Differentiated installable packages

US 8,578,363 B2
Filed: 09/06/2006
Issued: 11/05/2013
Est. Priority Date: 05/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method of distributing fixes to a software application problem comprising:

creating a source code change to fix the software application problem;

compiling the source code change into a patch file to be communicated, the patch file including a certificate indicating a level of trust to be assigned to the patch file;

creating executable installer code for installing the patch file;

creating a specialized mechanism that includes additional executable code comprising;

a certificate management utility configured to install a “

for testing”

certificate and set a “

do not remove”

key if a “

for testing”

certificate is not found on a receiving computer; and

a signing component for adjusting a level of security granted to the installer code according to the patch file'"'"'s certificate; and

;

creating a signed “

for testing”

package to be distributed, the “

for testing”

designation being indicative of a test package, where the test package comprises;

the executable installer code;

the patch file; and

the specialized mechanism;

wherein the signed “

for testing”

package, upon installation, causes an indication to be displayed that the test package was installed; and

wherein the certificate management utility, upon installation, tests the patch file'"'"'s certificate and causes the signing component to adjust the level of security granted to the executable installer code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A code fix is communicated using an automatically executable code patch that has an additional code element that allows the code to perform the functions of registration, detection, setup, reporting, tracking, policy verification or clean up.

Citations

20 Claims

1. A method of distributing fixes to a software application problem comprising:
- creating a source code change to fix the software application problem;
  
  compiling the source code change into a patch file to be communicated, the patch file including a certificate indicating a level of trust to be assigned to the patch file;
  
  creating executable installer code for installing the patch file;
  
  creating a specialized mechanism that includes additional executable code comprising;
  
  a certificate management utility configured to install a “
  
  for testing”
  
  certificate and set a “
  
  do not remove”
  
  key if a “
  
  for testing”
  
  certificate is not found on a receiving computer; and
  
  a signing component for adjusting a level of security granted to the installer code according to the patch file'"'"'s certificate; and
  
  ;
  
  creating a signed “
  
  for testing”
  
  package to be distributed, the “
  
  for testing”
  
  designation being indicative of a test package, where the test package comprises;
  
  the executable installer code;
  
  the patch file; and
  
  the specialized mechanism;
  
  wherein the signed “
  
  for testing”
  
  package, upon installation, causes an indication to be displayed that the test package was installed; and
  
  wherein the certificate management utility, upon installation, tests the patch file'"'"'s certificate and causes the signing component to adjust the level of security granted to the executable installer code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein the specialized mechanism performs at least one selected from a group comprising:
    - registering the patch file;
      
      detecting whether a receiving computer can accept the test package by;
      
      reviewing the receiving computer on which it is to be installed,determining whether changes need to be made to the receiving computer such that the executable installer code will operate properly orasking the receiving computer for permission to run the executable installer code;
      
      setting up by assisting in setting up the receiving computer or with installing the patch file;
      
      reporting by communicating reports back to one selected from a group comprising;
      
      a remote computer,the patch creator, ora local user on the receiving computer;
      
      data about one selected from a group comprising;
      
      state changes,uninstallation requirements, orpatch installation success or failure;
      
      tracking by communicating tracking data on at least one of;
      
      size of the patch file,content of the patch file,patch file deployment time,subcomponents of the patch file deployment time,whether a system restart was required,user credential used when the patch file was installed,a change in a number of software applications or services on the receiving computer,system hardware or capabilities now able to be detected after patch payload deployed,changes in system condition,a number of patch file installations, andany problems with the patch file;
      
      verifying policy by ensuring that the patch file conforms to system or administrative policies, orcleaning up by assisting with returning the receiving computer to a functional state.
  - 3. The method according to claim 2, wherein the system or administrative policies comprise:
    - the patch file is digitally signed and not a malicious patch,the receiving computer is permitted to install the patch file, anda user is authenticated to deploy patches or this particular patch.
  - 4. The method according to claim 2, further comprising using the specialized mechanism to check with a host to confirm whether or not installation of the patch file is permitted.
  - 5. The method according to claim 2, further comprising using the specialized mechanism to report that the patch file has been installed on another host on a network.
  - 6. The method of claim 1, wherein the indication comprises at least one of:
    - a visual indication on a display;
      
      an audible alert; and
      
      a visible indication on a keyboard or mouse associated with a computer.
  - 7. The method according to claim 1, whereby the specialized mechanism is added to existing patches.
  - 8. The method according to claim 1, wherein the specialized mechanism is executed by the operating system as a trusted operation.
  - 9. The method according to claim 1, wherein the patch file is associated with a level of trust and wherein a patch file modifying core system files requires a first level of trust and a patch file modifying non-core system files requires a second level of trust.
  - 10. The method of claim 1, further comprising the specialized mechanism looking to other computers for sufficient permission to run the installer.
  - 11. The method of claim 1 wherein the indication that the patch file is installed is visible to a network user remotely.

