CN1946222B - Software certification device for mobile communication terminal and method thereof - Google Patents

Software certification device for mobile communication terminal and method thereof Download PDF

Info

Publication number
CN1946222B
CN1946222B CN2006101524832A CN200610152483A CN1946222B CN 1946222 B CN1946222 B CN 1946222B CN 2006101524832 A CN2006101524832 A CN 2006101524832A CN 200610152483 A CN200610152483 A CN 200610152483A CN 1946222 B CN1946222 B CN 1946222B
Authority
CN
China
Prior art keywords
software
mentioned
mobile communication
communication terminal
authentication information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2006101524832A
Other languages
Chinese (zh)
Other versions
CN1946222A (en
Inventor
李性美
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur LG Digital Mobile Communications Co Ltd
Original Assignee
LG Electronics China Research and Development Center Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by LG Electronics China Research and Development Center Co Ltd filed Critical LG Electronics China Research and Development Center Co Ltd
Publication of CN1946222A publication Critical patent/CN1946222A/en
Application granted granted Critical
Publication of CN1946222B publication Critical patent/CN1946222B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72406User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by software upgrading or downloading
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Stored Programmes (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed is a software certification device for mobile communication terminal and method thereof, wherein the integrity of source code is confirmed before installing the download software in the mobile communication terminal, therefore confirming if virus has infected the software. The software certification device for mobile communication terminal comprises the following components: a terminal memorizer for storing the software and relative authentication information which is downloaded through the communication network or wireless near field communication interface; a software authentication component confirming the integrity of the software by detecting the code changing through the authentication information before installing the software which is stored in the memorizer. According to the invention, the integrity of the download software is confirmed by the hash value, therefore confirming if virus has infected the software.

