Methods and arrangements for limiting access to computer controlled functions and devices

US 20060010499A1
Filed: 09/06/2005
Published: 01/12/2006
Est. Priority Date: 03/29/2000
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

verifying that a first application is authorized to set an initial range for a controlled parameter setting;

if authorized, allowing the first application to set an initial range for the controlled parameter setting; and

subsequently, allowing at least a second application to modify the controlled parameter setting within the initial range set by the first application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and arrangements are provided to verify if a requesting computer application is authorized to change a controlled parameter associated with a computer controlled device and/or function. To accomplish this, one or verification functions are employed to analyze a security code or absence thereof, as identified by a requesting application. If the security code, which may be encrypted, matches a known or calculated valid security code, then the requesting application is deemed to be authorized to change the controlled parameter and/or modify certain limitations associated with an acceptable range for the controlled parameter. If the security code does not match a known or calculated valid security code, then the requesting application is deemed to be unauthorized to change the controlled parameter outside of a previously established acceptable range for the controlled parameter. The verification function can be implemented in a ROM to increase the security and to thwart attempts to circumvent the authorization scheme. Several independent verification functions can be arranged to support the verification of a plurality of authorized applications.

26 Citations

View as Search Results

63 Claims

1. A method comprising:
- verifying that a first application is authorized to set an initial range for a controlled parameter setting;
  
  if authorized, allowing the first application to set an initial range for the controlled parameter setting; and
  
  subsequently, allowing at least a second application to modify the controlled parameter setting within the initial range set by the first application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17)
- - 2. A method as recited in claim 1, wherein the first application is verified based on a first security code.
  - 3. A method as recited in claim 2, wherein the first security code is at least partially encrypted.
  - 4. A method as recited in claim 1, wherein the first application is verified based at least partially on memory location information associated with a verifying function.
  - 5. A method as recited in claim 4, wherein the memory location information associated with the verifying function defines memory location within a read only memory (ROM).
  - 6. A method as recited in claim 1, wherein the initial range includes at least a maximum controlled parameter setting, and the second application is not allowed to modify the controlled parameter setting beyond the maximum controlled parameter setting.
  - 7. A method as recited in claim 1, wherein the initial range includes at least a minimum controlled parameter setting, and the second application is not allowed to modify the controlled parameter setting below the minimum controlled parameter setting.
  - 8. A method as recited in claim 1, further comprising:
    - verifying that the second application is authorized to modify a current range for the controlled parameter setting;
      
      if authorized, allowing the second application to modify the current range for the controlled parameter setting; and
      
      subsequently, allowing at least a third application to modify the controlled parameter setting within the current range as modified by the second application.
  - 9. A method as recited in claim 8, wherein the second application is verified based on a second security code.
  - 10. A method as recited in claim 9, wherein the second security code is at least partially encrypted.
  - 11. A method as recited in claim 8, wherein the second application is verified based at least partially on memory location information associated with a verifying function.
  - 13. A method as recited in claim 8, wherein the current range includes at least a maximum controlled parameter setting, and the third application is not allowed to modify the controlled parameter setting beyond the maximum controlled parameter setting.
  - 14. A method as recited in claim 8, wherein the current range includes at least a minimum controlled parameter setting, and the third application is not allowed to modify the controlled parameter setting below the minimum controlled parameter setting.
  - 15. A method as recited in claim 1, wherein the controlled parameter setting is selected from a group of settings comprising an audio volume control parameter, an audio tone control parameter, an illumination control parameter, a visual display control parameter, a temperature control parameter, a communication access control parameter, a peripheral device control parameter, a vehicle control parameter, and an environment control parameter.
  - 16. A method as recited in claim 1, wherein verifying that the first application is authorized to set the initial range for the controlled parameter setting further includes using at least one verifier selected from a group comprising at least a first verifier and a second verifier.
  - 17. A computer-readable medium as recited in claim 8, wherein verifying that the second application is authorized to set the initial range for the controlled parameter setting further includes using at least one verifier selected from a group comprising at least a first verifier and a second verifier.

12. A method as recited in claim 111, wherein the memory location information associated with the verifying function defines memory location within a read only memory (ROM).

