Current regulations prohibit exporting “strong” cryptographic software outside the United States without a specific export license. For example, these regulations currently prohibit exporting software having more than 56-bit encryption. This prohibition creates problems for releasing, distributing and upgrading cryptographic software because the manufacturer is often forced to produce and distribute two different software versions, a domestic version and an international version.
One known solution for upgrading software has been to ship an installation module that includes an upgrade for a non-restricted software module and an encrypted upgrade for the restricted version of the software module. During the upgrade process the installation module determines what versions of the software module already exist on the computing system. The installation module decrypts and upgrades the restricted version only if a previous version of the restricted software is already present. Otherwise, the installation module upgrades the non-restricted version of the software module.
This approach alleviates some of the problems of upgrading individual software modules but has a number of deficiencies. First, because this approach is based on a one-to-one mapping between the version of the upgrade module and the version of the module already present on the computing system, it is unworkable in the situation where a complete set of software modules must be upgraded. For example, this approach often results in only a subset of the desired software modules being upgraded because the computer may not have previous versions for all of the software modules. Second, this approach only addresses upgrading software modules and does not address the initial installation of restricted software on a computing system.
For these reasons, and for other reasons stated below which will become apparent to those skilled in the art upon reading and understanding the present specification, there is a need in the art for a generalized installation mechanism that is capable of securely installing and upgrading one or more restricted software modules, either individually or as a complete set of software modules.