Description

The software certification device of mobile communication terminal and method thereof
Technical field
The present invention relates to the relevant technology of software authentication of mobile communication terminal, relate in particular to a kind of software certification device and method thereof of mobile communication terminal, in the present invention, before installing, confirm integrity of source code (integrity) at the software that downloads to mobile communication terminal, thereby can confirm whether situation such as infective virus of software.
Background technology
Except having the communicator function that voice are the master, also can carry out multiple online service, electronic dictionary function and navigation feature etc. in the general mobile communication terminal based on HDML (Handheld Device Markup Language-handheld device markup language), WML (Wireless Markup Language-WAP Markup Language), WAP (Wireless ApplicationProtocol-WAP (wireless application protocol)).
The software that above-mentioned value-added functionality as mobile communication terminal is used, it is developed all the time and will be updated to the software of redaction along with the process of time.
Thus, for the value-added functionality that increases mobile communication terminal or upgrade value-added functionality in the current use, often mobile communication terminal is downloaded and be installed in to the generation software that will be used for carrying out the respective service function by communication network or wired, wireless short-distance communication interface.
Fig. 1 is an example of carrying out the system of software download by the communication network of mobile communication terminal, and it illustrates the structural representation that is used for providing by mobile communication terminal the system of online JAVA game services.
As shown in Figure 1, in the system of reproducing the JAVA game services was provided by mobile communication terminal 1, the WAP server (WAP server:WirelessApplication Protocol server) 6 that can drive the mobile communication terminal of JAVA recreation and make the mobile communication terminal of above-mentioned execution JAVA recreation can be connected JAVA recreation and execution game on line connected and composed by communication network 30.
Be built-in with in the above-mentioned mobile communication terminal: be used to the WAP browser (WAP browser) 2 that is connected to the WAP server and carries out data communication; Be used to manage the JAVA application management program (JAM:JAVA Application Manager) 3 of the driving of JAVA recreation; Be used to carry out the JAVA virtual machine (JVM:JAVA Virtual Machine) 4 of JAVA recreation.
Wherein, above-mentioned WAP browser 2 makes mobile communication terminal be connected to the WAP server and can download the JAVA program, above-mentioned JAM (3) carries out and is installed in the mobile communication terminal by the corresponding compiling of the JAVA program of WAP browser downloads (compile) operation and with it, and the code (code) that 4 of JAVA virtual machines (JVM) read the JAVA program of above-mentioned compiling makes the user carry out the JAVA recreation.
Include in the above-mentioned WAP server 6: the WAP management department 7 that is used for providing the WAP Connection Service to mobile communication terminal; Be used for that recreation between a plurality of mobile communication terminals of relevant connection of the game on line of management of mobile telecommunication terminal and recreation is kept and the game management portion 8 of the transmitting-receiving operation of personal information data; The customer data base 9 that is used for managing user information.
Provide in the system in above-mentioned JAVA game services, after mobile communication terminal is connected to WAP server download JAVA program and installation, can carry out based on the online JAVA game services of communication network or the off line JAVA recreation of terminal unit.
But, in the software download process of the mobile communication terminal of above-mentioned prior art, mobile communication terminal can only by communication network from server or by wired, wireless short-distance wireless communication interface from computer, and can download required software by portable storage devices such as externally positioned type memories, it can't carry out verification operation to corresponding software.
Promptly, mobile communication terminal of the prior art can't confirm whether corresponding software is moved the worm-type virus of communication terminal Viruses such as (worm virus) or is used for the infection such as Hacker Program of leakage of personal information when downloading required software by communication network and installing.And under having installed by the situation of the software of virus infections, mobile communication terminal self does not have viral search function, and the general user can't confirm that whether the mobile communication terminal of oneself is by virus infections.
Thus, mobile communication terminal of the prior art will expose to Virus with the state that nothing is set up defences, and makes to cause mobile communication terminal to carry out misoperation because of above-mentioned Virus.More under the serious situation, outside other people can obtain the personal information in the mobile communication terminal easily by the Virus that comprises in the software, thereby can't provide trustworthy security performance to the user.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of software certification device and method thereof of mobile communication terminal, in the present invention, downloading by mobile communication terminal under the situation of software, add hash (hash) value be used to confirm the code corresponding and whether change, verification and (checksum) wait authentication information, thereby confirm that by mobile communication terminal the operation of the integrality of software code can detect by the software of infection such as virus with corresponding software.
For achieving the above object, the software certification device of the mobile communication terminal among the present invention, it is characterized in that, include following several sections: be used to store terminal storage portion by communication network or wired, wireless short-distance communication interface downloaded software and the authentication information relevant with above-mentioned software; In above-mentioned terminal storage portion is installed before the saved software, whether change and the software authentication portion of the integrality of verifying software by the code that utilizes above-mentioned authentication information to detect above-mentioned software.