18. A computer-readable medium having computer-executable instructions for performing steps comprising:
- verifying that a first application is authorized to set an initial range for a controlled parameter setting;
  
  if authorized, allowing the first application to set an initial range for the controlled parameter setting; and
  
  subsequently, allowing at least a second application to modify the controlled parameter setting within the initial range set by the first application.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. A computer-readable medium as recited in claim 18, wherein the first application is verified based on a first security code.
  - 20. A computer-readable medium as recited in claim 19, wherein the first security code is at least partially encrypted.
  - 21. A computer-readable medium as recited in claim 18, wherein the first application is verified based at least partially on memory location information associated with a verifying function.
  - 22. A computer-readable medium as recited in claim 21, wherein the memory location information associated with the verifying function defines memory location within a read only memory (ROM).
  - 23. A computer-readable medium as recited in claim 18, wherein the initial range includes at least a maximum controlled parameter setting, and the second application is not allowed to modify the controlled parameter setting beyond the maximum controlled parameter setting.
  - 24. A computer-readable medium as recited in claim 18, wherein the initial range includes at least a minimum controlled parameter setting, and the second application is not allowed to modify the controlled parameter setting below the minimum controlled parameter setting.
  - 25. A computer-readable medium as recited in claim 18, having computer-executable instructions for performing steps further comprising:
    - verifying that the second application is authorized to modify a current range for the controlled parameter setting;
      
      if authorized, allowing the second application to modify the current range for the controlled parameter setting; and
      
      subsequently, allowing at least a third application to modify the controlled parameter setting within the current range as modified by the second application.
  - 26. A computer-readable medium as recited in claim 25, wherein the second application is verified based on a second security code.
  - 27. A computer-readable medium as recited in claim 26, wherein the second security code is at least partially encrypted.
  - 28. A computer-readable medium as recited in claim 25, wherein the second application is verified based at least partially on memory location information associated with a verifying function.
  - 29. A computer-readable medium as recited in claim 28, wherein the memory location information associated with the verifying function defines memory location within a read only memory (ROM).
  - 30. A computer-readable medium as recited in claim 25, wherein the current range includes at least a maximum controlled parameter setting, and the third application is not allowed to modify the controlled parameter setting beyond the maximum controlled parameter setting.
  - 31. A computer-readable medium as recited in claim 25, wherein the current range includes at least a minimum controlled parameter setting, and the third application is not allowed to modify the controlled parameter setting below the minimum controlled parameter setting.
  - 32. A computer-readable medium as recited in claim 18, wherein the controlled parameter setting is selected from a group of settings comprising an audio volume control parameter, an audio tone control parameter, an illumination control parameter, a visual display control parameter, a temperature control parameter, a communication access control parameter, a peripheral device control parameter, a vehicle control parameter, and an environment control parameter.
  - 33. A computer-readable medium as recited in claim 18, wherein verifying that the first application is authorized to set the initial range for the controlled parameter setting further includes using at least one verifier selected from a group comprising at least a first verifier and a second verifier.
  - 34. A computer-readable medium as recited in claim 25, wherein verifying that the first application is authorized to set the initial range for the controlled parameter setting further includes using at least one verifier selected from a group comprising at least a first verifier and a second verifier.

35. A method comprising:
- setting an authorized range and a current value for a controlled parameter;
  
  receiving a request to change the current value of the controlled parameter from an application;
  
  changing the current value of the controlled parameter if a requested value of the controlled parameter is within the authorized range;
  
  otherwise, verifying that the application is authorized to modify the authorized range for the controlled parameter, prior to changing the current value of the controlled parameter to the requested value.
- View Dependent Claims (36, 37, 38, 39)
- - 36. A method as recited in claim 35, wherein verifying that the application is authorized to modify the authorized range for the controlled parameter further comprises changing the authorized range to include the requested value when the application is authorized to modify the authorized range.
  - 37. A method as recited in claim 36, wherein the authorized range includes at least one authorized limit selected from a group including a minimum authorized limit and a maximum authorized limit.
  - 38. A method as recited in claim 37, further comprising changing the current value of the controlled parameter to the minimum authorized limit if the requested value is less than the minimum authorized limit and the application is not authorized to modify the authorized range.
  - 39. A method as recited in claim 37, further comprising changing the current value of the controlled parameter to the maximum authorized limit if the requested value is more than the maximum authorized limit and the application is not authorized to modify the authorized range.

40. A computer-readable medium having computer-executable instructions for performing steps comprising:
- setting an authorized range and a current value for a controlled parameter;
  
  receiving a request to change the current value of the controlled parameter from an application;
  
  changing the current value of the controlled parameter if a requested value of the controlled parameter is within the authorized range;
  
  otherwise, verifying that the application is authorized to modify the authorized range for the controlled parameter, prior to changing the current value is of the controlled parameter to the requested value.
- View Dependent Claims (41, 42, 43, 44)
- - 41. A computer-readable medium as recited in claim 40, wherein verifying that the application is authorized to modify the authorized range for the controlled parameter further comprises changing the authorized range to include the requested value when the application is authorized to modify the authorized range.
  - 42. A computer-readable medium as recited in claim 41, wherein the authorized range includes at least one authorized limit selected from a group including a minimum authorized limit and a maximum authorized limit.
  - 43. A computer-readable medium as recited in claim 42, further comprising computer-executable instructions for performing the step of changing the current value of the controlled parameter to the minimum authorized limit if the requested value is less than the minimum authorized limit and the application is not authorized to modify the authorized range.
  - 44. A computer-readable medium as recited in claim 42, further comprising computer-executable instructions for performing the step of changing the current value of the controlled parameter to the maximum authorized limit if the requested value is more than the maximum authorized limit and the application is not authorized to modify the authorized range.

