Nested strong loader apparatus and method
First Claim
1. An apparatus comprising a digital computer having a processor for executing applications and a plurality of executable modules comprising:
- a base executable loadable into the computer to perform a base function, the base executable module being provided with at least one slot adapted to receive a filler module;
a first filler module containing a unique property recognizable by the base executable, and alterable exclusively by an authorized creator of the first filler module; and
the base executable, programmed to verify the presence of the unique property, and to dynamically load the filler module into the at least one slot only if the unique property verifies correctly.
9 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method provides one or more controlled, dynamically loaded, modular, cryptographic fillers. Fillers may be loaded by a single loader, multiple independent loaders, or nested loaders. Loaders may be adapted to load other loaders, within cryptographic controls extant and applicable thereto. Integration into a base executable having one or more slots, minimizes, controls, and links the interface between the fillers and base executables. The filler may itself operate recursively to load another filler in nested operations, whether or not the fillers are in nested relation to one another. An ability of any filler to be loaded may be controlled by the base executable verifying the integrity, authorization, or both for any filler. The base executable may rely on an integrated loader to control loading and linking of fillers and submodules. A policy may limit each module'"'"'s function, access, and potential for modification or substitution. Dynamically loaded modules (loaders, other fillers, and submodules thereof), typically represent a relatively small portion of the overall coding required by the base executable, and may provide strong controls limiting integration by providing access that is nested, layered, or both between modules, excluding direct access to or by them from the base executable or supported applications.
151 Citations
23 Claims
-
1. An apparatus comprising a digital computer having a processor for executing applications and a plurality of executable modules comprising:
-
a base executable loadable into the computer to perform a base function, the base executable module being provided with at least one slot adapted to receive a filler module;
a first filler module containing a unique property recognizable by the base executable, and alterable exclusively by an authorized creator of the first filler module; and
the base executable, programmed to verify the presence of the unique property, and to dynamically load the filler module into the at least one slot only if the unique property verifies correctly. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
a loader module integral to the base executable, programmed to verify the presence of the unique property, and to dynamically load the filler module only if the unique property verifies correctly; and
the first filler module further comprising a second loader module, executable to verify another unique property associated with a second filler module, and to load the second filler module into a second slot of the plurality of slots.
-
-
8. The apparatus of claim 7, wherein the second loader module is effective to control invocations of and by the second filler module.
-
9. The apparatus of claim 7, wherein the second filler module further comprises a plurality of modules and the second loader module is effective to provide linking between the plurality of modules in a layered hierarchy containing levels, and in which a linking of a first module of the plurality of modules at a first level to a second module of the plurality of modules at a second level defines an allowability of an invocation of the second module by the first module.
-
10. The apparatus of claim 7, wherein the base executable is further provided with a plurality of slots, including the second slot, for receiving executable modules, and in which the second loader module is effective to link the plurality of slots in a layered hierarchy containing slot levels, and in which a linking of the second slot at a first slot level to a third slot of the plurality of slots at a second slot level determines an allowability of an invocation of a third filler module loaded into the third slot by the second filler module loaded into the second slot.
-
11. An article comprising a memory device having blocks for storing executables and data, the article including a first block storing a plurality of executable modules, executable by a processor, the first block comprising:
-
a base module loadable to be executed by the processor to perform a base function, the base module being provided with at least one slot adapted to receive a first filler module;
the first filler module executable by a processor and containing a unique property recognizable by a loader, the unique property being alterable exclusively by an authorized creator of the first filler module;
the loader module integral to the base module and programmed to verify the presence of the unique property in the first filler module, and to dynamically load the filler module only if the unique property verifies correctly;
the base executable, provided with a second slot of the at least one slot; and
the filler module further comprising a second loader module effective to verify another unique property associated with the second filler module and to load the second filler module into the second slot only after the other unique property verifies correctly. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method for limiting integration of software modules into a base module, executable by a processor of a computer, the method comprising:
-
providing a base module executable by the processor, the base module having slots for receiving filler modules, and having a first loader programmed to operate with a base executable to control loading of a first filler module into a first slot;
providing the first filler module containing a second loader effective to be executed by the processor, the first filler module containing a unique property recognizable by the first loader, and alterable exclusively by an authorized creator of the first filler module;
executing the base module by the processor;
executing the loader by the processor;
verifying by the loader the presence of the unique property in the first filler module, loading dynamically the first filler module only after the loader verifies the unique property successfully;
executing the first filler module, including the second loader, by the processor;
verifying by the second loader a second unique property in a second filler module; and
loading dynamically the second filler module only after the second loader verifies the second unique property successfully. - View Dependent Claims (18, 19, 20, 21, 22, 23)
controlling, by the first loader, linking of the second filler module to the first filler module to enable invocations of and by the second filler module.
-
-
21. The method of claim 20, wherein the second filler module comprises a plurality of modules, and the method further comprises:
-
linking by the second loader module the plurality of modules to one another in a layered hierarchy; and
controlling invocation of a first other module of the plurality of modules by a second other module of the plurality of modules, in accordance with links completed by the linking step.
-
-
22. The method of claim 17 further comprising:
-
loading dynamically each of multiple filler modules into a corresponding slot of the slots; and
linking dynamically by the second loader module each filler module of the multiple filler modules in a layered hierarchy, the layered hierarchy containing slot levels, and a linking of a second slot at a first slot level to a third slot of the multiple slots at a second slot level defining an allowability of an invocation of a third filler module in the third slot by the second filler module in the second slot.
-
-
23. The method of claim 17 further comprising:
-
loading recursively and dynamically by the second loader, other filler modules in remaining slots only after verifying a corresponding unique property by the second other filler module; and
linking dynamically by the second loader module the other filler modules in a layered hierarchy, the layered hierarchy containing levels, and a linking of a first other filler module at a first level to a second other filler module at a second level defining an allowability of an invocation of the second other filler module by the first other filler module.
-
Specification