Security information for software parts

US 9,811,657 B2
Filed: 06/06/2014
Issued: 11/07/2017
Est. Priority Date: 06/06/2014
Status: Active Grant

First Claim

Patent Images

1. A method of identifying a software part, comprising:

signing security information for the software part with a security information digital signature to form signed security information, wherein the security information identifies a security policy for the software part that specifies how the software part is checked based on whether the software part is critical or non-critical;

signing the software part with a software part digital signature;

checking the software part digital signature using the signed security information, wherein the signed security information includes information that indicates how the software part digital signature is checked to determine whether the software part is correct, such that the security information identifies an acceptable digital signature for the software part digital signature, an acceptable certificate authority, and an approved system on which the software part is approved to be used; and

in response to a determination that the software part digital signature is correct, associating the signed security information with the software part such that the software part includes the signed security information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of identifying a security policy for a software part. Security information for the software part is signed with a security information digital signature to form signed security information. The security information identifies a security policy for the software part. The signed security information is associated with the software part.

Citations

19 Claims

1. A method of identifying a software part, comprising:
- signing security information for the software part with a security information digital signature to form signed security information, wherein the security information identifies a security policy for the software part that specifies how the software part is checked based on whether the software part is critical or non-critical;
  
  signing the software part with a software part digital signature;
  
  checking the software part digital signature using the signed security information, wherein the signed security information includes information that indicates how the software part digital signature is checked to determine whether the software part is correct, such that the security information identifies an acceptable digital signature for the software part digital signature, an acceptable certificate authority, and an approved system on which the software part is approved to be used; and
  
  in response to a determination that the software part digital signature is correct, associating the signed security information with the software part such that the software part includes the signed security information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the security information comprises part-identification information identifying the software part to which the security policy applies, selected from:
    - a part number for the software part;
      
      a range of part numbers, wherein the part number for the software part is within the range of part numbers;
      
      a part name for the software part;
      
      a hash value for the software part; and
      
      part type information identifying a type of the software part.
  - 3. The method of claim 1, wherein the security information identifies approved systems on which the software part is approved to be loaded.
  - 4. The method of claim 1, wherein the security information identifies at least one of:
    - a number of acceptable digital certificates for the software part digital signature; and
      
      a number of acceptable certificate authorities for issuing digital certificates for the software part digital signature.
  - 5. The method of claim 1, wherein associating the signed security information with the software part is selected from:
    - including the signed security information as part of the software part; and
      
      including the signed security information in a crate for delivering the software part to a vehicle.
  - 6. The method of claim 1, wherein the software part is for a line-replaceable unit on an aircraft and further comprising sending the signed security information and the software part together to the aircraft.
  - 7. The method of claim 1, wherein:
    - the security information identifies approved systems on which the software part is approved to be loaded;
      
      the security information identifies at least one of;
      
      a number of acceptable digital certificates for the software part digital signature; and
      
      a number of acceptable certificate authorities for issuing digital certificates for the software part digital signature;
      
      the software part includes the signed security information as part of the software part; and
      
      the software part is for a line-replaceable unit on an aircraft;
      
      the method further comprising sending the signed security information and the software part together to the aircraft.

8. An apparatus, comprising:
- a security information generator configured to generate security information for a software part, wherein the security information identifies a security policy for the software part, wherein the security policy specifies how the software part is checked based on whether the software part is critical or non-critical, and the signed security information indicates how a software part digital signature is checked to determine whether the software part is correct, such that the signed security information identifies an acceptable digital signature for the software part digital signature, an acceptable certification authority, and an approved system on which the software part is approved to be used;
  
  a security information signer configured to;
  
  sign the security information for the software part with a security information digital signature to form the signed security information;
  
  sign the software part with the software part digital signature; and
  
  a security information associator configured to;
  
  check the software part digital signature using the signed security information; and
  
  associate the signed security information with the software part in response to a determination that the software part is correct such that the software part includes the signed security information.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The apparatus of claim 8, wherein the security information comprises part-identification information identifying the software part to which the security policy applies, selected from:
    - a part number for the software part;
      
      a range of part numbers, wherein the part number for the software part is within the range of part numbers;
      
      a part name for the software part;
      
      a hash value for the software part; and
      
      part type information identifying a type of the software part.
  - 10. The apparatus of claim 8, wherein the security information identifies approved systems on which the software part is approved to be loaded.
  - 11. The apparatus of claim 8, wherein the security information identifies at least one of:
    - a number of acceptable digital certificates for the software part digital signature; and
      
      a number of acceptable certificate authorities for issuing digital certificates for the software part digital signature.
  - 12. The apparatus of claim 8, wherein the security information associator is configured to at least one of:
    - include the signed security information as part of the software part; and
      
      include the signed security information in a crate for delivering the software part to a vehicle.
  - 13. The apparatus of claim 8, wherein the software part is for a line-replaceable unit on an aircraft.

14. A method of identifying a security policy for a software part, comprising:
- receiving, by a processor unit on a vehicle, the software part and security information for the software part, wherein the security information identifies the security policy for the software part, is signed with a security information digital signature, and is associated with the software part, wherein the security policy specifies how the software part is checked based on whether the software part is critical or non-critical, and wherein the software part is signed with a software part digital signature that is included with the software part;
  
  checking the security information digital signature, by the processor unit on the vehicle, to determine whether the security information is correct based on the security information, such that the security information identifies an acceptable digital signature for the software part digital signature, an acceptable certificate authority, and an approved system on which the software part is approved to be used; and
  
  in response to a determination that the security information is correct, using the signed security information to check the software part, by the processor unit on the vehicle, to determine whether the software part is correct.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14 further comprising:
    - storing the security information for the software part on the vehicle in response to the determination that the security information is correct.
  - 16. The method of claim 14, wherein the security information comprises part identification information identifying the software part to which the security policy applies, selected from:
    - a part number for the software part;
      
      a range of part numbers, wherein the part number for the software part is within the range of part numbers;
      
      a part name for the software part;
      
      a hash value for the software part; and
      
      part type information identifying a type of the software part.
  - 17. The method of claim 14, wherein the security information identifies approved systems on the vehicle on which the software part is approved to be loaded and further comprising loading the software part on the approved systems in response to a determination that the software part is correct.
  - 18. The method of claim 14, wherein:
    - the software part is signed with the software part digital signature for the software part; and
      
      the security information identifies at least one of;
      
      a number of acceptable digital certificates for the software part digital signature, anda number of acceptable certificate authorities for issuing digital certificates for the software part digital signature.
  - 19. The method of claim 14, wherein the vehicle is an aircraft and the software part is for a line-replaceable unit on the aircraft.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Kimberly, Gregory A.
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Stoica, Adrian

Application Number

US14/297,729
Publication Number

US 20150356319A1
Time in Patent Office

1,250 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/64 Protecting data integrity, ...

Security information for software parts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Security information for software parts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links