Modem network devices typically require service at various points throughout the operational life of the network device. Sometimes the party using the network device (the “user”) can perform the required service, while other times, the user lacks the technical expertise to service the network device. A network device may also be intentionally designed so that the user (which may be a customer of the manufacturer or provider of the network device) is unable to perform the required service to prevent the user from modifying the network device. As a result, the network device often requires service by another party besides the user, such as the manufacturer or other provider of the network device or some other qualified support service provider.
A support technician can perform the service on the network device directly, but this requires that the support technician travel to the network device's location, which may be inconvenient in terms of the cost and the travel time required. Another alternative is for the user to send the network device to the support technician, but this approach also may involve significant costs and delays, in addition to the user being unable to use the network device while the network device is away being serviced.
If the network device is connected to a network, such as the Internet, the support technician may attempt to service the network device through the network using a password and an interface that enables the support technician to gain access to resources of the network device. For example, modern network devices typically use a multi-user operating system that supports two or more user accounts. Each user account can access the network device using a set of access privileges assigned to the user account. Typically, the set of user accounts provided by a multi-user operating system includes an administrator account (for example, a root user account in the UNIX operating system) that allows unfettered access to the network device and associated resources. To address most service issues, a support technician logs into the network device using the administrator account by supplying a password assigned to the administrator account.
However, to address security concerns, the passwords used to log into a network device using an administrator account should be safeguarded and periodically changed, which may be burdensome. When multiple network devices each use the same administrator account password, the potential security risk increases because if the password were to become known to a third party, the third party would have unfettered access to multiple network devices. On the other hand, the use of different passwords for administrator accounts on multiple network devices increases the burden of managing the passwords. Finally, the user must trust that the support technician, once given the password to the administrator account for a network device, will not perform actions using the administrator account unrelated to the service to be performed on the network device.
Another problem is that the manufacturer or provider of the network device may wish to prevent the user of the network device from accessing certain resources of the network device. One approach for doing so involves the manufacturer or provider establishing a password for use in accessing resources of a network device prior to the network device leaving the control of the manufacturer or provider. For example, a password for a network device may be established during manufacturing or configuration of the network device. The password may then be provided, as needed, over a network or entered directly at the network device using an input device, such as a keypad.
A problem with the manufacturer or provider establishing a password is that all the passwords for all the network devices produced by the manufacturer or provider must be safeguarded and managed by the manufacturer or provider. Safeguarding such a large number of passwords is cumbersome, especially when a manufacturer outsources the manufacturing of the network device to another company.
Also, such passwords provide exclusive control of the network device to the manufacturer or the support technician, leaving the user of the network device without any way to limit when or by whom the network device is serviced. This may be especially troublesome if the servicing of the network device would interrupt the user's use of the network device at an undesirable time.
Thus, there is a need for the user of a network device to have service performed on the network device by a support service provider that allows the support service provider to access the network device to perform the required service without the user having such access, and yet still enable the user to control when the support service provider may access the network device.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.