WO2014066349A1 - Configuration file updater - Google Patents
Configuration file updater Download PDFInfo
- Publication number
- WO2014066349A1 WO2014066349A1 PCT/US2013/066117 US2013066117W WO2014066349A1 WO 2014066349 A1 WO2014066349 A1 WO 2014066349A1 US 2013066117 W US2013066117 W US 2013066117W WO 2014066349 A1 WO2014066349 A1 WO 2014066349A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- update
- configuration
- computing device
- configuration setting
- metadata
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
- G06F15/177—Initialisation or configuration control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Definitions
- a method for updating configuration information includes, in a computing device including a processor, memory, and an operating system, initiating an update to at least one configuration setting of the computing device.
- the update may be downloaded from at least one update data source.
- the update may include configuration update data and configuration update metadata.
- the update may be verified by comparing the configuration update metadata with metadata associated with a current version of the at least one configuration setting.
- the update may be installed if it is verified.
- the update to the at least one configuration setting may be installed based on intent from an unsecure component of the computing device.
- the unsecure component may include content consuming application installed on the device, a component of a computing platform of the device, and/or an update-seeker application installed on the device.
- a non- transitory, machine-readable storage medium having stored thereon a computer program having at least one code section for updating configuration information.
- the at least one code section may be executable by a machine including a processor, memory, and an operating system, for causing the machine to perform a method including initiating an update to at least one configuration setting of the computing device.
- the update may be downloaded from at least one update data source.
- the update may include configuration update data and configuration update metadata.
- the downloaded update may be verified by comparing the configuration update metadata with metadata associated with a current version of the at least one configuration setting. If the update is verified, the update to the at least one configuration setting may be installed.
- FIG. 1 is a block diagram illustrating an example architecture including a computing device with configuration file updating capabilities communicating with update data sources, in accordance with an example embodiment of the disclosure.
- FIG. 2A is a block diagram illustrating an example architecture of a configuration file updater, in accordance with an example embodiment of the disclosure.
- FIG. 2B is a flow chart illustrating example steps of a method for enabling a configuration updater, in accordance with an example embodiment of the disclosure.
- FIG. 3 is a flow chart illustrating example steps of a method for updating configuration information, in accordance with an example embodiment of the disclosure.
- circuits and circuitry refer to physical electronic components (i.e. hardware) and any software and/or firmware ("code") which may configure the hardware, be executed by the hardware, and or otherwise be associated with the hardware.
- code software and/or firmware
- and/or means any one or more of the items in the list joined by “and/or”.
- x and/or y means any element of the three-element set ⁇ (x), (y), (x, y) ⁇ .
- x, y, and/or z means any element of the seven-element set ⁇ (x), (y), (z), (x, y), (x, z), (y, z), (x, y, z) ⁇ .
- the term "e.g.,” introduces a list of one or more non-limiting examples, instances, or illustrations.
- the term "processor” may be used to refer to one or more of a central processing unit, a processor of a symmetric or asymmetric multiprocessor system, a digital signal processor, a micro-controller, a graphics/video processor, or another type of processor.
- Targeted configuration data may be delivered only to specific clients using a server (e.g., only clients using a specific API version may be targeted).
- the server may initially verify that the client is in a known state prior to installing the configuration.
- the known state may be confirmed by comparing the hash of the client's current configuration with a known hash of a desired (intended) configuration. If the hashes do not match, then it may be concluded that the client's current configuration is not the desired configuration (i.e., the client is not in the known state so the configuration should not be installed).
- unique configuration features in a subset of clients may be detected, included in the common configuration data, and then the common configuration data may be populated to a remaining subset of clients that originally did not have the unique feature.
- the targeted configuration data updates disclosed herein may be implemented for, for example, certificate pinning, premium SMS detection (update in premium service phone numbers used by one or more device applications), time zone information or settings updates (time zone information is country-specific and may need to be updated regularly for a traveling user) and other areas (e.g., targeted updating of configuration data for specific clients, as mentioned in the preceding paragraph).
- a configuration file updater may be used to provision, for example, small-to-medium amounts of configuration data to computing devices in a device ecosystem (e.g., mobile device ecosystem). More specifically, the configuration file updater may be used to provide a mechanism for updating not-trivially- small amounts of data (e.g., 1 KB-1 MB of data), while separating platform configuration features from core services provided by the operating system (OS) manager.
- OS operating system
- FIG. 1 is a block diagram illustrating an example architecture including a computing device with configuration file updating capabilities communicating with update data sources, in accordance with an example embodiment of the disclosure.
- the example architecture 10 may comprise a computing device 100 and update data sources 124.
- the computing device 100 may include a handset, a smartphone, a tablet, a laptop, and/or another handheld or portable device.
- the computing device 100 may comprise, for example, a main processor 102, a system memory 104, a communication subsystem 106, a sensory subsystem 108, an input/output (I/O) subsystem 1 10, and a display 120.
- the computing device may also comprise an operating system 1 12, one or more applications 1 16, 1 18 running on the computing device 100, and update initiators 122.
- the operating system 1 12 may comprise an update fetcher 1 14a, an update verifier 1 14b, and an update installer 1 14c.
- the main processor 102 may comprise suitable logic, circuitry, interfaces, and/or code that may be operable to process data, and/or control and/or manage operations of the computing device 100, and/or tasks and/or applications performed therein in connection with the anonymization framework 100.
- the main processor 102 may be operable to configure and/or control operations of various components and/or subsystems of the computing device 100, by utilizing, for example, one or more control signals.
- the main processor 102 enables running and/or execution of applications, programs and/or code (e.g., one or more applications 1 16, 1 18, the update initiators 122, and/or the update fetcher, verifier and installer 1 14a-1 14c within the operating system 1 12), which may be stored, for example, in the system memory 104.
- applications programs and/or code
- one or more dedicated application processors may be utilized for running and/or executing applications (or programs) (e.g., one or more applications 1 16, 1 18, the update initiators 122, and/or the update fetcher, verifier and installer 1 14a- 1 14c within the operating system 1 12) in the computing device 100.
- one or more of the applications 1 16, 1 18 running and/or executing on the computing device 100 may generate and/or update video content that may be rendered via the display 120.
- the system memory 104 may comprise suitable logic, circuitry, interfaces, and/or code that may enable permanent and/or non-permanent storage, buffering, and/or fetching of data, code and/or other information, which may be used, consumed, and/or processed.
- the system memory 104 may comprise different memory technologies, including, for example, read-only memory (ROM), random access memory (RAM), Flash memory, solid-state drive (SSD), and/or field-programmable gate array (FPGA).
- the system memory 104 may store, for example, configuration data, which may comprise parameters and/or code, comprising software and/or firmware (e.g., the operating system 1 12, the update initiators 122 and/or the one or more applications 1 16, 1 18).
- the communication subsystem 106 may comprise suitable logic, circuitry, interfaces, and/or code operable to communicate data from and/or to the computing device, such as via one or more wired and/or wireless connections 107.
- the communication subsystem 106 may be configured to support one or more wired protocols (e.g., Ethernet standards, MOCA, etc.) and/or wireless protocols or interfaces (e.g., CDMA, WCDMA, TDMA, GSM, GPRS, UMTS, EDGE, EGPRS, OFDM, TD-SCDMA, HSDPA, LTE, WiMAX, WiFi, Bluetooth, and/or any other available wireless protocol/interface), facilitating transmission and/or reception of signals to and/or from the computing device 100, and/or processing of transmitted or received signals in accordance with applicable wired or wireless protocols.