And, for achieving the above object, the software certification device of the mobile communication terminal among the present invention, it is characterized in that, include: mobile communication terminal and software provide server, wherein, be provided with in the above-mentioned mobile communication terminal: being connected to software by communication network provides server or is connected to outside computer installation and downloads software and the terminal communication interface portion of the authentication information of above-mentioned software by the short-range communication mode; Be used to store the terminal storage portion of above-mentioned software and software authentication information; In above-mentioned terminal storage portion is installed before the saved software, whether change and the software authentication portion of the integrality of verifying software by the code that utilizes above-mentioned authentication information to detect above-mentioned software, above-mentioned software provides in the server and is provided with: be used to control the connection of above-mentioned mobile communication terminal and the server communications portion of software download operation; Be used to generate the software authentication information generating unit of the authentication information corresponding with above-mentioned software; Be used to store the server storage section of above-mentioned software and the authentication information corresponding with above-mentioned software.
And for achieving the above object, the software authentication method of the mobile communication terminal among the present invention is characterized in that, includes following several steps: the authentication information that generates the authentication information of the integrality be used to verify mobile communication terminal software generates step; The software distribution step of distributing above-mentioned software and above-mentioned authentication information; Utilize the authentication information corresponding to detect the integrality whether software authentication step of above-mentioned software code with above-mentioned software.
And above-mentioned authentication information generates in the step and also can include: the encrypting step that utilizes key that above-mentioned authentication information is encrypted; The certificates of recognition that generation has the certificates of recognition of the PKI corresponding with above-mentioned key (public key) generates step.
And, in above-mentioned software distribution step, with authentication information that distributes above-mentioned software and encrypt by above-mentioned key and certificates of recognition with PKI corresponding with above-mentioned key.In addition, also can include in the above-mentioned software distribution step: at the fee deduction treatment step of deducting fees of above-mentioned software.
And, also include in the above-mentioned software authentication step: the decryption step that the PKI that utilizes above-mentioned certificates of recognition is decrypted the authentication information of above-mentioned encryption.And, result in above-mentioned software authentication step works as under the situation of software change, if when in the software distribution step, carrying out fee deduction treatment, do not obtain authentication, the deduct fees cancellation step of cancellation at the fee deduction treatment of software will be carried out by the integrality that provides server to transmit software to software.
Wherein, above-mentioned authentication information can be appointed as the hashed value based on the above-mentioned software code of the hash function of preassignment, and above-mentioned hashed value can be encrypted by key.In the case, in order to distribute the hashed value of encrypting and the PKI corresponding to the user, will comprise certificates of recognition in the above-mentioned authentication information with above-mentioned PKI with above-mentioned key by above-mentioned key.
Above-mentioned hash function can together provide by the down operation of software, or can use the hash function of comparatively knowing usually.At this, under the situation of using the hash function of comparatively knowing usually, the hash function of use will be stored in mobile communication terminal in advance and software provides in the server.
Utilizing as mentioned above under the situation of the hash function of comparatively knowing usually, software provides server to generate hashed value and distribution software when software download operation taking place at every turn, or generating hashed value in advance at each software also distributes the above-mentioned software that includes hashed value after the interpolation.In addition, when the down operation of software takes place, mobile communication terminal will utilize the hash function of storage in advance and detect hashed value.
In the invention described above, above-mentioned authentication information is not to be defined in hashed value, as long as CRC (CycleRedundancy Check-cyclic redundancy check (CRC)), detect the method etc. of the mistake of bit column can be by verification and the change that (checksum) detects source code whether, it is any will to can be used as authentication information use.
Adopt the present invention, at the software of carrying out in the mobile communication terminal install or drive software before, the change whether authentication information of the source code by can confirming corresponding software is verified the integrality of software, make by aforesaid operations and confirm its whether infective virus etc., thereby can prevent that mobile communication terminal from being infected and improving the fail safe of the personal information of mobile communication terminal user by malignant virus etc.
Description of drawings
Fig. 1 is the structured flowchart that JAVA game services of the prior art provides an example of system;
Fig. 2 is the structured flowchart of the software certification device of the mobile communication terminal among the present invention;
Fig. 3 is the flow chart of the software authentication method detailed process process of the mobile communication terminal among the present invention;
Fig. 4 is the structured flowchart as the employing of one embodiment of the invention JAVA game service system of the present invention.
Wherein, Reference numeral:
1,10,100: mobile communication terminal 2,101:WAP browser
3:JAM 4:JVM
5: storage part 6:WAP server
7:WAP management department 8,202: game management portion
9,203: customer data base 11: the terminal communication interface portion
12: software authentication portion 13: terminal storage portion
20: software provides server 21: server communications portion
22: software authentication information generating unit 23: server storage section
103:JAVA source authentication department of 102:JAVA execution portion
200:JAVA game server 204:JAVA source authentication information generating unit
205: server storage section
