The present invention pertains to apparatus and methods for providing software updates to devices in a communication network and, in particular, to apparatus and methods for providing secure and unobtrusive software updates over-the-air in a digital wireless communication network.
In networks which include a large number of remote network elements, terminals, or telephones, which are located on customer premises and which typically operate pursuant to software, it is often necessary to update the software stored therein or utilized in conjunction therewith. The need to update the software in a large number of these network elements, terminals or telephones could arise, for example, if a defect is discovered in the software or if a new feature is desired to be added or retrofitted thereto. In addition to software, the need may also arise to update software-controlled configurations, or operating characteristics, of such network elements, terminals or telephones.
Currently, software updating of these network elements, terminals, or telephones is typically performed manually, with a service person typically visiting the customer premises in order to load or to install the new software from a storage device or computer, or by the customer being requested to bring the network element, terminal, or telephone to a service facility. The above-described methods are typically slow, costly, and inconvenient. A more desirable method for performing software updating is to utilize the communication network itself as a distribution medium via which the software can be distributed from a centralized location or facility associated with the network. A centralized distribution system serves to avoid the need to send service personnel to physically access each network element, terminal, or telephone at the subscriber""s premises or locally, or the need for customers to bring their devices to a service facility.
The distribution of software utilizing a communication medium typically requires that a number of concerns be addressed in a satisfactory manner. Typically, the download system should be efficient in its use of system bandwidth, with the practice of dedicating a wideband channel for use in software downloading being avoided. Further, each software download session should be completed as soon as possible so as to prevent tying up limited network resources and equipment at, and associated with, the centralized distribution computer.
Software download sessions should also be non-blocking so that the user will not be prevented from using or accessing the communication system while a software download operation is in progress. In some cases, regulatory requirements may dictate that communication systems be non-blocking, such as, for example, in cases of systems which are relied upon for emergency communications.
The software download process should also be secure, and include means and methods for ensuring that software is not corrupted before it is run. Further, there should always be valid software available for operation. Means and methods are also required in order to ensure that only authorized versions of software are accepted by the respective network elements terminals, or telephones.
In UK Patent Application GB 2301747 A, Kay discloses a remotely programmable subscriber terminal in a wireless telecommunication system. In the system disclosed by Kay, the communications link to the subscriber terminal consists of four logical channels, which include two channels for bearer information for the user, each being 64 kb/s, a signaling channel at 16 kb/s, and an overhead channel at 16 kb/s, which is utilized for control information. Software is passed to the subscriber terminal over the overhead channel. It is possible for telephone calls to be made using the bearer channels during a download procedure. The disadvantages of this method lie in the fact that the overhead channel is typically slower than the bearer channel. As a result, the download session will be longer than would otherwise be required if a bearer channel were to be used to pass the software.
Kay further discloses a method for ensuring that software, which is corrupted by errors, is not run, and that there is always valid software available to be utilized. This involves the provision of dual non-volatile (flash) memory banks in the terminal. Downloaded software is written into one memory while the program stored in the other memory is being run. Code checksums are utilized so as to ensure that no software errors exist before it is run. The deficiency of this method is that there is no means described for ensuring that downloaded software is authentic. For example, a malicious xe2x80x9chackerxe2x80x9d could potentially initiate a download session with a subscriber network, terminal, or telephone, and transfer a software load, including a code checksum which is valid for that software load.
In U.S. Pat. No. 4,982,430, Frezza et al. discloses a security arrangement which is utilized in a system whereby a large number of terminals, connected to a coaxial cable system, receive software downloads. The centralized server computes a checksum on at least a part of the software to be downloaded, encrypts this checksum with a secret key, and sends the encrypted checksum, along with the software, to the terminal. The terminal calculates a checksum on the received software and also decrypts the received encrypted checksum, using the secret key, which it stores.
If the decrypted checksum matches the calculated checksum, the software is deemed to be authentic. The disadvantage of this method lies in the fact that the terminal must store the secret key which is utilized for encryption at the centralized server. If a malicious xe2x80x9chackerxe2x80x9d were to disassemble or otherwise examine the memory banks of a subscriber terminal, the secret key would become known and the hacker could then generate false software loads. If the same secret key were to be used for a large number of subscriber terminals, the security of the system would be compromised.
The present invention provides apparatus and methods for providing secure and unobtrusive software updates to devices in a communication network which overcomes the shortcomings of the prior art.
The apparatus of the present invention includes a processor, a database which contains information regarding subscribers of a communication network, and a communication device. The communication device transmits software from the processor to a subscriber device in a communication network.
The apparatus of the present invention may also include a processor, for transmitting software to a subscriber device. The processor may further include a controller, for controlling the processor, a storage device for storing information regarding subscribers of a communication network, and a communication device for transmitting software from the processor to a subscriber device.
The processor may identify a subscriber device in a communication network which requires a software update. A first signal may then be transmitted from the processor to the subscriber device. A communication channel between the subscriber device and the processor is then initiated. Thereafter, a second signal which contains software can be transmitted from the processor to the subscriber device over a communication network, in order to effectuate a software update at the subscriber device.
Accordingly, it is an object of the present invention to provide apparatus and methods for providing software updates to devices in a communication network.
It is another object of the present invention to provide apparatus and methods for providing software updates over-the-air to devices in a digital wireless communication network.
It is yet another object of the present invention to provide apparatus and methods for downloading software to network elements, terminals, or telephones, in a communication network.
It is still another object of the present invention to provide apparatus and methods for downloading software to network elements, terminals, or telephones, in a communication network, wherein software is transferred over a bearer channel of a communication link.
It is another object of the present invention to provide apparatus and methods for downloading software to network elements, terminals, or telephones, in a communication network, in a time efficient manner.
It is yet another object of the present invention to provide apparatus and methods for providing software updates to network elements, terminals, or telephones, in a communication network, wherein the network elements, terminals, or telephones, perform verification of the authenticity of the software before accepting same.
It is still another object of the present invention to provide apparatus and methods for providing software updates to network elements, terminals, or telephones, in a communication network wherein encryption and cryptographic techniques are utilized and/or are incorporated for facilitating security.
It is yet another object of the present invention to provide apparatus and methods for providing software updates to network elements, terminals, or telephones without affecting access to the communication channel.
Other objects and advantages of the present invention will be apparent to those skilled in the art upon a review of the Description of the Preferred Embodiment taken in conjunction with the Drawings which follow.