WO2003107201A1 - Method and system for authenticating a software - Google Patents

Method and system for authenticating a software

Info

Publication number
WO2003107201A1
WO2003107201A1 PCT/KR2002/001447 KR0201447W WO2003107201A1 WO 2003107201 A1 WO2003107201 A1 WO 2003107201A1 KR 0201447 W KR0201447 W KR 0201447W WO 2003107201 A1 WO2003107201 A1 WO 2003107201A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
mobile terminal
software
method
error code
security level
Prior art date
Application number
PCT/KR2002/001447
Other languages
French (fr)
Inventor
Ji-Hun Kwon
Seung-Hyouk Yim
Gwang-Ho Nam
Original Assignee
Ktfreetel Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/103Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for protecting copy right

Abstract

The present invention relates to a method and system for authenticating software. A method and system for authenticating software in a mobile terminal is as follows: receive an execution instruction for software installed in said mobile terminal through an inputting means, generate a first error code for said software, extract a mobile terminal identifier of said mobile terminal, generate a first authentication key by combining said mobile terminal identifier and said first error code, and execute said software when said first authentication key corresponds to a second authentication key stored in said mobile terminal. By authenticating the software for a wireless mobile terminal, the present invention can prevent unauthorized duplication and execution of the software at the mobile terminal.

Description

METHOD AND SYSTEM FOR AUTHENTICATING A SOFTWARE

FIELD OF THE INVENTION

The present invention relates to a method and system for authenticating

software, and more particularly, a method and system for using the software on an

authenticated mobile terminal through the authentication process when using the

software downloaded from a server in a mobile terminal.

BACKGROUND OF THE INVENTION

Up to now, even an unauthorized mobile terminal can freely download and use

a software, which was developed after extensive time and effort, and duplicate the

downloaded software to another mobile terminal. Also, since the duplication without

permission results in copyright infringement, litigation is quite possible to prevent it

from continuing.

Especially, various wireless Internet contents have been developed along with

the wide use of mobile terminal; however, the technical solutions for protecting

copyrights of software for a mobile terminal are wholly lacking.

Also, the mobile terminal is quite different in performance and capacity

compared with a conventional computer such as a PC (personal computer). Namely, the

software for a mobile terminal (hereinafter 'mobile software') can be distinguished from the software for a conventional computer with regard to the small data size due to the

limited memory capacity and the CPU performance of the mobile terminal.

Thus, an authentication method compatible with the characteristics of the

mobile software is possible, however, no authentication method has yet to be developed.

Also, the mobile software would be uploaded to a server and then downloaded to a

mobile terminal even in the course of development due to the characteristics of the

mobile terminal.

Still a high possibility exists that the mobile software under development might

be duplicated and exploited by a competitor. Thus, there is a need for an authentication

method to protect the mobile software from being duplicated without permission.

DETAILED DESCRIPTION OF THE PRESENT INVENTION

The present invention is proposed to overcome the aforementioned problems of

the prior art. The object of the present invention is to provide an authentication

method and system that protects the mobile software from unauthorized duplication but

allows for execution through an authentication method and system compatible with the

mobile software.

Also, another object of the present invention is to provide an authentication

method and system that protects the copyright owner of the mobile software

substantially preventing unauthorized duplication. Also, still another object of the present invention is to provide an authentication

method and system compatible with the characteristics of mobile terminal.

Finally, another object of the present invention is to provide an authentication

method and system that prevents the unauthorized duplication of the mobile software

being developed.

To achieve aforementioned objects, according to the present invention, there is

provided a method for authenticating mobile software and a system thereof. Also, there

is provided a computer-readable medium including a program containing

computer-executable instructions for performing a method for authenticating software.

According to another preferred embodiment of the present invention, there is

provided a method for authenticating software in a mobile terminal, the method

comprising the steps of: receiving an execution instruction for software installed in the

mobile terminal through an inputting means; generating a first error code for the

software; extracting a mobile terminal identifier of the mobile terminal; generating a

first authentication key by combining the mobile terminal identifier and the first error

code; and executing the software when the first authentication key corresponds to a

second authentication key stored in the mobile terminal.

Also, the second authentication key is stored in advance by the steps of:

receiving a download file from a download server coupled to the mobile terminal,

wherein the download file comprises software data and a second error code; generating a third error code for the software data in the mobile terminal; storing the software data

on the mobile terminal if the second error code corresponds to the third error code;

extracting the mobile terminal identifier from the mobile terminal; and generating the

second authentication key by combining the mobile terminal identifier and the second

error code in the mobile terminal.

And, the mobile terminal identifier is Electronic Serial Number (ESN), and the

first error code, the second error code, and the third error code are a frame check

sequence generated by CRC method.

Also, if the software is software for a developer, the first error code, the second

error code, and the third error code are a 32 frame check sequence, and if the software is

a commercial software, the first error code, the second error code, and the third error

code are a 16 frame check sequence.

And, the download file further comprises a header including information

relative to the first error code, and further comprises first security level information.

And, the method comprises the steps of: extracting the first security level

information for the download file; receiving INF from the download server, wherein the

INF includes second security level information; and comparing the first security level

information with the second security level information, wherein if the first security level

information and the second security level information do not correspond with each other

according to the comparison, the software is not stored on the mobile terminal. According to another preferred embodiment of the present invention, there is

provided a method for authenticating software in a download server coupled to a mobile

terminal through a network, the method comprising the steps of: receiving a download

request signal from the mobile terminal, wherein the download request signal includes a

mobile terminal identifier of the mobile terminal; identifying the mobile terminal by use

of the mobile terminal identifier, wherein the mobile terminal comprises a user mobile

terminal and a developer mobile terminal; determining whether or not the software is

permitted to be downloaded at the mobile terminal; extracting software data

corresponding to the download request signal, wherein the software comprises

commercial software and software for a developer; generating an error code for the

software data corresponding to the mobile terminal; generating a download file

including the software data and the error code; and transmitting the download file to the

mobile terminal, wherein the mobile terminal controls the execution of the software by

use of an authentication key generated by combining the error code and the mobile

terminal identifier.

