A home network connected to a broadband access network such as a Digital Subscriber Line (xDSL) network typically contains Customer Premises Equipment (CPE). For instance, an xDSL modem is connected on one side to one or more appliances in the home network and on the other side to a node of the xDSL service provider such as a Digital Subscriber Line Access Multiplexer (DSLAM) or other traffic aggregation node in a Central Office. The link between this CPE and the DSLAM is used to transport information, which requires the establishment of a communication session between this CPE and the DSLAM. Establishing a communication session typically involves steps such as synchronization between devices, defining error correction systems, determining transmission speed, etc. To achieve this, the modem needs information related to those steps. For instance, it needs to know which error correction codes are available, which speeds can be used, which encodings are preferred, etc. It is possible to predefine such settings in a CPE by the manufacturer. However, each service provider may use different combinations of settings for his own access network. This means that a manufacturer would have to produce a CPE for each combination of settings in the CPE which is of course too complex and not feasible.
To overcome that problem, the TR-069 management protocol is used for remote device management. This protocol enables a CPE to be configured from within the service provider network by a remote management server or an Auto-Configuration Server (ACS). Such ACS can provide all the information that is needed by a CPE to establish a communication link between the CPE and the service provider network. The ACS can easily be reconfigured by an operator, and each CPE can be configured if it supports the TR-069 management protocol. This way, each service provider can provide his settings to a CPE of any manufacturer, which is a lot more flexible than preconfigured CPEs.
The TR-069 Management Protocol is based on an Object Model which is stored in each CPE. The Object Model is made up out of a number of parameters which can be read or altered by remote procedure calls. These parameters are organized in a tree-like structure in the Object Model. As a result of the tree model, a parameter can be addressed explicitly or a subset of parameters can be addressed. Consider the following example, the root of the tree is called “device”, a first subset of parameters is called “transmission” and within the subset there are two parameters “upstream-speed” and “downstream-speed”. An explicit reference to one of these parameters would be “device.transmission.upstream-speed” or “device.transmission.downstream-speed”. However by omitting the last part in the address, all of the parameters in that subset can be addressed via “device.transmission”. The ACS can invoke a remote procedure call (RPC) to retrieve the value of one or more parameters using an addressing of that particular parameter or subset as described above. The ACS can also invoke an RPC to alter the value of a parameter or subset of parameters. Furthermore, the ACS is able to invoke RPCs which trigger updates of the software on the CPE, installation or removal of software on the CPE, etc. Thus, the TR-069 management protocol enables an operator to remotely configure and manage a CPE which means that a user can access one or more services with little effort.
The above described automatic configuration works well for a CPE which is used by only a single service provider such as an XDSL modem which is only managed by the service provider of the access network whereto a user belongs. However the TR-069 protocol is also used to remotely manage other CPE which are more service specific or which offer various services. A particular example of this is the Open Service Gateway initiative (OSGi) service platform, which is a Java-based service platform that runs on top of a Java Virtual Machine (JVM) inside the customer device that is remotely managed. Presence of an OSGi service platform in the customer device enables remote installation, update and/or removal of bundles, i.e. software modules or components such as for instance a File Transfer Protocol (FTP) application, from an auto configuration server anywhere in the network without disrupting the operation of the customer device. This way, installation of a software application, upgrading the software application to a new version, re-configuring the application, adding or activating new features of the application, and removal of the application from the customer device, is made possible without dispatching a technician to the customer premises and without requiring an intervention by the customer. Thanks to the management platform, the software services or applications running on a single customer device can share their capabilities with each other.
The drawback of a service platform such as OSGi is that the services and applications share everything on the CPE. The entire TR-069 Object Model is available to the services and applications deployed on the CPE and can be retrieved or altered by any of them. As such, each remote management server or ACS is able to modify the TR-069 Object Model and all the parameters stored therein. This means that on a CPE with multiple services running thereon which are related to various service providers, each service provider is able to modify the services and applications of the other operators. The main drawback is thus that, because the Object Model is a single accessible set of data, service operators are able to gain an advantage over other operators simply by modification of the parameters related to the other operator's services or applications. It is thus obvious that the current model is not feasible for evolving environments wherein more applications are deployed on a CPE by more and more service providers.
It is an objective of the present invention to avoid malicious use of automatic configuration in a TR-069 Object Model. It is another objective of the present invention to provide a more secure set of parameters for each service provider. It is yet another objective of the present invention to provide such secure parameters automatically.