KR20130085504A - System and method for providing of interface using rights - Google Patents

System and method for providing of interface using rights Download PDF

Info

Publication number
KR20130085504A
KR20130085504A KR1020110134009A KR20110134009A KR20130085504A KR 20130085504 A KR20130085504 A KR 20130085504A KR 1020110134009 A KR1020110134009 A KR 1020110134009A KR 20110134009 A KR20110134009 A KR 20110134009A KR 20130085504 A KR20130085504 A KR 20130085504A
Authority
KR
South Korea
Prior art keywords
application
interface
terminal
information
authentication information
Prior art date
Application number
KR1020110134009A
Other languages
Korean (ko)
Inventor
이동후
Original Assignee
주식회사 케이티
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 케이티 filed Critical 주식회사 케이티
Priority to KR1020110134009A priority Critical patent/KR20130085504A/en
Publication of KR20130085504A publication Critical patent/KR20130085504A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

When the authority providing system calls an interface for any application executed in the terminal in order to provide the terminal with the authority to use the interface, it is checked whether the signature information is included in the arbitrary application. If the signature information is included, it is checked whether the application information of the application including the signature information is stored in advance, and if the application information is stored, the terminal provides a right to use an interface for executing an arbitrary application.

Description

System and method for providing of interface using rights

The present invention relates to a system and method for providing a right to use an interface.

In order for the terminal to execute the application, the terminal must have both the system permission of the communication company for the execution of the application and the use authority of the application framework. In order for the terminal to have the right to use at the same time, the application code-signed with the certificate of the communication company, the code is signed by the manufacturer certificate of the manufacturer of the terminal running the application again.

As such, when two codes are signed, a problem arises in that the terminal must perform a complicated certificate management procedure.

Accordingly, the present invention provides a system and method for providing a right to use an interface that provides a terminal with a right to use an API (Application Programming Interface) through signature information inserted into an application.

The method for providing an interface use authority for executing an application to a terminal by an authority providing system which is one feature of the present invention for achieving the technical problem of the present invention,

Calling an interface for any application executed in the terminal; Checking whether the arbitrary application includes signature information; If the signature information is included, checking whether application information of an application including the signature information is stored in advance; And if the application information is stored, providing the terminal with the right to use an interface for executing the arbitrary application.

Determining whether the application information is stored in advance, and if the application information is not stored, determining that the arbitrary application is a duplicated application; And not providing an interface use right for executing the arbitrary application to the terminal.

After checking whether the signature information is included, if the signature information is not included in the application, collecting authentication information about the terminal; Determining whether an interface for the application can be provided to the terminal based on the authentication information; If the interface can be provided, collecting authentication information of the application; And if the authentication information of the terminal and the authentication information of the application are the same, providing the terminal with a right to use an interface for executing the arbitrary application.

In the determining of whether the interface for the application can be provided, if the interface cannot be provided, the method may include not providing the terminal with an authority to use an interface for executing the arbitrary application.

If the authentication information for the terminal is not the same as the authentication information of the application, the method may include providing the terminal with no right to use an interface for executing the arbitrary application.

Authentication information of the application may be generated based on the authentication information for the terminal.

In another aspect of the present invention for achieving the technical problem of the present invention, a system for providing an interface use right to a terminal in conjunction with a communication server and an app providing server,

An application executor configured to call an interface allocated corresponding to the executed application when a previously stored application is executed; An authentication information storage unit for storing manufacturer authentication information of the terminal; And when the interface is called by the application execution unit, confirms whether signature information is stored in application information of the executed application or whether to provide a use authority of the application based on manufacturer authentication information of the terminal. And an authority check unit for determining whether to provide an application use authority to the terminal.

The application information may include at least one of use authority information of the interface, signature information signed with a certificate of a communication company providing the interface, or authentication information about an application generated based on manufacturer authentication information of the terminal.

The application usage right providing system may include an application storage unit for storing information of an application embedded in the terminal, or storing and managing an application received from the app providing server together with application information.

According to the present invention, even in the case of signing an application with one certificate, the terminal can be given different interface usage rights, thereby simplifying the application authentication procedure and increasing convenience of certificate management.

1 is an exemplary view showing an interface right providing environment according to an embodiment of the present invention.
2 is a structural diagram of an authority providing system according to an exemplary embodiment of the present invention.
3 is a flowchart illustrating a method for providing an interface right according to an embodiment of the present invention.

DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In the drawings, parts irrelevant to the description are omitted in order to clearly describe the present invention, and like reference numerals designate like parts throughout the specification.

Throughout the specification, when a part is said to "include" a certain component, it means that it can further include other components, without excluding other components unless specifically stated otherwise.

In this specification, a terminal includes a mobile station (MS), a mobile terminal (MT), a subscriber station (SS), a portable subscriber station (PSS) An access terminal (AT), and the like, and may include all or some of functions of a mobile terminal, a subscriber station, a mobile subscriber station, a user equipment, and the like.

Hereinafter, a system and method for providing an interface use right will be described with reference to the drawings.

1 is an exemplary view showing an interface right providing environment according to an embodiment of the present invention.

As shown in FIG. 1, the terminal 10 interworking with the communication company server 20 and the app providing server 30 has a specific application inserted from the time when the terminal 10 is released, or the user provides the app providing server ( The application purchased through 30) may be downloaded and provided to the user. As such, when an application inserted into the terminal 10 is driven or an application downloaded from the app providing server 30 is driven, each of the applications is associated with an API (Application Programming Interface) (hereinafter referred to as 'interface' for convenience of description). Drive to provide results to the user.

Such an interface is provided from the communication company server 20, and each interface stores usage authority information authorized to use the interface. Accordingly, in order for the terminal 10 to use the interface for driving the application, the terminal 10 should check the usage authority inserted in the application. For this purpose, the authority providing system 100 is included in the terminal 10.

The structure of the authority providing system 100 will be described in detail with reference to FIG. 2.

2 is a structural diagram of an authority providing system according to an exemplary embodiment of the present invention.

As shown in FIG. 2, the authority providing system 100 includes an application storage unit 110, an application execution unit 120, an authentication information storage unit 130, and an authority check unit 140.

The application storage unit 110 stores an application provided in an embedded form when the terminal 10 is first released or an application downloaded from the app providing server 30 together with application information. The application information is generated by the carrier server 20 of the telecommunication company providing the interface, and the permission information of the interface called when the application is executed, the signature information signed by the carrier's certificate, the authentication information about the application, and basic information about other applications. Include them.

Here, the authentication information of the application refers to authentication information generated based on authentication information of the terminal manufacturer for the terminal on which the application is to be executed by the application developer's terminal when the application is generated by the application developer. Therefore, in the embodiment of the present invention, the authentication information of the application will be described as an example that corresponds to the authentication information of the terminal, but is not necessarily limited to this.

The application execution unit 120 executes any one application based on an external input among the applications stored in the application storage unit 110. In order to execute the application, the application execution unit 120 calls an interface assigned corresponding to the application. At this time, the interface is provided by the communication company and is executed only in the terminal 10 for which the authority for the interface call is obtained.

The authentication information storage unit 130 stores and manages authentication information of a manufacturer who manufactures the terminal 10. This is to prepare for the case that the terminal 10 when the application is downloaded from the app providing server 30, the signature information signed with the carrier's certificate is not included in the application.

That is, in the embodiment of the present invention, if the signature information is not included in the application, whether the authority to use the interface is provided to the terminal 10 based on the manufacturer's authentication information stored in the authentication information storage unit 130. It is possible to determine whether or not. The authentication information is described as an example that can be periodically received from the app providing server 30, but is not necessarily limited to this.

In other words, if the application information does not include the signature information signed with the carrier's certificate, the authorization checker 140 stores the authentication information to determine whether to provide the terminal 10 with permission to use the interface for executing the application. Request authentication information of the manufacturer who manufactured the terminal 10 stored in the unit 130. In addition, the authentication information storage unit 130 transmits the authentication information of the manufacturer stored in the authority check unit 140.

When the authorization checker 140 calls the interface to execute the application in the application execution unit 120, the authorization checker 140 checks whether the signature information is stored in the application information. That is, the authority check unit 140 determines whether signature information of the telecommunication company that provides the interface is included.

If the carrier's signature information is included, the signature information is transmitted to the authentication information storage unit 130. The application information corresponding to the signature information is received to check whether the application information to be executed in the application execution unit 120 is stored.

