Appliances are special-purpose computer systems, such as, for example, storage servers and proxy servers. Special-purpose computer systems may be implemented as network-attached appliances and may run system software, such as embedded operating systems, device drivers, or various utilities. While an appliance may be sold with a particular version of system software loaded on it, updates to such software, e.g., an upgrade to the embedded operating system or a policy module, or a software patch addressing a defect, may become available after the appliance has been placed in service. Controlling access to such upgrades or patches is important from the appliance vendor's point of view (inasmuch as the vendor seeks to ensure that only authorized customers receive the benefit of the new software) and the appliance owner/user's point of view (inasmuch as the owner/user wishes to maintain configuration control over his/her equipment).
As one might expect, different methods for implementing these access controls have developed. In some cases, an appliance owner/user is assigned a unique user name/password combination at the time the appliance is purchased or first placed in service. As software updates for the corresponding appliance become available, the owner/user may request the update (e.g., from a server storing the updated software) and use his/her user name/password in order to authenticate the request. When a user name/password combination is presented to the download server, the customer's entitlement to the software update is checked, and, if it is determined that the customer is indeed entitled to the update, the appropriate software components are supplied. This scheme requires significant customer interaction with a download server, which may be inconvenient, and also requires that the customer remember or otherwise retain the user name/password credentials, sometimes several months or even years after the original purchase (while it is true that some vendors offer assistance to those customers that cannot remember their user name/password combinations, the provision of such support tends to decrease the vendor's confidence that the requesting customer is truly entitled to a particular update and increases the costs of the appliance manufacturer).
Furthermore, where a customer's entitlement to a software update is verified utilizing a user name/password combination originally assigned at the time of purchase, these credentials can be used to download the content (e.g., software updates or patches) to a system other than the appliance itself. Thus, stolen credentials, for example, can be used to download illicit copies of the content, which may lead to a possibility of arbitrary downloads. For example, content may be installed on appliances that are not entitled to those particular updates, or, for example, updates may be installed on appliances owned by those customers that have not paid for that particular update.