Embodiment
With reference to the accompanying drawings the present invention is described in more detail.
The present invention can realize that different therewith, the present invention also can provide the software of software to provide server 20 to constitute by mobile communication terminal 10 with by communication network 30 by mobile communication terminal self.
Under the situation that the present invention realizes by mobile communication terminal self, as shown in Figure 2, include in the above-mentioned mobile communication terminal: be used to store terminal storage portion 13 by communication network 30 or wired, wireless short-distance terminal communication interface portion 11 downloaded software and the authentication information corresponding with above-mentioned software; In above-mentioned terminal storage portion 13 is installed before the saved software, whether change and the software authentication portion 12 of the integrality of verifying software by the code that utilizes above-mentioned authentication information to detect above-mentioned software.
In addition, provide the software of software to provide under the situation that server 20 constitutes by mobile communication terminal 10 with by communication network 30 in the present invention, can include among the present invention: mobile communication terminal 10 and software provide server 20, wherein, be provided with in the above-mentioned mobile communication terminal 10: being connected to software by communication network 30 provides server 20 or is connected to outside computer installation and downloads software and the terminal communication interface portion 11 of the authentication information of above-mentioned software by the short-range communication mode; Be used to store the terminal storage portion 13 of above-mentioned software and software authentication information; In above-mentioned terminal storage portion 13 is installed before the saved software, whether change and the software authentication portion 12 of the integrality of verifying software by the code that utilizes above-mentioned authentication information to detect above-mentioned software, above-mentioned software provides in the server 20 and is provided with: be used to control above-mentioned mobile communication terminal 10 by the connection of communication network 30 and the server communications portion 21 of software download operation; Be used to generate the software authentication information generating unit 22 of the authentication information corresponding with above-mentioned software; Be used to store the server storage section 23 of above-mentioned software and the authentication information corresponding with above-mentioned software.
In aforesaid structure, can include in the following structure at least more than one in the above-mentioned terminal communication interface portion 11: after being connected to software server 20 is provided by radio-frequency part (not shown) and communication network 30, retrieve above-mentioned software the stored information of storage in the server 20 and the WAP browser that can download are provided; Be used to provide with infrared communications set, bluetooth, the serial communication apparatus of the short-range communication of subscriber computer and be used to provide the nfc apparatus of user interface (interface); The externally positioned type memory interface.
That is, above-mentioned mobile communication terminal 10 can utilize terminal communication interface portion 11 to be connected to the external computer device that software provides server 20 or user, or downloads software and software authentication information by the externally positioned type memory.
Have when input under the situation of drive signal of the software that downloads to mobile communication terminal, the hash function that above-mentioned software authentication portion 12 together provides when utilizing the hash function of storage in the terminal storage portion 13 or downloading software obtain software hashed value and with authentication information in the hashed value that comprises compare, make by the integrality of checking software software verified.Wherein, under the situation that the hashed value that comprises in the software is encrypted by key, above-mentioned software authentication portion 12 also will carry out the process of utilizing the PKI that comprises in the certificates of recognition corresponding with above-mentioned software that the hashed value of above-mentioned encryption is decrypted.
Store software and the authentication information corresponding that downloads to mobile communication terminal in the above-mentioned terminal storage portion 13 with downloaded software, above-mentioned authentication information by the hashed value corresponding with above-mentioned software, have and the certificates of recognition that hashed value is carried out the corresponding PKI of encrypted secret key, and the information such as hash function that are used for the Hash operation of above-mentioned software constitute, but the present invention is defined in this, as long as the change that can confirm above-mentioned software code whether, it can use any information as authentication information.
Above-mentioned server communications portion 21 is used to provide based on the connection and the data of the communication network 30 of mobile communication terminal and downloads, and it can be by WAP server engine formations such as (engine).Promptly, when having the attended operation of mobile communication terminal, but above-mentioned server communications portion 21 makes the mobile communication terminal user retrieval software that canned data in the server 20 is provided, and when specific software is downloaded in request in retrieved message, will be from server storage section 23 reading software and software authentication information and send mobile communication terminal to.In addition, under the situation of operation of need deducting fees at software, with the information that mobile communication terminal user input deducted fees need in the operation and carry out fee deduction treatment.And, when receiving the signal of downloaded software change, with the fee deduction treatment of cancellation at the corresponding software execution from the mobile communication terminal of downloading software.
Above-mentioned software authentication information generating unit 22 is used to generate the hashed value as the relevant authentication information of the software that will distribute to mobile communication terminal, by key the hashed value that generates is carried out cryptographic operation, generation has the certificates of recognition of the PKI corresponding with key, and with the information stores of above-mentioned generation in functions such as server storage section 23.
In the above-mentioned server storage section 23 storing software and being used to generate software hashed value hash function, the hashed value corresponding, the key that is used for cryptographic operation, PKI with software and have the certificates of recognition of PKI.
In the present invention with as above structure, when to the mobile communication terminal distribution software, to in software, comprise at the hashed value of utilizing particular Hash function of above-mentioned software and distribute, after mobile communication terminal is carried out Hash operation and is calculated hashed value software by above-mentioned hash function, the hashed value that provides during with itself and distribution software compare and the change of confirming software code whether, thereby can confirm whether have virus, Hacker Program in the software.
Fig. 3 is the flow chart of the software authentication method detailed process process of the mobile communication terminal among the present invention.
As shown in Figure 3, know,, at first generate and the corresponding authentication information of software that needs distribution as will be by communication network or short-range communication net during to software that mobile communication terminal distributes in the present invention.Wherein, above-mentioned authentication information is made of the hashed value of specifying the software code that obtains at the hash function of corresponding software and the hash function by appointment etc., generates software hashed value (step S1).
Under situation about need encrypt to authentication informations such as hashed values, utilize key that hashed value is carried out cryptographic operation, it is added in the authentication information after generating certificates of recognition with PKI corresponding with key.Wherein, authentication information will be the hashed value of the aforesaid software code that obtains by preassigned hash function, and will comprise the hashed value of encryptionizations and have the certificates of recognition of PKI under the situation of carrying out cryptographic operation.In addition, under the undocumented situation of hash function, will also comprise above-mentioned hash function (certificates of recognition generation step), and promptly utilize key to encrypt the back and generate certificates of recognition (step S2) with PKI.
Above-mentioned S1 or S1 and S2 step will constitute authentication information and generate step.
After generating the authentication information corresponding as mentioned above, when needs distribute above-mentioned software, the authentication information corresponding with above-mentioned software will be distributed together with software.At this moment, above-mentioned software and authentication information will directly be assigned to mobile communication terminal by the mode that communication network is downloaded, or utilize computer and nfc apparatus to download to mobile communication terminal by CD (compact disk), hard disk (hard disk), floppy disk flash memory devices such as (floppy disk), or distribute (software distribution step) by the externally positioned type memory, i.e. distribution software (source, keyed hash value, certificates of recognition) (step S3).
The mobile communication terminal 10 that downloads to software and software authentication information by the way with software and software authentication information stores behind storage part, whether the code that utilizes software authentication information to detect software at the original execution time points such as installation of software changes and carries out the authentication operation of the integrality of confirming software.Wherein, under the disclosed situation of hash function that is used for obtaining the hashed value that the executive software authentication operation needs, above-mentioned hash function will be stored in the mobile communication terminal in advance, but if under the undocumented situation, will together distribute to mobile communication terminal in above-mentioned software distribution step.Thus, the software authentication portion 12 of mobile communication terminal will utilize the hash function of appointment in the software to generate the hashed value corresponding with saved software.
At this moment, under the encrypted situation of hashed value, the software authentication portion 12 of mobile communication terminal also will carry out and utilize the PKI that comprises in the certificates of recognition to the step that the hashed value of encrypting is decrypted, and promptly after certificates of recognition extracts PKI hashed value will be decrypted and detect source hashed value (step S4).
After the S4 step, the hashed value that adopts hash function in hashed value that the software authentication portion 12 of mobile communication terminal will provide in the time of will downloading software and the software code that downloads to and obtain compares, judge that promptly the decrypted hash value equates with the source hashed value? (step S5).
Relatively result is when hashed value is consistent in above-mentioned S5 step, and its code of representing corresponding software changes, and makes will to be judged as the infection that does not have virus etc. and to install or drive software, i.e. executive software (step S6).
In addition, the result who compares in above-mentioned S5 step is when hashed value is inconsistent, and code of its expression corresponding software changes, and makes will be judged as by infection and deletion downloaded software such as viruses.And, if in this process, take place under the situation of operating of deducting fees at software, also will carry out to software provides the server transmission to be used to point out downloaded software that the signal of change takes place, and the cancellation step of deducting fees that makes software provide the server cancellation to deduct fees operation is promptly deleted software (step S7).
<embodiment 〉
The embodiments of the invention that adopt in the online JAVA game services to mobile communication terminal describe below.
As shown in Figure 4, online JAVA game services in the situation of the online JAVA game services that offers mobile communication terminal provides in the system, its mobile communication terminal 100 and JAVA game server 200 by at least more than one connects and composes by communication network 30, wherein, after above-mentioned at least more than one mobile communication terminal 100 is connected to that JAVA game server 200 is downloaded the relevant JAVA source code of JAVA recreation and JAVA source authentication information and the JAVA source code authenticated, the JAVA source code of above-mentioned authentication is compiled (compile) and receives online JAVA game services; Above-mentioned JAVA game server 200 provides JAVA game services after above-mentioned mobile communication terminal 100 is provided for the JAVA source code of JAVA game services and is used for the authentication information of JAVA source authentication.