In addition, if the authority verification unit 140 does not include the signature information of the carrier providing the interface as a result of verifying the signature information, the authentication information of the manufacturer who manufactured the terminal 10 stored in the authentication information storage unit 130. Check whether it can obtain the right to use the interface. To this end, the authority check unit 140 requests authentication information of the manufacturer of the terminal 10 to the authentication information storage unit 130 and receives it.

A method of confirming authentication information of an application and providing a right to use an interface to the terminal 10 through the structure of the authority providing system 100 described above will be described with reference to FIG. 3.

3 is a flowchart illustrating a method for providing an interface right according to an embodiment of the present invention.

As shown in FIG. 3, when the application execution unit 120 tries to execute any one application among a plurality of applications stored in the application storage unit 110 (S100), the application execution unit 120 may execute the corresponding application. Call the interface required to execute (S110).

The authorization checker 140 checks whether the corresponding application acquires the authority to use the interface based on the application information, that is, it includes signature information of the carrier (S120). Since the application information is stored in the application, the application information can be checked to determine whether the user has the authority to use an interface required for executing the application.

If the authorization checker 140 confirms that the application includes the signature information of the carrier providing the interface, the application is authenticated using the signature information (S130). Here, there may be various methods for authenticating using signature information, and embodiments of the present invention are not limited to any one method.

After performing the authentication of the application through the step S130, the authorization checker 140 checks whether the information of the application including the signature information is stored in the authentication information storage unit 130 (S140). The authentication information storage unit 130 stores application information only for applications that are authenticated to use the interface among the applications that are sold. Application information for the authenticated application may be updated at a predetermined cycle or may be received from the app providing server 30.

Therefore, the authorization checker 140 checks whether the application information exists in step S140, and if the application information does not exist, determines that the application is an illegally copied application (S150). However, if the application information exists, it is determined that the application is an authenticated application that can be properly executed in the terminal having the authority to use the interface for executing the application (S160).

On the other hand, in the step of determining whether the authority check unit 140 has the signature information in step S120, if the signature information is not included in the application information, the authority check unit 140 is the authentication information of the manufacturer who manufactured the terminal 10 Collect (S170). Then, it is checked through the authentication information of the manufacturer whether it is possible to provide a user right to execute the interface to the terminal 10 (S180).

To this end, the terminal manufacturer and the telecommunication company may execute an interface provided by the telecommunication company through a terminal manufactured by the terminal manufacturer through a contract or the like in advance. For example, the information may be embodied in a form inserted in advance in the manufacturer authentication information, but is not necessarily limited thereto.

If it is determined that the corresponding terminal is authorized to execute the interface through the authentication information of the manufacturer, the authority checking unit 140 obtains the authentication information of the application (S190). In operation S200, it is determined whether the acquired authentication information of the obtained application matches the manufacturer authentication information of the terminal collected in step S170. In other words, check whether the application is authenticated with the same authentication information as the manufacturer authentication information.

If it is authenticated with the same authentication information, the authorization checker 140 determines that the corresponding application is an application in which the authentication is completed (S160), and if it is not authenticated with the same authentication information, it checks as an illegally copied application (S150).

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.

Claims (10)

