SOFTWARE UPDATING APPARATUS, SOFTWARE UPDATING SYSTEM, INVALIDATION METHOD, AND INVALIDATION PROGRAM

US 20100175061A1
Filed: 11/06/2008
Published: 07/08/2010
Est. Priority Date: 03/28/2008
Status: Active Grant

First Claim

Patent Images

1. A software update apparatus, comprising:

a predetermined application;

a protection control module operable to verify whether the predetermined application has been tampered with; and

an install module group that includes a plurality of install modules each operable to receive a replacement protection control module from an external server, and update the protection control module with the received replacement protection control module, whereineach of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations, andif any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations. If any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

Citations

23 Claims

1. A software update apparatus, comprising:
- a predetermined application;
  
  a protection control module operable to verify whether the predetermined application has been tampered with; and
  
  an install module group that includes a plurality of install modules each operable to receive a replacement protection control module from an external server, and update the protection control module with the received replacement protection control module, whereineach of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations, andif any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 18, 19, 20, 21, 22, 23)
- - 2. The software update apparatus of claim 1, further comprisingan access control module that has been encrypted using a predetermined encryption key and stores therein pieces of predetermined information for revoking the install modules, whereinthe any another install module accesses the external server to acquire a decryption key corresponding to the predetermined encryption key, and decrypts the access control module using the acquired decryption key, andthe any another install module acquires a piece of predetermined information corresponding to the any install module verified as having the possibility from the access control module, and performs the revocation based on the acquired piece of predetermined information.
  - 3. The software update apparatus of claim 1, further comprisingan access control module that stores therein pieces of predetermined information for revoking the install modules, whereineach of the pieces of predetermined information has been encrypted using a key different for each of the install modules, andthe any another install module accesses the external server to acquire, from the external server, a decryption key corresponding to an encryption key used for encrypting a piece of predetermined information relating to the any install module verified as having the possibility, and decrypts the piece of predetermined information using the acquired decryption key, andthe any another install module performs the revocation based on the decrypted piece of predetermined information.
  - 4. The software update apparatus of claim 2, whereineach of the pieces of predetermined information is a piece of storage position information relating to a storage position of a corresponding one of the install modules.
  - 5. The software update apparatus of claim 2, whereineach of the pieces of predetermined information is a piece of information showing a procedure for revoking a corresponding one of the install modules.
  - 6. The software update apparatus of claim 4, whereinthe any another install module performs the revocation by deleting all parts of the any install module verified as having the possibility, based on a piece of storage position information corresponding to the any install module verified as having the possibility.
  - 7. The software update apparatus of claim 4, whereineach of the pieces of storage position information indicates a deletion part of a corresponding one of the install modules to be deleted,the any another install module performs the revocation by deleting a deletion part of the any install module verified as having the possibility, based on a piece of the storage position information corresponding to the install module verified as having the possibility.
  - 8. The software update apparatus of claim 4, whereineach of the pieces of storage position information indicates a code part of a corresponding one of the install modules to be deleted, andthe any another install module performs the revocation by deleting a code part of the any install module verified as having the possibility, based on a piece of the storage position information corresponding to the any install module verified as having the possibility.
  - 9. The software update apparatus of claim 2, whereinwhen revoking the any install module verified as having the possibility, the any another install module deletes a piece of predetermined information corresponding to the any install module stored in the access control module.
  - 10. The software update apparatus of claim 1, whereinthe any another install module performs the revocation by deleting information to be referred by the any install module verified as having the possibility, the information being necessary for the any install module to access any another of install modules that is a verification target of the any install module.
  - 11. The software update apparatus of claim 1, whereinthe any another install module performs the revocation by deleting information to be used by the any install module verified as having the possibility for accessing the protection control module.
  - 12. The software update apparatus of claim 1, whereineach of the install modules performs the verification on the install module itself.
  - 13. The software update apparatus of claim 12, whereinif each of the install modules verifies itself as having the possibility of performing malicious operations, the install module revokes the install module itself.
  - 14. The software update apparatus of claim 1, whereineach of the install modules performs the verification by calculating a hash value of at least other one of the install modules and judging whether a hash value attached beforehand to the install module that performs the verification and the calculated hash value match each other.
  - 18. The software update apparatus of claim 3, whereineach of the pieces of predetermined information is a piece of storage position information relating to a storage position of a corresponding one of the install modules.
  - 19. The software update apparatus of claim 3, whereineach of the pieces of predetermined information is a piece of information showing a procedure for revoking a corresponding one of the install modules.
  - 20. The software update apparatus of claim 3, whereinwhen revoking the any install module verified as having the possibility, the any another install module deletes a piece of predetermined information corresponding to the any install module stored in the access control module.
  - 21. The software update apparatus of claim 18, whereinthe any another install module performs the revocation by deleting all parts of the any install module verified as having the possibility, based on a piece of storage position information corresponding to the any install module verified as having the possibility.
  - 22. The software update apparatus of claim 18, whereineach of the pieces of storage position information indicates a deletion part of a corresponding one of the install modules to be deleted,the any another install module performs the revocation by deleting a deletion part of the any install module verified as having the possibility, based on a piece of the storage position information corresponding to the install module verified as having the possibility.
  - 23. The software update apparatus of claim 18, whereineach of the pieces of storage position information indicates a code part of a corresponding one of the install modules to be deleted, andthe any another install module performs the revocation by deleting a code part of the any install module verified as having the possibility, based on a piece of the storage position information corresponding to the any install module verified as having the possibility.

