at least one MAC ID does not match with any of the plurality of MAC IDs in the SPR, the PCF

[0122] sends a response indicating a mismatch to the SMF

[0108] ,

[0086] In an exemplary aspect, the PCF server

[0122] sends the response indicating the mismatch to the SMF

[0108] , if the received at least one MAC ID does not match with any of the plurality of MAC IDs in the SPR.

[0087] The system

[0300] further comprises an authentication unit

[0308] connected at least with the comparator unit

[0306] , The authentication unit

[0308] is configured to authenticate, at the PCF server

[0122] , the HGW to allow access to network services if the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR.

[0088] If the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR, the authentication unit

[0308] authenticates the HGW to have access to network services.

[0089] In an exemplary aspect, the comparator unit

[0306] checks whether the received MAC ID corresponds to any of the MAC IDs in the SPR. In case a match is found, the authentication unit

[0308] may indicate that the devices are authorized to have access to various broadband network service. Similarly, if no match is found, the authentication unit

[0308] may indicate that the devices are not authorized to have access to various broadband network services.

[0090] The authentication unit

[0308] is further configured to deny access to the HGW if the at least one MAC ID does not match with any of the stored plurality of MAC IDs in the SPR by sending an error response.

[0091] The authentication unit

[0308] denies access to the HGW if the at least one MAC ID does not match with any of the stored plurality of MAC IDs in the SPR by sending an error response. In an exemplary aspect, the error response may be in the form of “Error response 403 request forbidden request”.

[0092] The authentication unit

[0308] is further configured to authenticate the HGW based on a successful matching of the received at least one SUPI with any of the plurality of SUPIs stored in the SPR The authentication unit

[0308] further considers the successful matching of the received atleast one SUPI with any of the plurality of SUPIs stored in the SPR to authenticate the HGW and to allow the HGW to access broadband network services.

[0093] The system

[0300] further comprises a cache memory unit

[0310] configured to store, at the PCF server

[0122] , the at least one SUPI and the at least one MAC ID as keys for facilitating subsequent authentication requests.

[0094] The cache memory unit

[0310] stores the at least one SUPI and the at least one MAC ID as keys for enabling subsequent authentication requests at the PCF server

[0122] , By storing the at least one SUPI and the at least one MAC ID as keys, the system

[0300] provides a quick access to the subscribers and devices, such that during subsequent authentication requests they are connected instantly without the need to reauthenticate the devices and subscriber thereby increasing the overall authentication process of the broadband services.

[0095] Referring to FIG. 4, an exemplary method flow diagram

[0400] for authenticating a home gateway (HGW) in a broadband network, in accordance with exemplary implementations of the present disclosure is shown. In an implementation the method

[0400] is performed by the system

[0300] , Further, in an implementation, the system

[0300] may be present in a server device to implement the features of the present disclosure. Also, as shown in FIG. 4, the method

[0400] starts at step

[0402] ,

[0096] At step 404, the method

[0400] comprises provisioning, by a provisioning unit

[0304] , a plurality of media access control identifiers (MAC IDs) and a plurality of subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR).

[0097] The provisioning unit

[0302] provisions the plurality of media access control identifiers (MAC IDs) and the plurality of subscription permanent identifiers (SUPIs) in the subscriber profile repository (SPR). In exemplary aspect, SPR acts as the repository for storing plurality of MAC IDs which are associated with one or more device and plurality of SUPI which is information associated with one or more subscriber at the PCF server

[0122] ,

[0098] In an exemplary aspect, the provisioning of the plurality of MAC IDs and the plurality of SUPIs is performed via at least one of a packet gateway (PGW), a service management platform (SMP), and a command line interface (CLI).

[0099] At step 406, the method

[0400] further comprises receiving, by a transceiver unit

[0304] at the PCF server

[0122] , a session management (SM) policy control create request from a session management function (SMF)

[0108] , the request comprising at least one MAC ID and at least one SUPI of the HGW.

[0100] The transceiver unit

[0304] receives session management (SM) policy control create request from the session management function (SMF)

[0108] , The request comprising at least one MAC ID and at least one SUPI of the HGW which further facilitates the authentication of one or more devices and subscribers respectively.

[0101] In an exemplary aspect, the at least one MAC ID is a unique identifier assigned to a network interface card of the HGW.

