Adaptive software installation process supporting multiple layers of security-related attributes

US 20020087876A1
Filed: 12/28/2000
Published: 07/04/2002
Est. Priority Date: 12/28/2000
Status: Abandoned Application

First Claim

Patent Images

1. A processing system comprising:

a generation processor at a first computer to receive an original software product and to provide a first version of the software having a limited functionality and a second version of the software having increased functionality which is dependent upon and utilizes security-related attributes of the computer on which the software is to be executed; and

an execution processor at the second computer, adapted to receive the versions of the software from the first computer, comprising;

an assessor for identifying, prior to execution of the first version, the security-related attributes of the second computer;

a version initiator for initiating the execution of the second version in the place of the first version if the security-related attributes of the second computer supports the increased functionality of the second version during which the security-related attributes of the second computer are utilized; and

a code processor for executing the version of the software to be executed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing security for programs installed in a computer is disclosed in which the original program is divided into versions of increasing functionality and in which higher functioning versions depend upon and utilize security-related attributes of the computer on which the program is to be executed. The versions are installed on the user'"'"'s computer. Upon initiation of execution of the lowest functioning version, the security-related attributes of the user'"'"'s computer are inspected and the execution of the second version is initiated in the place of the first version if the security-related attributes of the second computer support the increased functionality of the second version. If so, the security-related attributes are used in the second version prior to execution. In either case, the remaining version is then executed without the need for further intervention for security purposes.

Citations

43 Claims

1. A processing system comprising:
- a generation processor at a first computer to receive an original software product and to provide a first version of the software having a limited functionality and a second version of the software having increased functionality which is dependent upon and utilizes security-related attributes of the computer on which the software is to be executed; and
  
  an execution processor at the second computer, adapted to receive the versions of the software from the first computer, comprising;
  
  an assessor for identifying, prior to execution of the first version, the security-related attributes of the second computer;
  
  a version initiator for initiating the execution of the second version in the place of the first version if the security-related attributes of the second computer supports the increased functionality of the second version during which the security-related attributes of the second computer are utilized; and
  
  a code processor for executing the version of the software to be executed.

2. A generation processor at a first computer to receive an original software product and to provide a first version of the software having a limited functionality and second version of the software having increased functionality which is dependent upon and utilizes security-related attributes of the computer on which the program is to be executed, whereby an execution processor at the second computer may receive the versions of the software from the first computer, identify, prior to execution of the first version, the security-related attributes of the second computer, initiate the execution of the second version in the place of the first version if the security-related attributes of the second computer supports the increased functionality of the second version during which the security-related attributes of the second computer are utilized, and execute the version of the software to be executed.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 3. The generation processor according to claim 2 comprising:
    - a mapper for generating a map of the functions of the original software product into versions of the software.
  - 4. The generation processor according to claim 2 comprising:
    - a generator for generating the versions of the software in accordance with a map of the functions of the original software product into versions of the software
  - 5. The generation processor according to claim 4 wherein the generator inserts logic into the versions for determining the security-related attributes of the computer on which the software is to be executed.
  - 6. The generation processor according to claim 5 wherein the logic is incorporated in a dynamic link library.
  - 7. The generation processor according to claim 4 wherein the generator adds logic into the versions to use the security-related attributes of the computer on which the software is to be executed.
  - 8. The generation processor according to claim 7 wherein the logic is incorporated in a dynamic link library.
  - 9. The generation processor according to claim 3 wherein the generator modifies the system-level behavior of the software.
  - 10. The generation processor according to claim 9 wherein the generator modifies the file input/output resources used by the software.
  - 11. The generation processor according to claim 9 wherein the generator modifies the user-machine interface used by the software.
  - 12. The generation processor according to claim 9 wherein the generator modifies the operating system resources as used by the application.
  - 13. The generation processor according to claim 12 wherein the generator creates proxies.
  - 15. The execution processor according to claim 14 wherein the security-related attribute of the second computer on which the second version depends comprises an attribute of the environment in which the second computer executes programs.
  - 16. The execution processor according to claim 15 wherein the presence or absence of the attribute is used in conjunction with other attributes to compute a figure of merit which determines whether the second version can be executed.
  - 17. The execution processor according to claim 15 wherein the attribute comprises the presence or absence of an adjunct device on the second computer.
  - 18. The execution processor according to claim 17 wherein the adjunct device is tamper-resistant.
  - 19. The execution processor according to claim 17 wherein the adjunct device is a dongle.
  - 20. The execution processor according to claim 15 wherein the attribute comprises the presence of an authenticable security capability on a network coupled to the second computer.
  - 21. The execution processor according to claim 15 wherein the attribute comprises the presence or absence of software for execution on the second computer.
  - 23. The execution processor according to claim 15 wherein the attribute comprises the presence or absence of local storage with pre-determined attributes.
  - 24. The execution processor according to claim 15 wherein the attribute comprises the presence or absence of a network connection.
  - 25. The execution processor according to claim 15 wherein the attribute comprises the presence or absence of a user certificate.
  - 27. The execution processor according to claim 15 wherein the attribute comprises the presence or absence of a currently valid logon session with an identified user.
  - 28. The execution processor according to claim 15 wherein the attribute comprises the presence or absence of an “
    - always-on”
      
      network connection.
  - 29. The execution processor according to claim 15 wherein the attribute comprises evidence of registration of the upgraded program for the second computer.
  - 30. The execution processor according to claim 15 wherein the attribute comprises the presence or absence of a cryptographic co-processor.
  - 31. The execution processor according to claim 15 wherein the attribute comprises the presence or absence of a smart-card reader adapted to be coupled with a smart-card.
  - 32. The execution processor according to claim 15 wherein the attribute comprises the presence or absence of a smart-card coupled to the second computer through a smart-card reader.
  - 33. The execution processor according to claim 15 wherein the attribute comprises the presence or absence of a connection to the internet.
  - 34. The execution processor according to claim 15 wherein the attribute comprises an independent authentication for user identification.
  - 35. The execution processor according to claim 14, wherein the second computer initially installs only the first version from the first computer and the version initiator installs the second version of the software and executes it only if the security-related attributes of the second computer supports its increased functionality.
  - 36. The execution processor according to claim 35 wherein the receipt of the second version requires the security-related attributes of the second computer to be utilized.
  - 37. The execution processor according to claim 36 wherein the second version is encrypted.
  - 38. The execution processor according to claim 36 wherein the second version is accessed at a URL which is encrypted.
  - 39. The execution processor according to claim 14 wherein the version initiator makes use of metadata files.
  - 40. The execution processor according to claim 39 wherein the metadata files are require the security-related attributes of the second computer to be utilized.

14. An execution processor at a second computer for receiving from a first computer, a software product for execution on the second computer in the form of a first version of the software having a limited functionality and a second version of the software having increased functionality which is dependent upon and utilizes security-related attributes of the computer on which the program is to be executed, the execution processor comprising:
- an assessor for identifying, prior to execution of the first version, the security-related attributes of the second computer;
  
  a version initiator for initiating the execution of the second version in the place of the first version if the security-related attributes of the second computer supports the increased functionality of the second version during which the security-related attributes of the second computer are utilized; and
  
  a code processor for executing the version of the software to be executed.

22. The execution processor according to claim 22 wherein the software comprises a run-time debugger.
- View Dependent Claims (26)
- - 26. The execution processor according to claim 25 wherein the user certificate is an X.509 certificate.

41. A method of selectively controlling the functionality of a software product, the method comprising the steps of:
- generating, at a first computer, a first version of the software having a limited functionality and a second version of the software having increased functionality which is dependent upon and utilizes security-related attributes of the computer on which the program is to be executed;
  
  receiving the versions of the software from the first computer, at a second computer for execution thereon;
  
  identifying, prior to execution of the first version, the security-related attributes of the second computer;
  
  initiating the execution of the second version in the place of the first version if the security-related attributes of the second computer supports the increased functionality of the second version during which the security-related attributes of the second computer are utilized; and
  
  executing the version of the software to be executed.

42. A computer-readable medium for storing computer-executable instructions which, when executed by a processor in a first computer, cause the processor to:
- receive an original software product and to provide a first version of the software having a limited functionality and a second version of the software having increased functionality which is dependent upon and utilizes security-related attributes of the computer on which the program is to be executed, whereby an execution processor at the second computer may receive the versions of the software from the first computer, identify, prior to execution of the first version, the security-related attributes of the second computer, initiate the execution of the second version in the place of the first version if the security-related attributes of the second computer supports the increased functionality of the second version during which the security-related attributes of the second computer are utilized and execute the version of the software to be executed.

43. A computer-readable medium for storing computer-executable instructions which, when executed by a processor in a second computer, cause the processor to:
- receive from a first computer, a software product for execution on the second computer in the form of a first version of the software having a limited functionality and a second version of the program having increased functionality which is dependent upon and utilizes security-related attributes of the computer on which the program is to be executed, identify, prior to execution of the first version, the security-related attributes of the second computer;
  
  initiate the execution of the second version in the place of the first version if the security-related attributes of the second computer supports the increased functionality of the second version during which the security-related attributes of the second computer are utilized; and
  
  execute the version of the software to be executed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetActive, Inc.
Original Assignee
NetActive, Inc.
Inventors
Larose, Gordon Edward

Application Number

US09/749,421
Publication Number

US 20020087876A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/121   Restricting unauthorised ex...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 8/61   Installation

Adaptive software installation process supporting multiple layers of security-related attributes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive software installation process supporting multiple layers of security-related attributes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links