Search

US-12621516-B2 - Systems and methods for secure updates

US12621516B2US 12621516 B2US12621516 B2US 12621516B2US-12621516-B2

Abstract

A computer device is provided for performing secure updates and notifications. The computer device includes a transceiver configured for operable communication with an operator computer device of a communication network via a connection with a vendor computer device, and a first processor having a first memory device configured to store computer-executable instructions, which cause the first processor to (i) store a plurality of registration information for the operator computer device, which is registered for notifications for one or more device types, (ii) receive, from the vendor computer device, an update notification message associated with devices of a first device type, (iii) determine a link to update materials associated with the update notification message, (iv) determine additional operator computer devices that are registered to receive updates for the first device type, and (v) transmit, to the additional operator computer devices, an update notification message including the link to the update materials.

Inventors

  • Andrew Alexander Dolan
  • Brian A. Scriber
  • Massimiliano Pala
  • Steven J. Goeringer
  • Yuan Tian

Assignees

  • CABLE TELEVISION LABORATORIES, INC.

Dates

Publication Date
20260505
Application Date
20240826

Claims (20)

  1. 1 . A computing device for performing secure updates and notifications, comprising: a transceiver configured for operable communication with at least one operator computer device of a communication network and via an operable connection with at least one vendor computer device; and a first processor including a first memory device configured to store computer-executable instructions, which, when executed by the first processor, cause the first processor to: receive, from a first vendor computer device, an update notification message associated with devices of a first device type; determine one or more additional operator computer devices that are registered to receive updates for the first device type; and transmit, to the determined one or more additional operator computer devices, one or more update notification messages, wherein the one or more additional operator computer devices are configured to determine a subsequent time to update one or more devices of the first device type based upon the one or more update notification messages and a current load of the one or more devices of the first device type.
  2. 2 . The computing device of claim 1 , further comprising an update repository, wherein the instructions further cause the first processor to: receive, from the first vendor computer device, update materials associated with the update notification message; and store the update materials in the update repository.
  3. 3 . The computing device of claim 1 , wherein the instructions further cause the first processor to: receive, from a first operator computer device of the one or more additional operator computer devices, a request to download update materials; and transmit, to the first operator computer device, the update materials.
  4. 4 . The computing device of claim 1 , wherein the instructions further cause the first processor to mutually authenticate the connection with the first vendor computer device.
  5. 5 . The computing device of claim 1 , wherein the instructions further cause the first processor to mutually authenticate the communication with the at least one operator computer device.
  6. 6 . The computing device of claim 1 , wherein the instructions further cause the first processor to: receive a plurality of update messages from a plurality of vendor computer devices; and for each update message of the plurality of update messages, (i) determine a device type associated with the corresponding update notification message of the plurality of update messages, and 11 determine that a first operator computer device of the one or more additional operator computer devices is registered to receive update notification messages for the corresponding device type.
  7. 7 . The computing device of claim 1 , wherein the instructions further cause the first processor to receive registration information for a first operator computer device of the one or more additional operator computer devices, and wherein the registration information includes information identifying one or more device types associated with the first operator computer device.
  8. 8 . The computing device of claim 1 , wherein the update notification message include at least one of model number, a serial number range, a current update number, and a software version number.
  9. 9 . The computing device of claim 1 , wherein the update notification message includes at least one vendor-based cryptographic signature.
  10. 10 . The computing device of claim 1 , wherein the update notification message includes a cryptographic signature of update materials.
  11. 11 . The computing device of claim 1 , wherein the update notification message (i) is for a rollback, and (ii) includes a previously released version of software and/or firmware to apply to the devices of the first device type, wherein the one or more additional operator computer devices are configured to determine instruct one or more devices of the first device type to update to a previously released version of software and/or firmware.
  12. 12 . The computing device of claim 1 , wherein the instructions further cause the first processor to: remove faulty update materials from an update repository based on the update notification message; and store a placeholder for the faulty update materials indicating that a version of software and/or firmware exists and that the version is vulnerable.
  13. 13 . The computing device of claim 1 , wherein the instructions further cause the first processor to: mark update materials as faulty based on the update notification message; and prevent any download of the faulty update materials.
  14. 14 . The computing device of claim 1 , wherein a first operator computer device of the one or more additional operator computer devices includes at least one second processor in communication with at least one second memory device having programming configured to cause the second processor to: receive the update notification message from the computing device; and analyze the update notification message to determine when to update a plurality of devices of the first device type.
  15. 15 . The computing device of claim 14 , wherein the programming further causes the second processor to retrieve update materials from an update repository using the update notification message, and wherein the programming further causes the second processor to apply the update materials to the plurality of devices of the first device type on a schedule based on the analysis of the update notification message.
  16. 16 . A method for performing secure updates and notifications, the method implemented by a first processor in communication with a first memory device, with at least one operator computer device of a communication network, and with at least one vendor computer device, the method comprises: receiving, from a first vendor computer device, an update notification message associated with devices of a first device type; determining one or more additional operator computer devices that are registered to receive updates for the first device type; and transmitting, to the determined one or more additional operator computer devices, one or more update notification messages, wherein the one or more additional operator computer devices are configured to determine a subsequent time to update one or more devices of the first device type based upon the one or more update notification messages and a current load of the one or more devices of the first device type.
  17. 17 . The method of claim 16 , wherein the update notification message (i) is for a rollback, and (ii) includes a previously released version of software and/or firmware to apply to the devices of the first device type, wherein the one or more additional operator computer devices are configured to determine instruct one or more devices of the first device type to update to a previously released version of software and/or firmware.
  18. 18 . The method of claim 16 further comprising: removing faulty update materials from an update repository based on the update notification message; and storing a placeholder for the faulty update materials indicating that a version of software and/or firmware exists and that the version is vulnerable.
  19. 19 . The method of claim 16 further comprising: marking update materials as faulty based on the update notification message; and preventing any download of the faulty update materials.
  20. 20 . The method of claim 16 further comprising wherein a first operator computer device of the one or more additional operator computer devices is programmed to perform the steps of: receiving the update notification message from the first processor; and analyzing the update notification message to determine when to update a plurality of devices of the first device type.

