Access-Control Method For Software Module And Programmable Electronic Device Therefor

US 20080077755A1
Filed: 09/19/2007
Published: 03/27/2008
Est. Priority Date: 06/21/2002
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access to a programmable electronic device configured to selectively activate any of a plurality of software modules, said method comprising:

a) classifying said plurality of software modules into software-restriction classes;

b) activating one of a plurality of access-control models;

c) receiving a request to access one of said plurality of software modules;

d) evaluating said software-restriction class for said one of said plurality of software modules and said one of said plurality of access-control models to determine whether to grant access to said one of said plurality of software modules; and

e) activating said one of said plurality of software modules when said evaluating activity determines to grant access to said one of said plurality of software modules.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A programmable electronic device (10) stores a number of cipher-text software modules (14) to which access is granted after evaluating a user'"'"'s token (55, 80, 82), a software-restriction class (58) for a requested software module (14), and/or a currently active access-control model (60). Access-control models (60) span a range from uncontrolled to highly restrictive. Models (60) become automatically activated and deactivated as users are added to and deleted from the device (10). A virtual internal user proxy that does not require users to provide tokens (80, 82) is used to enable access to modules (16) classified in a global software-restriction class (62) or when an uncontrolled-access-control model (68) is active. Both licensed modules (76) and unlicensed modules (18,78) may be loaded in the device (10). However, no keys are provided to enable decryption of unlicensed modules (18,78).

Citations

24 Claims

1. A method of controlling access to a programmable electronic device configured to selectively activate any of a plurality of software modules, said method comprising:
- a) classifying said plurality of software modules into software-restriction classes;
  
  b) activating one of a plurality of access-control models;
  
  c) receiving a request to access one of said plurality of software modules;
  
  d) evaluating said software-restriction class for said one of said plurality of software modules and said one of said plurality of access-control models to determine whether to grant access to said one of said plurality of software modules; and
  
  e) activating said one of said plurality of software modules when said evaluating activity determines to grant access to said one of said plurality of software modules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method as claimed in claim 1 wherein said activated one of said plurality of access-control models is a first access-control model, and said method additionally comprises:
    - deactivating said first access-control model; and
      
      activating a second one of said plurality of access-control models.
  - 3. A method as claimed in claim 1 wherein said plurality of access-control models includes an uncontrolled-access-control model for which no externally-supplied token is required to grant access to at least some of said software modules and a controlled-access-control model for which externally-supplied tokens are required to grant access to at least some of said software modules.
  - 4. A method as claimed in claim 3 wherein said software-restriction classes include a global software-restriction class configured so that no externally-supplied token is required to grant access to said ones of software modules classified in said global class regardless of which of said plurality of access-control models has been activated.
  - 5. A method as claimed in claim 1 wherein said plurality of access-control models includes:
    - an administered-controlled-access-control model configured so that an externally-supplied administrator token is required to grant access to ones of said software modules classified as being in an administration software-restriction class; and
      
      an unadministered-controlled-access-control model configured so that an externally-supplied common token is required to grant access to ones of said software modules classified as being in said administration software-restriction class.
  - 6. A method as claimed in claim 5 wherein said plurality of access-control models further includes an uncontrolled-access-control model for which no externally-supplied token is required to grant access to said software modules classified as being in said administration software-restriction class.
  - 7. A method as claimed in claim 1 wherein said method additionally comprises storing at least some of said software modules in an encrypted form in said device, and wherein said activating activity e) comprises:
    - obtaining a cipher-key from a token; and
      
      decrypting said one of said plurality of software modules in response to said cipher-key to form a plain-text module.
  - 8. A method as claimed in claim 7 wherein said token is an internally-supplied token for said software modules classified as being in a global software-restriction class.
  - 9. A method as claimed in claim 7 wherein said token is an internally-supplied token when an uncontrolled-access-control model has been activated for said device.
  - 10. A method as claimed in claim 7 wherein said token is an externally-supplied token for at least some of said software modules when a controlled-access-control model has been activated for said device.
  - 11. A method as claimed in claim 7 wherein:
    - said token is an internally-supplied token for ones of said software modules classified as being in a global software-restriction class;
      
      said token is an internally-supplied token for at least some of said software modules when an uncontrolled-access-control model has been activated for said device; and
      
      said token is an externally-supplied token for at least some of said software modules when a controlled-access-control model has been activated for said device.
  - 12. A method as claimed in claim 7 wherein:
    - said obtaining activity comprises combining a token-key portion of said token with a split-key to generate said cipher-key;
      
      said one of said plurality of software modules is a licensed program having a genuine split-key associated therewith; and
      
      another of said plurality of software modules is an unlicensed program having an artificial split-key associated therewith.

