1. Field of the Invention
This invention generally relates to network communications and, more particularly, to a system and method for securely provisioning network-connected devices with configuration data.
2. Description of the Related Art
As noted in U.S. Pat. No. 6,308,243 (Kido), in a variety of application apparatuses having embedded microcomputers, a real time multitask system is used for processing a number of tasks. In the case where one resource, for example a hard disk drive, is shared for a plurality of tasks, the state of the resource (the contents) can be destroyed by uncontrolled accessing. It is thus necessary for the multitask system to exclusively grant control of the resource access to one task at a time.
A conventional multitask system includes an exclusive control module termed “semaphore ” for carrying out the exclusive control. The term, semaphore, is derived from a railroad signaling device with arms. A semaphore, as used in a computer system, remains held in its reset state by an operating system (OS) when the resource is accessed by none of the tasks. When one of the tasks intends to access the resource, it must receive a right of exclusive use from the OS and the semaphore is turned to the set state. While the semaphore for a particular resource is set, the access of the other tasks to the resource is inhibited by the OS.
A different but related problem occurs when a device in the OS, or network of connected-devices inadvertently boots up, perhaps due to a software crash. In these circumstances the device, such as a microprocessor, may transmit inappropriate data on the databus. However, this inappropriate data may be addressed to other devices in the network that are already correctly configured. If one of the network devices reconfigures itself with this inappropriate data, the network could cause damage, become hung up, or require a system-wide reboot. A semaphore is unable to protect the network in the above-mentioned circumstances when the network-connected writing device is not checking for semaphores.
In networks that are built to be compliant to International Telecommunications Union ITU-T G.709 (G.709) standards, there are typically one or more integrated circuits that are built to handle various transport tasks such as performance monitoring, overhead add/drop, messaging, etc. These integrated circuit devices typically have register sets inside them that are used for provisioning the device. These integrated circuits can have many modes of operation, to handle the various configurations and network and data types that are supported. When these integrated circuit devices are built up and deployed in an actual network, they are usually provisioned by a processor only during the boot-up process. After the boot-up process is complete, the processor may access the device from time-to-time, and may even reprogram the device under certain circumstances. However, once provisioned, the network typically has no need to reprogram or rewrite the data in these devices.
Processors use software, and sometimes the software can crash. When the processor enters a crashed state, it may accidentally write data into the provisioning register set of the G.709 integrated circuit (IC), meaning the device gets reprogrammed. This can interrupt the G.709 traffic that would not have been affected by the crashed state of the processor, had the processor not reprogrammed the G.709 device.
It would be advantageous if network-connected devices could be protected from inadvertent reconfiguration.
It would be advantageous if a system existed for securely provisioning a network-connected device with configuration data.
It would be advantageous if a G.709 network could be protected from accidental writing into a provisioning register.