In said structure, include following several sections in the above-mentioned mobile communication terminal: be connected to JAVA game server 200 and download the JAVA source code and the WAP browser 101 of JAVA source authentication information by wireless Internet; By the JAVA execution portion 102 that the JAVA source code of downloading is carried out the JAVA application management program (JAM) of compilation operations and carried out JAVA virtual machine (JVM) formation of the JAVA program that compiles; Utilize the JAVA source authentication information of downloading to carry out the JAVA source authentication department 103 of the change whether authentication operation of compiling JAVA source code before; Be used to store the JAVA source code and the JAVA source authentication information that download to and reach the terminal storage portion 104 of the hash function of storage as required and in advance.
In addition, include following several sections in the above-mentioned JAVA game server 200: be used to provide the wireless Internet Connection Service of mobile communication terminal 100, and the WAP management department 201 that provides JAVA source code that mobile communication terminal 100 is selected and JAVA source authentication information to send WAP services such as mobile communication terminal to; Be used for managing the driving of the JAVA recreation of the relevant server end of online JAVA recreation that above-mentioned mobile communication terminal 100 carries out, and to carry out the game management portion 202 that the data message that produces is media execution game on line by the recreation between the game on line user; Be used to store the customer data base 203 of the user's who receives above-mentioned game services information; Be used to generate and the corresponding hashed value of JAVA source code that offers mobile communication terminal 100, and after utilizing the key pair hashed value corresponding to encrypt as required, generate the JAVA source authentication information generating unit 204 of certificates of recognition with PKI corresponding with key with the JAVA source code; Be used to store the server storage section 205 of above-mentioned JAVA source code, JAVA source authentication information, certificates of recognition and hash function with public key information.
Under the situation of the online JAVA game service system of the mobile communication terminal in having one embodiment of the invention of as above structure, store the JAVA source code that is used for the JAVA recreation in the JAVA game server 200, and when mobile communication terminal 100 requests that connect by communication network 300 are downloaded, send the JAVA source code of above-mentioned storage to mobile communication terminal, and the JAVA PROGRAMMED REQUESTS that drives in by mobile communication terminal will provide online JAVA game services to mobile communication terminal when online game services is provided.
The JAVA game server 200 of carrying out above-mentioned action will generate hashed value by the hash function of preassigned hash function or storage at the JAVA source code that needs send mobile communication terminal to, and it is offered mobile communication terminal as the JAVA source authentication performance corresponding with the JAVA source code.Wherein, above-mentioned hashed value as JAVA source authentication information can be encrypted by key, and in the case, above-mentioned JAVA game server 200 has generation the certificates of recognition of the PKI corresponding with key and offers mobile communication terminal.
The hashed value as JAVA source authentication information that provides at above-mentioned server, hash function, certificates of recognition etc. will generate and offer mobile communication terminal when downloading the JAVA source code, or after being formed and stored in server storage section 205 in advance, when downloading the JAVA source code, together send mobile communication terminal to.
In addition, the mobile communication terminal 100 of Fig. 4 will together download to the JAVA source authentication information of the hash function that includes hashed value and comprise certificates of recognition as required downloading under the situation of JAVA source code from JAVA game server 200.And, the JAVA source authentication department 103 of mobile communication terminal 100 is before the compilation operations to the JAVA source code, after utilizing hash function to obtain the hashed value corresponding with the JAVA source code, with its with and the hashed value that together provides of JAVA source code as authentication information compare.In this process, under the situation that hashed value is encrypted by key, the process of utilizing the PKI that comprises in the certificates of recognition to be decrypted execution.
After carrying out said process, under the consistent situation of the hashed value of the JAVA source code that generates in the JAVA source authentication department 103 of the hashed value of the JAVA source code that JAVA game server 200 provides and mobile communication terminal 100, do not change in its expression JAVA source code, making does not have infective virus etc. and carries out compilation operations being judged as.
In addition, under the inconsistent situation of hashed value of the JAVA source code that generates in the JAVA source authentication department 103 of the hashed value of the JAVA source code that JAVA game server 200 provides and mobile communication terminal 100, change in its expression JAVA source code, make and to be judged as the JAVA source code of infective virus etc. and deletion download.And, under the situation of having carried out at the JAVA source code of downloading of operating of deducting fees, also carry out the cancellation process of deducting fees that the cancellation information of will deducting fees sends JAVA game server 200 to and makes cancellation deduct fees and operate in the time of deletion JAVA source code.
By aforesaid process, can verify the JAVA integrity of source code of online download.
The invention effect:
In the present invention, at the software of carrying out in the mobile communication terminal install or drive software before, the change whether authentication information of the source code by can confirming corresponding software is verified the integrality of software, make by aforesaid operations and confirm its whether infective virus etc., thereby can prevent that mobile communication terminal from being infected and improving the fail safe of the personal information of mobile communication terminal user by malignant virus etc.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; being familiar with those of ordinary skill in the art ought can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.