Also, the method further comprises the steps of: extracting security level

information corresponding to the software; generating a download file that further

includes the security level information; generating an INF including the security level

information; and transmitting the INF to the mobile terminal, wherein the mobile

terminal compares the security level information included within the INF with the security level information included within the download file to check for an error of the

INF. Where, the security level information is determined in advance by considering the

range of usable resource of the mobile terminal.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG la is a schematic diagram of the software authentication system according

to the preferred embodiment of the present invention.

FIG lb is a block diagram of the download server according to the preferred

embodiment of the present invention.

FIG lc is a block diagram showing the functions of the mobile terminal

according to the preferred embodiment of the present invention.

FIG 2 is a flowchart of downloading software data in the mobile terminal

according to the preferred embodiment of the present invention.

FIG 3a shows a structure of the download file according to the preferred

embodiment of the present invention.

FIG 3b shows the table of the security level information according to the

preferred embodiment of the present invention.

FIG 4 is a flowchart for generating a download file in the download server

according to the preferred embodiment of the present invention.

FIG 5 is a flowchart of storing the program according to the preferred embodiment of the present invention.

FIG 6 is a flowchart of executing the software in the mobile terminal according

the preferred embodiment of the present invention.

FIG 7a is a flowchart of authenticating software according to the preferred

embodiment of the present invention.

FIG 7b is a flowchart of preventing software duplication according to the

preferred embodiment of the present invention.

EMBODIMENTS

In particular the terms used in this specification will be defined as follows.

'Mobile terminal' comprises a cellular phone, PCS(Personal Communication

Service), PDA(Personal Digital Assistant) and all mobile terminals that will be

developed in the near future. This mobile terminal will be classified as either a 'user

mobile terminal' or 'developer mobile terminal' according to the preferred embodiment

of the present invention.

'Download server' generates and transmits a download file comprising software

data, an error correction code, and a header to a mobile terminal.

'Software' will be classified into 'software for developer' and 'commercial

software', and the development process can be securely maintained by allowing the

software for developer to be downloaded only to developer mobile terminal. 'Authentication key (hereinafter 'A-key')' is generated by combining the error

code and a mobile terminal identifier, and the duplicated software cannot be executed

without an A-key.

'Mobile terminal identifier' is a unique identifier assigned to each mobile

terminal, and these mobile terminals can be distinguished from each other by use of the

mobile terminal identifier. Electronic serial number can be used as a mobile terminal

identifier.

'Electronic serial number (abbreviated as ΕSN'), which is differentiated from a

manufacturing serial number, is a number string designated to each mobile terminal.

The mobile terminal manufacturers register the ESN with a mobile service provider of a

country where the mobile device will be used. Therefore, through the pre-registered

ESN, the mobile terminal is registered with that mobile service provider or a change of

mobile terminal is accomplished. Since the ESN is unique to each terminal and difficult

to duplicate, preferably the ESN is used as a mobile terminal identifier.

'Configuration Information File (abbreviated as 'INF') contains system

information. Upon installing or running a program, hardware configuration information,

especially driver files suitable for the hardware, can be provided from INF.

Hereinafter, the preferred embodiment of software authentication method and

system according to the present invention will be described in detail with the

accompanying drawings. Also, in describing the present invention with the accompanying drawings, all the elements of the present invention will be indicated by

the same reference numbers irrespective of the number of drawings.

FIG. la is a schematic diagram of the software authentication system according

to the preferred embodiment of the present invention. Referring to FIG. la, the software

authentication system comprises a download server 100 and a mobile terminal 130, and

can further comprise a local computer 140.

The download server 100 provides software under development or developed

software to the mobile terminal 130 through a network or the local computer 140, which

is coupled to the download server 100.

The mobile terminal 130 has a unique identifier that is assigned to the mobile

terminal 130. If the mobile terminal 130 has the unique identifier, the kind of mobile

terminal can vary as follows: cellular phone, PCS (Personal Communications Service),

PDA (Personal Digital Assistant), etc., can all be the mobile terminal 130.

The mobile terminal 130 can be classified into a developer mobile terminal 110

and a user mobile terminal 120. The developer mobile terminal 110, which is used by

someone who develops software, receives the software from the download server 100

for testing the software under development. Furthermore, the user mobile terminal 120,

which is used by a subscriber who uses the commercial software, receives the software

with or without a fee being charged depending on the situation. In the present invention, the methods of the mobile terminal 130 for accessing

the download server 100 can be classified into a network method that uses a network for

access and a serial method that uses cable for access. In the network method, the

software is divided into several data packets and transmitted through the conventional

mobile network or the next generation network that will be developed. The developer

who accesses the download server 100 with the developer mobile terminal 110 uses the

serial method for developing the software. When accessing the download server 100 by

the serial method, the developer can access the download server 100 through the local

computer 140. Since more time is required for downloading in the network method, use

of the serial method is preferable for accessing the download server 100 with the

developer mobile terminal 110 for efficiency.

In the preferred embodiment of the present invention, the authentication of

software data can be performed by using the ESN as an identifier for identifying the

mobile terminal 130. The software authentication method is performed immediately

before storing the downloaded software on the mobile terminal 130 by using an A-key

that is generated by combining an error code included within the software and the ESN.

The method for generating the A-key will be described later in connection with FIG. 5.

Since the algorithm for generating the A-key in the present invention is very

simple, this algorithm is suitable for the mobile terminal 130 by taking into

consideration the operating environment of the mobile terminal, namely, the limited memory capacity and the low CPU performance.

