CN115250468A - Method and apparatus for remote and automatic customer premises device configuration - Google Patents
Method and apparatus for remote and automatic customer premises device configuration Download PDFInfo
- Publication number
- CN115250468A CN115250468A CN202110457273.9A CN202110457273A CN115250468A CN 115250468 A CN115250468 A CN 115250468A CN 202110457273 A CN202110457273 A CN 202110457273A CN 115250468 A CN115250468 A CN 115250468A
- Authority
- CN
- China
- Prior art keywords
- security code
- communication service
- key value
- service parameter
- parameter values
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000004891 communication Methods 0.000 claims abstract description 123
- 238000012545 processing Methods 0.000 claims description 17
- 230000004044 response Effects 0.000 claims description 7
- 238000004590 computer program Methods 0.000 description 7
- 238000009826 distribution Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 5
- 229920006235 chlorinated polyethylene elastomer Polymers 0.000 description 5
- 238000000136 cloud-point extraction Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The present disclosure relates to methods and apparatus for remote and automated consumer premises device configuration. Systems and methods for configuring communication services between a remote client device and a system operator are disclosed. In one embodiment, the method includes generating a security code from one or more communication service parameter values and a key value, providing the security code to a remote client device, accepting a request from the remote client device to reconfigure a communication service with the security code, and automatically configuring the communication service according to the one or more communication service parameter values and the key value of the accepted security code.
Description
The inventor: bob Chen, aaron Zheng, ben Zhu, annie Li and Xu Xiang
Technical Field
The present disclosure relates to systems and methods for configuring consumer devices, and in particular to systems and methods for remotely and automatically configuring such devices.
Background
It is desirable to provide data services to customers. Such data services may be provided via wireless or wired transmission. Wireless data services may use terrestrial, over-the-air, or satellite-based transmissions. Wired data services may use telephone lines (dial-up or DSL) or fiber optics.
Data services are typically provided by Multiple System Operators (MSOs). Exemplary MSOs include conventional MSOs such as direct broadcast satellite television providers, cable television providers, and internet service providers. Data services are typically provided via remote client devices (hereinafter alternatively referred to as Customer Premise Equipment (CPE)) such as cable modems or set top boxes (STPs)) installed in the customer's premises. In many cases, the CPE itself or a Conditional Access System (CAS) portion of the CPE is provided by the CPE provider.
It is desirable for the MSO to have the ability to remotely configure or reconfigure the CPE in a secure manner. One situation in which an MSO may wish to reconfigure a CPE is a situation in which a user of the CPE desires additional or enhanced CPE capabilities. For example, a customer may desire the CPE to provide additional bandwidth or other features. To obtain this additional capability, the user contacts a representative at the MSO (typically by telephone or chat), indicating that additional or enhanced features are desired, and the MSO representative arranges for the CPE to be reconfigured to provide additional bandwidth or other features. For example, this process involves modifying a configuration file in the CPE to change the MIB for the upstream and downstream service flows. This process can be labor intensive and therefore can be expensive and time consuming, thereby delaying the provision of the desired CPE capabilities and increasing their cost.
Disclosure of Invention
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
To address the above-mentioned need, this document discloses a system and method for configuring communication services between a remote client device and a system operator. In one embodiment, the method includes generating a security code from one or more communication service parameter values and a key value, providing the security code to a remote client device, accepting a request from the remote client device to reconfigure a communication service with the security code, and automatically configuring the communication service based on the accepted one or more communication service parameter values and the key value of the security code. Another embodiment is evidenced by an apparatus having a processor and a communicatively coupled memory storing processor instructions for performing the foregoing operations.
The features, functions, and advantages that have been discussed can be achieved independently in various embodiments of the present invention or may be combined in yet other embodiments further details of which can be seen with reference to the following description and drawings.