Claims (15)

1. the software certification device of a mobile communication terminal is characterized in that, includes following several sections:
Being connected to software by communication network provides server or is connected to outside computer installation and downloads software and the terminal communication interface portion of the authentication information of above-mentioned software by the short-range communication mode, and this terminal communication interface portion provides the server communications portion that is made of the WAP server engine of server to be connected with this software;
Be used to store the terminal storage portion of downloaded software and the authentication information relevant with above-mentioned software;
In above-mentioned terminal storage portion is installed before the saved software, whether change and the software authentication portion of the integrality of verifying software by the code that utilizes above-mentioned authentication information to detect above-mentioned software.
2. the software certification device of mobile communication terminal according to claim 1 is characterized in that, above-mentioned authentication information is the hashed value that preassigned hash function obtains of passing through at above-mentioned software.
3. the software certification device of mobile communication terminal according to claim 1 is characterized in that, above-mentioned authentication information is the hashed value of encrypting by key and has the certificates of recognition information of the PKI corresponding with above-mentioned key.
4. the software certification device of mobile communication terminal according to claim 1 is characterized in that, above-mentioned software is the JAVA source code.
5. the software certification device of a mobile communication terminal is characterized in that, includes:
Mobile communication terminal and software provide server, wherein,
Be provided with in the above-mentioned mobile communication terminal: being connected to software by communication network provides server or is connected to outside computer installation and downloads software and the terminal communication interface portion of the authentication information of above-mentioned software by the short-range communication mode; Be used to store the terminal storage portion of above-mentioned software and software authentication information; In above-mentioned terminal storage portion is installed before the saved software, whether change and the software authentication portion of the integrality of verifying software by the code that utilizes above-mentioned authentication information to detect above-mentioned software;
Above-mentioned software provides in the server and is provided with: be used to control the connection of above-mentioned mobile communication terminal and the server communications portion of software download operation, this server communications portion is made of the WAP server engine; Be used to generate the software authentication information generating unit of the authentication information corresponding with above-mentioned software; Be used to store the server storage section of above-mentioned software and the authentication information corresponding with above-mentioned software.
6. the software certification device of mobile communication terminal according to claim 5 is characterized in that, above-mentioned authentication information is the hashed value that preassigned hash function obtains of passing through at above-mentioned software.
7. the software certification device of mobile communication terminal according to claim 5 is characterized in that, above-mentioned authentication information is the hashed value of encrypting by key and has the certificates of recognition information of the PKI corresponding with above-mentioned key.
8. the software certification device of mobile communication terminal according to claim 5 is characterized in that, above-mentioned software is the JAVA source code.
9. a software authentication method that is applied to the mobile communication terminal of claim 1 or the described device of claim 5 is characterized in that, includes following several steps:
Generation is used to verify that the authentication information of authentication information of the integrality of mobile communication terminal software generates step;
The software distribution step of distributing above-mentioned software and above-mentioned authentication information;
Utilize the authentication information corresponding to detect the integrality whether software authentication step of above-mentioned software code with above-mentioned software.
10. the software authentication method of mobile communication terminal according to claim 9 is characterized in that, above-mentioned authentication information generates in the step and includes:
The encrypting step that utilizes key that above-mentioned authentication information is encrypted;
The certificates of recognition that generation has the certificates of recognition of the PKI corresponding with above-mentioned key generates step.
11. the software authentication method of mobile communication terminal according to claim 9 is characterized in that, in above-mentioned software distribution step, with authentication information that distributes above-mentioned software and encrypt by key and the certificates of recognition with PKI corresponding with key.
12. the software authentication method of mobile communication terminal according to claim 9 is characterized in that, also includes in the above-mentioned software authentication step: the decryption step that the PKI that utilizes above-mentioned certificates of recognition is decrypted the authentication information of above-mentioned encryption.
13. the software authentication method of mobile communication terminal according to claim 9, it is characterized in that, also include in the above-mentioned software authentication step: in the result that the integrality of above-mentioned software code is verified, take place when software under the situation of change, to send above-mentioned software at the cancellation information of deducting fees of above-mentioned software server will be provided, and make the deduct fees cancellation step of deducting fees of its cancellation at above-mentioned software.
14. the software authentication method according to any one described mobile communication terminal in the claim 9 to 13 is characterized in that, above-mentioned authentication information is the hashed value of the above-mentioned software that obtains by hash function.
15. the software authentication method according to any one described mobile communication terminal in the claim 9 to 13 is characterized in that, above-mentioned software is the JAVA source code.
CN2006101524832A 2005-10-04 2006-09-29 Software certification device for mobile communication terminal and method thereof Expired - Fee Related CN1946222B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
KR1020050092782A KR100711722B1 (en) 2005-10-04 2005-10-04 Software authentication apparatus for mobile communication terminal and the method thereof
KR10-2005-0092782 2005-10-04
KR1020050092782 2005-10-04