Since the authentication method with sophisticated encryption used in the

general computer increases loads of the mobile terminal 130 and the time for

authenticating increases correspondingly, the method cannot be employed as an

authentication method for the mobile software. Thus, the authentication method using

the A-key generated by combining the error code and ESN is compatible with the

operating environment of the mobile terminal 130. Moreover, the authentication method

can reduce the time for authenticating, and provide a copying prevention effect by using

ESN that is unique to each mobile terminal 130.

FIG. lb is a block diagram of the download server according to the preferred

embodiment of the present invention. In describing the software authentication method

of the present invention, general functions of download server 100 will be omitted.

Referring to FIG. lb, the download server 100 comprises a security level information

setting part 152, an error code generating part 154 and a download file generating part

156, and can further comprise an authenticating part 158 and billing part 160.

The security level information setting part 152 sets security level information

corresponding to each unit of uploaded software. The resource that is permitted to use

the software when the software is operated on the mobile terminal 130 is determined

according to security level information. The security level information will be described

with FIG. 3b. The error code generating part 154 generates an error code included within the

download file, so that the mobile terminal 130 checks for the occurrence of error in the

received software data by use of the error code.

The download file generating part 156 attaches a header, the error code, and

security level information to the software data to generate the download file.

The authenticating part 158 performs an authentication with the mobile

terminal when the mobile terminal 130 accesses to the download server 100. This

authentication will be performed by use of a subscriber's ID (identification) and

password, and also by use of the mobile terminal identifier, namely, the ESN.

The billing part 160 bills the software data that is downloaded from the

download server 100 to the subscriber. The commercial software can be downloaded or

distributed with charge or without charge, and the billing can be performed for each unit

of software. The charge can be demanded from the subscriber as a service charge of the

mobile terminal or a payment via credit card.

FIG. lc is a block diagram showing the functions of the mobile terminal

according to the preferred embodiment of the present invention. The description of

general functions of the mobile terminal will be omitted for describing the

authentication method in detail. Referring to FIG. lc, the mobile terminal 130

comprises an error code generating part 170, a security level information and error code

comparing part 172, an A-key generating part 174, and an A-key comparing part 176. The error code generating part 170 functions to generate an error code, and the

generating method is the same as the method of the download server 100. Namely, the

error code generating part 170 generates the error code of the received software data, so

that the mobile terminal 130 can check the occurrence of error in the software data.

The security level information and error code comparing part 172 compares the

security level information and error codes to find the occurrence of error in the security

level information and software data included within the download file. That is, the

occurrence of error in the software data can be checked by comparing the error code

generated by the error code generating part 170 with the error code extracted by the

download server. Also the occurrence of error in the security level information can be

checked by comparing the security level information included within the download file

with the security level information included within INF that was received separately

from the download file.

The A-key generating part 174 generates A-key when storing the software data

received from the download server on the mobile terminal 130. The A-key can be

generated by combining the error code and ESN of the mobile terminal 130.

The A-key comparing part 176 controls the execution of the software data by

use of the A-key generated by the A-key generating part 174. Namely, the execution of

the software data can be controlled by comparing the A-key stored in the mobile

terminal with the A-key generated whenever the software data is executed. FIG. 2 is a flowchart of downloading software data in the mobile terminal

according to the preferred embodiment of the present invention.

Currently, much mobile software has already been commercialized and under

development along with the popularization of the mobile terminal. Thus, this mobile

software can be protected from unauthorized duplication or illegal duplication by the

present invention. Namely, according to the present invention, the mobile software data

will be provided to the mobile terminal 130 that the server authenticates. Also, even if

the mobile software in the authenticated mobile terminal were duplicated to other

mobile terminal without permission, the duplicated software would not be executed

because of the A-key.

Hereinafter, the download procedure of software in the download server

according to the present invention will be described with FIG. 2. At step 200, the

mobile terminal 130 accesses the download server 100 through a network. As described

in FIG. la, the methods of the mobile terminal 130 for accessing the download server

100 can be classified into a network method that uses the network for access and a serial

method that uses cable for access. The network method is described mainly with FIG. 2

and the serial method will be described with FIG. 7b.

At step 205, the download server 100 authenticates the mobile terminal 130 that

accesses the download server 100. The authentication in the download server 100 is

performed with an ID and password of the subscriber, i.e., the mobile terminal's user. After authentication, the mobile terminal searches for the software to download,

and at step 210, the mobile terminal 130 transmits a download request signal for the

searched software to the download server 100.

At step 215, upon receiving the download request signal, the download server

extracts the requested software data and generates a download file that includes the

software data. The download file can comprise a header, the software data, the security

level information, and the error code.

After generating the download file, at step 225 the download server transmits

the download file to the mobile terminal 130.

At step 230, the mobile terminal extracts the software data from the download

file and stores it on memory. The storage procedure can be divided into error detection,

data storage, and an A-key generation. The error detection is to detect the occurrence of

error in the software data and the security level information of the received download

file. The data storage is to store the software data on the mobile terminal 130 if no error

is detected in the error detection. The A-key generation is to generate A-key by

combining the error code and the ESN. The data storage will be described with FIG. 5

in detail.

At step 235, the mobile terminal 130 can execute the software that corresponds

to the software data stored on the mobile terminal. When executing the software, the

execution of the software can be controlled by use of the A-key generated at step 230. The execution of step 230 will be described later with FIG. 6 in detail.

FIG. 3a shows the structure of the download file according to the preferred

embodiment of the present invention. When receiving the download request signal

from the mobile terminal 130, the download server generates the download file

including the software data corresponding to the download request signal and transmits

the generated download file to the mobile terminal 130.

Referring to FIG. 3a, the download file comprises a header 300, software data

320, security level information 340, and an error code 360.

