Software-defined communications system execution control
First Claim
1. A method of controlling operation of an open architecture system including a system platform, a plurality of stored applications, and a plurality of stored modules for realizing the stored applications, the method comprising:
- performing a two-way rule check between the system platform and a called application;
performing a two-way rule check between the called application and a module identified by the called application as being necessary to execute the called application;
performing a two-way rule check between the module identified by the called application and the system platform; and
instantiating both the called application and the module identified by the called application if the performing of a two-way rule check between the system platform and a called application, the performing of a two-way rule check between the called application and a module identified by the called application, and the performing of a two-way rule check between the module identified by the called application and the system platform are successful.
2 Assignments
0 Petitions
Accused Products
Abstract
Software execution control in which a series of two-way rule checks is performed between software-defined communications system component records to ensure and maintain system security and integrity. A system platform (20) performs a series of two-way rule checks between records of a system platform (20) and an application (22) called by the platform (20), between records of the called application (22) and a module (24) that defines the called application (22), and between the records of the module (24) that defines the called application (22) and the platform (20). Both the called application (22) and the module (24) that defines the called application (22) are then instantiated if the two-way rule checks are successful. Because the rule checks are performed in a two-way manner, restrictions such as licensing and source restrictions may be placed not only on system modules (24-30), but also on the applications (22) using the modules (24-30), thereby enabling higher levels of system security to be achieved. In addition, the present invention minimizes processing overhead by providing for load-time rule checking rather than run-time checking associated with conventional enforcement systems.
52 Citations
20 Claims
-
1. A method of controlling operation of an open architecture system including a system platform, a plurality of stored applications, and a plurality of stored modules for realizing the stored applications, the method comprising:
-
performing a two-way rule check between the system platform and a called application;
performing a two-way rule check between the called application and a module identified by the called application as being necessary to execute the called application;
performing a two-way rule check between the module identified by the called application and the system platform; and
instantiating both the called application and the module identified by the called application if the performing of a two-way rule check between the system platform and a called application, the performing of a two-way rule check between the called application and a module identified by the called application, and the performing of a two-way rule check between the module identified by the called application and the system platform are successful. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
the performing of a two-way rule check between the called application and a module identified by the called application comprises performing a two-way rule check between the called application and a plurality of modules identified by the called application;
the performing of a two-way rule check between the module identified by the called application and the system platform comprises performing two-way rule checks between the plurality of modules identified by the called application and the system platform; and
the instantiating of both the called application and the module identified by the called application comprises instantiating both the called application and the plurality of modules identified by the called application if the performing of a two-way rule check between the system platform and the called application, the performing of a two-way rule check between the called application and the plurality of modules identified by the called application, and the performing of a two-way rule check between the plurality of modules identified by the called application and the system platform are successful.
-
-
4. The method of claim 1, wherein the performing of a two-way rule check between the system platform and a called application comprises:
-
checking an application rules record against stored platform configuration and rules data; and
checking the stored system platform configuration and rules data against an application identification record.
-
-
5. The method of claim 4, wherein the performing of a two-way rule check between the system platform and a called application further comprises parsing module pointing records of the called application to determine module data to be loaded.
-
6. The method of claim 4, wherein the performing of a two-way rule check between the system platform and a called application further comprises validating a signature of the called application.
-
7. The method of claim 6, wherein the open architecture system is a communications system.
-
8. The method of claim 1, wherein the performing of a two-way rule check between the called application and the module identified by the called application comprises:
-
checking a module pointer rules record of the module identified by the called application; and
checking an identification record of the called application against a module rules record.
-
-
9. The method of claim 1, wherein the performing of a two-way rule check between the module identified by the called application and the system platform comprises:
-
checking a module identification record against platform rules and configuration information; and
checking the system platform rules and configuration information against a module rules record.
-
-
10. An open architecture software-defined system, comprising:
-
a computing platform;
a plurality of applications each for performing a predetermined system operation when called by the system platform;
a plurality of modules each, either singly or in combination with others of the plurality of modules, for defining one of the plurality of applications;
each of the plurality of applications including one or more module pointer records for identifying an application-defining module or modules;
the computing platform for performing two-way rule checks among records of the computing platform, a called application from the plurality of applications, and an application-defining module or modules defining the called one of the plurality of applications prior to loading the called application and the application-defining module or modules. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
an identification record including application identifying information;
a rules record including one or more of platform endorsements, capacity constraints, platform compatibility information and vendor-specific rules;
at least one module pointer record for identifying application-defining modules from the plurality of modules; and
at least one signature record for identifying an authorized application entity.
-
-
15. The open architecture software-defined system of claim 14, wherein the at least one module pointer record comprises:
-
a module pointer identification record including module name, type, version and source information; and
a module pointer rules record including one or more of required module endorsements, required module version information, module interoperability information and vendor-specific platform rules.
-
-
16. The open architecture software-defined system of claim 10, wherein each of the plurality of modules comprises:
-
an identification record including one or more of module name, type, version, source, endorsements and additional information;
a rules record including one or more of required application endorsements, required platform endorsements, capacity constraints, platform type and required resources information and vendor-specific application and/or platform rules; and
executable module code.
-
-
17. The open architecture software-defined system of claim 16, wherein each of the plurality of modules further comprises at least one signature record including at least one signature and at least one corresponding signature certificate.
-
18. The open architecture software-defined system of claim 10, wherein the computing platform includes a platform rules record including information on one or more of required application endorsements, required module endorsements and capacity constraints, platform-specific application/module rules and vendor-specific application/module rules.
-
19. The open architecture software-defined system of claim 10, wherein the open architecture software-defined system is a wireless communications system.
-
20. An open architecture software-defined communications system, comprising:
-
a plurality of modules each independent from one another and each for executing one of a predetermined hardware and software function;
a plurality of applications each defined by at least one of the plurality of modules; and
a computing platform for selectively calling each of the plurality of applications based on received application commands, for enforcing loading of a called application based on rules of the computing platform, the called application and one or more of the plurality of modules that define the called application, and for initiating a series of two-way rule checks among the computing platform, the called application and the one or more of the plurality of modules that define the called application to ensure load-time enforcement of rules of the computing platform, the called application and the one or more of the plurality of modules that define the called application.
-
Specification