In the method for providing an authority to use the interface for running the application to the terminal,
Calling an interface for any application executed in the terminal;
Checking whether the arbitrary application includes signature information;
If the signature information is included, checking whether application information of an application including the signature information is stored in advance; And
If the application information is stored, providing an interface use right for executing the arbitrary application to the terminal.
Interface permission providing method comprising a. The method of claim 1,
In the step of checking whether the application information is stored in advance,
If the application information is not stored, determining that the arbitrary application is a duplicated application; And
Not providing an interface use right to execute the arbitrary application to the terminal
Interface permission providing method comprising a. The method of claim 1,
After checking whether the signature information is included,
If the signature information is not included in the application, collecting authentication information about the terminal;
Determining whether an interface for the application can be provided to the terminal based on the authentication information;
If the interface can be provided, collecting authentication information of the application; And
If the authentication information of the terminal and the authentication information of the application are the same, providing the terminal with a right to use an interface for executing the arbitrary application;
Interface permission providing method comprising a. The method of claim 3,
In determining whether to provide an interface to the application,
If the interface cannot be provided, providing the terminal with no right to use an interface for executing the arbitrary application;
Interface permission providing method comprising a. 5. The method of claim 4,
If the authentication information for the terminal and the authentication information of the application are not the same, not providing the terminal with the right to use an interface for executing the arbitrary application.
Interface permission providing method comprising a. The method of claim 5,
The authentication information of the application is the interface usage right providing method generated based on the authentication information for the terminal. The method of claim 1,
And the signature information is information signed with a certificate of a telecommunication company that provides the interface. In the system to provide the terminal with the right to use the interface in conjunction with the carrier server and the app providing server,
An application executor configured to call an interface allocated corresponding to the executed application when a previously stored application is executed;
An authentication information storage unit for storing manufacturer authentication information of the terminal; And
When the application execution unit calls the interface, it is checked whether signature information is stored in the application information of the executed application or whether the terminal provides the authority to use the application based on manufacturer authentication information of the terminal. Authority to determine whether to provide the application permission to the local system
Interface permission provision system comprising a. 9. The method of claim 8,
The application information includes at least one of usage information of the interface, signature information signed with a certificate of a communication company providing the interface, or authentication information for an application generated based on manufacturer authentication information of the terminal. Provide system. 10. The method of claim 9,
Application storage unit for storing the information of the application embedded in the terminal, or stores and manages the application received from the app providing server with the application information
Interface permission provision system comprising a.
KR1020110134009A 2011-12-13 2011-12-13 System and method for providing of interface using rights KR20130085504A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110134009A KR20130085504A (en) 2011-12-13 2011-12-13 System and method for providing of interface using rights

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110134009A KR20130085504A (en) 2011-12-13 2011-12-13 System and method for providing of interface using rights

Publications (1)

Publication Number Publication Date
KR20130085504A true KR20130085504A (en) 2013-07-30

Family

ID=48995658

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110134009A KR20130085504A (en) 2011-12-13 2011-12-13 System and method for providing of interface using rights

Country Status (1)

Country Link
KR (1) KR20130085504A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102269363B1 (en) * 2020-10-29 2021-06-25 (주)아이트로 External control board installed smart information display device and method of controlling it
WO2023013886A1 (en) * 2021-08-05 2023-02-09 삼성전자주식회사 Electronic device using separation authority and operation method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102269363B1 (en) * 2020-10-29 2021-06-25 (주)아이트로 External control board installed smart information display device and method of controlling it
WO2023013886A1 (en) * 2021-08-05 2023-02-09 삼성전자주식회사 Electronic device using separation authority and operation method thereof

Similar Documents

Publication Publication Date Title
ES2802265T3 (en) Authorization method of an operation to be performed on a target computing device
US9432086B2 (en) Method and system for authorizing execution of an application in an NFC device
ES2893529T3 (en) Mobile communication device and method of operation thereof
US10064240B2 (en) Mobile communication device and method of operating thereof
EP2063378B1 (en) Telecommunications device security
CN103312515B (en) The generation method of authorization token, generating apparatus, authentication method and Verification System
KR20120134509A (en) Apparatus and method for generating and installing application for device in application development system
CN109196841B (en) Method and apparatus for issuing assertions in distributed databases of a mobile telecommunications network and for personalizing internet of things devices
CN103415016A (en) Mobile WIFI hotspot connection processing method and system
CN101226575A (en) Method for locking application program
CN103530534A (en) Android program ROOT authorization method based on signature verification
CN103677892A (en) Authorization scheme to enable special privilege mode in secure electronic control unit
JP2019524016A (en) Methods for managing the status of connected devices
CN103744686A (en) Control method and system for installing application in intelligent terminal
KR101250661B1 (en) Security apparatus and method for mobile platform
CN106133739A (en) Data are to the safeguard protection of the loading in the nonvolatile memory of safety element
CN106897606A (en) A kind of brush machine means of defence and device
JP2017073611A (en) Information processing system, radio communication chip, peripheral equipment, server, application program, and information processing method
JP4732805B2 (en) Service usage method and terminal
JP2017073610A (en) Information processing system, peripheral equipment, radio communication chip, application program, and information processing method
KR20130085504A (en) System and method for providing of interface using rights
CN106576239B (en) Method and device for managing content in security unit
KR20130085544A (en) Apparatus and method for control of applications using application sign authentication
CN102187345B (en) Midlet signing and revocation
CN106326723A (en) Method and device for certifying APK (Android Package) signature

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination