As the convergence of universal communications and ubiquitous computing pervades daily life, new networking architectures are evolving to meet a myriad of applications. Some architectures address desires for home appliance and utility automation, control, telemetry, and security. Others are designed to offer convenient, unified remote management of distributed personal audiovisual equipment. Still others describe hardware and protocols intended to deliver broadband content to a destination (e.g., a home) using existing commercial and public transmission networks. Yet others provide a simple shared services network infrastructure using the existing access points, conduits, and wiring available within many modern homes and offices.
A shared services network is one that is capable of providing disparate services using the same transmission medium, and that may be coupled to selected existing commercial and public transmission networks. Exemplary shared services network infrastructures include, without limitation, wireline telephony, electrical power utility, and cable-access services infrastructures. These latter architectures may be designed from the perspective of a consumer, where reliability, transparency, thriftiness, and simplicity, of installation, use, and upkeep (in the aggregate, “user-friendliness”) are among the most significant considerations in adoption of technology.
Beneficially, many wireline and wireless architectures, devices, and protocols are converging to allow some degree of interoperability among networks intended for consumer home, or small office/home office environments (collectively, “end-point networks” or EPNs).
An architectural commonality of EPNs is the shared signal transmission medium (i.e., shared medium). In a shared medium network, all communication devices share the multiple access transmission medium, but only one device can drive the network at a time. A shared services network can be a type of shared medium network.
Although convenient, shared medium architectures also share vulnerability to eavesdropping and compromise, leaving attached devices exposed to unauthorized access, misuse, and tampering (collectively, intrusion). Unfortunately, no unified, standard security implementation has been devised to protect every network in every environment, and security mechanisms effective in one environment for one type of shared medium network, may offer little protection to other implementations. In practical use, traditional network security mechanisms, such as usernames and passwords, can be cumbersome to implement and manage in an EPN. In addition, the use of passwords and keys can be unwieldy when authenticating headless devices, that is, devices that lack user interface components or peripherals. Despite the simplifications that current existing network security methods and apparatus may bring to the consumer network user, even “easy” mechanisms may require multiple steps, out-of-band security password or key transfers and, unfortunately, significant user interaction.
Oftentimes, EPN users elect not to activate beneficial security services that may be available with selected EPN devices because the security implementation process may be too cumbersome or too inconvenient for the average EPN user, even those processes are thought to be “simplified.” For example, a simplified, “two-button” security activation process, available with selected networking products, may require more interaction than is desirable to a user. In such a security activation process, a supplicant seeking a secure communications link becomes activated and attempts to connect over a shared medium to an authenticator coupled to the network.
During the supplicant activation period, an opportunity window exists during which one or both of the authenticator and the supplicant device may communicate using a non-secure or partially secure handshake, becoming vulnerable to unauthorized access. The apparent simplicity of this existing security management technique can be deceptive, because the limited opportunity window in which to accomplish security management may be insufficient to complete the task and one or both devices may time out. Moreover, existing “two-button” techniques typically require repetition for each client adapter to be attached to the network. For example, adding six devices to a network requires a user to repeat the security activation process six times and make at least twelve properly sequenced activation process steps. Such “simple” security activation may become even more cumbersome in the context of headless devices, including those disposed in inconvenient locations within a networked home (e.g., in an attic or crawl space or behind a large appliance).
A typical consumer user may be dissuaded from enjoying the benefits of EPN, because these security burdens lack sufficient “user-friendliness,” and the risks of unsecured EPN operation may be too daunting. Frequently, EPN users operate an EPN without implementing security, becoming exposed to a myriad of intrusions from wireless and wireline portals alike. It is desirable, therefore, to provide methods and apparatus for simplifying network security deployment and use, including a powerline network, thereby encouraging consumers to benefit from the ubiquitous use of end-point networks.