The present invention relates to remote management, i.e. installation, configuration and removal, of application or service software modules—the so called “bundles” on customer premises equipment CPE from a server locate anywhere in the network with connectivity to the CPE devices. The server is named the auto configuration server or remote management server throughout this application. Examples of CPE or customer devices are a digital subscriber Line (DSL) modem, a Set-Top Box (STB), a wireless terminal such as a mobile telephone, a Personal Digital Assistant (PDA), etc. In the context of the present application, a customer device can also be a device residing in the network whereon remote management services are installed for instance a DSLAM, a remote unit (RU), a service blade, etc. More particularly, the invention relates to management of a subset of parameters which belong to a particular service or operator.
A home network connected to a broadband access network such as a Digital Subscriber Line (xDSL) network contains Customer Premises Equipment such as an xDSL modem connected on one side to one or more appliances in the home network and on the other side to a node of the xDSL service provider such as a Digital Subscriber Line Access Multiplexer DSLAM or a traffic aggregation node in a Central Office. The link between this CPE and the DSLAM is used to transport information, which requires the establishment of a communication session between this CPE and the DSLAM. Establishing a communication session typically involves steps such as synchronization between devices, defining error correction systems, determining transmission speed, etc. To achieve this, the modem needs information related to those steps. For instance, it needs to know which error correction codes are available, which speeds can be used, which encodings are preferred, etc.
Furthermore, a TR-069 management protocol is typically used for remote device management. This protocol enables a CPE to be configured from within the service provider network by a remote management server or an Auto-Configuration Server ACS. Such TR-069 Management Protocol is based on an Object Model which is stored in each CPE. The Object Model is made up out of a number of parameters which can be read or altered by remote procedure calls. These parameters are organized in a tree-like structure in the Object Model. As a result of the tree model, a parameter can be addressed explicitly or a subset of parameters can be addressed. The ACS can invoke a remote procedure call RPC to retrieve the value of one or more parameters using an addressing of that particular parameter or subset as described above. The ACS can also invoke an RPC to alter the value of a parameter or subset of parameters. Furthermore, the ACS is able to invoke RPCs which trigger updates of the software on the CPE, installation or removal of software on the CPE, etc. Thus, the TR-069 management protocol enables an operator to remotely configure and manage a CPE which means that a user can access one or more services with little effort.
The TR-069 protocol is also used to remotely manage other CPE's which are more service specific or which offer various services such as e.g. Open Service Gateway initiative OSGi service platforms. However, by using such OSGi, the services and applications share everything on the CPE. This means that the entire TR-069 Object Model is available to the services and applications deployed on the CPE and can be retrieved or altered by any of them. Hereby, each remote management server or ACS is able to modify the TR-069 Object Model and all the parameters stored therein. This means that on a CPE with multiple services running thereon which are related to various service providers, each service provider is able to modify the services and applications of the other operators. Indeed, because the Object Model is a single accessible set of data, service operators are able to gain an advantage over other operators simply by modification of the parameters related to the other operator's services or applications.
In order to avoid malicious use of automatic configuration in a TR-069 Object Model and to provide a more secure set of parameters for each service provider a secure set of parameters is provided automatically by means of a view selector module for use in management of a TR-069 Object Model. Such module typically comprises means for selecting and/or altering one or more of the plurality of parameters based on credentials. The view selector module is described in the European Patent Application filed at 14 Aug. 2007 with application number 07291009.4. Herein it is described that by allowing the selection of parameters or the altering of parameters based upon credentials, it becomes possible to make only a subset of the TR-069 Object Model available to a particular party such as a service provider, remote management server or ACS. This means that the particular party is only able to retrieve information from specific TR-069 parameters such as those for applications or bundles installed by that party or parameters available to everyone or all applications or bundles. Similarly, only a number of parameters can be altered by a specific party whereas other parameters cannot be changed for instance because they do not belong to the party, bundle or service. Thus, it becomes impossible for operator A to view and/or modify parameters related to services of operator B. As such, operator A can no longer gain an unfair advantage for his services over operator B by reducing the capacity or quality of operator B's service.
Furthermore, TR-069 compliant Consumer Premises Devices CPEs in a home network typically use a Transport Layer Security/Secure Sockets Layer, shortly called TLS/SSL session, in cooperation with the Auto Configuration Server ACS in the operator's network for the management of their TR-069 object model parameters. Typically, the ACS or a proxy terminates this TLS/SSL session and manages the object model parameters of the CPE by itself.
It has to be explained that there are several drawbacks to this approach:
1. The knowledge on the configuration of the CPE is maintained at the ACS (or its delegates) in the network of the operator, while the information may be needed locally in the home network as well, e.g. for diagnostics tools; and
2. The TLS/SSL protocol requires quite high storage capacity and CPU power to maintain state for each session on the end-points of the tunnel; and
3. Due to the use of a TLS/SSL session, the information passing through this secure tunnel is transparent to intermediate network devices. With transparent it is meant that passing information can not be read or it can not be interpreted by other intermediate network devices between the CPE and the ACS such as e.g. the residential home gateway.