15. A software update system that is composed of a software update apparatus and a server connected with the software update apparatus,the software update apparatus comprising:
- a predetermined application;
  
  a protection control module operable to verify whether the predetermined application has been tampered with; and
  
  an install module group that includes a plurality of install modules each operable to receive a replacement protection control module from an external server, and update the protection control module with the received replacement protection control module, andthe server comprising;
  
  a storage unit that stores therein a replacement protection control module to be used for updating the protection control module; and
  
  a communication unit operable to transmit the replacement protection control module to the software update apparatus, whereineach of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations, andif any of the install modules is verified as having the possibility of performing the malicious operations, any another of the install modules revokes the any install module verified as having the possibility.

16. A revocation method, comprising:
- a boot step of booting (i) a protection control module operable to verify whether a predetermined application has been tampered with and (ii) an install module group including a plurality of install modules each operable to receive a replacement protection control module to be used for updating the protection control module from an external server; and
  
  an execution step of executing the predetermined application, whereineach of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations, andif any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

17. A revocation program, comprising:
- a protection control module operable to verify whether a predetermined application has been tampered with; and
  
  an install module group that includes a plurality of install modules each operable to receive a replacement protection control module from an external server, and update the protection control module with the received replacement protection control module, whereineach of the install modules causes a computer to perform processing,the processing comprises;
  
  a verification procedure of performing verification on each of the install modules simultaneously running by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations; and
  
  a revocation procedure of revoking, if any of the install modules is verified as having the possibility of performing the malicious operations, the any install module verified as having the possibility.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Minagawa, Marika, Hasegawa, Shingo, Maeda, Manabu, Futa, Yuichi, Yokota, Kaoru, Shizuya, Hiroki, Matsuzaki, Natsume, Isobe, Shuji, Nonaka, Masao, Unagami, Yuji, Koizumi, Eisuke, Sakai, Masao

Granted Patent

US 8,600,896 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/173
CPC Class Codes

G06F 21/562   Static detection

G06F 21/57   Certifying or maintaining t...

G06F 8/65   Updates security arrangemen...

SOFTWARE UPDATING APPARATUS, SOFTWARE UPDATING SYSTEM, INVALIDATION METHOD, AND INVALIDATION PROGRAM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

SOFTWARE UPDATING APPARATUS, SOFTWARE UPDATING SYSTEM, INVALIDATION METHOD, AND INVALIDATION PROGRAM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links