[0102] In an exemplary aspect, the session management (SM) policy control create request includes at least one MAC ID which is essential for identifying the network interface card of the HGW, enabling secure authentication of the one or more devices.

[0103] In an exemplary aspect, the at least one SUPI is a unique identifier assigned to each subscriber within a communication network.

[0104] In an exemplary aspect, session management (SM) policy control create request includes at least one SUPI which is a unique identifier related to each subscriber which further includes subscriber’s details such as but not limited to subscriber's services, billing information, data usage details etc. In an exemplary aspect, when HGW requests access to broadband network services, it includes at least one SUPI in its request which helps verify the subscriber’s identity to further ascertain whether the subscriber is authorized to have access to the requested services.

[0105] At step 408, the method

[0400] further comprises comparing, by a comparator unit

[0306] at the PCF server

[0122] , the received at least one MAC ID with the plurality of MAC IDs stored in the SPR to verify a match.

[0106] The comparator unit

[0306] compares the received at least one MAC ID with the plurality of MAC IDs stored in the SPR to verify the match at the PCF server

[0122] , In an exemplary aspect, the comparator unit

[0306] checks whether the received MAC ID matches any of the MAC IDs in the SPR ensuring that only authorized devices have access broadband network services.

[0107] In an exemplary aspect, if the received at least one MAC ID does not match with any of the plurality of MAC IDs in the SPR, the PCF server

[0122] sends a response indicating a mismatch to the SMF

[0108] ,

[0108] In an exemplary aspect, the PCF server

[0122] sends the response indicating the mismatch to the SMF

[0108] , if the received at least one MAC ID does not match with any of the plurality of MAC IDs in the SPR.

[0109] At step 410, the method further comprises authenticating, by an authentication unit

[0308] at the PCF server

[0122] , the HGW to allow access to network services if the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR.

[0110] If the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR, the authentication unit

[0308] authenticates the HGW to have access to network services.[OHl] In an example, the comparator unit

[0306] checks whether the received MAC ID (e.g., XYZ) corresponds to any of the plurality of MAC IDs (e.g., XYZ, YZW, ABC) provisioned in the SPR. If the received MAC ID (e.g., XYZ) matches with one (e.g., XYZ) of the plurality of provisioned MAC IDs (e.g., XYZ, YZW, ABC), then the authentication unit authenticate the HGW to have access to network services.

[0112] In an exemplary aspect, the comparator unit

[0306] checks whether the received MAC ID corresponds to any of the MAC IDs in the SPR. In case a match is found, the authentication unit

[0308] may indicate that the devices are authorized to have access to various broadband network service. Similarly, if no match is found, the authentication unit

[0308] may indicate that the devices have are not authorized to have access to various broadband network services.

[0113] The method

[0400] further comprises comprising the step of denying access to the HGW if the at least one MAC ID does not match with any of the stored plurality of MAC IDs in the SPR by sending an error response.

[0114] The authentication unit

[0308] denies access to the HGW if the at least one MAC ID does not match with any of the stored plurality of MAC IDs in the SPR by sending an error response.In an exemplary aspect, the error response may be in the form of “Error response 403 request forbidden request”.

[0115] In an exemplary aspect, authenticating the HGW is further based on a successful matching of the received at least one SUPI with any of the plurality of SUPIs stored in the SPR.

[0116] The authentication unit

[0308] authenticates the HGW based on the successful matching of the received at least one SUPI with any of the plurality of SUPIs stored in the SPR.

[0117] The method

[0400] further comprises storing, by a cache memory unit

[0310] at the PCF server

[0122] , the at least one SUPI and the at least one MAC ID as keys for facilitating subsequent authentication requests.

[0118] The cache memory

[0310] unit stores the at least one SUPI and the at least one MAC ID as keys for enabling subsequent authentication requests at the PCF server

[0122] , By storing at least one SUPI and the at least one MAC ID as keys, the system

[0300] provides a quick access to the subscribers and devices, such that during subsequent authentication requests they are connected instantly without the need to reauthenticate the devices and subscriber thereby increasing the overall authentication process of the broadband services.

[0119] Thereafter, at step

[0412] , the method

[0400] is terminated.

[0120] Referring to FIG. 5, an exemplary process flow diagram

[0500] for authenticating a home gateway (HGW) in a broadband network, in accordance with exemplary implementations of the present disclosure is shown.