Drawings
Referring now to the drawings in which like reference numbers represent corresponding parts throughout:
FIG. 1 is a diagram of an exemplary data distribution system;
FIG. 2 is a diagram illustrating exemplary operations that may be performed to configure communication services between a remote device and a system operator; and
FIG. 3 illustrates an exemplary computer system that can be used to implement the processing elements of the present disclosure.
Detailed Description
In the following description, reference is made to the accompanying drawings which form a part hereof, and in which is shown by way of illustration several embodiments. It is to be understood that other embodiments may be utilized and structural changes may be made without departing from the scope of the present disclosure.
SUMMARY
Fig. 1 is a diagram of an exemplary data distribution system 100. The data distribution system 100 includes an MSO102, the MSO102 transmitting information to a plurality of users 116, who may subscribe to services provided by the MSO. Each such customer 116 is provided with a CPE106, such as an STB or cable modem, for installation at the location where the data service is to be received. Typically, the CPE106 is installed in a customer site 104, such as a house, but the CPE may be installed in a motor vehicle or carried by a user. In many cases, the CPEs 106 provided to the customers 116 are manufactured (at least in part) by the CPE provider 114. In some embodiments, the CPE provider 114 manufactures a hardware designed CPE106 that can be used with different MSOs 102, each having different functional requirements. Typically, this is done by modifying the software and/or firmware of the CPE106. The CPE provider 114 may also manufacture CPEs 106 with different hardware functionality for different MSOs 102. Typically, data transmitted between the MSO102 and the CPE106 is encrypted or otherwise obscured to prevent unauthorized entities from receiving the data. Thus, the CPE106 typically includes a Conditional Access System (CAS) that decrypts data transmitted by the MSO102 and may also have the capability to encrypt data transmitted from the CPE106 to the MSO 102.
The MSO102 may transmit data via a wired connection 112, such as a fiber optic cable or wire. The MSO may also transmit data via a wireless connection, such as via a terrestrial transmitter 110 or a satellite broadcast system in which data is transmitted via a terrestrial station 108A and a satellite 108B.
In some cases, the data distribution system 100 also allows the customer's CPE106 to transmit information to the MSO 102. Thus, data distribution allows information to be transceived (e.g., transmitted and received) by the MSO102 and the CPEs 106. Additionally, such systems may be asymmetric, where data is transmitted from the MSO102 to the CPE106 via one transmission method, and data is transmitted from the CPE106 to the MSO102 via another transmission method. For example, it is known for the MSO102 to transmit media programs via satellite to subscribers having CPEs 106, but to transmit data to be transmitted from the CPEs 106 to the MSO102 via a wired connection such as 112.
As described above, it is desirable to enable the MSO102 to access the CPE106. This may require that the CPE be provided with new or different functionality or rights to receive and/or transmit data, or that the functionality or rights currently existing to receive such data be deleted. Automating the provision of such functionality and providing a means to obtain it through various channels in a consumer friendly and easily broken down manner is beneficial as it allows the generally desired functionality to be provided quickly and inexpensively.
Fig. 2 is a diagram illustrating exemplary operations that may be performed to configure communication services between a remote device and a system operator. These operations will be described with respect to an example in which communication services are updated to increase the bandwidth of services provided between remote client devices, such as CPE106, and a system operator, such as MSO 102. In block 202, a system operator generates a security code from one or more communication service parameters and a key value.
Secure code generation and features
In an exemplary embodiment, the security code is generated from communication service parameters including an MSO identifier, a CPE model number, a release date, an expiration date, a requested uplink bandwidth value and a requested downlink bandwidth value, and a key value, as follows:
part 1: MSO identifier: KDG
Part 2: CPE model: TG3442
Part 3: release date: 20190814 (i.e., 8 months and 20 days in 2019)
Part 4: the validity period is as follows: 20200813 (i.e., 8 months and 19 days in 2020)
And part 5: uplink (us) bandwidth: 80M (i.e., 80 Mbps)
Part 6: downlink (DS) bandwidth: 900M (i.e., 900 Mbps)
And part 7: the key value: ABCDEF
Other optional communication service parameters include an identifier (e.g., serial number) of the CPE106 device and a subscriber identifier. This information is particularly useful in the case where the security code is provided in response to a request from the CPE106. The security code may simply be a concatenation or other combination of the aforementioned parameters (e.g., "KDGTG3442201908142020081380M900 mabcdf" or KGD-TG 3442-20190814-20200813-80-900-ABCDEF). This security code is provided to the CPE106 as indicated in block 206. Typically, this is done by distributing the security code to be purchased before requesting (or changing) the communication service.