According to the present invention, the header 300 includes information for the

error code. The mobile terminal extracts information for the error code from the header,

and generates the error code by the same method of the download server 100. Then by

comparing the error codes, the mobile terminal can detect the occurrence of error in the

software data.

The software data 320 is a data file corresponding to the software that the

mobile terminal requests, and preferably the data file is downloaded in the compressed

form. If the data file is compressed, the download server 100 must generate an error

code for the compressed data file.

The security level information 340 includes information about resources that

the software can access when the software is executed on the mobile terminal. The

usable resource of the mobile terminal 130 is determined by the security level information, and the security level information can be designated to each unit of

software respectively. The security level information will be described with FIG. 3b in

detail.

The error code 360 is used to detect the error in the software data that occurred

during transmission.

According to the present invention, the download file that is transmitted from

the download server 100 includes the error code 360 in order to detect error. Further, the

mobile terminal 130 that receives the download file can detect the occurrence of error in

the software data by use of the error code 360. The method for detecting the occurrence

of error using the error code 360 is described in more detail.

The error code 360 can be generated by one of a parity check and Cyclic

Redundancy Check(abbreviated as 'CRC'). The parity check, the simplest error

detection method, adds a parity bit on the end of a data block; however, it cannot detect

error when an even number of errors occur. Thus, it is preferable to use CRC in the

present invention rather than the parity check. The error code 360 is Frame Check

Sequence (hereinafter 'FCS') when using CRC. According to the method for detecting

the occurrence of error in the mobile terminal, the mobile terminal 130 generates FCS

for the software data by the same method of the download server 100, and compares the

error code in the download file to the generated FCS to detect the occurrence of error.

When using CRC in the present invention, CRC 16 and CRC 32 can be selectively used according to the type of the mobile terminal 130. According to the

preferred embodiment of the present invention, CRC 16 can be used to detect the error

in the commercial software for an ordinary user in order to increase the speed of

authentication, and CRC 32 can be used to detect the error in the software for a

developer in order to increase efficiency of verification in the developing procedure.

According to another preferred embodiment of the present invention, since

there is high possibility of error occurrence other than the wired network because the

commercial software is generally transmitted through the mobile communication

network, CRC 32 can be used for downloading the commercial software. However,

since the software for a developer is transmitted through cable, there is low possibility

of error occurrence other than the wireless network. Thus, CRC 16 can be used as error

code. In the present invention, it is preferable to correct error as well as detect error.

It is preferable to use the automatic repeat request (abbreviated as 'ARQ') as an

error correcting method. The ARQ corrects error by requesting retransmission of the

data block having error from the transmitter after detecting error. In addition to ARQ,

there is another error correction method, i.e., forward error correction (abbreviated

'FEC'). Since FEC can perform error detection and error correction simultaneously, the

reverse channel is not needed and the continuous data flow is possible. However, since

large overhead occurs for detecting and correcting error simultaneously, FEC is not a

suitable correction method for the mobile terminal 130. Accordingly, it is preferable to use ARQ as an error correction method in the present invention.

Also, in another data structure of the download file according to the present

invention, the header, the security level information and the error code are 1 byte, 1 byte

and 4 bytes, respectively.

FIG. 3b shows a table of the security level information according to the

preferred embodiment of the present invention. The security level information 340 is

designated for each unit of software, and the software can use the resource of the mobile

terminal 130 within a range that the security level permits. Using the security level

information 340, the security and stability can be maintained when the software is run

on the mobile terminal 130. According to the present invention, the grades of the

security level can be classified into an application programming interface (abbreviated

as 'API') security, a directory security, a library security, etc. and obviously the grades

can be subdivided according to the importance of the system access. API enables an

application program to use other programs such as an operating system(OS) or database

management system(DBMS). Setting the range for an access right to an OS, file or

library can solve problems related to security of personal information stored in the

mobile terminal 130 and downloading of the mobile terminal when the software data is

running.

Hereinafter, the function of the security level information 340 is described with

FIG. 3b, however, it is not intended that the present invention is limited to the exemplary classification shown in FIG. 3b.

'Level 0' 342 allows the software to access most mobile terminal's resources

and relates to ESN, subscriber information such as channel allocation or stability of the

mobile terminal and the wireless network.

'Level 1' 344 allows the software to access mobile identification number (MIN)

and the current state of the mobile terminal. MIN is 34 bits indicating 10 digits of the

phone number assigned to the mobile terminal and generally called a 'phone number'.

At 'level 2' 346, making a call and sending SMS are possible. At 'level 3' 348,

the software can access the wireless resources such as TCP/IP, UDP, HTTP, and control

files at 'level 4' 350. At 'level 5' 352 the software can control the serial communication,

and at 'level 6' 354 all developers are allowed to access

FIG. 4 is a flowchart for generating a download file in the download server

according to the preferred embodiment of the present invention. The database coupled

to the download server 100 stores software under development and commercial

software data. After making a source code for the software data, the software developer

complies the source code to produce the software data and uploads the software data to

the download server 100. Software data under development can be uploaded to the

download server 100 for testing and commercial software data after development can be

uploaded to the download server 100, too. When the mobile terminal 130 transmits the

download request signal, the download server 100 generates the download file including the software that the mobile terminal requests and transmits the download file to the

mobile terminal 130. The procedure of generating the download file in the download

server 100 will be described with FIG. 4.

At step 400, the download server 100 receives the download request signal

from the mobile terminal 130. The download server 100 extracts the software data

corresponding to the download request signal from the database. The extracted software

data may or may not be in the form of a compressed file. If the software data is not

compressed, then the download server 100 can compress the software data and include

the compressed software data with the download file. When this compressed file is

included with the download file, the download file must generate the error code by

being related to the compressed software data.

At step 410, the download server 100 checks the kind of software that the

mobile terminal 130 requests. According to the present invention, software can be

divided into software for a developer and commercial software. Allowing the software

for a developer to be downloaded only to the developer mobile terminal can secure the

development procedure.

With regard to the possibility of error occurrence and the efficiency of

development, it is preferable to generate the error code according to the kind of

software. For example, when using CRC according to the present invention, the error

code can be generated by either a CRC 32 polynomial or CRC 16 polynomial. Hereinafter, the error code that is generated by CRC 32 will be noted as FCS

32(Frame Check Sequence 32). Also, the error code that is generated by CRC 16 will be

noted as FCS 16(Frame Check Sequence 16). Thus, checking error occurrence of the

commercial software is performed by FCS 16 and checking error occurrence of the

software for developer is performed by FCS 32. Of course, checking error occurrence of

the commercial software is performed by FCS 32 and checking error occurrence of the

software for developer is performed by FCS 16. In the preferred embodiment of the

present invention, checking the error occurrence on the commercial software is

performed by FCS 16 to increase the authentication speed.

According to the result of step 410, if the software is the software for a

developer, FCS 32 is generated at step 415. The method for generating FCS 32 is as

follows: assuming that the data size of the commercial software is n bits, when carrying

n bits by 16 bits and dividing by the predetermined k bits, then r bits remain. The

remaining r bits are FCS 32. As aforementioned, if k is 32, then ox04clldb7 as divisor

can be predetermined. At step 420, the download server generates a header indicating

that the error code is FCS 32 and the security level information.

According to the result of step 410, if the software is the commercial software,

FCS 16 is generated at step 425. In order to increase the authentication speed, it is

preferable to use FCS 16 rather than FCS 32. Assuming that the data size of the

commercial software is n bits, when carrying n bits by 16 bits and dividing by the predetermined k bits, then r bits remain. The remaining r bits are FCS 16. As

aforementioned, if k is 16, then ox8005 as divisor can be predetermined.

Since the analysis of step 425 through step 430 is the same as the steps 415

through 420, the same description will be omitted here.

At step 435, the download server generates the download file that includes the

software data, the security level information, and the error code. Also, at step 440, the

download server transmits the generated download file to the mobile terminal 130.

FIG. 5 is a flowchart of storing the program according to the preferred

embodiment of the present invention. According to the present invention, when storing

the software, the mobile terminal 130 generates an A-key corresponding to the software.

After generating the A-key, the execution of the software is controlled by the A-key.

According to the present invention, when the software in one mobile terminal

attempts to be duplicated for another mobile terminal, the execution of the software is

not permitted because A-keys in each mobile terminal are not identical. That is, since

the error code for the software data and ESN are encoded, the software is not executed

at the mobile terminal having a different ESN.

Hereinafter, the procedure for storing a program including the step of

generating an A-key will be described with FIG. 5. At step 500, the mobile terminal 130

extracts a header from the download file. As described above, the download file

comprises a header, software data and FCS, and can further comprise security level information. The header includes information about an error code. Namely, information

included in the header indicates that the error code for the software data, i.e., FCS, is

FCS 16 or FCS 32.

At step 505, the mobile terminal 130 checks the kind of FCS by use of the error

code information included in the header. Further, at step 510 the mobile terminal

extracts FCS and security level information from the download file.

At step 515, the mobile terminal 130 compares the security level information

extracted from the download file with the security level information extracted from INF

to check the occurrence of error in the security level information.

According to the present invention, when receiving the download file from the

download server 100, it is preferable to receive INF corresponding to the download file.

Preferably the INF includes not only information required when installing the software

in the mobile terminal 130 but also security level information. That is, after receiving

INF, the mobile terminal 130 extracts security level information from INF and

compares it to the security level information extracted from the download file.

According to the result of this comparison, if the security level information included in

INF is not identical to the security level information extracted from the download file,

then the storage process is suspended. Furthermore, according to the result of this

comparison, if the security level information included in INF is identical to the security

level information extracted from the download file, at step 520 the mobile terminal 130 generates FCS for the software data. In the present invention, if the error code is FCS 16,

the FCS is generated by the CRC 16 method. Also, if the error code is FCS 32, the FCS

is generated by CRC 32 method.

At step 525, the mobile terminal 130 compares the FCS, the error code

extracted from the download file, with the FCS generated at step 520. According to the

results of the comparison, if the FCS extracted from the download file is not identical

with the FCS generated at step 520, the storing process is suspended. Also, if FCS

extracted from the download file is identical with the FCS generated at step 520, the

storing process proceeds to step 530. At step 530, the mobile terminal 130 stores the

software data extracted from the download file in the memory of the mobile terminal

130.

In the present invention, the software data are included in the download file in

the form of a compressed file. The software data in the form of a compressed file are

stored in the mobile terminal 130, so the memory of the mobile terminal 130 can be

efficiently used. Preferably the software is stored in the form of the compressed file and

executed by use of INF when the mobile terminal is operated. Namely, it is preferable to

use INF when executing the software without separating the storage step and executing

step in the computer program.

At step 535, the mobile terminal 130 generates the A-key by combining an

error code and ESN stored in the memory of the mobile terminal. Obviously various combinations exist, and in the preferred embodiment of the present invention, the

combination can be performed by an exclusive logical OR. In the exclusive OR, i.e.,

one of Boolean operators, the result of an operation is true when one of two inputs is

true and the other is false. Furthermore, the result of the exclusive OR is namely that the

A-key is stored in the memory of the mobile terminal 130. In the present invention, the

A-key stored in the memory can be managed by a program manager. Generally, the

program manager, which operates on a platform of mostly all mobile terminals,

manages the application programs.

In step 500 through step 540, the software data are stored in the mobile terminal

130.

FIG. 6 is a flowchart of executing the software in the mobile terminal according

the preferred embodiment of the present invention. In the present invention, even if the

software data were duplicated without permission, the execution of the software data

could be controlled by use of the A-key. Hereinafter, the control on the execution of the

software will be described with FIG. 6.

At step 600, the mobile terminal 130 receives an execution command for the

software data through an inputting means. At step 605, the mobile terminal 130

generates FCS, i.e., the error code, for the software data. In the present invention, the

software data is stored in the form of the compressed file.

Further, at step 610, the mobile terminal 130 extracts ESN from the memory. At step 615, the mobile terminal generates A-key by combining the error code and ESN.

Obviously various combination methods exist, and in the present invention, the

exclusive OR is performed as a combination method. It is preferable to generate A-key

by the same combination of step 535 in FIG. 5.

At step 620, the mobile terminal 130 compares the A-key generated at step 615

with the A-key stored in memory, which is stored at step 540 in FIG. 5. According to

the results of this comparison, if the A-key generated at step 615 is not identical to the

A-key stored in memory, which is stored at step 540, execution of the software will not

occur. If the A-key generated at step 615 is identical to the A-key stored in memory,

which is stored at step 540, the software is executed. The software can be executed by

use of INF.

FIG. 7a and FIG. 7b are flowcharts of authenticating software according to the

preferred embodiment of the present invention.

The software under development or post-development software are provided to

the mobile terminal 100 from the download server 100. The software data uploaded to

the download server are downloaded to the mobile terminal through a network or serial

method.

Additionally, FIG. 6 shows the method for preventing duplication of the

downloaded software data; FIG. 7a and FIG. 7b show the methods for preventing

duplication at the download server 100. Situations in which a subscriber may use programs via an unauthenticated method are as follows: downloading the software for a

developer in the user mobile terminal 120 through network access (FIG. 7a), and

downloading software data in the user mobile terminal 120 through serial access (FIG.

7b).

FIG. 7a is a flowchart of authenticating software according to the preferred

embodiment of the present invention. The software under development has to be

uploaded into the download server 100 and downloaded at the mobile terminal 130 for

testing. In this situation, by preventing the software under development from being

duplicated without permission at the user mobile terminal 120, access to the information

about the software under development can be prevented. Hereinafter, the method for

authenticating software according to the preferred embodiment of the present invention

will be described with FIG. 7a.

At step 700, the download server 100 receives a download request signal from

the mobile terminal 130 that accessed the download server 100. At step 705, the

download server 100 checks whether the mobile terminal 130 is a developer mobile

terminal 110. One embodiment for distinguishing a developer mobile terminal in the

present invention is as follows: if all mobile terminals must comply with the

authentication process via an ID and password when accessing the download server, the

developer who registers his ID and password in advance can receive the software under

development. Specifically, an ID and password used as an identifier can be used to distinguish each developer.

According to another embodiment of distinguishing a developer mobile

terminal in the present invention, the ESN of the developer mobile terminal can be used.

In this situation, even if the developer were changed, the developer who has the

ESN-registered developer mobile terminal could receive the software under

development without a change in the database of the download server 100.

According to the result of the step 710, if the mobile terminal 130 is not a

developer mobile terminal 110, the download server terminates access or transmits a

disapproval message. If the mobile terminal 130 is a developer mobile terminal 110, the

download server 100 extracts the corresponding software data at step 710 and generates

a download file including the extracted software data at step 715. At step 720, the

download server 100 transmits the generated download file to the mobile terminal 130.

Since the steps 710 through 720 are the same as the steps 415 through 440 in

FIG. 4, the same description will be omitted here.

FIG. 7b is a flowchart of preventing duplication of software data according to

the preferred embodiment of the present invention. According to the present invention,

it is more efficient to receive a download file from the local computer 140 through serial

communication than from the download server 100 through a mobile network. Since

software downloads frequently occur during the procedure of developing software,

efficiency while developing software can be improved by using serial communication, which has low error occurrence and high download speed, for downloading. Thus, by

permitting the receipt of a download file through serial communication only with the

developer mobile terminal, security for the software under development can be

maintained. Hereinafter, the download procedure through serial communication will be

described with FIG. 7b. Assume that the mobile terminal 130 and the local computer

140 are connected to each other by cable, and the local computer 140 accesses the

download server 100.

At step 750, the local computer 140 extracts ESN from the mobile terminal 130.

The local computer 140 determines whether or not the mobile terminal 130 is the

developer mobile terminal 110 by use of ESN. Here, ESN of the developer mobile

terminal 110 is stored in advance in the storage of the local computer 140.

According to the result of step 755, if a developer mobile terminal 110 is not

indicated, the local computer 140 can display a disapproval message for downloading

on a display device. If developer mobile terminal 110 is indicated, the local computer

transmits the download request signal to the download server at step 760.

At step 765, the download server 100 extracts the corresponding software data

and generates the download file including the extracted software data at step 770. The

download file is transmitted to the local computer 140 at step 785. Since the steps 765

through 770 are same as the steps 415 through 440 in FIG. 4, the same description will

be omitted here. At step 790, the local computer 140 transmits the download file to the mobile

terminal 130. Through the aforementioned steps, the software for developer is

downloaded only to the developer mobile terminal 110, so unauthorized duplication can

be prevented. Although the present invention has been described with the preferred

embodiment, the spirit and the scope of the present invention will be determined only

by the following claims. Also, it will be apparent for those skilled in the art that

modifications or amendments to the aforementioned embodiment within the spirit and

the scope of the present invention are possible without departing from the boundary of

the claimed invention.

Industrial applicability

By authenticating the software for a wireless mobile terminal, the present

invention can prevent duplication and execution of the software for the mobile terminal.

Also, by preventing duplication of the software for mobile terminal, the present

invention can protect the copyright of a software developer or software developing

company.

Also, the present invention provides software authentication suitable for the

mobile terminal.

Finally, the present invention can prevent the duplication of the software under

development.

Claims

Claims
1. A method for authenticating software in a mobile terminal, said method comprising
the steps of:
(a) receiving an execution instruction for software installed in said mobile
terminal through an inputting means;
(b) generating a first error code for said software;
(c) extracting a mobile terminal identifier of said mobile terminal;
(d) generating a first authentication key by combining said mobile terminal
identifier and said first error code; and
(e) executing said software when said first authentication key corresponds to a
second authentication key stored in said mobile terminal.
2. The method as stated in claim 1, wherein said second authentication key is stored in
advance by said steps of:
receiving a download file from a download server coupled to said mobile
terminal, wherein said download file comprises software data and a second error code;
generating a third error code for said software data in said mobile terminal;
storing said software data on said mobile terminal if said second error code
corresponds to said third error code;
extracting said mobile terminal identifier from said mobile terminal; and generating said second authentication key by combining said mobile terminal
identifier and said second error code in said mobile terminal.
3. The method as stated in claim 1 or claim 2, wherein said mobile terminal identifier is
Electronic Serial Number (ESN).
4. The method as stated in claim 1 or claim 2, wherein said first error code, said second
error code, and said third error code are a frame check sequence generated by CRC
method.
5. The method as stated in claim 4, wherein said first error code, said second error code,
and said third error code are a 32 frame check sequence if said software is software for a
developer.
6. The method as stated in claim 4, wherein said first error code, said second error code,
and said third error code are a 16 frame check sequence if said software is a commercial
software.
7. The method as stated in claim 2, wherein said download file further comprises a
header including information relative to said first error code.
8. The method as stated in claim 2, wherein said download file further comprises first
security level information.
9. The method as stated in claim 7 further comprising the steps of:
extracting said first security level information for said download file;
receiving INF from said download server, wherein said INF includes second
security level information; and
comparing said first security level information with said second security level
information,
wherein if said first security level information and said second security level
information do not correspond with each other according to the comparison, said
software is not stored on said mobile terminal.
10. A method for authenticating software in a download server coupled to a mobile
terminal through a network, said method comprising the steps of:
(a) receiving a download request signal from said mobile terminal, wherein said
download request signal includes a mobile terminal identifier of said mobile terminal;
(b) identifying said mobile terminal by use of said mobile terminal identifier,
wherein said mobile terminal comprises a user mobile terminal and a developer mobile terminal;
(c) determining whether or not said software is permitted to be downloaded at
said mobile terminal;
(d) extracting software data corresponding to said download request signal,
wherein said software comprises commercial software and software for a developer;
(e) generating an error code for said software data corresponding to said mobile
terminal;
(f) generating a download file including said software data and said error code;
and
(g) transmitting said download file to said mobile terminal,
wherein said mobile terminal controls the execution of said software by use of
an authentication key generated by combining said error code and said mobile terminal
identifier.
11. The method as stated in claim 10, wherein said mobile terminal identifier is
Electronic Serial Number (ESN).
12. The method as stated in claim 10, wherein said error code is a frame check sequence
generated by CRC method.
13. The method as stated in claim 10, wherein if said software is software for a
developer according to the determination method at said step (c), said software can be
downloaded only at a developer mobile terminal.
14. The method as stated in claim 10, wherein if said software is commercial software at
said step (e), said error code is a frame check sequence 16.
15. The method as stated in claim 10, wherein if said software is software for a
developer at said step (e), said error code is a frame check sequence 32.
16. The method as stated in claim 10, wherein said step (e) comprises the steps of:
extracting security level information corresponding to said software;
generating a download file that further includes said security level information;
generating an INF including said security level information; and
transmitting said INF to said mobile terminal,
wherein said mobile terminal compares said security level information included
within said INF with said security level information included within said download file
to check for an error of said INF.
17. The method as stated in claim 16, wherein said security level information is determined in advance by considering the range of usable resource of said mobile
terminal.
18. The method as stated in claim 10, wherein at said step (e) said download file further
comprises a header including information of said error code.
19. A computer-readable medium including a program containing computer-executable
instructions for performing a method for authenticating software, wherein the program
practices the method as stated in one of claims 1-9.
20. A software authentication system for performing a method for authenticating
software as stated in one of claims 10-18 comprising:
a memory for storing a program; and
a processor coupled to said memory for performing said program,
wherein said processor performs said method according to said program.
PCT/KR2002/001447 2002-04-30 2002-07-31 Method and system for authenticating a software WO2003107201A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
KR2002/23618 2002-04-30
KR20020023618A KR100453504B1 (en) 2002-04-30 2002-04-30 Method and system for authenticating a software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10971597 US7707409B2 (en) 2002-04-30 2004-10-21 Method and system for authenticating software

Publications (1)

Publication Number Publication Date
WO2003107201A1 true true WO2003107201A1 (en) 2003-12-24

Family

ID=29728604

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2002/001447 WO2003107201A1 (en) 2002-04-30 2002-07-31 Method and system for authenticating a software

Country Status (2)

Country Link
KR (1) KR100453504B1 (en)
WO (1) WO2003107201A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007098509A1 (en) * 2006-02-24 2007-08-30 Qualcomm Incorporated System and method for downloading user interface components to wireless devices
WO2006053304A3 (en) * 2004-11-12 2009-04-02 Pufco Inc Volatile device keys and applications thereof
EP2115641A2 (en) * 2007-01-23 2009-11-11 Ascenna Mobile, Inc. Automated authentication process for application clients
US7681103B2 (en) 2002-04-16 2010-03-16 Massachusetts Institute Of Technology Reliable generation of a device-specific value
US8584118B2 (en) 2004-10-20 2013-11-12 Nokia Corporation Terminal, method and computer program product for validating a software application
US8630410B2 (en) 2006-01-24 2014-01-14 Verayo, Inc. Signal generator based device security
US8782396B2 (en) 2007-09-19 2014-07-15 Verayo, Inc. Authentication with physical unclonable functions