[0121] At step SI, the process

[0500] comprises provisioning, by at least one Home Gateway in the SPR

[0504] , a plurality of media access control identifiers (MAC IDs), a plurality of subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR)

[0504] by using at least one service management platform, command line interface, and packet gateway.

[0122] At step S2, the process

[0500] comprises receiving at the PCF server

[0122] , session management (SM) policy control create request (e.g., in JSON format) from a session management function (SMF)

[0108] , the request comprising at least one MAC ID and at least one SUPI of the HGW. In an example, the at least one MAC ID received in the policy control create request isprefix with an extra field of “hgwMac” to differentiate between the various other difference MAC IDs.

[0123] At step S3, the process

[0500] comprises fetching, by the PCF server

[0122] from the SPR

[0504] , the provisioned plurality of media access control identifiers (MAC IDs) and the plurality of subscription permanent identifiers (SUPIs).

[0124] At step S4, the process

[0500] comprises receiving, at the PCF server

[0122] from the SPR

[0504] the fetched plurality of media access control identifiers (MAC IDs) and the plurality of subscription permanent identifiers (SUPIs).

[0125] In an exemplary aspect, the process

[0500] further comprises comparing, at the PCF server

[0122] , the received at least one MAC ID (e.g., hgwMAC) from the SMF

[0108] with the fetched plurality of MAC IDs stored in the SPR

[0504] to verify the match.

[0126] At step S5, if the at least one MAC ID (e.g., hgwMAC) successfully matches with any (e.g., hgwMAC) of the stored plurality of MAC IDs in the SPR

[0504] , the PCF server

[0122] validates the HGW allowing it to have access to network service.

[0127] At step S6, if the at least one MAC ID doesn’t match with any of the stored plurality of MAC IDs in the SPR

[0504] , the PCF server

[0122] invalidates the HGW

[0502] denying access to network services by displaying “Error Response 403 request forbidden”.

[0128] The present disclosure further discloses a non-transitory computer readable storage medium storing instructions for authenticating a home gateway (HGW) in a broadband network, the instructions include executable code which, when executed by one or more units of a system, causes a provisioning unit to provision a plurality of media access control identifiers (MAC IDs) and a plurality of subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR) The executable code when executed further causes a transceiver unit to receive, at a policy control function (PCF) server, a session management (SM) policy control create request from a session management function (SMF), the request comprising at least one MAC ID and at least one SUPI of the HGW. The executable code when executed further causes a comparator unit to compare, at the PCF server, the received at least one MAC ID with the plurality of MAC IDs stored in the SPR to verify a match. The executable code when executed further causes an authenticationunit to authenticate, at the PCF server, the HGW to allow access to network services if the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR.

[0129] As is evident from the above, the present disclosure provides a technically advanced solution for authenticating a home gateway (HGW) in a broadband network. As the unique user identifier is an essential part of the authentication and authorization process in a network, multiples device identifiers can be associated with one unique user identifier. PCF server then allows communication with a device identifier only when there is a registration available for said device identifier and corresponding unique user identifier with SPR server. As a result, authentication by PCF server will not allow unknown device identifiers to latch onto a network.

[0130] Further, in accordance with the present disclosure, it is to be acknowledged that the functionality described for the various components / units can be implemented interchangeably. While specific embodiments may disclose a particular functionality of these units for clarity, it is recognized that various configurations and combinations thereof are within the scope of the disclosure. The functionality of specific units as disclosed in the disclosure should not be construed as limiting the scope of the present disclosure. Consequently, alternative arrangements and substitutions of units, provided they achieve the intended functionality described herein, are considered to be encompassed within the scope of the present disclosure.

[0131] While considerable emphasis has been placed herein on the disclosed implementations, it will be appreciated that many implementations can be made and that many changes can be made to the implementations without departing from the principles of the present disclosure. These and other changes in the implementations of the present disclosure will be apparent to those skilled in the art, whereby it is to be understood that the foregoing descriptive matter to be implemented is illustrative and non-limiting.

Claims

We Claim:

1. A method for authenticating a home gateway (HGW) in a broadband network, comprising: provisioning, by a provisioning unit [302], a plurality of media access control identifiers (MAC IDs) and a plurality of subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR); receiving, by a transceiver unit [304] at a policy control function (PCF) server [122], a session management (SM) policy control create request from a session management function (SMF) [108], the request comprising at least one MAC ID and at least one SUPI of the HGW; comparing, by a comparator unit [306] at the PCF server [122], the received at least one MAC ID with the plurality of MAC IDs stored in the SPR to verify a match; and authenticating, by an authentication unit [308] at the PCF server [122], the HGW to allow access to network services if the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR.