12. A computer-storage medium storing computer-readable instructions, which when executed by a computer provide a fix to a computer application problem, comprising:
- a patch component that corrects the computer application problem when installed;
  
  a package installer component that automatically installs the patch component when the package installer component is activated;
  
  a wrapper component to the package installer component, the wrapper component being indicative of a private patch;
  
  a certificate management utility component, the certificate management utility component detecting a certificate that trusts the patch component during installation and for setting and detecting a “
  
  do not remove”
  
  bit;
  
  a detection algorithm component for finding the patch component content with appropriate title;
  
  a signing mechanism component adjusting a level of security as indicated by the patch component, the signing mechanism component assigning a first level of security for a private patch component and a second level of security for an official hotfix package;
  
  a mechanism component enforcing a limited installation window; and
  
  a naming component differentiating the patch component from other fixes and indicating a level of trust and a patch file intended to modify core system files requires a first level of trust and a patch file intended to modify non-core system files requires a second level of trust;
  
  wherein, upon installation, the certificate management utility component scans for other patches, if none are found it sets the “
  
  do not remove”
  
  bit, and otherwise installs the certificate; and
  
  upon uninstallation, the certificate management utility component tests for the “
  
  do not remove”
  
  bit and if the “
  
  do not remove”
  
  bit is not found scans the computer for private patches and removes the certificate only if none are found.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The computer-storage medium of claim 12, wherein the certificate management utility component performs at least one function selected from a group comprising:
    - registration of the patch component content;
      
      detection, wherein detection further comprises reviewing a receiving computer on which the patch component is to be installed, determining whether changes need to be made to the receiving computer are such that the package installer component will operate properly or asks the receiving computer for permission to run the package installer component;
      
      setup, wherein setup further comprises assisting in setting up the receiving computer or with installing the patch component content;
      
      reporting, wherein reporting reports back to one selected from a group comprising;
      
      a remote computer,a patch creator, ora local user on the receiving computer;
      
      on one selected from a group comprising;
      
      the patch component content installation,state change required,uninstallation required orwhether patch content was installed successfully;
      
      tracking, wherein tracking may report back tracking data on at least one of;
      
      the size of the patch component content,the content of the patch component,the patch component content deployment time,subcomponents of the patch component content deployment time,whether a system restart was required,a user credential used when the patch component content was installed,a change in the number of software applications or services on the receiving computer,changes in system condition,a number of patch component file installations,the number of patch component content installations, andany problems with the patch component content;
      
      policy verification wherein policy verification further comprises ensuring that the patch component content conforms to system or administrative policies, orclean up, wherein clean up assists with returning the receiving computer to a functional state.
  - 14. The computer-storage medium of claim 13, wherein the system or administrative policies comprise:
    - the patch component content is digitally signed and not malicious patch content,the receiving computer is permitted to install a patch, andthe user at the receiving computer is not authenticated to deploy patch component content or this particular patch component content.
  - 15. The computer-storage medium of claim 12, wherein the naming component allows the patch file to be located by the detection algorithm component.
  - 16. The computer-storage medium of claim 12, wherein the certificate management utility reports that a patch/fix has been installed on another host on a network.
  - 17. The computer-storage medium of claim 12, wherein the certificate management utility displays at a receiving station an indication that the patch component is a test package.
  - 18. The computer-storage medium of claim 17, wherein the indication comprises at least one of:
    - a visual indication on a display;
      
      an audible alert; and
      
      a visible indication on a keyboard or mouse associated with the receiving station.

19. A tangible computer storage medium storing computer executable instructions, for distributing fixes to a software application, which when executed perform the steps comprising:
- creating a source code change to fix the software application;
  
  compiling the source code into a patch file to be communicated, the patch file including a certificate indicating a level of trust to be assigned to the patch file;
  
  creating executable installer code for installing the patch file;
  
  creating a specialized mechanism that includes additional executable code comprising;
  
  a certificate management utility configured to install a “
  
  for testing”
  
  certificate and set a “
  
  do not remove”
  
  key if a “
  
  for testing”
  
  certificate is not found on a receiving computer; and
  
  a signing component for adjusting a level of security granted to the installer code according to the patch file'"'"'s certificate; and
  
  ;
  
  creating a package to be distributed, the package being designated as “
  
  for testing”
  
  , the “
  
  for testing”
  
  designation being indicative of a test package, where the package comprises;
  
  the executable installer code;
  
  the patch file; and
  
  the specialized mechanism;
  
  wherein the signed “
  
  for testing”
  
  package, upon installation, causes an indication to be displayed that the test package was installed; and
  
  wherein the certificate management utility, upon installation, tests the patch file'"'"'s certificate and causes the signing component to adjust the level of security granted to the executable installer code.
- View Dependent Claims (20)
- - 20. The computer storage media of claim 19, wherein the specialized mechanism checks if the executable installer code will operate properly when automatically deployed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Sah, Maneesh, Nell, Garett Richard
Primary Examiner(s)
MITCHELL, JASON D

Application Number

US11/470,281
Publication Number

US 20070261047A1
Time in Patent Office

2,617 Days
Field of Search

None
US Class Current

717/169
CPC Class Codes

G06F 8/65 Updates security arrangemen...

Differentiated installable packages

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Differentiated installable packages

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links