Cryptographic processing of security codes
As shown in block 204, the secure code may also be secured by cryptographically processing the code to bind a key value (in the above example, "ABCDEF") to one or more communication parameters. Once the cryptographic binding is made, any changes in communication service parameters may be detected, as described below.
For example, a one-way hash function such as a 256-bit Secure Hash Algorithm (SHA) (SHA-256) may be first applied to the secure code. The application of the SHA-256 hash in the foregoing example provides the following results for the cryptographically processed security code:
44c6e8a07bc290c053fd3413481e051f4fc791be6160f68aacda0b53bbadb55f
in another embodiment, the security code is cryptographically processed to bind the key value to the communication service parameter by encrypting the key value and one or more communication service parameter values, for example using a secret shared with the MSO 102. Alternatively, only the key value may be encrypted and the one or more communication service parameter values are provided as a security code along with the request to reconfigure the communication service, together with the encrypted key value. To ensure that the user 116 does not make any changes to the security code, a hash of the security code may also be provided.
Provision of security codes
In one embodiment, the provisioning of the security code to the CPE106 is accomplished by distributing the security code in a tangible form to a retail store where the user 116 of the CPE106 can purchase the security code. In another embodiment, the security code is distributed in a tangible form with the CPE106 when the CPE106 is initially provisioned to the user 116. The security code may be obscured from detection prior to purchase (e.g., represented by an alphanumeric code that is obscured in a sealed envelope or covered with an opaque material that can only be removed at the time of purchase).
In other embodiments, the security code is automatically distributed in electronic form via the internet in response to a request for the security code from the CPE106. For example, the user 116 may send a message to the MSO102 via the internet to request configuration (or reconfiguration) of the CPE106 for the upgraded communication service. This message may include one or more of the communication service parameters (e.g., MSO, remote client device model and/or serial number, and requested uplink and/or downlink bandwidth). The user may also provide payment in this or a related message for the upgraded service, if desired. After such payment, the MSO102 may automatically provide the security code in electronic form. This may be alphanumeric or may be a bar code or package code 116 to be printed by the user.
Requesting updated or new communication services
Such pre-stored security code values may be stored in a secure memory of the CPE106 prior to distribution of the CPE106 to the user 116, or may be downloaded from the MSO102 to the CPE106 after distribution of the CPE106 to the user 116. Such downloading may occur prior to or in response to a request for upgraded communication services. The security code (and the security code to which it is compared to ensure validity) may also be saved to a non-volatile memory (NVM) of the CPE106 so that the security code(s) are not lost after reboot (reboot) of the CPE106.
In another embodiment, a request for upgraded or reconfigured communication services is provided to the MSO102 (e.g., via the CPE 106), and the security code provided with the request may be verified by the MSO102 prior to configuring the communication services according to the communication parameter values in the security code.
In one embodiment, this is accomplished by the user 116 entering a security code in the CPE106 for transmission to the MSO 102. For example, the CPE106 is typically communicatively coupled to a processing system, such as a desktop or laptop computer, a tablet computer, or a smartphone. Such devices implement a Graphical User Interface (GUI) that the user 116 can use to enter the security code itself one character at a time. Alternatively, the security code may be provided to the user as a barcode or Quick Response (QR) code, which the user may scan and return to the MSO102 upon request for upgraded or reconfigured communication services.
