HK1069451B - Method and system for processing application and wireless device for executing application - Google Patents

Method and system for processing application and wireless device for executing application Download PDF

Info

Publication number
HK1069451B
HK1069451B HK05101823.6A HK05101823A HK1069451B HK 1069451 B HK1069451 B HK 1069451B HK 05101823 A HK05101823 A HK 05101823A HK 1069451 B HK1069451 B HK 1069451B
Authority
HK
Hong Kong
Prior art keywords
application
wireless device
license
identification information
detection technique
Prior art date
Application number
HK05101823.6A
Other languages
Chinese (zh)
Other versions
HK1069451A1 (en
Inventor
L.朗德布拉德
M.S.菲利普斯
B.米尼尔
Y.庄
A.克里施男
S.A.斯普里格
M.奇梅特里
M.奥利弗
G.豪雷尔
K.克罗斯兰德
Original Assignee
高通股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/872,418 external-priority patent/US7099663B2/en
Application filed by 高通股份有限公司 filed Critical 高通股份有限公司
Publication of HK1069451A1 publication Critical patent/HK1069451A1/en
Publication of HK1069451B publication Critical patent/HK1069451B/en

Links

Description

Method and system for processing application program and wireless device for executing application program
Technical Field
The present invention relates to processing applications for wireless devices, and more particularly to improving the security, safety, and integrity of applications executing on wireless devices.
Background
Wireless communications have experienced explosive growth in recent years. As consumers and various businesses rely more on their wireless devices, such as mobile phones and electronic organizers (PDAs), wireless servers, i.e., carriers, struggle to provide additional functionality to these wireless devices. Such additional functionality not only increases the demand for wireless devices, but also expands the use among today's users. However, the addition of functionality, and in particular applications accessible to wireless devices, is costly and complex, preventing the carrier from providing such functionality.
Moreover, once an application is installed on a wireless device, proper execution cannot be guaranteed. Currently, the reliance on the ability of applications to execute on wireless devices is placed on developers, wireless device manufacturers, and/or carriers. As more applications are developed and the number on wireless devices increases, the wireless device environment becomes more dynamic, e.g., the wireless device can retrieve a large number of different applications from a large library of existing applications for execution at any given time, thus making it more difficult to manage to ensure that any given application will be allocated to the wireless device and executed securely.
This is of particular concern because improper application execution can be detrimental not only to the wireless device, but also to the carrier network and other network elements, including other wireless devices. For example, if an application is not limited, it may control power control of a wireless device and cause interference between other wireless devices, reducing the overall capacity of the wireless device's serving cell.
In a dynamic application distribution and execution environment, wireless device manufacturers and carriers are currently not equipped to support testing and secure distribution of applications, and there is a concern that distribution and execution of applications on wireless devices may damage the wireless device carrier network or other network elements.
Another security issue arises as the environment in which more applications are developed and sent to the wireless device becomes more dynamic. As the number of applications and developers that are creating these applications increase, it is also more desirable to know the source, i.e., developer, of any given application. Carrier or cell phone manufacturers want to know with some degree of reliability whether they can determine whether the source of the application will cause harm to the application.
Accordingly, there is a need in the art for a system and method that provides a more secure environment for distributing and executing applications on a wireless device.
Disclosure of Invention
Systems and methods consistent with the present invention overcome the deficiencies of existing systems by: the distribution and execution of applications creates a more secure environment for testing applications against predetermined criteria, provides developers with traceability for negatives, checks for unintentional modifications to applications, allows applications to be removed from wireless devices, and/or applies rules and permissions to define the environment in which applications execute.
The proof that the application complies with the predetermined criteria provides the advantage of early capture of errors that may occur during execution, which helps to prevent detrimental effects of application execution.
Traceability provides a negative advantage. If an application has a problem, it is advantageous to track the source of the application, i.e., the developer, to correct the problem. Furthermore, the traceability prevents developers from creating applications with harmful results, whether intentional or unintentional.
Moreover, the ability to determine whether an application has been modified prior to reception by the wireless device is beneficial to improving security by ensuring that the received application is the same application that was sent. The ability to determine whether an application has been modified increases the confidence that an application received by the wireless device has not been modified by chance or intent, since applications are more freely distributed in the wireless environment.
Setting a set of rules and permissions that specify when an application may be executed also increases the security of the application distribution and execution system by preventing the application from being executed on an unauthorized platform, i.e., an unauthorized system or environment.