13. A programmable electronic device having an access-control system configured to selectively activate any of a plurality of software modules, said device comprising:
- a memory having a plurality of software modules which have been classified into software-restriction classes;
  
  an access-control-model-activator configured to activate one of a plurality of access-control models;
  
  an input device configured to receive a request to access one of said plurality of software modules;
  
  an access-control-processor configured to evaluate said software-restriction class for said one of said plurality of software modules and to evaluate said one of said plurality of access-control models to determine whether to grant access to said one of said plurality of software modules; and
  
  a module-activator configured to activate said one of said plurality of software modules when said access-control processor determines to grant access to said one of said plurality of software modules.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. A programmable electronic device as claimed in claim 13 wherein:
    - said activated one of said plurality of access-control models is a first access-control model; and
      
      said access-control-model-activator is further configured to deactivate said first access-control model and activate a second one of said plurality of access-control models.
  - 15. A programmable electronic device as claimed in claim 13 wherein said plurality of access-control models includes an uncontrolled-access-control model for which no externally-supplied token is required to grant access to at least some of said software modules and a controlled-access-control model for which externally-supplied tokens are required to grant access to at least some of said software modules.
  - 16. A programmable electronic device as claimed in claim 15 wherein said software-restriction classes include a global class configured so that no externally-supplied token is required to grant access to said ones of software modules classified in said global software-restriction class regardless of which of said plurality of access-control models has been activated.
  - 17. A programmable electronic device as claimed in claim 13 wherein said plurality of access-control models includes:
    - an administered-controlled-access-control model configured so that an externally-supplied administrator token is required to grant access to ones of said software modules classified as being in an administration software-restriction class; and
      
      an unadministered-controlled-access-control model configured so that an externally-supplied common token is required to grant access to ones of said software modules classified as being in said administration software-restriction class.
  - 18. A programmable electronic device as claimed in claim 17 wherein said plurality of access-control models further includes an uncontrolled-access-control model for which no externally-supplied token is required to grant access to said software modules classified as being in said administration software-restriction class.
  - 19. A programmable electronic device as claimed in claim 13 wherein:
    - said memory is configured so that at least some of said software modules are in an encrypted form; and
      
      said module-activator is configured to obtain a cipher-key in response to a token and decrypt said one of said plurality of software modules in response to said cipher-key to form a plain-text module.
  - 20. A programmable electronic device as claimed in claim 19 wherein said token is an internally-supplied token for said ones of said software modules that have been classified as being in a global software-restriction class, said internally-supplied token being stored in said memory.
  - 21. A programmable electronic device as claimed in claim 19 wherein said token is an internally-supplied token when an uncontrolled-access-control model has been activated for said device, said internally-supplied token being stored in said memory.
  - 22. A programmable electronic device as claimed in claim 19 wherein said token is an externally-supplied token for at least some of said software modules when a controlled-access-control model has been activated for said device, said externally-supplied token being received at an input device.
  - 23. A programmable electronic device as claimed in claim 19 wherein:
    - said token is an internally-supplied token obtained from said memory for ones of said software modules classified as being in a global software-restriction class;
      
      said token is an internally-supplied token for at least some of said software modules when an uncontrolled-access-control model has been activated for said device; and
      
      said token is an externally-supplied token for at least some of said software modules when a controlled-access-control model has been activated for said device, wherein said externally-supplied token is received at an input device.
  - 24. A programmable electronic device as claimed in claim 19 wherein:
    - said module-activator is configured to combine a token-key portion of said token with a split-key to generate said cipher-key;
      
      said one of said plurality of software modules is a licensed program having a genuine split-key associated therewith; and
      
      another of said plurality of software modules is an unlicensed program having an artificial split-key associated therewith.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Dynamics C4 Systems Incorporated (General Dynamics Corporation)
Original Assignee
General Dynamics C4 Systems Incorporated (General Dynamics Corporation)
Inventors
Paskett, Sherman, Seeker, Frank, Kitaj, Paul, Tuggenberg, Steve, Hardy, Douglas

Granted Patent

US 8,060,751 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/154
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

G06F 2221/2153   Using hardware token as a s...

H04L 2209/603   Digital right managament [DRM]

H04L 9/3234   involving additional secure...

Access-Control Method For Software Module And Programmable Electronic Device Therefor

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Access-Control Method For Software Module And Programmable Electronic Device Therefor

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links