In the field of computing devices, information, in the form of instruction sets, files, programs, libraries, scripts, data and the like are sometimes installed on computing devices in order to add functionality or update the functions available on the device. In some instances, this information can be provided in the form of one or more “packages.” These packages have a wide variety of package structures. They can be resident on a computing device or created, copied from one computing device to another, and installed thereon.
In addition to the above-mentioned package installation content (e.g., instruction sets, files, programs), some packages also include their own installation mechanism (e.g. an installer program among other mechanisms). In other instances, installation mechanisms may exist on a computing device, onto which the package is delivered, that can install one or more packages that may or may not be present on the computing device.
Some packages can include package information in the form of meta-data that describes the package installation content, and/or package instructions (e.g., control scripts, and/or configuration files) which may be used during installation of the package. For example, the meta-data may describe the instruction sets within the installation content, and whether a computing device will have to be rebooted when the package is installed.
The package instructions may influence the installation mechanisms with regard to if and how the package is installed on a given computing device. For example, the package instructions may determine that the package can't be installed if the computing device doesn't have at least a certain number of capabilities. The package instructions may also provide customizations and/or functionalities that the installation mechanism cannot perform and/or utilize. For example, the computing device may be running an outdated operating system and/or a prior version of an installation mechanism that may or may not be able to utilize a particular package functionality, such as a security mechanism to provide security functionality to the contents of the package. There are many types of meta-data and package instructions, and those listed above are provided as examples.
In installing such packages, the computing device (e.g., through use of an installation mechanism) typically downloads the package to be installed into the computing device from a memory location. Once on the device, the computing device can execute one or more installation mechanisms to install packages thereon. In some systems, these installation mechanisms can potentially be influenced by the package meta-data and/or package instructions, used therewith on the device. When a package is installed, all or a portion of the package installation content (e.g., instruction sets, files, programs) can be placed on the destination computing device.
However, it is possible to tamper with the package to be installed or the data to be used with the package. The tampering with this information can include, for example, adding, modifying, or removing package meta-data, package instructions, package installers, and/or package contents to be installed, and can cause the computing device to malfunction, make incorrect calculations, and/or initiate functions that were not intended. For example, package instructions can be inserted into the package which can execute to shut down the computing device, destroy data in memory, or send personal information to an unauthorized recipient.
Protection mechanisms have been developed to aid in authenticating packages and/or in reducing the amount of tampering that takes place in these installations. For example, the package (e.g., its package installation content, meta-data, and/or package instructions) can be encrypted with a code to authenticate the package, and/or to determine whether the package has been altered, and/or to restrict access to the package to users possessing a key to decrypt the files.
In some computing systems, a checksum structure is used where the size of the package (e.g., contents, meta-data, and package instructions) is measured and recorded when the package is created, for example, and then the package size is measured at the time of installation. If the package is larger or smaller, then the file may have been tampered with.
In some computing systems, a digital signature can be provided by the creator of the package and this digital signature can ensure that the package has not been altered since the signature was created. In some cases, packages can be locked and/or access to them can be restricted to users with a decryption key.
Some computing devices and/or installation mechanisms do not have the functionality to be able to utilize these security measures. In such instances, the operation of the computing device and/or installation mechanism can be adversely affected. For instance, the installation mechanism can generate an error and/or the installation process can be halted because the mechanism does not know how to interpret the security related instructions and/or other information.