Secure software updates

What is claimed is: 1. A method for updating software modules installed on client devices, the method comprising, at a client device: transmitting, to a first server device, a current version identifier for a software module installed on the client device; receiving an encrypted updated software module from a second server device that is communicatively coupled to and distinct from the first server device, wherein: the client device and the first server device communicate over a first data link, the client device and the second server device communicate over a second data link that is distinct from the first data link, and the encrypted updated software module is encrypted using a public encryption key that is unique to the client device; decrypting the encrypted updated software module using a private encryption key to produce a decrypted updated software module, wherein the private encryption key is a counterpart to the public encryption key; and installing the decrypted updated software module. 2. The method of claim 1 , wherein, when the first server device determines, based on the current version identifier for the software module, that an updated software module is available, the first server device issues a request to the second server device to provide the updated software module to the client device. 3. The method of claim 1 , wherein the first server device manages a plurality of current version identifiers for respective current versions of software modules installed on a plurality of client devices. 4. The method of claim 3 , wherein the plurality of current version identifiers includes the current version identifier, and the plurality of client devices includes the client device. 5. The method of claim 1 , wherein: the first server device and the second server device communicate over a third data link, and the first, second, and third data links are distinct from one another. 6. The method of claim 1 , further comprising: providing, to the first server device, the public encryption key, wherein the first server device provides the public encryption key to the second server device. 7. The method of claim 1 , further comprising, prior to installing the decrypted updated software module: authenticating a digital signature associated with the decrypted updated software module. 8. At least one non-transitory computer readable storage medium configured to store instructions that, when executed by at least one processor included in a client device, cause the client device to carry out steps that include: transmitting, to a first server device, a current version identifier for a software module installed on the client device; receiving an encrypted updated software module from a second server device that is communicatively coupled to and distinct from the first server device, wherein: the client device and the first server device communicate over a first data link, the client device and the second server device communicate over a second data link that is distinct from the first data link, and the encrypted updated software module is encrypted using a public encryption key that is unique to the client device; decrypting the encrypted updated software module using a private encryption key to produce a decrypted updated software module, wherein the private encryption key is a counterpart to the public encryption key; and installing the decrypted updated software module. 9. The at least one non-transitory computer readable storage medium of claim 8 , wherein, when the first server device determines, based on the current version identifier for the software module, that an updated software module is available, the first server device issues a request to the second server device to provide the updated software module to the client device. 10. The at least one non-transitory computer readable storage medium of claim 8 , wherein the first server device manages a plurality of current version identifiers for respective current versions of software modules installed on a plurality of client devices. 11. The at least one non-transitory computer readable storage medium of claim 10 , wherein the plurality of current version identifiers includes the current version identifier, and the plurality of client devices includes the client device. 12. The at least one non-transitory computer readable storage medium of claim 8 , wherein: the first server device and the second server device communicate over a third data link, and the first, second, and third data links are distinct from one another. 13. The at least one non-transitory computer readable storage medium of claim 8 , wherein the steps further include: providing, to the first server device, the public encryption key, wherein the first server device provides the public encryption key to the second server device. 14. The at least one non-transitory computer readable storage medium of claim 8 , wherein the steps further include, prior to installing the decrypted updated software module: authenticating a digital signature associated with the decrypted updated software module. 15. A client device, comprising: at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the client device to perform steps that include: transmitting, to a first server device, a current version identifier for a software module installed on the client device; receiving an encrypted updated software module from a second server device that is communicatively coupled to and distinct from the first server device, wherein: the client device and the first server device communicate over a first data link, the client device and the second server device communicate over a second data link that is distinct from the first data link, and the encrypted updated software module is encrypted using a public encryption key that is unique to the client device; decrypting the encrypted updated software module using a private encryption key to produce a decrypted updated software module, wherein the private encryption key is a counterpart to the public encryption key; and installing the decrypted updated software module. 16. The client device of claim 15 , wherein, when the first server device determines, based on the current version identifier for the software module, that an updated software module is available, the first server device issues a request to the second server device to provide the updated software module to the client device. 17. The client device of claim 15 , wherein the first server device manages a plurality of current version identifiers for respective current versions of software modules installed on a plurality of client devices. 18. The client device of claim 17 , wherein the plurality of current version identifiers includes the current version identifier, and the plurality of client devices includes the client device. 19. The client device of claim 15 , wherein: the first server device and the second server device communicate over a third data link, and the first, second, and third data links are distinct from one another. 20. The client device of claim 15 , wherein the at least one processor further causes the client device to perform steps that include: providing, to the first server device, the public encryption key, wherein the first server device provides the public encryption key to the second server device.