The ability to remove applications from the wireless device also increases the security of the application distribution system. If the application is installed on the handset by the manufacturer or by application download, a mechanism is provided for removing the application with unforeseen negative consequences, which can improve the security of the application distribution and execution system by eliminating harmful and unwanted code.
Systems and methods consistent with the present invention may incorporate one or more of the techniques disclosed herein. Systems and methods consistent with the present invention may provide high quality and secure distribution and execution of applications by reference to all of the techniques disclosed and referenced herein.
In an embodiment of the present invention, a method for distributing and processing application programs includes the steps of: receiving an application and identification information, certifying that the application meets a predetermined criteria, assigning a license to the application, sending the application, the license and the identification information to the device using a rework detection technique, determining whether the application was modified during transmission, storing a rule on the device, determining whether the application was processed with the license and the rule, and removing the application from the device.
In another embodiment of the present invention, a method of executing an application on a wireless device comprises the steps of: storing rules for evaluating the permission, receiving information including the application, the permission, and the identification using a revision detection technique, receiving a request to execute the application on the wireless device, evaluating the received information to determine if it has been modified, evaluating the permission associated with the application if the received information has not been modified, and executing the application if the permission is granted.
In still another embodiment of the present invention, a method of executing an application on a wireless device comprises the steps of: storing rules for evaluating permissions, receiving information including an application, a permission, and an identification using a revision detection technique, receiving a request to execute the application on the wireless device, evaluating the received information to determine if the information is modified, evaluating the permission associated with the application if the received information is not modified, and executing the application if the permission is granted.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate presently preferred embodiments of the invention and, together with the general description given above and the detailed description of the preferred embodiments given below, serve to explain the principles of the invention. In the drawings:
FIG. 1 is a flow diagram illustrating the high-level processing of secure application distribution and execution in an exemplary embodiment of the invention;
FIG. 2 is a block diagram illustrating a system architecture in which an exemplary embodiment of the present invention may be implemented;
FIG. 3 is a block diagram of an exemplary embodiment of the invention illustrating a wireless network architecture in which a secure application distribution processing system may be implemented;
FIG. 4 is a block diagram of an exemplary embodiment of the invention, showing a wireless device and some of the internal components;
FIG. 5 is a block diagram of an exemplary embodiment of the invention showing information used to establish digital signatures and send to a wireless device;
FIG. 6 is a flow chart of an exemplary embodiment of the present invention showing steps used by 1 or more servers in distributing applications; and
fig. 7 is a flow chart of an exemplary embodiment of the invention showing steps used by a wireless device in executing an application.
Detailed description of the preferred embodiments
Reference is now made to the exemplary preferred embodiments of the invention, which are illustrated in the drawings in which like reference numerals refer to corresponding parts throughout. The features, objects, and advantages of the present invention will become more apparent to those of ordinary skill in the art after reviewing the following detailed description taken in conjunction with the accompanying drawings.
The present invention provides for secure and reliable application distribution and execution by providing a system and method for testing an application to ensure that the application meets predetermined criteria relating to the execution environment. Furthermore, by applying rules and permission lists, application fetching and revision detection techniques, such as digital signatures, the present invention provides a mechanism for securely distributing and executing a tested or untested application by determining whether the application is modified, determining whether the application is permitted to execute in a given wireless device environment, and fetching the application when needed.
Those skilled in the art will appreciate that for ease of description, the foregoing describes one type of application file that may be allocated and executed. An "application" may also include a file having executable content such as: object code, alphanumeric (script), java file, bookmark file (or PQA file), WML script, bytecode, and perl script. Further, an "application" herein may also include substantially non-executable files, such as files that require disclosure or other data files that require access.
FIG. 1 is a flow diagram illustrating a high-level process for secure application allocation and execution in a manner consistent with an exemplary embodiment of the present invention. An embodiment of the present invention enables a developer identification to be associated with an application, application testing of the environment in which the application is to be executed, specifying permissions of a device or system that may determine execution of the application, and fetching the application when the application performs an illegal or undesirable action.
Preferably, the systems and methods apply all of these techniques to improve the secure allocation and execution of applications, but it should be understood that even applying one or more of these techniques can improve the secure allocation and execution of applications.
The high level processing begins by associating a developer identification with an application (step 100). This process is accomplished by bundling the developer identification with the assigned application when it is assigned, or storing the associated developer identification with the corresponding application on a server of the system, and storing the developer identification information and associating it with the application information so that it cannot be easily modified, and this method is also good.
The application is then tested for malfunctioning (step 105). An application may be applied in an environment where malfunctioning may affect not only the device on which the application is running, but also other devices connected or networked to it. The application is preferably tested so that it does not allow an abnormal system to invoke or negatively affect the device or other connected devices during operation. In one embodiment, this test is performed by a verification process in which the application is tested to determine whether it meets a predetermined criteria. It is also preferable to test applications using a developer independent verification process. The independence of the verification process facilitates more accurate and reliable testing.
Before executing, the application checks to determine if it is "allowed" to execute on the device (step 110). The verification may be performed using the permissions and rules described below, or by other enabling mechanisms known to those skilled in the art. Further, before each execution of an application, the application is preferably checked. Such a permanent verification process increases the security of the executing application, for example, an application with a trojan horse may be prevented from being inserted into the application by another application on the executing device.
The application that is not operating properly or is not expected to be operating is then removed from the device (step 115) to prevent further damage to the application and to allow the memory in the device to be used for other purposes. Alternatively, the application is not required to be fetched from the application. Fetching an application may refer to disabling the application but remaining on the device.
FIG. 2 illustrates a system architecture in which an embodiment of the invention may be implemented. The developer 200 builds an application for the wireless device 230. As noted above, those skilled in the art will appreciate that while the foregoing description includes application file types, other file types may be used. They also understand that the present invention is applicable to other wireless or non-wireless devices, and may be applied to wireless networks, non-wireless networks, or a combination thereof.
Typically, the developer 200 has a set of development procedures for developing applications for execution on the wireless device 230. In one embodiment, the wireless device includes a software platform that facilitates the interfacing of applications therewith, such as BREW developed by QUALCOMM corporation (headquarters in San Deigo, Calif.)TMAnd (3) software. The developer can establish the software platform or BREWTMSoftware, specification standards and agreed applications.
In one embodiment, the developer 200 interfaces with the central server 205, causing it to electronically transmit the application to the central server 205. In one embodiment, the central server is an application management center headquarters (ACCHQ) server that distributes applications to the wireless devices. Developer 200 may digitally mark an application to determine if the application has been modified. It should be appreciated that a physical connection to the central server is not necessary, for example, the developer 200 may send the application via first-order mail to the central server 205 stored on a CD-ROM.
In addition, the developer sends various source identification information to the central server 205, including any type of information associated with the application that identifies the developer, such as a company name, a company tax identifier, or other identifying information.
In application analysis and verification, either a separate central server 205 or a central server of the application verification server 210 is used. In one embodiment, an application management center (ACC) is used as the authentication server. The authentication server 210 analyzes the application to determine whether it meets a predetermined authentication criteria. The metric includes whether the application satisfies a development procedure for execution on the wireless device or platform, but can be any metric that the application must satisfy before execution on the wireless device or platform. Such indicators include verification: (a) the application functionality claimed by the developer makes the application harmless to the operation of the wireless device (e.g., does not damage the phone); (b) applications do not access data or memory that they do not (e.g., do not access data or files, operating system or platform software owned by other applications); and (c) does not negatively affect wireless device resources, such as detrimentally monopolizing wireless device inputs and outputs.
The central server 205 may also specify a set of permissions in the manifest relating to the application. The permission list is determined by various factors including analyzing whether the application passes the verification process, approving the network 220 on which the application is executing, and whether the wireless device supports the application. The factors that determine the list of licenses are numerous and will remain up to the skilled artisan in practicing the invention.
The central server 205 receives the developer identification information and correlates it with the application built by the developer 200. If the application has a problem, the server can identify the source of the application. In one embodiment, developer information is communicated to the wireless device 230 for correlation by the wireless device or other system to which it is connected.
In one embodiment, the central server also connects to an Application Download Server (ADS)215 that interfaces with the wireless devices via a wireless network 220 to download applications. The central server also sends the license list and developer identification associated with the application to the ADS and stores it therein until transmitted to the wireless device. Preferably, to improve the security of the modification, the central server digitally signs the application, the license list and the developer.
Those skilled in the art will appreciate that the ADS may be interfaced to multiple networks 220 to distribute applications, files, and other information to various wireless devices 230. Also, the license list and developer identification for the application may be sent to the wireless device using the wireless and non-wireless networks.
Upon request for an application, the ADS215 sends the application, the license list, the developer identification, and the digital signature to the wireless device 230 via the network 220. In one embodiment, wireless device 230 has a key to verify the digital signature in order to determine if the application, license list and/or developer information has been modified.
Preferably, if the digital signature is applied in the present invention, the central server creates the digital signature with a secret key and installs a key on the wireless device that evaluates the digital signature. Using the key, the wireless device will have a higher reliability, i.e. the digital signature is generated by the central server and not the originator.
The wireless device may retrieve the application if the application is faulty on the wireless device or for another reason. Also, the application can be fetched from the wireless device according to a request of the ADS or the central server. The server may issue such a request for any reason, such as improper operation of the application on another device, release of a new version of the application, or even forced removal of the application for business reasons, and the server may remove the application from the wireless device. Such an application fetching process may prevent the wireless device environment from repeatedly executing unreliable and/or corrupted applications.
Fig. 3 illustrates a wireless network architecture in which the application distribution system may be implemented in an embodiment of the invention. The central server 302 is the mechanism by itself or in conjunction with the authentication server to authenticate whether the application is compatible with a set of specified programming standards or agreements. As previously described, these programming standards may be established so that the software platform, e.g., BREWTMAn application is executed on the platform.
In one embodiment, the central server database 304 includes a record that records the identity of each application downloaded to each wireless device 330 in the network 300 at any one time, the "Electronic Service Number (ESN)" of each downloaded application, and the "Mobile Identification Number (MIN)" held by the wireless device 330 carrying the application. Alternatively, the central server database 304 records for each wireless device 330 in the network 300 the wireless device model number, the wireless network carrier, the area in which the wireless device 330 is used, and any other information useful for identifying which wireless device 330 is carrying which application. In addition, the database may store such developer identification information associated with the application.
In one embodiment, the central server 302 further includes a fetch command source 322, where the source 322 is a person or entity that may decide to fetch one or more targeted applications. The source 322 is also the mechanism that constitutes a fetch command 316 (discussed below) that is broadcast to the identified wireless devices 330 carrying the target application. Or, without limitation, the fetch command source 322 may be one or more persons or organizations involved in developing and promulgating the targeted application, the person or organization that manufactures the wireless device 330, and/or any portion of the functionality of the network 300.
The central server 302 communicates, preferably securely, with one or more computer servers 306, such as an ADS, over a network 308, such as the internet. The server 306 also communicates with a carrier network 310 through a network 308, and the carrier network 310 communicates with the MSC312 over both the internet and a Plain Ordinary Telephone System (POTS), collectively referenced as 311 in fig. 3. An internet connection 311 between the carrier network 310 and the MSC312 transfers data and the POTS311 transfers voice information. The MSC312 is then connected to a plurality of base stations (BTSs) 314 and to the BTSs via both the internet 311 (data transfer) and POTS311 (voice information). BTS314 wirelessly transmits messages to wireless device 330 using Short Message Service (SMS) or any other over-the-air method.
An example of a message sent by the BTS314 in the present invention is a fetch command 316. As discussed further herein, the target application stored on the wireless device 330 is not installed in response to the received fetch command 316. In one embodiment, the fetch program may additionally or alternatively be programmed to disable the target application or reprogram it to perform differently. The wireless device may also delete the application and any related information, such as the license list.
The fetch command 316 is comprised of a fetch command source 322 (which may or may not be the same person or mechanism that decides to fetch the target application), and the fetch command source 322 sends the fetch command 316 over the network 300 for broadcast to the wireless device 330.
By using the above example fetch command, the security of application distribution and execution is improved by providing a mechanism that does not install unreliable or unwanted applications. Those skilled in the art will appreciate that while the foregoing describes a fetch command initiated by a central server, the wireless device may fetch or not load the application and its associated information.
Likewise, the above network may send applications, licenses lists and related digital features from the central server to various servers 306 (e.g., ADS') to the wireless device 330 through the MSC and BTS.
Fig. 4 illustrates a wireless device and certain internal components of an embodiment of the invention, which, although the example is directed to a wireless device 400, is by way of example only and not by way of limitation. Alternatively, the invention may be implemented on any form of remote module capable of communicating over a network, including without limitation wireless and non-wireless devices such as electronic organizers (PDAs), wireless modems, PCMCIA cards, access terminals, personal computers, devices without a display or keypad, or any combination or sub-combination thereof. Examples of such remote modules may also have a user interface such as a keypad, visual display or audible display.