- wired protocols e.g., Ethernet standards, MOCA, etc.
- wireless protocols or interfaces e.g., CDMA, WCDMA, TDMA, GSM, GPRS
- signal processing operations may comprise filtering, amplification, analog-to-digital conversion and/or digital-to-analog conversion, up-conversion/down-conversion of baseband signals, encoding/decoding, encryption/ decryption, and/or modulation/demodulation.
- the communication subsystem 106 may provide wired and/or wireless connections to, for example, the analysis server 130 via the wired and/or wireless connections 107.
- the sensory subsystem 108 may comprise suitable logic, circuitry, interfaces, and/or code for obtaining and/or generating sensory information, which may relate to the computing device 100, its user(s), and/or its environment.
- the sensory subsystem 108 may comprise positional or locational sensors (e.g., GPS or other GNSS based sensors), ambient conditions (e.g., temperature, humidity, or light) sensors, and/or motion related sensors (e.g., accelerometer, gyroscope, pedometers, and/or altimeters).
- the I/O subsystem 1 10 may comprise suitable logic, circuitry, interfaces, and/or code for enabling user interactions with the computing device 100, enabling obtaining input from user(s) and/or to providing output to the user(s).
- the I/O subsystem 1 10 may support various types of inputs and/or outputs, including, for example, video, audio, and/or textual.
- dedicated I/O devices and/or components external to or integrated within the computing device 100, may be utilized for inputting and/or outputting data during operations of the I/O subsystem 1 10.
- Example I/O devices may comprise displays, mice, keyboards, touchscreens, voice input interfaces, and other input/output interfaces or devices.
- the I/O subsystem 1 10 may be operable to generate and/or process video content, graphics, and/or textual data, and/or generate video frames based thereon for display, via the display 120 for example.
- the display 120 may comprise suitable logic, circuitry, interfaces and/or code that may enable displaying of video content, which may be handled and/or processed via the I/O subsystem 1 10.
- the display 120 may be used in outputting video data.
- the operating system 1 12 may include software that is used to manage the various hardware resources of the computing device 100.
- the operating system 1 12 may also be used to provide common services to computer programs or applications, such as the one or more applications 1 16, 1 18.
- the operating system 1 12 may act as an intermediary between the hardware components and the one or more applications 1 16, 1 18.
- processes in the operating system 1 12 e.g., the update fetcher, verifier and installer 1 14a-1 14c
- the update verifier 1 14b and the update installer 1 14c may be secure (or trusted) components of the OS 1 12.
- the update initiators 122 may comprise suitable circuitry, logic and/or code and may be operable to initiate one or more updates to at least one configuration setting of the computing device 100. As illustrated in FIG. 1 , the update initiators 122 may be implemented outside of the core operating system (OS) 1 12 (a more detailed view of example update initiators is illustrated and discussed in reference to FIG. 2A). In this regard, the update initiators 122 may be implemented as, for example, a content consuming application installed on the computing device (e.g., one or more of the applications 1 16, 1 18), a component of a computing platform of the computing device 100, and/or an update-seeker application installed on the computing device.
- OS core operating system
- the update-seeker application may be a device-native application that periodically monitors an external network device (e.g., monitors the update data sources 124 via the wired or wireless connection 107) for updates to the OS 1 12 and/or to one or more configuration settings of the computing device 100. Since the update initiators 122 may include unsecure code or applications, an update to a configuration setting may be initiated by an intent (command) from an untrusted (or unsecure) component of the update initiators 122.
- the one or more applications 1 16, 1 18 may include one or more software applications (i.e., computer programs) that may help a user of the computing device 100 perform a specific task.
- a software application may include an interactive application that displays content to a user and allows the user to provide input as to the manner in which the content is provided and/or the type of content that is provided.
- the one or more applications 1 16, 1 18 may access the CPU 102, the memory 104, and/or any other circuit within the computing device 100, as well as the operating system 1 12.
- the update data sources 124 may comprise suitable circuitry, logic and/or code and may include one or more unsecure or secure sources of updates to configuration settings and/or to the OS 1 12 for the computing device 100 (and/or other similar devices within a device ecosystem using the OS 1 12).
- a configuration file update may be initiated via an intent (e.g., a command) from a component of the update initiators 122 (e.g., a content consumer, a computing platform, and/or a monitoring service, for example).
- the content consumer, computing platform, and monitoring service may be unsecure components that may require software updates, as explained in greater detail in reference to FIG. 2A.
- the update fetcher 1 14a may be operable to download the update content from the update data sources 124.
- the update content may include, for example, configuration update data and configuration update metadata, which may be used to authenticate the configuration update data (as explained in more detail herein below in reference to FIG. 2A).
- the update verifier 1 14b (which is a secure, or trusted, component of the OS 1 12) may verify the update data and the update metadata. If the update data is verified, it may be sent to the update installer 1 14c (also a secure, or trusted, component of the OS 1 12), which may install the configuration file update.
- FIG. 2A is a block diagram illustrating an example architecture of a configuration file updater, in accordance with an example embodiment of the disclosure.
- the example architecture 200 may comprise the update initiators 122, the update data sources 124, and the update pipeline 123.
- the update initiators 122 may comprise suitable circuitry, logic and/or code and may include a content consumer 202, computing platform 204, and monitoring service 206.
- the content consumer 202 may comprise, for example, one or more content consuming application installed on the computing device (e.g., one or more of the applications 1 16, 1 18).
- Such content consuming applications may require various updates, such as updates to application configuration settings.
- the configuration settings may be associated with, for example, certificate pinning, premium SMS services (e.g., updates to premium SMS toll phone numbers used by the application), and/or time zone information, which may vary from country to country.
- the computing platform 204 may comprise, for example, a component of a computing platform of the computing device 100, which computing platform may require (from time to time) configuration file updates (e.g., update to one or more configuration settings).
- the monitoring service 206 may comprise, for example, an update-seeker application installed on the computing device 100. The monitoring service 206 may, at regular intervals, monitor the update data source 124 for any updates to the OS 1 12 and/or one or more configuration settings of the device 100.
- the update initiators 122 may include components that send an appropriate intent (e.g., a command or request) for configuration file updates to the update fetcher 1 14a.
- an appropriate intent e.g., a command or request
- this functionality may be automatically handled by the monitoring service 206. Otherwise, the update intent (or command) may be send by the content consumer 202 directly to the update fetcher 1 14a.
- the update pipeline 123 may comprise the update fetcher 1 14a, the update verifier 1 14b and the update installer 1 14c (the verifier and installer being secure or trusted components of the OS 1 12).
- the update pipeline 123 has two major components: an untrusted update fetcher 1 14a, which is responsible for downloading signed content (e.g., the software updates), and the (trusted) verifier/installer components 1 14b-1 14c.
- Each of these components may comprise a base component that performs the majority of corresponding functions of the component, and a per-consumer component that may specialize the component for more finely-grained control.
- the update fetcher 1 14a may be implemented as BroadcastReceiver/Service pair.
- the broadcast receiver may exist to listen for incoming intents indicating either: (a) an update initiator (122) would like to start a new update, or (b) that a previous update has progressed to the point where it needs further attention. These events may start the appropriate service by the update fetcher 1 14a, which may cause the update fetcher 1 14a to download update content and metadata, perform initial data preprocessing of the downloaded update, and then hand the data off to the update verifier 1 14b and installer 1 14c.
- the update fetcher 1 14a may be operable to contact one or more update data sources 124 to download the necessary configuration file updates needed by the update initiators 122.