2. The method as claimed in claim 1, wherein the at least one MAC ID is a unique identifier assigned to a network interface card of the HGW.

3. The method as claimed in claim 1, wherein the at least one SUPI is a unique identifier assigned to each subscriber within a communication network.

4. The method as claimed in claim 1, further comprising storing, by a cache memory unit [310] at the PCF server [122], the at least one SUPI and the at least one MAC ID as keys for facilitating subsequent authentication requests.

5. The method as claimed in claim 1, wherein the provisioning of the plurality of MAC IDs and the plurality of SUPIs is performed via at least one of a packet gateway (PGW), a service management platform (SMP), and a command line interface (CLI).

6. The method as claimed in claim 1, further comprising the step of denying access to the HGW if the at least one MAC ID does not match with any of the stored plurality of MAC IDs in the SPR by sending an error response.

7. The method as claimed in claim 1, wherein if the received at least one MAC ID does not match with any of the plurality of MAC IDs in the SPR, the PCF server [122] sends a response indicating a mismatch to the SMF [108],8. The method as claimed in claim 1, wherein authenticating the HGW is further based on a successful matching of the received at least one SUPI with any of the plurality of SUPIs stored in the SPR.

9. A system for authenticating a home gateway (HGW) in a broadband network, the system comprising: a provisioning unit [302] configured to: provision a plurality of media access control identifiers (MAC IDs) and a plurality of subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR); a transceiver unit [304] connected at least with the provisioning unit [302], the transceiver unit [304] is configured to: receive, at a policy control function (PCF) server [122], a session management (SM) policy control create request from a session management function (SMF) [108], the request comprising at least one MAC ID and at least one SUPI of the HGW; a comparator unit [306] connected at least with the transceiver unit [304], the comparator unit [306] is configured to: compare, at the PCF server [122], the received at least one MAC ID with the plurality of MAC IDs stored in the SPR to verify a match; and an authentication unit [308] connected at least with the comparator unit [306], the authentication unit [308] is configured to: authenticate, at the PCF server [122], the HGW to allow access to network services if the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR.

10. The system as claimed in claim 9, wherein the at least one MAC ID is a unique identifier assigned to a network interface card of the HGW.

11. The system as claimed in claim 9, wherein the at least one SUPI is a unique identifier assigned to each subscriber within a communication network.

12. The system as claimed in claim 9, further comprising a cache memory unit configured to store, at the PCF server [122], the at least one SUPI and the at least one MAC ID as keys for facilitating subsequent authentication requests.

13. The system as claimed in claim 9, wherein the plurality of MAC IDs and the plurality of SUPIs are provisioned via at least one of a packet gateway (PGW), a service management platform (SMP), and a command line interface (CLI).

14. The system as claimed in claim 9, wherein the authentication unit [308] is further configured to deny access to the HGW if the at least one MAC ID does not match with any of the stored plurality of MAC IDs in the SPR by sending an error response.

15. The system as claimed in claim 9, wherein if the received at least one MAC ID does not match with any of the plurality of MAC IDs in the SPR, the PCF server [122] sends a response indicating a mismatch to the SMF [108],16. The system as claimed in claim 9, wherein the authentication unit [308] further configured to authenticate the HGW based on a successful matching of the received at least one SUPI with any of the plurality of SUPIs stored in the SPR.

17. A non-transitory computer readable storage medium storing instructions for authenticating a home gateway (HGW) in a broadband network, the storage medium comprising executable code which, when executed by one or more units of a system, causes: a provisioning unit [302] to provision a plurality of media access control identifiers (MAC IDs) and a plurality of subscription permanent identifiers (SUPIs) in a subscriber profile repository (SPR); a transceiver unit [304] to receive, at a policy control function (PCF) server [122], a session management (SM) policy control create request from a session management function (SMF) [108], the request comprising at least one MAC ID and at least one SUPI of the HGW; a comparator unit [306] to compare, at the PCF server [122], the received at least one MAC ID with the plurality of MAC IDs stored in the SPR to verify a match; and an authentication unit [308] to authenticate, at the PCF server [122], the HGW to allow access to network services if the at least one MAC ID successfully matches with any of the stored plurality of MAC IDs in the SPR.