Automatic update of computer-readable components to support a trusted environment

US 20070033420A1
Filed: 07/19/2005
Published: 02/08/2007
Est. Priority Date: 07/19/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having computer-executable instructions performing a method, comprising:

determining whether computer-readable components loaded within a memory of a computing device are at a level of protection specified for protected content that a media application is attempting to process; and

if a current level of protection of the computing device provides less protection than the level of protection specified for the protected content, updating a file to achieve at least the level of protection specified by the protected content, wherein updating is performed in a manner that minimizes rebooting of the computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present automatic update mechanism provides a method for determining whether computer-readable components loaded within a memory device are at a level of protection specified for protected content that a media application is attempting to process. If a current level of protection provides lower protection that the level specified, a file is updated to achieve at least the level of protection specified by the protected content. Updating the file to achieve the level of protection is performed in a manner that minimizes rebooting of a computing device.

16 Citations

View as Search Results

20 Claims

1. A computer-readable medium having computer-executable instructions performing a method, comprising:
- determining whether computer-readable components loaded within a memory of a computing device are at a level of protection specified for protected content that a media application is attempting to process; and
  
  if a current level of protection of the computing device provides less protection than the level of protection specified for the protected content, updating a file to achieve at least the level of protection specified by the protected content, wherein updating is performed in a manner that minimizes rebooting of the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The computer-readable medium of claim 1, wherein updating the file includes accessing an update service where the file as been published.
  - 3. The computer-readable medium of claim 2, wherein the update service includes MICROSOFT®
    - WINDOWS®
      
      update software.
  - 4. The computer-readable medium of claim 2, further comprising obtaining an updated version of each component listed as a revoked component within the file and needed for processing of the protected content.
  - 5. The computer-readable medium of claim 4, wherein the updated version of the component is available on the computing device as a pending component that was previously downloaded.
  - 6. The computer-readable medium of claim 4, wherein the file is in a format for a Cardea-style certification revocation list (CRL) and the revoked component is identified with a certificate hash, the certificate hash being used to identify a location on the update service from where to download the updated version, or if not available on the update service, identifying a uniform resource locator.
  - 7. The computer-readable medium of claim 6, wherein the URL navigates to a help page.
  - 8. The computer-readable medium of claim 6, wherein the URL navigates to a third party website where the updated version can be downloaded.
  - 9. The computer-readable medium of claim 6, wherein a FWLFNK mechanism is used to identify the location or the uniform resource locator.
  - 10. The computer-readable medium of claim 4, wherein the file is in a format for an App certification revocation list (CRL) and the revoked component is identified with a public key, the public key being used to identify a location on the update service from where to download the updated version, or if not available on the update service, identifying a uniform resource locator.
  - 11. The computer-readable medium of claim 4, wherein the file is in a format for a global revocation list and the revoked component is identified by a GUID, the GUID being used to identify a location on the update service from where to install the update version.
  - 12. The computer-readable medium of claim 4, further comprising loading the updated version of each component within the memory before performing the rebooting, if the rebooting is necessary.
  - 13. The computer-readable medium of claim 1, wherein minimizing rebooting of the computing device is based on a reboot parameter within the file and not rebooting unless the reboot parameter indicates the file contains at least one malicious kernel-mode computer-readable component.
  - 14. The computer-readable medium of claim 13, wherein minimizing rebooting is further based on a process restart parameter within the file and restarting each process associated with the processing of the protected content if the process restart parameter indicates that the file contains at least one malicious user-mode computer-readable component.
  - 15. The computer-readable medium of claim 14, wherein the process restart parameter is configured as a counter that increments if the file identifies a malicious user-mode computer-readable component and remains the same if there is not a malicious user-mode computer-readable component identified in the file.

16. A computing device, comprising:
- a processor;
  
  a memory into which a plurality of computer-executable components are loaded, the plurality of components comprising;
  
  a media application for processing protected content;
  
  an authorization component executing within a kernel space of the memory;
  
  a renewal component configured to receive an identifier associated with one of the plurality of computer-executable components when the authorization component fails to load the one component due to its untrustworthiness and to automatically obtain an updated version of the one component using the identifier upon user authorization.
- View Dependent Claims (17, 18, 19)
- - 17. The computing device recited in claim 16, wherein the identifier comprises a hash of a binary file containing the revoked component.
  - 18. The computing device recited in claim 16, wherein the identifier comprises a certificate that has signed the revoked component.
  - 19. The computing device recited in claim 16, wherein automatically obtaining the updated version comprises sending the identifier to an update service, the identifier specifying a location on the update service from where to download the updated version.

20. A computer-readable storage medium having stored thereon a data structure, comprising:
- a header section including a version identifier and a force reboot parameter, the version identifier corresponding to a level of trust provided to protected content processed by a computing device enforcing the data structure;
  
  a revocation section identifying at least one computer-readable component that has become untrustworthy in supporting the level of trust; and
  
  a renewal section identifying a location for an updated version of a corresponding computer-readable component identified within the revocation section;
  
  wherein upon processing of protected content, the version is examined to determine whether the computing device needs to obtain another data structure having a different version and examining the force reboot parameter to determine whether the computing device needs to be rebooted after obtaining the updated version for each of the computer-readable components, the force reboot parameter indicating that rebooting occurs if any one of the computer-readable components identified in the revocation section is a malicious kernel-mode computer-readable component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Sherwani, Adil, Punniamoorthy, Pranavakumar, Dunbar, Geoffrey, Barde, Sumedh, Van Dyke, Clifford, Kuhn, Reid, Deshpande, Rajesh

Granted Patent

US 7,650,492 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

Automatic update of computer-readable components to support a trusted environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Automatic update of computer-readable components to support a trusted environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others