The wireless device 400 of fig. 4 is manufactured with an Application Specific Integrated Circuit (ASIC)415, which is a hardware element driven by software contained therein. Wireless device 400 is also equipped with an application programming interface (APT)410 at the time of manufacture. In one embodiment, the API represents a BREW API or software platform. API410 is a software program configured to interact with the ASIC to interface between the ASIC415 hardware installed on wireless device 400 and an application program (discussed below). Alternatively, wireless device 400 contains any other form of circuitry that enables the program to operate in a manner compatible with the hardware configuration of wireless device 400. The wireless device 400 also has memory 405, including RAM and ROM, or any form of memory such as EPROM, EEPROM, or flash card plug-in.
The memory 405 of the wireless device may store the received application and license list 425 and may also store one or more "electronic keys" 405 that may be applied to the digital signature using a signature algorithm to determine if the signed message has been modified.
Rules 435 are also installed on the wireless device 400 and may be used with the permission list to determine whether the application is allowed to execute. For example, if a validation flag is set in the license manifest (i.e., indicating that the application has been validated), the rule declares that the application is allowed to execute. The license list will have a validation flag set or not set depending on whether validation is passed. The rule is applied to the information contained in the license list, or the permission to execute the application is granted or denied.
A manufacturer (not shown) may download applications to its memory 405 when manufacturing the wireless device 400, which may be any program that may be useful or interesting to the wireless device user, such as games, books, or other types of data or software programs. Applications may also be downloaded over the air to the wireless device 400 after the wireless device is manufactured.
One or more target applications from one of the applications stored on the wireless device 400 are not installed while the wireless device 400 executes the pull program. The target application is an application that does not require the wireless device 400 to be installed for various reasons as described below.
Wireless device 400 has a manufacturer installed local database 420. The API of the wireless device is programmed to automatically update the local database 420, which contains unique signature records for each application stored on the wireless device 402, with the recorded identification information for each application stored on the wireless device 400. In addition, local database 420 contains a record of the location of applications within memory 405 on wireless device 400, as well as any other information useful for tracking applications downloaded on wireless device 400 and their locations.
Fig. 5 is a block diagram of an embodiment of the invention showing information used to establish digital signatures and send to a wireless device. One skilled in the art will recognize that digital signatures can be used to track whether a digital file has been altered. As described, the digital signature may be applied to any digital file, including files, applications, databases, and the like. Typically, the digital signature is formed by applying a key to the document using a signature algorithm, the digital signature being formed using information contained in the document. Typically, the digital signature is sent to the recipient along with the document, and the recipient then uses a key to determine whether the document was altered when it was transmitted to the recipient.
Establishing and evaluating a key for a digital signature can determine the identity of the token, e.g., an entity can generate and maintain a secret key that forms the digital signature, and the entity can assign a corresponding key for evaluating the digital signature. If the electronic key is kept secret without leakage, the receiver evaluating the digital characteristics can not only judge whether the information is changed, but also judge the identity of the encryption device.
Alternatively, a third party may form a key to a particular institution in a secure manner, such that a recipient having a key associated with a particular identity will be able to determine whether the institution is a creditor.
In one embodiment of the present invention, the digital signature 515 is generated by using a cryptographic key 525, such as a central server key (FIG. 2), the application 500, the license list 505, and the developer identity information 510, as inputs to the digital signature algorithm 530, which depends on the information contained in the inputs.
After the digital signature 515 is formed, the application 500, the license list 505, the developer identification information 510, and the digital signature 515 are transmitted to the wireless device 520, which then uses the digital signature to determine whether the application or related information (i.e., the license list and the developer identification information) has been modified. In addition, using one of the techniques described above, such as a secret key, the wireless device may also generate a confidence level in the identity of the token to which the information is sent.
FIG. 6 is a flowchart illustrating the steps taken by a server to distribute applications in accordance with one embodiment of the present invention. In this example, the process begins by receiving an application and a digital signature (step 600), which is information about the application, and thus can determine whether the application was modified prior to receipt. Further, the signed electronic key for the digital signature is preferably specified by a third party to confirm that the mechanism or developer that signed the application is the developer that received the specified electronic key.
After receiving the application and the digital signature, the digital signature is evaluated to determine whether the developer that sent the application is the same developer that marked the application (step 605). If the third party specifies to the developer the electronic key that forms the digital signature, the third party also distributes the electronic key that evaluates the digital signature to the recipient, such as the central server described with reference to fig. 2.
The developer, or whatever the tokenization and/or identification of the mechanism forming the application, is then stored and associated with the application (step 610). The stored form may be a table, database, or other form that can be retrieved when required to determine the identity of the developer. In one embodiment, the developer identification is stored in the wireless device without being stored in the server.
The received application is then verified to determine if the specified criteria are met (step 615). In one embodiment, the application is programmed to execute on a particular platform, such as BREW used in wireless devices developed by QUALCOMM corporation (headquarters in san Diego California)TMA platform. A particular platform or device has special requirements that the application must meet before executing on it, e.g., the platform or device may require that the application not have access to a particular memory location in the device, thereby not compromising the integrity of the device or other applications in memory. After the indexes are specified, the application program can be tested to judge whether the indexes are met.Preferably, these metrics are predetermined and then supplied to the developer to introduce the development of the application.
After verification, permissions associated with the application are specified for the given environment (step 620). Permissions are specified according to a number of factors, depending on the environment in which the invention is implemented. In an embodiment, the application is for a wireless device. In this example, the permissions may be specified, for example, based on the requirements of the carrier network, the wireless device, the validation test results, and the developer, carrier, or other test environment. Thus, the license manifest states that the application has passed the validation test and can be executed on a particular carrier network.
The server then digitally signs the application, license manifest, and developer identification (step 625). In one embodiment, the signature is created with a key that allows the party receiving the digitally signed message to determine the identity of the server without requiring the developer signature received by the server to be signed and without requiring the developer signature to be transmitted to the wireless device.
The application, license list, developer identification, and features formed at step 625 are then sent to the wireless device (step 630).
FIG. 7 is a flowchart illustrating steps used by a wireless device in executing an application in accordance with one embodiment of the present invention. In this example, the wireless device stores rules that evaluate permissions associated with the application (step 700). Those skilled in the art will appreciate that while the present invention describes a pattern of rules/permissions, there are a variety of patterns that may be used to grant permissions to an application for a particular device or platform and are considered to be within the scope of the present invention.
The wireless device then receives the application, the license list, the developer identification, and the digital signature (step 705). In one embodiment, the wireless device evaluates the received digital signature to determine the tagger identity. The digital signature may also be used to determine whether the application, license list, or developer identification has been altered after the token has been added.
The wireless device then receives a request to execute an application, step 710. The request may come from a user of the wireless device who wants to execute the program. Alternatively, the request is made by the wireless device itself, or from some request sent to the wireless device through a network or direct connection to the wireless device.
Upon receiving the request, the wireless device evaluates the digital signature and the license list associated with the application program prior to program execution (step 720). As described above, in one embodiment, the wireless device evaluates the license list with rules. Upon evaluation, the wireless device evaluates the license list using stored rules if it is determined that the application, license list, or developer identification has not been altered. If there is no modification and the rule's evaluation of the permission list indicates that the application permission has been granted for execution on the wireless device, processing proceeds to execute the application on the device (step 730).
If the evaluation of step 720 indicates that the application, license list or developer identification was changed after the token was added or that the application was not intended to be executed on the wireless device, then the application is not executed (step 725). The process proceeds to fetch the application from the wireless device, step 750. Preferably, the license list and developer identification are also retrieved from the wireless device.
After step 730, the execution of the application is monitored to determine if it is performing illegal or abnormal operations (step 735). The platform of the wireless device or its applications may specify certain illegal or inappropriate operations, including those that access restricted memory areas or memory locations used for other programs or files. Further, these operations may involve the detrimental utilization of resources of the wireless device, which may affect not only the wireless device, but other devices to which the wireless device is networked.
If such illegal or improper operation is attempted, execution of the application is halted (step 745) and retrieved from the wireless device along with the developer identification and license list (step 750). Or as described above, the fetching process may involve prohibiting the application from starting, thereby preventing its execution, and keeping the application on the wireless device.
If no illegal, inappropriate, or undesired operation is performed at step 735, then continued execution of the application is permitted (step 740).
Conclusion
Systems and methods consistent with the present invention improve secure and reliable application distribution and execution by utilizing mechanisms for verifying and detecting modifications, determining source identity, specifying permissions, and introducing the ability to extract applications. The system and method may implement a small number or all of these mechanisms, with the more mechanisms implemented, the greater the degree of security that is achieved.
In one embodiment, a developer sends an application to a server, and the developer can token the application against unauthorized modification. The server checks the developer identity and performs a verification test on the application. The server also assigns a license to the application, forming a license list. The application, license list, and developer identification are digitally signed by the server and sent to the wireless device along with the digital signature. The wireless device checks the digital signature for modifications and permission lists against stored rules before executing the application. In one embodiment, the pings are made each time an application is attempted to be executed on the wireless device, and if the ping indicates that the application has been modified or not permitted to be executed, the application is not executed and removed from the wireless device; if the application attempts to operate illegally or improperly during execution, the application is terminated and removed from the wireless device.