45. A system comprising:
- at least one processor operatively configured to respond to computer instructions associated with a plurality of applications, including a first application;
  
  memory coupled to the processor and configured to store data associated with at least the first application, and a program operatively configured within the processor and memory and arranged to set a parameter value and a range associated with at least one controlled parameter, determine if the first application is authorized to modify the range, modify the parameter value within the range when requested by the first application, and modify the parameter value outside the range and modify the range when requested by the first application if the first application is authorized to modify the range.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
- - 46. A system as recited in claim 45, wherein the program determines if the first application is authorized to modify the range by analyzing a security code provided by the first application.
  - 47. A system as recited in claim 46, wherein the program decodes the security code and compares the resulting data to predetermined data to determine if the first application is authorized to modify the range.
  - 48. A system as recited in claim 46, wherein the program determines that the first application is authorized to change the range only if the security code matches a valid security code.
  - 49. A system as recited in claim 46, wherein the program further includes at least one linked verifier function stored within a predefined portion of the memory, and the program is configured to determine if the linked verifier function, as called by the program, is not within the predefined portion of the memory, in which case, the program determines that the first application is unauthorized to modify the range.
  - 50. A system as recited in claim 49, wherein the predefined memory location is within a read only portion of the memory.
  - 51. A system as recited in claim 46, wherein the security code is uniquely associated a software developer entity responsible for providing the first application.
  - 52. A system as recited in claim 45, wherein the processor is operatively configured to respond to computer instructions associated with at least a second application, and the program is further configured to determine if the second application is authorized to modify the range, modify the parameter value within the range when requested by the second application, and modify the parameter value outside the range and modify the range when requested by the first application if the first application is authorized to modify the range.
  - 53. A system as recited in claim 45 wherein the parameter is selected from a group comprising an audio volume control parameter, an audio tone control parameter, an illumination control parameter, a visual display control parameter, a temperature control parameter, a communication access control parameter, a peripheral device control parameter, a vehicle control parameter, and an environment control parameter.
  - 54. A system as recited in claim 45, wherein the processor, the memory, and the program are part of a computer system within a vehicle.
  - 55. A system as recited in claim 45;
    - further comprising at least one device that is coupled to the program and is responsive to the parameter value from the program.

56. An arrangement for use in a computer system, the arrangement comprising:
- a parameter manager configurable to receive a parameter change request from one or more computer applications and selectively output a corresponding parameter value;
  
  at least one verifier function accessible by the parameter manager and configured to determine if the parameter change request is from a computer application that is authorized to exceed a parameter limitation; and
  
  a device driver coupled to the parameter manager and configured to receive the parameter value from the parameter manager and output a corresponding control parameter suitable for use by at least one device.
- View Dependent Claims (57, 58, 59, 60, 61, 62, 63)
- - 57. An arrangement as recited in claim 56, wherein the verifier determines if the parameter change request is from the computer application authorized to exceed the parameter limitation by analyzing a security code identified by the first application.
  - 58. An arrangement as recited in claim 56, wherein the verifier decodes the security code and compares the resulting data to a valid security code to determine if the computer application is authorized to exceed the parameter limitation.
  - 59. An arrangement as recited in claim 56, wherein at least a portion of the verifier is invoked by the parameter manager in a predefined, identifiable manner, such that if invoked otherwise the computer application is deemed unauthorized to exceed the parameter limitation.
  - 60. An arrangement as recited in claim 59, further comprising a memory, and wherein the at least a portion of the verifier that is invoked by the parameter manager in a predefined, identifiable manner is associated with at least one memory location within a read only portion of the memory.
  - 61. An arrangement system as recited in claim 56, wherein the security code is uniquely associated a software developer entity responsible for providing the computer application and the verifier.
  - 62. An arrangement as recited in claim 56, wherein the parameter manager, verifier, and device driver are part of a computer system within a vehicle.
  - 63. An arrangement as recited in claim 56, wherein the at least one device includes a computer implemented function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Yip, Clement Chun Pong, Falcon, Stephen Russell

Granted Patent

US 7,950,048 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/572 Secure firmware programming...

Methods and arrangements for limiting access to computer controlled functions and devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

63 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and arrangements for limiting access to computer controlled functions and devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

63 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links