Description

CROSS REFERENCE TO RELATED APPLICATIONS This application is a continuation of U.S. patent application Ser. No. 17/568,964, filed Jan. 5, 2022, which application claims the benefit of and priority to U.S. Provisional Patent Application No. 63/133,871, filed Jan. 5, 2021, and U.S. Provisional Patent Application No. 63/273,354, filed Oct. 29, 2021, and U.S. Provisional Patent Application No. 63/182,079, filed Apr. 30, 2021, which are hereby incorporated by reference in their entireties. BACKGROUND The field of the disclosure relates generally to secure updates, and more particularly, to systems and methods for providing secure and trusted updates to systems and devices. As with many ecosystems, the use of a secure update mechanism is critical to the security of devices and their connected networks. While there already exist secure update practices that operators apply to network elements such as cable modems (e.g., DOCSIS cable modem secure software download), there is no standard process by which vendors provide update materials (e.g., images, configuration data) to operators that provides optimal efficiency and security. Additionally, the wide variety of devices and network elements that require update services as well as the diverse vendor community results in a complex space in which it may be difficult for an operator to provide comprehensive and sufficiently secure support of update practices across all devices in the network. Furthermore, there may be multiple different devices on the network which will require the operator to monitor each device type or individual device for updates. Furthermore, different operators of different networks may have varying levels of support, varying levels of turnover of support staff, can change as businesses change hands, and can even include home networks. Updates are a pivotal aspect of security for patching vulnerabilities and for securely providing new features. However, there is currently no standard update solution or even a standard scope for the update lifecycle as each vendor creates and/or uses their own process. However, efficiency is particularly critical when it comes to update processes, and not all current practices may support secure automation that enables efficient provisioning of updates. To ensure that updates are consistently provided to any and all devices and network elements under the management of an operator, and to ensure that an update mechanism that is secure is the most convenient to use, a standardized approach is needed to ensure that devices are consistently and efficiently kept up to date. SUMMARY In an embodiment, a Trusted Update Repository and Notifier (TURN) computing device is provided for performing secure updates and notifications. The computing device includes a transceiver configured for operable communication with at least one operator computer device of a communication network and via an operable connection with at least one vendor computer device. The computing device further includes a first processor having a first memory device configured to store computer-executable instructions. When executed by the first processor, the instructions cause the first processor to (i) store a plurality of registration information for the at least one operator computer device, wherein the at least one operator computer device is registered for notifications for one or more device types, (ii) receive, from a first vendor computer device, an update notification message associated with devices of a first device type, (iii) determine a link to update materials associated with the update notification message, (iv) determine one or more additional operator computer devices that are registered to receive updates for the first device type, and (v) transmit, to the determined one or more additional operator computer devices, one or more update notification messages including the link to the update materials. BRIEF DESCRIPTION These and other features, aspects, and advantages of the present disclosure will become better understood when the following detailed description is read with reference to the following accompanying drawings, in which like characters represent like parts throughout the drawings. FIG. 1 illustrates a block diagram of a first system architecture for providing secure updates to devices in accordance with at least one embodiment. FIG. 2 illustrates a block diagram of a second system architecture for providing secure updates to devices in accordance with at least one embodiment. FIG. 3 illustrates a timing diagram of a process for providing secure updates to devices using the system architecture shown in FIG. 1. FIG. 4 illustrates a timing diagram of a process for providing secure updates to devices using the system architecture shown in FIG. 2. FIG. 5 illustrates a block diagram of an embodiment of a computer system or cloud server in which the present disclosure may be implemented. Unless otherwise indicated, the drawings provide