News Column

Patent Issued for Secure Versioning of Software Packages

June 19, 2014



By a News Reporter-Staff News Editor at Computer Weekly News -- A patent by the inventors Semenzato, Luigi (Oakland, CA); Drewry, William Alexander (Nashville, TN); Shah, Gaurav (Mountain View, CA); Spangler, Randall (San Jose, CA); Gwalani, Sumit (Sunnyvale, CA), filed on January 14, 2011, was published online on June 3, 2014, according to news reporting originating from Alexandria, Virginia, by VerticalNews correspondents.

Patent number 8745612 is assigned to Google Inc. (Mountain View, CA).

The following quote was obtained by the news editors from the background information supplied by the inventors: "Software programs, such as operating systems, firmware, and applications, are prone to security flaws. These flaws, although initially hidden or unidentified, may eventually be identified, and become widely known. In order to fix these security flaws and/or fix other problems, such as compatibility issues, software programs may be updated through patches or upgrades.

"However, even after a software program has been patched to fix a security flaw, malicious attackers may attempt to take advantage of security flaws in an older version through a 'rollback attack.' In a rollback attack, a malicious attacker attempts to install an older version of a software program with known security vulnerabilities. If the older version is successfully installed and executed, then the attacker may capitalize on the known security vulnerabilities."

In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventors' summary information for this patent: "Embodiments relate to secure versioning of software packages. In one embodiment, a method for restricting installation and execution of a superseded software program includes storing a locked version number associated with a software program and receiving a request to update the software program with an update package associated with a package number. The method further includes comparing the package number with the locked version number, determining whether to update the software program based at least in part on the comparison, updating the software program with the update package when the package number is at least as recent as the locked version number, and restricting the updating of the software program with the update package when the package number is earlier than the locked version number.

"In another embodiment, a method for restricting execution of a superseded software program includes storing a locked version number associated with a software program and receiving a request to execute the software program associated with an execution version number. The method further includes comparing the execution version number with the locked version number, determining whether to execute the software package based at least in part on the comparison, executing the software program when the execution version number is at least as recent as the locked version number, and restricting the execution of the software program when the execution version number is earlier than the locked version number.

"In another embodiment, a system for restricting installation and execution of superseded software program includes a locked version number storage for storing a locked version number associated with a software program, a software package updater for updating the software program with an update package associated with a package number, and a version comparator for comparing a package number of the software program with the locked version number.

"In one embodiment, a computer program product includes a computer readable storage medium having control logic stored therein for causing a computer to restrict installation of a superseded software program. The control logic includes a first computer readable program code that stores a locked version number associated with a software program and a second computer readable program code that receives a request to update the software program with an update package associated with a package number. The control logic further includes a third computer readable program code that compares the package number with the locked version number, a fourth computer readable program code that determines whether to update the software program based at least in part on the comparison, a fifth computer readable program code that updates the software program with the update package when the package number is at least as recent as the locked version number, and a sixth computer readable program code that restricts the updating of the software program with the update package when the package number is earlier than the locked version number.

"Further embodiments, features, and advantages, as well as the structure and operation of the various embodiments, are described in detail below with reference to the accompanying drawings."

URL and more information on this patent, see: Semenzato, Luigi; Drewry, William Alexander; Shah, Gaurav; Spangler, Randall; Gwalani, Sumit. Secure Versioning of Software Packages. U.S. Patent Number 8745612, filed January 14, 2011, and published online on June 3, 2014. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=8745612.PN.&OS=PN/8745612RS=PN/8745612

Keywords for this news article include: Software, Google Inc..

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Computer Weekly News