Publications (2)

Publication Number Publication Date
CN1946222A CN1946222A (en) 2007-04-11
CN1946222B true CN1946222B (en) 2011-08-31

Family

ID=38045383

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2006101524832A Expired - Fee Related CN1946222B (en) 2005-10-04 2006-09-29 Software certification device for mobile communication terminal and method thereof

Country Status (2)

Country Link
KR (1) KR100711722B1 (en)
CN (1) CN1946222B (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101203000B (en) * 2007-05-24 2012-05-23 深圳市德诺通讯技术有限公司 Method and system for downloading mobile terminal applied software
KR101352248B1 (en) * 2007-08-30 2014-01-16 삼성전자주식회사 Apparatus and method for automatically switching user interface
CN101137156B (en) * 2007-10-18 2010-06-02 中兴通讯股份有限公司 Information protecting method of mobile terminal
KR100926822B1 (en) * 2007-12-04 2009-11-12 (주)유디피 Method for providing protection means of software, and network SYSTEM performing the same
KR100945650B1 (en) 2007-12-05 2010-03-04 한국전자통신연구원 Digital cable system and method for protection of secure micro program
KR100932274B1 (en) * 2007-12-18 2009-12-16 한국전자통신연구원 Apparatus and method for verifying software integrity of mobile terminals
US9164925B2 (en) 2008-01-15 2015-10-20 Samsung Electronics Co., Ltd. Method and apparatus for authorizing host to access portable storage device
KR101281678B1 (en) * 2008-01-15 2013-07-03 삼성전자주식회사 Method and Apparatus for authorizing host in portable storage device and providing information for authorizing host, and computer readable medium thereof
KR101029758B1 (en) * 2008-12-31 2011-04-19 노틸러스효성 주식회사 A method for firmware updating in remote
KR101760451B1 (en) * 2009-03-05 2017-07-24 인터디지탈 패튼 홀딩스, 인크 METHOD AND APPARATUS FOR H(e)NB INTEGRITY VERIFICATION AND VALIDATION
CN101588374B (en) * 2009-06-08 2015-01-28 中兴通讯股份有限公司 Soft hardware integrality detection method and system for network appliance
US9075978B2 (en) * 2012-04-23 2015-07-07 Sap Se Secure configuration of mobile applications
CN103942471B (en) * 2013-09-17 2017-07-14 北京国电通网络技术有限公司 A kind of authorization and authentication method and device for being deployed in software on mobile storage device
US9256738B2 (en) * 2014-03-11 2016-02-09 Symantec Corporation Systems and methods for pre-installation detection of malware on mobile devices
KR101663700B1 (en) * 2014-12-12 2016-10-10 한국정보통신주식회사 Banking system, integrity check method for firmware of a banking system
JP2017162214A (en) * 2016-03-09 2017-09-14 富士通株式会社 Proximity communication device, proximity communication method, and proximity communication program
CA3060873A1 (en) * 2017-05-22 2018-11-29 Becton, Dickinson And Company Systems, apparatuses and methods for secure wireless pairing between two devices using embedded out-of-band (oob) key generation
KR102383050B1 (en) * 2021-02-22 2022-04-04 김도연 Device for changing caller indentification using encryption algorithm

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1255209A (en) * 1997-04-10 2000-05-31 查耐威尔有限公司 Method and system for networked installation of uniquely customized, authenticable and traceable software applications

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7240200B2 (en) * 2002-09-26 2007-07-03 International Business Machines Corporation System and method for guaranteeing software integrity via combined hardware and software authentication

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1255209A (en) * 1997-04-10 2000-05-31 查耐威尔有限公司 Method and system for networked installation of uniquely customized, authenticable and traceable software applications

Also Published As

Publication number Publication date
KR100711722B1 (en) 2007-04-25
KR20070037782A (en) 2007-04-09
CN1946222A (en) 2007-04-11

Similar Documents

Publication Publication Date Title
CN1946222B (en) Software certification device for mobile communication terminal and method thereof
JP5372246B2 (en) Method and system for performing multi-stage virtual SIM provisioning and mobile device configuration
US8291482B2 (en) System for restricting content access and storage
CN100593166C (en) Portable computing environment
EP1688859B1 (en) Application authentification system
KR100955172B1 (en) System for digital content access control
CN100534090C (en) Security element commanding method and mobile terminal
CN1653460B (en) Method for loading an application in a device, device and smart card therefor
JP4816975B2 (en) Application authentication system
CN101010903B (en) Method for generating and verifying an electronic signature
EP1712992A1 (en) Updating of data instructions
CN101567893A (en) Method and system for uploading files in WEB application
US20070101416A1 (en) Security method and system and computer-readable medium storing computer program for executing the security method
WO2003027800A2 (en) Method and apparatus for secure mobile transaction
CN115129332A (en) Firmware burning method, computer equipment and readable storage medium
CN111399867B (en) Software upgrading method, device, equipment and computer readable storage medium
WO2006103383A1 (en) Facilitating and authenticating transactions
GB2425374A (en) Controlling data access
KR100485208B1 (en) Authentication information management method using mobile terminal and user authentication method
JP2008176506A (en) Information processing apparatus, information processing method and management server
EP2263362B1 (en) Method and arrangement relating to a communication device
CN118488406A (en) Encryption upgrading method and device for vehicular OTA, electronic equipment and storage medium
KR100791624B1 (en) Method of managing a cellular phone number and apparatus thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: LANGCHAO LEJIN DIGITAL MOBILE COMMUNICATION CO., L

Free format text: FORMER OWNER: LG ELECTRONICS (CHINA) R + D CENTER CO., LTD.

Effective date: 20120321

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100022 CHAOYANG, BEIJING TO: 264001 YANTAI, SHANDONG PROVINCE

TR01 Transfer of patent right

Effective date of registration: 20120321

Address after: 264001 No. 228 Changjiang Road, Yantai economic and Technological Development Zone, Shandong, China

Patentee after: Langchao Lejin Digital Mobile Communication Co., Ltd.

Address before: 100022 Beijing city Chaoyang District Jianguomenwai Street No. 12 b Gemini building 18 layer tower

Patentee before: LG Electronic (China) Research and Development Center Co., Ltd.

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110831

Termination date: 20150929

EXPY Termination of patent right or utility model