The MSO102 accepts the request for communication service, as shown in block 208, and automatically configures the communication service based on the key value of the accepted security code and the one or more communication parameters, as shown in block 210. The security code may be verified by MSO102 prior to automatically configuring the communication service. In the case where the security code is simply a concatenated version of the communication service parameter value and the key value, the MSO retrieves a list of approved key values for such communication service parameter value and validates the request only in those cases where it matches the received security code. In the event that the request to reconfigure the communication service includes an identifier of the CPE device 106, the MSO may also confirm that the security code is associated with the particular device requesting the security code. Having cryptographically processed the security code to bind the key value to the communication service parameter value, the MSO102 may simply compare the received cryptographically processed security code to a stored security code that is also cryptographically processed. For example, if the security code is a hash of a communication service parameter value concatenated with a key value, the MSO102 may simply compute a hash of the same communication service parameter concatenated with the same key value and ensure that the result matches the security code received from the CPE106. In situations where the number of alternatives to the communication system is limited (e.g., a limited number of MSOs, CPE models, release dates and expiration dates, bandwidth options and key values), this hash may be pre-computed and the security code received with the request simply compared to the pre-stored hash value. In the case where the security code is cryptographically processed to cryptographically process the security code, the received security code received from the CPE106 is decrypted. For example, if the security code is encrypted according to a shared secret to generate an encrypted security code, then the shared secret is used to decrypt the security code. Whether cryptographically processed by hashing or encryption, this process prevents any value of the security code from being changed, as such changes would be detected during the authentication process. In the case of a hashed security code,
the automatic configuration of the communication service may include operations required to configure the MSO102 and configure the CPE106. In one embodiment, the CPE106 is configured by using a configuration file. In one embodiment, this is accomplished by remotely or securely enabling entry points into the CPE (e.g., via Secure Shell (SSH) or hypertext transfer protocol (HTTP)). Once a CPE is configured to enable an entry point, it must be ensured that the information exchanged at that entry point is secure. In the SSH entry point, the SSH server (CPE in this case) publishes its public key in the secure public key DB/LDAP (lightweight directory access protocol). The SSH client (in this case, a processor on the MSO) can securely obtain the public key offline from a trusted database and store it locally so that it can be used to authenticate the SSH server.
Another CPE entry point is a Simple Network Management Protocol (SNMP) compliant entry point. SNMP is a protocol for network management that collects and configures information from network devices, such as servers, printers, hubs, switches, routers on Internet Protocol (IP) networks, and CPE devices. SNMP includes three versions. SNMPv1 is the initial implementation of the SNMP protocol. SNMPv2 revised the first edition, improving performance, security, confidentiality, and communication between manager and manager. SNMPv3 adds cryptographic security to SNMPv1 and SNMPv 2. SNMPv3 includes the provision of key localization, which attempts to provide a unique key to the SNMP engine of all authorities in the network. Yet another entry point for the CPE is the CPE WAN Management Protocol (CWMP) described in technical report 069 (TR 69).
Hardware environment
Fig. 3 illustrates an exemplary computer system 300 that may be used to implement the processing elements disclosed above, including one or more of the processors at the MSO102 and CPE106. The computer 302 includes a processor 304 and memory, such as Random Access Memory (RAM) 306. The computer 302 is operatively coupled to a display 322, the display 322 presenting images, such as windows, to a user on a graphical user interface 318B. The computer 302 may be coupled to other devices such as a keyboard 314, a mouse device 316, a printer 328, and the like. Of course, those skilled in the art will recognize that any combination of the above components or any number of different components, peripherals, and other devices can be used with the computer 302.
Generally, computer 302 operates under the control of an operating system 308 stored in memory 306 and interacts with a user to accept inputs and commands and present results through a Graphical User Interface (GUI) module 318A. Although the GUI module 318B is depicted as a separate module, the instructions performing the GUI functions may be resident or distributed in the operating system 308, the computer program 310, or implemented with dedicated memory and processors. Computer 302 also implements a compiler 312 that allows application programs 310 written in a programming language such as COBOL, C + +, FORTRAN, or other language to be translated into code readable by processor 304. After completion, application 310 accesses and manipulates data stored in memory 306 of computer 302 using the relationships and logic that were generated using compiler 312. Computer 302 also optionally includes external communication devices such as a modem, satellite link, ethernet card, or other devices for communicating with other computers.