- the initial intents received by the update fetcher 1 14a and used to initiate an update may include URLs (as well as file paths), from which the update fetcher 1 14a may retrieve the update. This process may be useful for, for example, testing and sideloading. However, unverified updates downloaded by the update fetcher 1 14a may not be unconditionally trusted since any of the applications 1 16, 1 18 (or any of the update initiators 122) may send the intent (command) initiating a configuration file update.
- the update verifier 1 14b and installer 1 14c may be implemented as, for example, a BroadcastReceiver as part of a system server (separately or as a single module).
- the verifier 1 14b and installer 1 14c may listen for intents matching the action specified for its particular per- consumer component with the following additional data (which may be part of the content update data and/or content update metadata downloaded by the update fetcher 1 14a from the update data sources 124):
- the update verifier 1 14b may verify (e.g., by pulling a certificate from Settings. Secure): (a) that the hash of the current data matches the one required by the update; (b) that the version in the update is greater than the currently installed version; and/or (c) that the signature provided matches the above data.
- the update installer 1 14c may copy the update content to a trusted location (e.g., on disk of the computing device 100 or memory 104) and the update may be complete.
- the update verifier 1 14b may use configuration file metadata of the update received from the update data source 124, and may verify that the hash of the current update data (e.g., the current version of the specific configuration component that is being updated) matches the one required by the update (i.e., the update data has metadata that includes a hash, and the update data hash has to match the hash of the current version of the configuration component, otherwise the update may not be installed).
- the device may be prompted to download the missing configuration updates, or such missing intermediate configuration updates may be automatically installed.
- the update verifier 1 14b may also use the metadata of the update received from the update data source 124, and may verify that the version in the update is greater than the currently installed version of the configuration component or file, and that the signature provided in the update metadata matches the above update data.
- Update data sources 124 may include device file system 208, a third party URL
- the device file system 208 may comprise suitable circuitry, logic and/or code and may include, for example, an external data source (e.g., an SD card) with configuration file update data and update metadata.
- the SD card may be inserted in the computing device 100 and the update fetcher 1 14a may download the configuration file update from the SD card.
- the third party URL 210 may comprise suitable circuitry, logic and/or code and may include web-accessible Internet page, where the configuration file update may be downloaded from.
- the configuration server 212 may comprise suitable circuitry, logic and/or code and may include one or more remote network servers, which the computing device 100 may access via wired/wireless connection 107 to download the configuration file update.
- Update data provided by the update data sources 124 may have certain restrictions, such as:
- (c) It may be of limited size (e.g., not larger than 1 MB).
- the configuration update metadata may be in the following form:
- ⁇ sig> may be a base64-encoded SHA512withRSA signature
- ⁇ int> may be a base-10 integer in the range of [0, lnteger.MAX_VALUE)
- ⁇ hash> may be a base-16 SHA512 hash of the current value or "0”, if the currently downloaded configuration file update is the first update, or NONE if this value should not be checked.
- the configuration update data content may comprise arbitrary data, including binary blobs.
- FIG. 2B is a flow chart illustrating example steps of a method for enabling a configuration updater, in accordance with an example embodiment of the disclosure.
- a configuration updater e.g., as illustrated in FIG. 2
- a request for updated content may be received from a file (e.g., by implementing/using one or more of the update initiators 122 for providing update intent).
- a platform verifier and installer may be implemented (e.g., 1 14b-1 14c).
- an update fetcher e.g., 1 14a
- a monitoring service application e.g., 206) may be implemented.
- the monitoring service application may include an update-seeker application installed on the computing device 100.
- the monitoring service 206 may, at regular intervals, monitor the update data source 124 for any updates to the OS 1 12 and/or one or more configuration settings of the device 100.
- update data sources e.g., 124
- configuration update content available for download.
- the update initiators 122 may provide for one or more options in resolving a configuration update in instances when a device that has been offline for a long period of time (e.g., for months) and then comes back up. In this case, missing updates may be automatically downloaded and installed, or the device may be prompted to do so upon user approval.
- the update initiators 122 may also provide various notifications of completed configuration updates (e.g., prior to update or after successful update install).
- FIG. 3 is a flow chart illustrating example steps of a method for updating configuration information, in accordance with an example embodiment of the disclosure.
- the example method 300 may start at 302, when an update to at least one configuration setting of a computing device 100 may be initiated (e.g., by one or more of the update initiators 122).
- the update may be downloaded (by the update fetcher 1 14a) from at least one update data source (e.g., 208-212 in 124).
- the update may include configuration update data and configuration update metadata (as explained herein above).
- the downloaded update may be verified (e.g., by the update verifier 1 14b) by comparing a hash value in the configuration update metadata with a hash value in the metadata associated with a current version of the at least one configuration setting.
- the hash value within the configuration update metadata indicates that the update is a next immediate version from the current version of the at least one configuration setting (e.g., the hash value within the configuration update metadata matches a hash value of the current version of the at least one configuration setting). If there is a match, at 310, the update is installed. If there is no match, at 312, the update is rejected and not installed. Optionally, any missing configuration updates may be installed automatically or with user approval.
- implementations may provide a non-transitory computer readable medium and/or storage medium, and/or a non-transitory machine readable medium and/or storage medium, having stored thereon, a machine code and/or a computer program having at least one code section executable by a machine and/or a computer, thereby causing the machine and/or computer to perform the steps as described herein for updating configuration information.
- the present method and/or system may be realized in hardware, software, or a combination of hardware and software.
- the present method and/or system may be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other system adapted for carrying out the methods described herein is suited.
- a typical combination of hardware and software may be a general-purpose computer system with a hardware processor, memory, and a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.
- the present method and/or system may also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which when loaded in a computer system is able to carry out these methods.
- Computer program in the present context means any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to another language, code or notation; b) reproduction in a different material form.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Information Transfer Between Computers (AREA)
- Stored Programmes (AREA)
Abstract
A method for updating configuration information includes, in a computing device including a processor, memory, and an operating system, initiating an update to at least one configuration setting of the computing device. The update may be downloaded from at least one update data source. The update may include configuration update data and configuration update metadata. The update may be verified by comparing the configuration update metadata with metadata associated with a current version of the at least one configuration setting. The update may be installed if it is verified. The update to the at least one configuration setting may be installed based on an intent from an unsecure component of the computing device. The unsecure component may include content consuming application installed on the device, a component of a computing platform of the device, and/or an update-seeker application installed on the device.
Description
CONFIGURATION FILE UPDATER
BACKGROUND
[0001 ] Conventional software updates pushed to, or downloaded by, computing devices do not include updates to configuration settings of the computing device. Additionally, when configuration settings are communicated to a computing device, there may be incompatibility between the current version of the configuration settings and the new (updated) version of the configuration settings (e.g., if the computing device has been turned off for an extended period of time, the device may have skipped an update version of the configuration settings). Furthermore, many third party applications may attempt to download malicious code in the form of configuration data.
[0002] Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of such approaches with some aspects of the present method and apparatus set forth in the remainder of this disclosure with reference to the drawings.
SUMMARY
[0003] A system and/or method is provided for configuration file updater, substantially as shown in and/or described in connection with at least one of the figures, as set forth more completely in the claims.
[0004] In accordance with an example embodiment of the disclosure, a method for updating configuration information includes, in a computing device including a processor, memory, and an operating system, initiating an update to at least one configuration setting of the computing device. The update may be downloaded from at least one update data source. The update may include configuration update data and configuration update metadata. The update may be verified by comparing the configuration update metadata with metadata associated with a current version of the at least one configuration setting. The update may be installed if it is verified. The update to the at least one configuration setting may be installed based on intent from an unsecure component of the computing device. The unsecure component may include content consuming application installed on the device, a component of a computing platform of the device, and/or an update-seeker application installed on the device.