The foregoing description of the embodiments of the invention has been presented only for the purposes of illustration and description and is not intended to be exhaustive or to limit the invention to the precise form disclosed. Various modifications and variations are possible in light of the above teachings or may be acquired from practice of the invention, for example, the described implementations may include software, but an embodiment of the invention may be implemented in combination of hardware and software or in hardware alone. The present invention can be implemented as both targeted and untargeted programming systems. In addition, while aspects of the invention are described as being stored in memory, those skilled in the art will appreciate that the methods may also be stored on other types of computer-readable media, such as secondary storage devices, like hard disks, floppy disks, or CD-ROMs; a carrier wave from the internet or other propagation medium; or other forms of RAM or ROM. The scope of the invention is defined by the claims and their equivalents.

Claims (44)

1. A method for distributing and processing applications, comprising the steps of:
receiving an application program and identification information associated with the application program;
verifying that the application program meets a predetermined index;
specifying a license for the application;
sending application, license and identification information to a device using a rework detection technique;
judging whether the application program is changed in the transmission process;
storing a rule on the device;
judging whether the application program can be processed by using the permission and the rule; and
the application is removed from the device.
2. The method of claim 1, further comprising the step of:
initiating execution of an application on a device;
monitoring execution of an application; and
applications that attempt to do inappropriate operations are detected.
3. The method of claim 1, wherein processing the application on the device is not permitted.
4. The method of claim 1, wherein the device retrieves the identification information.
5. The method of claim 1, further comprising the step of detecting a modification of the application.
6. The method of claim 1, further comprising the step of detecting a modification of the permission.
7. The method of claim 1, wherein the modification detection technique applies a digital signature.
8. A method for distributing and processing applications, comprising the steps of:
receiving an application program and identification information associated with the application program;
verifying that the application program meets a predetermined index;
specifying a license for the application;
sending the application, the license, and the identification information to the wireless device;
storing the rules on the device; and
it is determined whether the application can be processed on the device with the permissions and rules.
9. The method of claim 8, further comprising the step of:
initiating execution of an application on a wireless device;
monitoring execution of an application;
detecting an application attempting to mishandle; and
the application is fetched from the wireless device.
10. The method of claim 8, wherein processing the application on the wireless device is not permitted, further comprising the step of retrieving the application from the device.
11. The method of claim 8, wherein the identification information is determined by the wireless device.
12. The method of claim 8, wherein the application, license, and identification information are transmitted using a rework detection technique.
13. The method of claim 12, wherein the modification detection technique applies a digital signature.
14. The method of claim 12, further comprising the step of:
detecting a modification of an application sent to a device; and
the application is removed from the device.
15. The method of claim 12, further comprising the step of:
detecting modification of the license sent to the device; and
the application is removed from the device.
16. A method for distributing and processing applications, comprising the steps of:
receiving an application program and identification information associated with the application program;
specifying a license for the application;
sending the application, license and identification information to the device using a rework detection technique;
judging whether the application program is changed in the transmission process;
storing a rule on the device;
determining whether the application can be processed with the license and the rule; and
the application is removed from the device.
17. The method of claim 16, further comprising the step of:
initiating execution of an application on a wireless device;
monitoring execution of an application;
detecting an application attempting to mishandle; and
the application is fetched from the wireless device.
18. The method of claim 16, wherein processing the application on the wireless device is not permitted, further comprising the step of retrieving the application from the device.
19. The method of claim 16, wherein the identification information is determined by the wireless device.
20. The method of claim 16, wherein the application, license, and identification information are transmitted using a rework detection technique.
21. The method of claim 20, wherein the modification detection technique applies digital signatures.
22. The method of claim 20, further comprising the step of:
detecting a modification of an application sent to a device; and
the application is removed from the device.
23. The method of claim 20, further comprising the step of:
detecting modification of the license sent to the device; and
the application is removed from the device.
24. A system for distributing and executing applications on a wireless device, comprising:
means for receiving an application and identification information associated with the application;
means for verifying that the application meets a predetermined criteria;
means for specifying a license for the application;
means for sending the application, the license, and the identification information to the wireless device;
means for storing the rules on the device; and
means for determining whether the application can be processed on the device using the permissions and rules.
25. The system of claim 24, wherein the means for sending the application, license, and identification information to the wireless device is further capable of sending the application to the wireless device using a revision detection technique.
26. The system of claim 24, wherein the means for sending the application, the license, and the identification information to the wireless device is further capable of sending the license to the wireless device using a revision detection technique.
27. The system of claim 24, wherein the means for verifying that the application meets the predetermined criteria is a central server.
28. The system of claim 24, further comprising means for evaluating the specified permissions using rules stored in the wireless device.
29. A system for distributing and executing applications on a wireless device, comprising:
means for receiving an application and identification information associated with the application;
means for specifying a license for the application;
means for sending the application, license and identification information to the device using a rework detection technique;
means for determining whether the application has been modified during transmission;
means for storing the rules on the device;
means for determining whether the application can be processed with the license and the rule; and
means for retrieving the application from the device.
30. A method of processing application program assignments, comprising the steps of:
receiving an application program and identification information associated with the application program;
verifying that the application program meets a predetermined index;
specifying a license for the application;
sending the application, license and identification information to the device using a rework detection technique; and
a request to retrieve an application from a device is made.
31. The method of claim 30, further comprising the step of:
the received application and identification information is evaluated to determine the identity of the application developer.
32. The method of claim 30, wherein the modification detection technique applies digital signatures.
33. An application distribution system, comprising:
means for receiving an application and identification information associated with the application;
means for verifying that the application meets a predetermined criteria;
means for specifying a license for the application;
means for sending the application, license and identification information to the device using a rework detection technique; and
means are proposed for fetching a request for an application from a device.
34. A method for executing an application on a wireless device, comprising the steps of:
storing a rule for evaluating the permissions;
receiving information including an application, a license, and an identification associated with the application using a rework detection technique;
receiving a request to execute an application on a wireless device;
evaluating the received information and judging whether the received information is changed;
evaluating permissions associated with the application when the received information is not altered; and
upon granting permission, the application is executed.
35. The method of claim 34, wherein the modification detection technique applies digital signatures.
36. The method of claim 34, further comprising the step of: execution of the application is monitored to determine if improper operation is attempted.
37. The method of claim 34, further comprising the step of retrieving the application from the wireless device.
38. A method for executing an application on a wireless device, comprising the steps of:
storing a rule for evaluating the permissions;
receiving information including an application, a license, and an identification associated with the application using a rework detection technique;
receiving a request to execute an application on a wireless device;
evaluating permissions associated with the application; and
the application is fetched from the wireless device when the information is changed.
39. The method of claim 38, further comprising the step of:
evaluating permissions associated with the application when the received information is not altered; and
upon granting permission, the application is executed.
40. The method of claim 38, wherein the modification detection technique applies digital signatures.
41. The method of claim 38, further comprising the step of: execution of the application is monitored to determine if improper operation is attempted.
42. The method of claim 38, further comprising the step of: the application is removed from the wireless device when improper operation is attempted.
43. A wireless device that executes an application, comprising:
means for storing a rule for evaluating the permissions;
means for receiving information including the application, the license, and the identifier associated with the application using a rework detection technique;
means for receiving a request to execute an application on a wireless device;
means for evaluating permissions associated with the application; and
means for retrieving the application from the wireless device when the information is modified.
44. A wireless device that executes an application, comprising:
means for storing rules for evaluating the permissions;
means for receiving information including an application, a license, and an identifier associated with the application using a rework detection technique;
means for receiving a request to execute an application on a wireless device;
means for evaluating the received information to determine if it has been altered;
means for evaluating permissions associated with the application when the received information is not altered; and
means for executing the application upon approval of the permission.
HK05101823.6A 2001-05-31 2002-05-23 Method and system for processing application and wireless device for executing application HK1069451B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US09/872,418 2001-05-31
US09/872,418 US7099663B2 (en) 2001-05-31 2001-05-31 Safe application distribution and execution in a wireless environment
PCT/US2002/016485 WO2002097620A2 (en) 2001-05-31 2002-05-23 Safe application distribution and execution in a wireless environment

Publications (2)

Publication Number Publication Date
HK1069451A1 HK1069451A1 (en) 2005-05-20
HK1069451B true HK1069451B (en) 2007-01-12

Family

ID=

Similar Documents

Publication Publication Date Title
CN1258141C (en) Method and system for processing applications and wireless device for executing applications
CA2457127C (en) Test enabled application execution
AU2002324717A1 (en) Test enabled application execution
AU2002312041A1 (en) Safe application distribution and execution in a wireless environment
HK1069451B (en) Method and system for processing application and wireless device for executing application
HK1070197A (en) Test enabled application execution
HK1100583A (en) Test enabled application execution
NZ548062A (en) Test enabled application execution