In one embodiment, the instructions implementing the operating system 308, computer program 310, and compiler 312 are tangibly embodied in a computer-readable medium (e.g., data storage device 320), which may include one or more fixed or removable data storage devices, such as a zip drive, floppy disk drive 324, hard disk drive, CD-ROM drive, tape drive, and the like. Additionally, operating system 308 and computer program 310 include instructions that, when read and executed by computer 302, cause computer 302 to perform the operations described herein. The computer program 310 and/or the operating instructions may also be tangibly embodied in the memory 306 and/or the data communication device 330, thereby making a computer program product or article of manufacture. As such, the terms "article of manufacture," "program storage device" and "computer program product" as used herein are intended to encompass a computer program accessible from any computer-readable device or media.
Those skilled in the art will recognize many modifications may be made to this configuration without departing from the scope of the present disclosure. For example, one skilled in the art will recognize that any combination of the above components or any number of different components, peripherals, and other devices may be used.
The foregoing discloses a method for configuring communication services between a remote client device and a system operator. In one embodiment, the method comprises: generating a security code; providing a security code to a remote client device; accepting a request from a remote client device to reconfigure a communication service with a security code; and automatically configuring the communication service based on the one or more communication service parameter values and the key value of the accepted security code. The security code includes one or more communication service parameter values and a key value.
Implementations may include one or more of the following features:
any of the methods above, wherein the method further comprises: cryptographically processing the security code to bind the key value to one or more communication service parameter values; and wherein automatically configuring the communication service according to the one or more communication service parameter values and the key value of the accepted security code comprises verifying the accepted security code and, if the security code is valid, configuring at the remote client device and the system operator according to the communication service parameter values.
Any of the methods above, wherein cryptographically processing the security code to bind the key value to the communication service parameter value comprises: hashing the key value and the one or more communication service parameter values; and verifying the accepted security code includes: the accepted security code is compared to the provided hashed security code.
Any of the methods above, wherein cryptographically processing the security code to bind the key value to the communication service parameter value comprises: encrypting the key value and the one or more communication service parameter values; and verifying the accepted security code comprises: the encrypted security code is decrypted and the key value of the provided security code is compared with the key value of the accepted security code.
Any of the methods above, wherein configuring the communication service based on the one or more communication service parameter values and the key value of the accepted security code comprises: a configuration file is transmitted to the remote client device, the configuration file generated based at least in part on the one or more communication service parameter values.
Any of the methods above, wherein providing the security code to the remote client device comprises: the security code for the purchase is distributed prior to accepting the request to reconfigure the communication service.
Any of the methods above, wherein distributing the security code for purchase prior to accepting the request for communication service comprises at least one of: distributing the security code in tangible form to a retail store for payment at the retail store using the principal; and distributing the security code in a tangible form with the remote client device.
Any of the methods above, wherein distributing the security code for purchase prior to accepting the request for communication service comprises: the security code is automatically transmitted in electronic form via the internet in response to a request for the security code from a remote client device.
Another embodiment is evidenced by an apparatus for configuring communication services between a remote client device and a system operator, comprising: a processor; a memory communicatively coupled to the processor, the memory having processor instructions, including instructions to perform the operations described above.
Conclusion
This concludes the description of the preferred embodiments of the present disclosure. The foregoing description of the preferred embodiments has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the disclosure to the precise form disclosed. Many modifications and variations are possible in light of the above teaching. It is intended that the scope of the claims be limited not by this detailed description, but rather by the claims appended hereto.
