1. Field of the Invention
The embodiments presented herein generally relate to gateway devices that may be used to provide services for client devices in a multi-dwelling unit (MDU) network, and more particularly, to mechanisms for downloading files associated with the operation of gateway and client devices in such a network.
2. Background Information
Systems for providing services such as satellite television service have been deployed that utilize a structure that is complementary to the needs of multi-user operation in a single location such as multiple dwelling buildings or apartments. The arrangement of the system used for an installation such as an MDU installation often includes client devices connected through a local network to a central device, or gateway device, that is connected to the service provider's network.
Problems may often be related to these systems when they include field-upgradeable devices, otherwise referred to as field-upgradable systems. In particular, field-upgradable systems may require operator intervention on a per-unit basis to initiate a software upgrade. As a result, the amount of effort needed for an upgrade thus scales with the number of fielded units. Further, typical field-upgradeable systems do not provide an automated way of introducing advanced features/capabilities at one or more selected installations or at one or more gateway devices at a given installation.
In addition, issues may exist with the security and authenticity of various types of files (e.g., executable files, configuration files, key files, etc.) used in upgrading network devices. A gateway device may maintain an updated inventory of client device files for use in downloading to the client devices following a client device reboot. The manufacturer of each client device model provides an executable code file that for security purposes is signed using a key generated by the service operator or manufacturer. One way of addressing the problem is to have the gateway device maintain a list of the keys and algorithms used to sign client device files, or equivalently, maintain a set of signature verification routines, one per client device model. However, this requirement is difficult to manage as the number of client models and manufacturers proliferate in a fielded system. Additionally, service operators and manufacturers are reluctant to release key or algorithmic information used to sign client device files.
In summary, a method is needed to verify the data integrity and source (non-repudiation) of client device files, without incurring the overhead of per-model key/algorithm lists, assuming this information is even made available by the operator or manufacturer
If file signing is performed using a public-private key cryptosystem, a standard approach is for the gateway device to maintain a list of the public keys or X.509 device certificates containing the public keys used to sign the client device files, or equivalently, for the gateway device to maintain one or more signature verification functions containing an embedded public key (one signature verification function needed per public/private key pair). Likewise, if a secret key is used to sign a client device file, a signature verification function must be provided that embeds the secret key and verification algorithm. These verification functions must be managed and applied to the corresponding client model numbers.
A further complication exists when additional client device models are added to the system. The fielded gateway device needs to manage a growing list of client keys/verification functions and apply them to the corresponding client device model numbers. Therefore, there is a need for an improved method of downloading files for use with devices in a network and further there is a need for an improved security or authentication system for use with multiple devices in a network. The disclosed embodiments address one or more of these problems.