[0005] In accordance with another example embodiment of the disclosure, a non- transitory, machine-readable storage medium may be disclosed, having stored thereon a computer program having at least one code section for updating configuration information. The at least one code section may be executable by a machine including a processor, memory, and an operating system, for causing the machine to perform a method including initiating an update to at least one configuration setting of the computing device. The update may be downloaded from at least one update data source. The update may include configuration update data and configuration update metadata. The downloaded update may be verified by comparing the configuration update metadata with metadata associated with a current version of the at least one configuration setting. If the update is verified, the update to the at least one configuration setting may be installed.
[0006] These and other advantages, aspects and features of the present disclosure, as well as details of illustrated implementation(s) thereof, will be more fully understood from the following description and drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0007] FIG. 1 is a block diagram illustrating an example architecture including a computing device with configuration file updating capabilities communicating with update data sources, in accordance with an example embodiment of the disclosure.
[0008] FIG. 2A is a block diagram illustrating an example architecture of a configuration file updater, in accordance with an example embodiment of the disclosure.
[0009] FIG. 2B is a flow chart illustrating example steps of a method for enabling a configuration updater, in accordance with an example embodiment of the disclosure.
[0010] FIG. 3 is a flow chart illustrating example steps of a method for updating configuration information, in accordance with an example embodiment of the disclosure.
DETAILED DESCRIPTION
[001 1 ] As utilized herein the terms "circuits" and "circuitry" refer to physical electronic components (i.e. hardware) and any software and/or firmware ("code") which may configure the hardware, be executed by the hardware, and or otherwise be associated with the hardware. As utilized herein, "and/or" means any one or more of the items in the list joined by "and/or". As an example, "x and/or y" means any element of the three-element set {(x), (y), (x, y)}. As another example, "x, y, and/or z" means any element of the seven-element set {(x), (y), (z), (x, y), (x, z), (y, z), (x, y, z)}. As utilized herein, the term "e.g.," introduces a list of one or more non-limiting examples, instances, or illustrations. As utilized herein, the term "processor" may be used to refer to one or more of a central processing unit, a processor of a symmetric or asymmetric multiprocessor system, a digital signal processor, a micro-controller, a graphics/video processor, or another type of processor.
[0012] The present disclosure relates to a method and system for configuration file updater. Targeted configuration data may be delivered only to specific clients using a server (e.g., only clients using a specific API version may be targeted). The server may initially verify that the client is in a known state prior to installing the configuration. The known state may be confirmed by comparing the hash of the client's current configuration with a known hash of a desired (intended) configuration. If the hashes do not match, then it may be concluded that the client's current configuration is not the desired configuration (i.e., the client is not in the known state so the configuration should not be installed). Alternatively, unique configuration features in a subset of clients may be detected, included in the common configuration data, and then the common configuration data may be populated to a remaining subset of clients that originally did not have the unique feature. The targeted configuration data updates disclosed herein may be implemented for, for example, certificate pinning, premium SMS detection (update in premium service phone numbers used by one or more device applications), time zone information or settings updates (time zone information is country-specific and may need to be updated regularly for a traveling user) and other areas (e.g., targeted updating of configuration data for specific clients, as mentioned in the preceding paragraph).
[0013] In accordance with an example embodiment of the disclosure, a configuration file updater may be used to provision, for example, small-to-medium amounts of configuration data
to computing devices in a device ecosystem (e.g., mobile device ecosystem). More specifically, the configuration file updater may be used to provide a mechanism for updating not-trivially- small amounts of data (e.g., 1 KB-1 MB of data), while separating platform configuration features from core services provided by the operating system (OS) manager.
[0014] FIG. 1 is a block diagram illustrating an example architecture including a computing device with configuration file updating capabilities communicating with update data sources, in accordance with an example embodiment of the disclosure. Referring to FIG. 1 , the example architecture 10 may comprise a computing device 100 and update data sources 124.
[0015] The computing device 100 may include a handset, a smartphone, a tablet, a laptop, and/or another handheld or portable device. The computing device 100 may comprise, for example, a main processor 102, a system memory 104, a communication subsystem 106, a sensory subsystem 108, an input/output (I/O) subsystem 1 10, and a display 120. The computing device may also comprise an operating system 1 12, one or more applications 1 16, 1 18 running on the computing device 100, and update initiators 122. The operating system 1 12 may comprise an update fetcher 1 14a, an update verifier 1 14b, and an update installer 1 14c.
[0016] The main processor 102 may comprise suitable logic, circuitry, interfaces, and/or code that may be operable to process data, and/or control and/or manage operations of the computing device 100, and/or tasks and/or applications performed therein in connection with the anonymization framework 100. In this regard, the main processor 102 may be operable to configure and/or control operations of various components and/or subsystems of the computing device 100, by utilizing, for example, one or more control signals. The main processor 102 enables running and/or execution of applications, programs and/or code (e.g., one or more applications 1 16, 1 18, the update initiators 122, and/or the update fetcher, verifier and installer 1 14a-1 14c within the operating system 1 12), which may be stored, for example, in the system memory 104. Alternatively, one or more dedicated application processors may be utilized for running and/or executing applications (or programs) (e.g., one or more applications 1 16, 1 18, the update initiators 122, and/or the update fetcher, verifier and installer 1 14a- 1 14c within the operating system 1 12) in the computing device 100.
[0017] In some instances, one or more of the applications 1 16, 1 18 running and/or executing on the computing device 100 may generate and/or update video content that may be rendered via the display 120.
[0018] The system memory 104 may comprise suitable logic, circuitry, interfaces, and/or code that may enable permanent and/or non-permanent storage, buffering, and/or fetching of data, code and/or other information, which may be used, consumed, and/or processed. In this regard, the system memory 104 may comprise different memory technologies, including, for example, read-only memory (ROM), random access memory (RAM), Flash memory, solid-state drive (SSD), and/or field-programmable gate array (FPGA). The system memory 104 may store, for example, configuration data, which may comprise parameters and/or code, comprising software and/or firmware (e.g., the operating system 1 12, the update initiators 122 and/or the one or more applications 1 16, 1 18).
[0019] The communication subsystem 106 may comprise suitable logic, circuitry, interfaces, and/or code operable to communicate data from and/or to the computing device, such as via one or more wired and/or wireless connections 107. The communication subsystem 106 may be configured to support one or more wired protocols (e.g., Ethernet standards, MOCA, etc.) and/or wireless protocols or interfaces (e.g., CDMA, WCDMA, TDMA, GSM, GPRS, UMTS, EDGE, EGPRS, OFDM, TD-SCDMA, HSDPA, LTE, WiMAX, WiFi, Bluetooth, and/or any other available wireless protocol/interface), facilitating transmission and/or reception of signals to and/or from the computing device 100, and/or processing of transmitted or received signals in accordance with applicable wired or wireless protocols. In this regard, signal processing operations may comprise filtering, amplification, analog-to-digital conversion and/or digital-to-analog conversion, up-conversion/down-conversion of baseband signals, encoding/decoding, encryption/ decryption, and/or modulation/demodulation. In accordance with an embodiment of the disclosure, the communication subsystem 106 may provide wired and/or wireless connections to, for example, the analysis server 130 via the wired and/or wireless connections 107.