Claims (20)
1. A method of configuring communication services between a remote client device and a system operator, comprising:
generating a security code according to:
one or more communication service parameter values; and
a key value;
providing a security code to a remote client device;
accepting a request from a remote client device to reconfigure a communication service with a security code; and
automatically configuring a communication service according to the one or more communication service parameter values and the key value of the accepted security code.
2. The method of claim 1, wherein:
the method further comprises the following steps:
cryptographically processing a security code to bind a key value to the one or more communication service parameter values;
automatically configuring the communication service according to the one or more communication service parameter values and the key value of the accepted security code comprises:
verifying the accepted security code; and
if the security code is valid, configuration is performed at the remote client device and the system operator according to the communication service parameter value.
3. The method of claim 2, wherein:
cryptographically processing the security code to bind the key value to the communication service parameter value comprises:
hashing the key value and the one or more communication service parameter values; and verifying that the accepted security code includes:
the accepted security code is compared to the provided hashed security code.
4. The method of claim 2, wherein:
cryptographically processing the security code to bind the key value to the communication service parameter value comprises:
encrypting the key value and the one or more communication service parameter values; and verifying that the accepted security code includes:
the encrypted security code is decrypted and the key value of the provided security code is compared with the key value of the accepted security code.
5. The method of claim 1, wherein:
configuring a communication service according to the one or more communication service parameter values and key values of the accepted security code comprises:
transmitting a configuration file to the remote client device, the configuration file generated based at least in part on the one or more communication service parameter values.
6. The method of claim 1, wherein:
providing the security code to the remote client device includes:
the security code for the purchase is distributed prior to accepting the request to reconfigure the communication service.
7. The method of claim 6, wherein:
distributing the security code for purchase prior to accepting the request for communication service includes at least one of:
distributing the security code in tangible form to a retail store for payment at the retail store using the principal; and
the security code is distributed in a tangible form with the remote client device.
8. The method of claim 6, wherein:
distributing the security code for purchase prior to accepting the request for communication service includes:
the security code is automatically transmitted in electronic form via the internet in response to a request for the security code from a remote client device.
9. An apparatus for configuring communication services between a remote client device and a system operator, comprising:
a processor;
a memory communicatively coupled to the processor, the memory having processor instructions, the processor instructions including instructions to:
generating a security code according to:
one or more communication service parameter values; and
a key value;
providing a security code to a remote client device;
accepting a request from a remote client device to configure a communication service with a security code; and
automatically configuring a communication service according to the one or more communication service parameter values and the key value of the accepted security code.
10. The apparatus of claim 9, wherein:
the processor instructions further include processor instructions to:
cryptographically processing a security code to bind a key value to the one or more communication service parameter values;
the processor instructions for configuring the communication service according to the one or more communication parameter values and the key value of the accepted security code comprise processor instructions for:
verifying the accepted security code; and
if the security code is valid, the remote client device and the system operator are configured according to the communication service parameter value.
11. The apparatus of claim 10, wherein:
the processor instructions for cryptographically processing the security code to bind the key value to the communication service parameter value comprise processor instructions for:
hashing the key value and the one or more communication service parameter values; and
the processor instructions for verifying the accepted security code comprise:
the accepted security code is compared to the provided hashed security code.
12. The apparatus of claim 10, wherein:
the processor instructions for cryptographically processing a security code to bind a key value to the one or more communication service parameter values comprise processor instructions for:
encrypting the key value and the one or more communication service parameter values; and
the processor instructions for verifying the accepted security code comprise:
the encrypted security code is decrypted and the key value of the provided security code is compared with the key value of the accepted security code.
13. The apparatus of claim 9, wherein:
the processor instructions for configuring the communication service according to the one or more communication parameter values and key values of the accepted security code comprise processor instructions for:
transmitting a configuration file to the remote client device, the configuration file generated based at least in part on the one or more communication service parameter values.
14. The apparatus of claim 9, wherein:
the processor instructions for providing the security code to the remote client device include processor instructions for:
the security code for the purchase is distributed prior to accepting the request for communication service.
15. The apparatus of claim 14, wherein:
the processor instructions for distributing the security code for purchase prior to accepting the request to reconfigure the communication service comprise processor instructions for:
the security code is automatically transmitted in electronic form via the internet in response to a request for the security code from a remote client device.
16. An apparatus for configuring communication services between a remote client device and a system operator, comprising:
means for generating a security code according to:
one or more communication service parameter values; and
a key value;
means for providing security code to a remote client device;
means for accepting a request from a remote client device to reconfigure a communication service with a security code; and
means for automatically configuring a communication service according to the one or more communication service parameter values and the key value of the accepted security code.
17. The apparatus of claim 16, wherein:
the device also includes:
means for cryptographically processing a security code to bind a key value to the one or more communication service parameter values;
the means for automatically configuring a communication service according to the one or more communication service parameter values and key values of the accepted security code comprises:
means for verifying the accepted security code; and
means for configuring at the remote client device and the system operator according to the communication service parameter value if the security code is valid.
18. The apparatus of claim 17, wherein:
means for cryptographically processing a security code to bind a key value to a communication service parameter value comprises:
means for hashing the key value and the one or more communication service parameter values; and
verifying the accepted security code includes:
means for comparing the accepted security code with the provided hashed security code.
19. The apparatus of claim 17, wherein:
means for cryptographically processing a security code to bind a key value to a communication service parameter value comprises:
means for encrypting the key value and the one or more communication service parameter values; and
means for verifying the accepted security code comprises:
means for decrypting the encrypted security code and comparing the key value of the provided security code with the key value of the accepted security code.
20. The apparatus of claim 16, wherein:
means for configuring a communication service according to the one or more communication service parameter values and key values of the accepted security code comprises:
means for transmitting a configuration file to a remote client device, the configuration file generated based at least in part on the one or more communication service parameter values.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110457273.9A CN115250468A (en) | 2021-04-27 | 2021-04-27 | Method and apparatus for remote and automatic customer premises device configuration |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110457273.9A CN115250468A (en) | 2021-04-27 | 2021-04-27 | Method and apparatus for remote and automatic customer premises device configuration |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115250468A true CN115250468A (en) | 2022-10-28 |
Family
ID=83696297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110457273.9A Pending CN115250468A (en) | 2021-04-27 | 2021-04-27 | Method and apparatus for remote and automatic customer premises device configuration |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115250468A (en) |
-
2021
- 2021-04-27 CN CN202110457273.9A patent/CN115250468A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11570159B2 (en) | Secure key management in a high volume device deployment | |
| US8577041B2 (en) | Method for securely distributing configuration information to a device | |
| CN109302369B (en) | Data transmission method and device based on key verification | |
| US20200285457A1 (en) | Asset update service | |
| US10951467B2 (en) | Secure enabling and disabling points of entry on a device remotely or locally | |
| KR20040064709A (en) | System and method for activating individualized software modules in a digital broadcast environment | |
| WO2013054065A1 (en) | Method of transferring the control of a security module from a first entity to a second entity | |
| EP4252386A1 (en) | Scalable key management for encrypting digital rights management authorization tokens | |
| US11979491B2 (en) | Transmission of secure information in a content distribution network | |
| US8694773B2 (en) | Method of preventing unauthenticated viewing using unique information of secure micro | |
| CN115250468A (en) | Method and apparatus for remote and automatic customer premises device configuration | |
| US11218329B2 (en) | Certificate generation with fallback certificates | |
| US11818110B2 (en) | Method and apparatus for providing secure short-lived downloadable debugging tools | |
| WO2020206167A1 (en) | Protected client inventory redeployment | |
| CN118138227B (en) | Edge security updating method and device for remote quantum encryption transmission | |
| Headquarters | Release Notes for Cisco uBR905 and Cisco uBR925 Cable Access Routers for Cisco IOS Release 12.2 CZ |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20221028 |