Secure versioning of software packages

US 8,745,612 B1
Filed: 01/14/2011
Issued: 06/03/2014
Est. Priority Date: 01/14/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for restricting installation and execution of a superseded software program on a computing device, comprising:

storing, in a lockable, physical non-volatile memory of the computing device, a locked version number associated with a software program, wherein write access to the lockable non-volatile memory is restricted for at least some software programs executing on the computing device;

receiving a request to update the software program with an update package associated with a package number;

comparing, by a processor, the package number with the locked version number;

determining, by the processor, whether to update the software program based at least in part on the comparison;

updating the software program with the update package when the package number is at least as recent as the locked version number; and

restricting the updating of the software program with the update package when the package number is earlier than the locked version number.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To provide a secure installation and execution software environment, locked version numbers are maintained. A locked version number associated with a software program may be stored. When a request is received to update the software program with an update package, a package number of the update package may be compared to the locked version number. The software program may be updated with the update package if the package number is at least as recent as the locked version number, and the updating of the software program with the update package may be restricted if the package number is earlier than the locked version number.

39 Citations

View as Search Results

20 Claims

1. A computer-implemented method for restricting installation and execution of a superseded software program on a computing device, comprising:
- storing, in a lockable, physical non-volatile memory of the computing device, a locked version number associated with a software program, wherein write access to the lockable non-volatile memory is restricted for at least some software programs executing on the computing device;
  
  receiving a request to update the software program with an update package associated with a package number;
  
  comparing, by a processor, the package number with the locked version number;
  
  determining, by the processor, whether to update the software program based at least in part on the comparison;
  
  updating the software program with the update package when the package number is at least as recent as the locked version number; and
  
  restricting the updating of the software program with the update package when the package number is earlier than the locked version number.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - executing the updated software program; and
      
      updating the locked version number stored in a lockable, physical non-volatile memory of the computing device based on successful updating and execution of the update package.
  - 3. The method of claim 2, wherein the locked version number is updated with the package number.
  - 4. The method of claim 1, further comprising:
    - generating a warning when the package number is earlier than the locked version number.
  - 5. The method of claim 1, further comprising:
    - determining whether the request to update the software program is a manual request or an automated request.
  - 6. The method of claim 5, further comprising:
    - updating the software program with the update package when the request is a manual request accompanied by a manual override.
  - 7. The method of claim 1, wherein the software program has a privilege level and access to the locked version number is restricted to a second privilege level.
  - 8. The method of claim 1, wherein the locked version number is stored locally.
  - 9. The method of claim 8, wherein the locked version number is stored in a persistent association table primitive.
  - 10. The method of claim 1, wherein the package number comprises a version number of the update package.
  - 11. The method of claim 1, wherein comparing the package number with the locked version number comprises comparing the package number with a first locked version number in a first mode and further comprising comparing the package number with a second locked version number in a second mode.

12. A system for restricting installation and execution of a superseded software program, comprising:
- a physical, non-volatile locked version number storage that stores a locked version number associated with a software program, wherein write access to the locked version number storage is restricted for at least some software programs executed by the system; and
  
  a processor executing;
  
  a version comparator that compares a package number of an update package for the software program with the locked version number; and
  
  a software program updater that updates the software program with the update package when the package number is at least as recent as the locked version number.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12 wherein the processor executes the updated software program;
    - andwherein the software program updater updates the locked version number stored in the physical, non-volatile locked version number storage based on successful updating and execution of the update package.
  - 14. The system of claim 13, wherein the locked version number is updated with the package number.
  - 15. The system of claim 12, wherein the version comparatorgenerates a warning when the package number is earlier than the locked version number.
  - 16. The system of claim 12, wherein the version comparator determines whether the request to update the software program is a manual request or an automated request.
  - 17. The system of claim 16, wherein the software program updater updates the software program with the update package when the request is a manual request accompanied by a manual override.
  - 18. The system of claim 12, wherein the software program has a privilege level and access to the locked version number is restricted to a second privilege level.
  - 19. The system of claim 12, wherein the locked version number is stored locally.

20. A computer program product comprising a non-transitory computer readable storage medium having control logic stored therein for causing a computer to restrict installation of a superseded software program on a computing device, the control logic comprising:
- a first computer readable program code that stores a locked version number associated with a software program in a physical, non-volatile locked version number storage, wherein write access to the version number storage is restricted for at least some software programs executing on the computing device;
  
  a second computer readable program code that receives a request to update the software program with an update package associated with a package number;
  
  a third computer readable program code that compares the package number with the locked version number;
  
  a fourth computer readable program code that determines whether to update the software program based at least in part on the comparison;
  
  a fifth computer readable program code that updates the software program with the update package when the package number is at least as recent as the locked version number; and
  
  a sixth computer readable program code that restricts the updating of the software program with the update package when the package number is earlier than the locked version number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Semenzato, Luigi, Drewry, William Alexander, Shah, Gaurav, Spangler, Randall, Gwalani, Sumit
Primary Examiner(s)
WANG, RONGFA PHILIP

Application Number

US13/007,390
Time in Patent Office

1,236 Days
Field of Search

717/170
US Class Current

717/170
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/572   Secure firmware programming...

G06F 8/65   Updates security arrangemen...

Secure versioning of software packages

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure versioning of software packages

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links