[0020] The sensory subsystem 108 may comprise suitable logic, circuitry, interfaces, and/or code for obtaining and/or generating sensory information, which may relate to the computing device 100, its user(s), and/or its environment. For example, the sensory subsystem
108 may comprise positional or locational sensors (e.g., GPS or other GNSS based sensors), ambient conditions (e.g., temperature, humidity, or light) sensors, and/or motion related sensors (e.g., accelerometer, gyroscope, pedometers, and/or altimeters).
[0021 ] The I/O subsystem 1 10 may comprise suitable logic, circuitry, interfaces, and/or code for enabling user interactions with the computing device 100, enabling obtaining input from user(s) and/or to providing output to the user(s). The I/O subsystem 1 10 may support various types of inputs and/or outputs, including, for example, video, audio, and/or textual. In this regard, dedicated I/O devices and/or components, external to or integrated within the computing device 100, may be utilized for inputting and/or outputting data during operations of the I/O subsystem 1 10. Example I/O devices may comprise displays, mice, keyboards, touchscreens, voice input interfaces, and other input/output interfaces or devices. With respect to video outputs, the I/O subsystem 1 10 may be operable to generate and/or process video content, graphics, and/or textual data, and/or generate video frames based thereon for display, via the display 120 for example.
[0022] The display 120 may comprise suitable logic, circuitry, interfaces and/or code that may enable displaying of video content, which may be handled and/or processed via the I/O subsystem 1 10. The display 120 may be used in outputting video data.
[0023] The operating system 1 12 may include software that is used to manage the various hardware resources of the computing device 100. The operating system 1 12 may also be used to provide common services to computer programs or applications, such as the one or more applications 1 16, 1 18. The operating system 1 12 may act as an intermediary between the hardware components and the one or more applications 1 16, 1 18. In some implementations, processes in the operating system 1 12 (e.g., the update fetcher, verifier and installer 1 14a-1 14c) may be used to download, verify and install one or more configuration file updates. In accordance with an example embodiment of the disclosure, the update verifier 1 14b and the update installer 1 14c may be secure (or trusted) components of the OS 1 12.
[0024] The update initiators 122 may comprise suitable circuitry, logic and/or code and may be operable to initiate one or more updates to at least one configuration setting of the computing device 100. As illustrated in FIG. 1 , the update initiators 122 may be implemented outside of the core operating system (OS) 1 12 (a more detailed view of example update
initiators is illustrated and discussed in reference to FIG. 2A). In this regard, the update initiators 122 may be implemented as, for example, a content consuming application installed on the computing device (e.g., one or more of the applications 1 16, 1 18), a component of a computing platform of the computing device 100, and/or an update-seeker application installed on the computing device. The update-seeker application may be a device-native application that periodically monitors an external network device (e.g., monitors the update data sources 124 via the wired or wireless connection 107) for updates to the OS 1 12 and/or to one or more configuration settings of the computing device 100. Since the update initiators 122 may include unsecure code or applications, an update to a configuration setting may be initiated by an intent (command) from an untrusted (or unsecure) component of the update initiators 122.
[0025] The one or more applications 1 16, 1 18 may include one or more software applications (i.e., computer programs) that may help a user of the computing device 100 perform a specific task. For example, a software application may include an interactive application that displays content to a user and allows the user to provide input as to the manner in which the content is provided and/or the type of content that is provided. To perform a task (e.g., web browsing, video playback, etc.), the one or more applications 1 16, 1 18 may access the CPU 102, the memory 104, and/or any other circuit within the computing device 100, as well as the operating system 1 12.
[0026] The update data sources 124 may comprise suitable circuitry, logic and/or code and may include one or more unsecure or secure sources of updates to configuration settings and/or to the OS 1 12 for the computing device 100 (and/or other similar devices within a device ecosystem using the OS 1 12).
[0027] In operation, a configuration file update may be initiated via an intent (e.g., a command) from a component of the update initiators 122 (e.g., a content consumer, a computing platform, and/or a monitoring service, for example). The content consumer, computing platform, and monitoring service may be unsecure components that may require software updates, as explained in greater detail in reference to FIG. 2A. The update fetcher 1 14a may be operable to download the update content from the update data sources 124. The update content may include, for example, configuration update data and configuration update metadata, which may be used to authenticate the configuration update data (as explained in
more detail herein below in reference to FIG. 2A). The update verifier 1 14b (which is a secure, or trusted, component of the OS 1 12) may verify the update data and the update metadata. If the update data is verified, it may be sent to the update installer 1 14c (also a secure, or trusted, component of the OS 1 12), which may install the configuration file update.
[0028] FIG. 2A is a block diagram illustrating an example architecture of a configuration file updater, in accordance with an example embodiment of the disclosure. Referring to FIG. 2A, the example architecture 200 may comprise the update initiators 122, the update data sources 124, and the update pipeline 123.
[0029] The update initiators 122 may comprise suitable circuitry, logic and/or code and may include a content consumer 202, computing platform 204, and monitoring service 206. The content consumer 202 may comprise, for example, one or more content consuming application installed on the computing device (e.g., one or more of the applications 1 16, 1 18). Such content consuming applications may require various updates, such as updates to application configuration settings. The configuration settings may be associated with, for example, certificate pinning, premium SMS services (e.g., updates to premium SMS toll phone numbers used by the application), and/or time zone information, which may vary from country to country.
[0030] The computing platform 204 may comprise, for example, a component of a computing platform of the computing device 100, which computing platform may require (from time to time) configuration file updates (e.g., update to one or more configuration settings). The monitoring service 206 may comprise, for example, an update-seeker application installed on the computing device 100. The monitoring service 206 may, at regular intervals, monitor the update data source 124 for any updates to the OS 1 12 and/or one or more configuration settings of the device 100.
[0031 ] The update initiators 122 may include components that send an appropriate intent (e.g., a command or request) for configuration file updates to the update fetcher 1 14a. In instances when it is desirable to have a server side drive the update cycle (e.g., a server hosting the update data sources 124), this functionality may be automatically handled by the monitoring service 206. Otherwise, the update intent (or command) may be send by the content consumer 202 directly to the update fetcher 1 14a.
[0032] The update pipeline 123 may comprise the update fetcher 1 14a, the update verifier 1 14b and the update installer 1 14c (the verifier and installer being secure or trusted components of the OS 1 12). In this regard, the update pipeline 123 has two major components: an untrusted update fetcher 1 14a, which is responsible for downloading signed content (e.g., the software updates), and the (trusted) verifier/installer components 1 14b-1 14c. Each of these components may comprise a base component that performs the majority of corresponding functions of the component, and a per-consumer component that may specialize the component for more finely-grained control.
[0033] Update Fetcher 114a
[0034] The update fetcher 1 14a may be implemented as BroadcastReceiver/Service pair. The broadcast receiver may exist to listen for incoming intents indicating either: (a) an update initiator (122) would like to start a new update, or (b) that a previous update has progressed to the point where it needs further attention. These events may start the appropriate service by the update fetcher 1 14a, which may cause the update fetcher 1 14a to download update content and metadata, perform initial data preprocessing of the downloaded update, and then hand the data off to the update verifier 1 14b and installer 1 14c. The update fetcher 1 14a may be operable to contact one or more update data sources 124 to download the necessary configuration file updates needed by the update initiators 122.
[0035] The initial intents received by the update fetcher 1 14a and used to initiate an update, may include URLs (as well as file paths), from which the update fetcher 1 14a may retrieve the update. This process may be useful for, for example, testing and sideloading. However, unverified updates downloaded by the update fetcher 1 14a may not be unconditionally trusted since any of the applications 1 16, 1 18 (or any of the update initiators 122) may send the intent (command) initiating a configuration file update.