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100926822B1 (en) * 2007-12-04 2009-11-12 (주)유디피 Method for providing protection means of software, and network SYSTEM performing the same

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10327139A (en) * 1997-05-23 1998-12-08 Advance Co Ltd Data communication system
US5909437A (en) * 1995-06-02 1999-06-01 Airspan Communications Corporation Software download for a subscriber terminal of a wireless telecommunications system
JPH11203128A (en) * 1998-01-09 1999-07-30 Canon Inc Digital software distribution system, terminal and recording medium
US6253326B1 (en) * 1998-05-29 2001-06-26 Palm, Inc. Method and system for secure communications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5909437A (en) * 1995-06-02 1999-06-01 Airspan Communications Corporation Software download for a subscriber terminal of a wireless telecommunications system
JPH10327139A (en) * 1997-05-23 1998-12-08 Advance Co Ltd Data communication system
JPH11203128A (en) * 1998-01-09 1999-07-30 Canon Inc Digital software distribution system, terminal and recording medium
US6253326B1 (en) * 1998-05-29 2001-06-26 Palm, Inc. Method and system for secure communications

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7757083B2 (en) 2002-04-16 2010-07-13 Massachusetts Institute Of Technology Integrated circuit that uses a dynamic characteristic of the circuit
US7904731B2 (en) 2002-04-16 2011-03-08 Massachusetts Institute Of Technology Integrated circuit that uses a dynamic characteristic of the circuit
US7840803B2 (en) 2002-04-16 2010-11-23 Massachusetts Institute Of Technology Authentication of integrated circuits
US7818569B2 (en) 2002-04-16 2010-10-19 Massachusetts Institute Of Technology Data protection and cryptographic functions using a device-specific value
US7681103B2 (en) 2002-04-16 2010-03-16 Massachusetts Institute Of Technology Reliable generation of a device-specific value
US8386801B2 (en) 2002-04-16 2013-02-26 Massachusetts Institute Of Technology Authentication of integrated circuits
US8584118B2 (en) 2004-10-20 2013-11-12 Nokia Corporation Terminal, method and computer program product for validating a software application
US8756438B2 (en) 2004-11-12 2014-06-17 Verayo, Inc. Securely field configurable device
US7564345B2 (en) 2004-11-12 2009-07-21 Verayo, Inc. Volatile device keys and applications thereof
US7839278B2 (en) 2004-11-12 2010-11-23 Verayo, Inc. Volatile device keys and applications thereof
WO2006053304A3 (en) * 2004-11-12 2009-04-02 Pufco Inc Volatile device keys and applications thereof
US7702927B2 (en) 2004-11-12 2010-04-20 Verayo, Inc. Securely field configurable device
US8630410B2 (en) 2006-01-24 2014-01-14 Verayo, Inc. Signal generator based device security
WO2007098509A1 (en) * 2006-02-24 2007-08-30 Qualcomm Incorporated System and method for downloading user interface components to wireless devices
US8270941B2 (en) 2006-02-24 2012-09-18 Qualcomm Incorporated System and method for downloading user interface components to wireless devices
US8666363B2 (en) 2006-02-24 2014-03-04 Qualcomm Incorporated System and method for downloading user interface components to wireless devices
EP2115641A4 (en) * 2007-01-23 2012-08-01 Ascenna Mobile Inc Automated authentication process for application clients
EP2115641A2 (en) * 2007-01-23 2009-11-11 Ascenna Mobile, Inc. Automated authentication process for application clients
US8782396B2 (en) 2007-09-19 2014-07-15 Verayo, Inc. Authentication with physical unclonable functions

Also Published As

Publication number Publication date Type
KR100453504B1 (en) 2004-10-20 grant
KR20030085270A (en) 2003-11-05 application

Similar Documents

Publication Publication Date Title
US7480907B1 (en) Mobile services network for update of firmware/software in mobile handsets
US7395426B2 (en) Method of authenticating content provider and assuring content integrity
US6581093B1 (en) Policy validation in a LDAP directory
US6707915B1 (en) Data transfer verification based on unique ID codes
US6889212B1 (en) Method for enforcing a time limited software license in a mobile communication device
US20080005577A1 (en) Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof
US6952770B1 (en) Method and apparatus for hardware platform identification with privacy protection
US5892904A (en) Code certification for network transmission
US20020083178A1 (en) Resource distribution in network environment
US20050277403A1 (en) Method for transmitting encrypted user data objects
US6741851B1 (en) Method for protecting data stored in lost mobile terminal and recording medium therefor
US20090298468A1 (en) System and method for deleting data in a communication device
US20100275026A1 (en) Method and apparatus for improving code and data signing
US20070150524A1 (en) Uptating data in a mobile terminal
US7681033B2 (en) Device authentication system
US6367012B1 (en) Embedding certifications in executable files for network transmission
EP1217850A1 (en) Method for permitting debugging and testing of software on an mobile communication device in a secure environment
US6766353B1 (en) Method for authenticating a JAVA archive (JAR) for portable devices
US20070255659A1 (en) System and method for DRM translation
US20080107269A1 (en) Updating Configuration Parameters in a Mobile Terminal
US20040186880A1 (en) Management apparatus, terminal apparatus, and management system
US20100083386A1 (en) Tokenized Resource Access
US20110237234A1 (en) System and methods for remote maintenance in an electronic network with multiple clients
US20080222368A1 (en) Updating Memory Contents of a Processing Device
US20070074034A1 (en) System and method for registering entities for code signing services

Legal Events

Date Code Title Description
AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 10971597

Country of ref document: US

122 Ep: pct application non-entry in european phase
WWW Wipo information: withdrawn in national office

Country of ref document: JP

NENP Non-entry into the national phase in:

Ref country code: JP