[0036] Update Verifier 114b and Update Installer 114c
[0037] The update verifier 1 14b and installer 1 14c may be implemented as, for example, a BroadcastReceiver as part of a system server (separately or as a single module). The verifier 1 14b and installer 1 14c may listen for intents matching the action specified for its particular per- consumer component with the following additional data (which may be part of the content
update data and/or content update metadata downloaded by the update fetcher 1 14a from the update data sources 124):
• CONTENT_PATH- a local path to the untrusted content;
• REQUIRED_HASH- the hash of the current update data or "0", if none should exist;
• VERSION- the numeric version of the new data; and
• SIGNATURE- the SHA512 with RSA signature of the content, hash, and version.
[0038] Once it has this data, the update verifier 1 14b may verify (e.g., by pulling a certificate from Settings. Secure): (a) that the hash of the current data matches the one required by the update; (b) that the version in the update is greater than the currently installed version; and/or (c) that the signature provided matches the above data. Once the verification is complete, the update installer 1 14c may copy the update content to a trusted location (e.g., on disk of the computing device 100 or memory 104) and the update may be complete.
[0039] Put another way, the update verifier 1 14b may use configuration file metadata of the update received from the update data source 124, and may verify that the hash of the current update data (e.g., the current version of the specific configuration component that is being updated) matches the one required by the update (i.e., the update data has metadata that includes a hash, and the update data hash has to match the hash of the current version of the configuration component, otherwise the update may not be installed). In instances when the current hash does not match (e.g., if the device has been turned OFF for a long period of time, missing intermediate configuration updates), the device may be prompted to download the missing configuration updates, or such missing intermediate configuration updates may be automatically installed.
[0040] The update verifier 1 14b may also use the metadata of the update received from the update data source 124, and may verify that the version in the update is greater than the currently installed version of the configuration component or file, and that the signature provided in the update metadata matches the above update data.
[0041 ] Update data sources 124
[0042] The update data sources may include device file system 208, a third party URL
210 or a configuration server 212. The device file system 208 may comprise suitable circuitry, logic and/or code and may include, for example, an external data source (e.g., an SD card) with configuration file update data and update metadata. The SD card may be inserted in the computing device 100 and the update fetcher 1 14a may download the configuration file update from the SD card. The third party URL 210 may comprise suitable circuitry, logic and/or code and may include web-accessible Internet page, where the configuration file update may be downloaded from. The configuration server 212 may comprise suitable circuitry, logic and/or code and may include one or more remote network servers, which the computing device 100 may access via wired/wireless connection 107 to download the configuration file update.
[0043] Update data provided by the update data sources 124 may have certain restrictions, such as:
(a) It may be reachable via an http://, https:// or file:// URL;
(b) It may be served as two files: one containing update content and the other containing the update metadata specified above; and
(c) It may be of limited size (e.g., not larger than 1 MB).
[0044] The configuration update metadata may be in the following form:
SIGNATURE:<sig>
VERSION:<int>
REQUIRED_HASH:<hash>
[0045] Where <sig> may be a base64-encoded SHA512withRSA signature, <int> may be a base-10 integer in the range of [0, lnteger.MAX_VALUE), and <hash> may be a base-16 SHA512 hash of the current value or "0", if the currently downloaded configuration file update is the first update, or NONE if this value should not be checked. The configuration update data content may comprise arbitrary data, including binary blobs.
[0046] FIG. 2B is a flow chart illustrating example steps of a method for enabling a configuration updater, in accordance with an example embodiment of the disclosure. In accordance with an example embodiment of the disclosure, a configuration updater (e.g., as
illustrated in FIG. 2) may be enabled by perform the method 250, which may start at step 252, a request for updated content may be received from a file (e.g., by implementing/using one or more of the update initiators 122 for providing update intent). At 254, a platform verifier and installer may be implemented (e.g., 1 14b-1 14c). At 256, an update fetcher (e.g., 1 14a) may be implemented. At 258, a monitoring service application (e.g., 206) may be implemented. The monitoring service application may include an update-seeker application installed on the computing device 100. The monitoring service 206 may, at regular intervals, monitor the update data source 124 for any updates to the OS 1 12 and/or one or more configuration settings of the device 100. At 260, update data sources (e.g., 124) may be implemented, with configuration update content available for download.
[0047] The update initiators 122 may provide for one or more options in resolving a configuration update in instances when a device that has been offline for a long period of time (e.g., for months) and then comes back up. In this case, missing updates may be automatically downloaded and installed, or the device may be prompted to do so upon user approval. The update initiators 122 may also provide various notifications of completed configuration updates (e.g., prior to update or after successful update install).
[0048] FIG. 3 is a flow chart illustrating example steps of a method for updating configuration information, in accordance with an example embodiment of the disclosure. Referring to FIGS. 1-3, the example method 300 may start at 302, when an update to at least one configuration setting of a computing device 100 may be initiated (e.g., by one or more of the update initiators 122). At 304, the update may be downloaded (by the update fetcher 1 14a) from at least one update data source (e.g., 208-212 in 124). The update may include configuration update data and configuration update metadata (as explained herein above). At 306, the downloaded update may be verified (e.g., by the update verifier 1 14b) by comparing a hash value in the configuration update metadata with a hash value in the metadata associated with a current version of the at least one configuration setting.
[0049] At 308, it may be determined whether the hash value within the configuration update metadata indicates that the update is a next immediate version from the current version of the at least one configuration setting (e.g., the hash value within the configuration update metadata matches a hash value of the current version of the at least one configuration setting).
If there is a match, at 310, the update is installed. If there is no match, at 312, the update is rejected and not installed. Optionally, any missing configuration updates may be installed automatically or with user approval.
[0050] Other implementations may provide a non-transitory computer readable medium and/or storage medium, and/or a non-transitory machine readable medium and/or storage medium, having stored thereon, a machine code and/or a computer program having at least one code section executable by a machine and/or a computer, thereby causing the machine and/or computer to perform the steps as described herein for updating configuration information.
[0051 ] Accordingly, the present method and/or system may be realized in hardware, software, or a combination of hardware and software. The present method and/or system may be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other system adapted for carrying out the methods described herein is suited. A typical combination of hardware and software may be a general-purpose computer system with a hardware processor, memory, and a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.
[0052] The present method and/or system may also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which when loaded in a computer system is able to carry out these methods. Computer program in the present context means any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to another language, code or notation; b) reproduction in a different material form.
[0053] While the present method and/or apparatus has been described with reference to certain implementations, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the present method and/or apparatus. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the present disclosure without departing from
its scope. Therefore, it is intended that the present method and/or apparatus not be limited to the particular implementations disclosed, but that the present method and/or apparatus will include all implementations falling within the scope of the appended claims.
Claims
1. A method for updating configuration information, comprising: in a computing device including a processor, memory, and an operating system, initiating an update to at least one configuration setting of the computing device; downloading the update from at least one update data source, wherein the update comprises configuration update data and configuration update metadata; verifying the downloaded update by comparing the configuration update metadata with metadata associated with a current version of the at least one configuration setting; and if the update is verified, installing the update to the at least one configuration setting.
2. The method according to claim 1 , comprising: initiating the update to the at least one configuration setting based on an intent from an unsecure component of the computing device.
3. The method according to claim 2, wherein the unsecure component comprises one or more of: a content consuming application installed on the computing device; a component of a computing platform of the computing device; and
an update-seeker application installed on the computing device.
4. The method according to claim 1 , wherein the configuration update metadata comprises one or more of: a hash value, wherein the hash value is based on at least one configuration setting necessary for the update; a version number of the update; and a signature of the update.
5. The method according to claim 4, wherein the verifying comprises: comparing the hash value within the configuration update metadata with a hash value associated with the current version of the at least one configuration setting.
6. The method according to claim 5, comprising: installing the update, if the hash value within the configuration update metadata indicates that the update is a next immediate version from the current version of the at least one configuration setting; and rejecting the update, if the hash value within the configuration update metadata indicates that the update is not the next immediate version from the current version of the at least one configuration setting.
7. The method according to claim 6, comprising:
if the update is rejected, downloading at least one intermediate update to the at least one configuration setting of the computing device, wherein the hash value within the configuration update metadata indicates that the update is a next immediate version from the version of the at least one configuration setting after installation of the at least one intermediate update.
8. The method according to claim 1 , wherein the at least one configuration setting comprises one or more of: a configuration setting related to certificate pinning; a configuration setting related to premium SMS services available to the computing device; and a configuration setting related to time zone information.
9. A non-transitory, machine-readable storage medium, having stored thereon a computer program having at least one code section for updating configuration information, the at least one code section being executable by a machine including a processor, memory, and an operating system, for causing the machine to perform a method comprising: initiating an update to at least one configuration setting of the computing device; downloading the update from at least one update data source, wherein the update comprises configuration update data and configuration update metadata; verifying the downloaded update by comparing the configuration update metadata with metadata associated with a current version of the at least one configuration setting; and
if the update is verified, installing the update to the at least one configuration setting.
10. The non-transitory, machine-readable storage medium according to claim 9, wherein the at least one code section comprises code for: initiating the update to the at least one configuration setting based on an intent from an unsecure component of the computing device.
1 1 . The non-transitory, machine-readable storage medium according to claim 10, wherein the unsecure component comprises one or more of: a content consuming application installed on the computing device; a component of a computing platform of the computing device; and an update-seeker application installed on the computing device.
12. The non-transitory, machine-readable storage medium according to claim 9, wherein the configuration update metadata comprises one or more of: a hash value, wherein the hash value is based on at least one configuration setting necessary for the update; a version number of the update; and a signature of the update.
13. The non-transitory, machine-readable storage medium according to claim 12, wherein the verifying comprises code for: comparing the hash value within the configuration update metadata with a hash value associated with the current version of the at least one configuration setting.
14. The non-transitory, machine-readable storage medium according to claim 13, wherein the at least one code section comprises code for: installing the update, if the hash value within the configuration update metadata indicates that the update is a next immediate version from the current version of the at least one configuration setting; and rejecting the update, if the hash value within the configuration update metadata indicates that the update is not the next immediate version from the current version of the at least one configuration setting.
15. The non-transitory, machine-readable storage medium according to claim 14, wherein the at least one code section comprises code for: if the update is rejected, downloading at least one intermediate update to the at least one configuration setting of the computing device, wherein the hash value within the configuration update metadata indicates that the update is a next immediate version from the version of the at least one configuration setting after installation of the at least one intermediate update.
16. The non-transitory, machine-readable storage medium according to claim 9, wherein the at least one configuration setting comprises one or more of:
a configuration setting related to certificate pinning; a configuration setting related to premium SMS services available to the computing device; and a configuration setting related to time zone information.
17. A system for updating configuration information, comprising: a computing device including at least one processor, memory, and an operating system, the at least one processor operable to: initiate an update to at least one configuration setting of the computing device; download the update from at least one update data source, wherein the update comprises configuration update data and configuration update metadata; verify the downloaded update by comparing the configuration update metadata with metadata associated with a current version of the at least one configuration setting; and if the update is verified, install the update to the at least one configuration setting.
18. The system according to claim 17, wherein the at least one processor is operable to initiate the update to the at least one configuration setting based on an intent from an unsecure component of the computing device.
19. The system according to claim 18, wherein the unsecure component comprises one or more of:
a content consuming application installed on the computing device; a component of a computing platform of the computing device; and an update-seeker application installed on the computing device.
20. The system according to claim 17, wherein the configuration update metadata comprises one or more of: a hash value, wherein the hash value is based on at least one configuration setting necessary for the update; a version number of the update; and a signature of the update.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201380056567.4A CN104756076B (en) | 2012-10-28 | 2013-10-22 | Configuration file renovator |
EP13786098.7A EP2912547B1 (en) | 2012-10-28 | 2013-10-22 | Configuration file updater |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261719469P | 2012-10-28 | 2012-10-28 | |
US61/719,469 | 2012-10-28 | ||
US13/717,860 US9275006B2 (en) | 2012-10-28 | 2012-12-18 | Configuration file updater |
US13/717,860 | 2012-12-18 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014066349A1 true WO2014066349A1 (en) | 2014-05-01 |
Family
ID=49517749
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2013/066117 WO2014066349A1 (en) | 2012-10-28 | 2013-10-22 | Configuration file updater |
Country Status (4)
Country | Link |
---|---|
US (1) | US9275006B2 (en) |
EP (1) | EP2912547B1 (en) |
CN (1) | CN104756076B (en) |
WO (1) | WO2014066349A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3629610A4 (en) * | 2017-06-14 | 2020-07-01 | Huawei Technologies Co., Ltd. | Method and apparatus for managing embedded universal integrated circuit card configuration file |
EP3800545A4 (en) * | 2018-07-25 | 2021-08-18 | Samsung Electronics Co., Ltd. | Electronic device and control method thereof |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9819548B2 (en) * | 2013-01-25 | 2017-11-14 | Cisco Technology, Inc. | Shared information distribution in a computer network |
US9690593B2 (en) * | 2013-03-04 | 2017-06-27 | Dell Products L.P. | Server information handling system configuration from an end state definition file |
US9665366B2 (en) * | 2014-09-26 | 2017-05-30 | Oracle International Corporation | Creation of a software configuration signature for software |
US9811356B2 (en) * | 2015-01-30 | 2017-11-07 | Appdynamics Llc | Automated software configuration management |
US10042626B2 (en) * | 2015-06-29 | 2018-08-07 | Verizon Patent And Licensing Inc. | Software updates using client self-reporting and a hierarchical data structure |
US9965267B2 (en) * | 2015-11-19 | 2018-05-08 | Raytheon Company | Dynamic interface for firmware updates |
US11386067B2 (en) * | 2015-12-15 | 2022-07-12 | Red Hat, Inc. | Data integrity checking in a distributed filesystem using object versioning |
DE102016201634A1 (en) * | 2016-02-03 | 2017-08-03 | Siemens Healthcare Gmbh | Updating the configuration of a medical device without an internet connection |
US11050726B2 (en) * | 2016-04-04 | 2021-06-29 | Nxp B.V. | Update-driven migration of data |
US10473758B2 (en) | 2016-04-06 | 2019-11-12 | Raytheon Company | Universal coherent technique generator |
CN106843842B (en) * | 2016-12-23 | 2020-06-12 | 光锐恒宇(北京)科技有限公司 | Method and device for updating application program configuration file |
US10050835B2 (en) * | 2017-01-15 | 2018-08-14 | Essential Products, Inc. | Management of network devices based on characteristics |
US9985846B1 (en) | 2017-01-15 | 2018-05-29 | Essential Products, Inc. | Assistant for management of network devices |
US9986424B1 (en) | 2017-01-15 | 2018-05-29 | Essential Products, Inc. | Assistant for management of network devices |
CN108259556A (en) * | 2017-11-30 | 2018-07-06 | 北京九五智驾信息技术股份有限公司 | Method for parameter configuration and terminal |
CN109992279A (en) * | 2017-12-30 | 2019-07-09 | 中国移动通信集团山西有限公司 | Method for updating configuration data, calculates equipment and storage medium at device |
DE102018212726A1 (en) * | 2018-07-31 | 2020-02-06 | BSH Hausgeräte GmbH | Updating a home appliance |
CN109086065A (en) * | 2018-08-16 | 2018-12-25 | 深圳市元征科技股份有限公司 | A kind of method for upgrading software, system and terminal device |
US10868709B2 (en) | 2018-09-10 | 2020-12-15 | Oracle International Corporation | Determining the health of other nodes in a same cluster based on physical link information |
CN110347413B (en) * | 2019-06-27 | 2023-06-27 | 北京口袋时尚科技有限公司 | Software configuration information updating method and device |
KR20210029621A (en) | 2019-09-06 | 2021-03-16 | 삼성전자주식회사 | Apparatus and method for improving runtime performance after application update in electronic device |
CN111177799B (en) * | 2019-12-31 | 2022-07-05 | 奇安信科技集团股份有限公司 | Security protection method, system, computer device and computer-readable storage medium |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7596692B2 (en) * | 2002-06-05 | 2009-09-29 | Microsoft Corporation | Cryptographic audit |
US7516491B1 (en) * | 2002-10-17 | 2009-04-07 | Roger Schlafly | License tracking system |
US20040181790A1 (en) * | 2003-03-12 | 2004-09-16 | Herrick Joseph W. | System and method for maintaining installed software compliance with build standards |
CN1558606A (en) * | 2004-02-10 | 2004-12-29 | Ut斯达康通讯有限公司 | Network terminal automatic configuration method |
JP2006203655A (en) * | 2005-01-21 | 2006-08-03 | Ricoh Co Ltd | Method for setting image forming apparatus and image forming apparatus |
CN101132573A (en) * | 2006-08-23 | 2008-02-27 | 中兴通讯股份有限公司 | Method for implementing terminal batch upgrading |
US20090144362A1 (en) * | 2007-12-01 | 2009-06-04 | Richmond Evan P | Systems and methods for providing desktop messaging and end-user profiling |
US8621551B2 (en) * | 2008-04-18 | 2013-12-31 | Samsung Electronics Company, Ltd. | Safety and management of computing environments that may support unsafe components |
US8990221B2 (en) * | 2008-05-30 | 2015-03-24 | Google Technology Holdings LLC | Device and method for updating a certificate |
CN101667131A (en) * | 2009-10-14 | 2010-03-10 | 中兴通讯股份有限公司 | Mobile terminal and updating method of configuration information thereof |
US20110159878A1 (en) * | 2009-12-29 | 2011-06-30 | Geos Communications, Inc. | System and method of using a dynamic access number architecture |
CN101969399B (en) * | 2010-09-30 | 2012-10-10 | 北京神州泰岳软件股份有限公司 | Routing method and system for clients to call services |
US8655514B2 (en) * | 2010-11-18 | 2014-02-18 | General Electric Company | Systems and methods for communications based rail vehicle control |
US8923278B2 (en) * | 2011-01-10 | 2014-12-30 | Vtech Telecommunications Limited | Peer-to-peer, internet protocol telephone system with system-wide configuration data |
US10067754B2 (en) * | 2011-08-11 | 2018-09-04 | International Business Machines Corporation | Software service notifications based upon software usage, configuration, and deployment topology |
US8898345B2 (en) * | 2011-10-11 | 2014-11-25 | International Business Machines Corporation | Out-of-band management of third party adapter configuration settings in a computing system |
-
2012
- 2012-12-18 US US13/717,860 patent/US9275006B2/en active Active
-
2013
- 2013-10-22 CN CN201380056567.4A patent/CN104756076B/en active Active
- 2013-10-22 EP EP13786098.7A patent/EP2912547B1/en active Active
- 2013-10-22 WO PCT/US2013/066117 patent/WO2014066349A1/en active Application Filing
Non-Patent Citations (1)
Title |
---|
RUBIN A D: "Trusted distribution of software over the Internet", NETWORK AND DISTRIBUTED SYSTEM SECURITY, 1995., PROCEEDINGS OF THE SYM POSIUM ON SAN DIEGO, CA, USA 16-17 FEB. 1995, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, 16 February 1995 (1995-02-16), pages 47 - 53, XP010134540, ISBN: 978-0-8186-7027-5, DOI: 10.1109/NDSS.1995.390646 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3629610A4 (en) * | 2017-06-14 | 2020-07-01 | Huawei Technologies Co., Ltd. | Method and apparatus for managing embedded universal integrated circuit card configuration file |
US10911939B2 (en) | 2017-06-14 | 2021-02-02 | Huawei Technologies Co., Ltd. | Embedded universal integrated circuit card profile management method and apparatus |
EP3800545A4 (en) * | 2018-07-25 | 2021-08-18 | Samsung Electronics Co., Ltd. | Electronic device and control method thereof |
US11954502B2 (en) | 2018-07-25 | 2024-04-09 | Samsung Electronics Co., Ltd. | Electronic apparatus and the control method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN104756076A (en) | 2015-07-01 |
EP2912547B1 (en) | 2018-06-20 |
CN104756076B (en) | 2019-02-22 |
US20140122862A1 (en) | 2014-05-01 |
US9275006B2 (en) | 2016-03-01 |
EP2912547A1 (en) | 2015-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9275006B2 (en) | Configuration file updater | |
US20170185431A1 (en) | Method and apparatus for dynamically implementing application function | |
US9075693B2 (en) | Methods for updating applications | |
KR102105636B1 (en) | Installing application remotely | |
WO2018086268A1 (en) | Packaging method, device, and terminal employing plugin format, and storage medium | |
US8966632B1 (en) | In-the-cloud sandbox for inspecting mobile applications for malicious content | |
US20160350097A1 (en) | Method for updating firmware and configuration file and a firmware-configuration file management system therefor | |
US20160092190A1 (en) | Method, apparatus and system for inspecting safety of an application installation package | |
US8584225B1 (en) | Push channel authentication for mobile computing devices | |
EP2907099B1 (en) | Testing framework for applications | |
US20130217379A1 (en) | Systems, Methods, and Computer Program Products for Providing Device Updates to a Mobile Device Operating in a Wireless Telecommunications Network | |
US9762657B2 (en) | Authentication of mobile applications | |
WO2017157178A1 (en) | Mobile terminal application update method and device | |
US9351105B2 (en) | Location based applications | |
WO2015157937A1 (en) | Software upgrade method and terminal | |
WO2015192608A1 (en) | Method for updating app in android system, terminal and storage medium | |
US8311041B1 (en) | Systems and methods for automatically adjusting messaging quota | |
WO2015058574A1 (en) | Method and apparatus for implementing push notification of extensive application program | |
US9582260B2 (en) | Method and apparatus for remote purchase, installation, and licensing of software | |
JP6793667B2 (en) | Application download method and equipment | |
CN111199039B (en) | Application security verification method and device and terminal equipment | |
US20170060595A1 (en) | Computing device to securely activate or revoke a key | |
WO2018006884A1 (en) | Method, device and user terminal for software installation | |
KR20160006925A (en) | Apparatus and method for verifying application integrities | |
US20240086180A1 (en) | Safe modular upgrades |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13786098 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2013786098 Country of ref document: EP |