METHOD AND SYSTEM FOR AUTHENTICATING A SOFTWARE
FIELD OF THE INVENTION
The present invention relates to a method and system for authenticating
software, and more particularly, a method and system for using the software on an
authenticated mobile terminal through the authentication process when using the
software downloaded from a server in a mobile terminal.
BACKGROUND OF THE INVENTION
Up to now, even an unauthorized mobile terminal can freely download and use
a software, which was developed after extensive time and effort, and duplicate the
downloaded software to another mobile terminal. Also, since the duplication without
permission results in copyright infringement, litigation is quite possible to prevent it
from continuing.
Especially, various wireless Internet contents have been developed along with
the wide use of mobile terminal; however, the technical solutions for protecting
copyrights of software for a mobile terminal are wholly lacking.
Also, the mobile terminal is quite different in performance and capacity
compared with a conventional computer such as a PC (personal computer). Namely, the
software for a mobile terminal (hereinafter 'mobile software') can be distinguished from
the software for a conventional computer with regard to the small data size due to the
limited memory capacity and the CPU performance of the mobile terminal.
Thus, an authentication method compatible with the characteristics of the
mobile software is possible, however, no authentication method has yet to be developed.
Also, the mobile software would be uploaded to a server and then downloaded to a
mobile terminal even in the course of development due to the characteristics of the
mobile terminal.
Still a high possibility exists that the mobile software under development might
be duplicated and exploited by a competitor. Thus, there is a need for an authentication
method to protect the mobile software from being duplicated without permission.
DETAILED DESCRIPTION OF THE PRESENT INVENTION
The present invention is proposed to overcome the aforementioned problems of
the prior art. The object of the present invention is to provide an authentication
method and system that protects the mobile software from unauthorized duplication but
allows for execution through an authentication method and system compatible with the
mobile software.
Also, another object of the present invention is to provide an authentication
method and system that protects the copyright owner of the mobile software
substantially preventing unauthorized duplication.
Also, still another object of the present invention is to provide an authentication
method and system compatible with the characteristics of mobile terminal.
Finally, another object of the present invention is to provide an authentication
method and system that prevents the unauthorized duplication of the mobile software
being developed.
To achieve aforementioned objects, according to the present invention, there is
provided a method for authenticating mobile software and a system thereof. Also, there
is provided a computer-readable medium including a program containing
computer-executable instructions for performing a method for authenticating software.
According to another preferred embodiment of the present invention, there is
provided a method for authenticating software in a mobile terminal, the method
comprising the steps of: receiving an execution instruction for software installed in the
mobile terminal through an inputting means; generating a first error code for the
software; extracting a mobile terminal identifier of the mobile terminal; generating a
first authentication key by combining the mobile terminal identifier and the first error
code; and executing the software when the first authentication key corresponds to a
second authentication key stored in the mobile terminal.
Also, the second authentication key is stored in advance by the steps of:
receiving a download file from a download server coupled to the mobile terminal,
wherein the download file comprises software data and a second error code; generating
a third error code for the software data in the mobile terminal; storing the software data
on the mobile terminal if the second error code corresponds to the third error code;
extracting the mobile terminal identifier from the mobile terminal; and generating the
second authentication key by combining the mobile terminal identifier and the second
error code in the mobile terminal.
And, the mobile terminal identifier is Electronic Serial Number (ESN), and the
first error code, the second error code, and the third error code are a frame check
sequence generated by CRC method.
Also, if the software is software for a developer, the first error code, the second
error code, and the third error code are a 32 frame check sequence, and if the software is
a commercial software, the first error code, the second error code, and the third error
code are a 16 frame check sequence.
And, the download file further comprises a header including information
relative to the first error code, and further comprises first security level information.
And, the method comprises the steps of: extracting the first security level
information for the download file; receiving INF from the download server, wherein the
INF includes second security level information; and comparing the first security level
information with the second security level information, wherein if the first security level
information and the second security level information do not correspond with each other
according to the comparison, the software is not stored on the mobile terminal.
According to another preferred embodiment of the present invention, there is
provided a method for authenticating software in a download server coupled to a mobile
terminal through a network, the method comprising the steps of: receiving a download
request signal from the mobile terminal, wherein the download request signal includes a
mobile terminal identifier of the mobile terminal; identifying the mobile terminal by use
of the mobile terminal identifier, wherein the mobile terminal comprises a user mobile
terminal and a developer mobile terminal; determining whether or not the software is
permitted to be downloaded at the mobile terminal; extracting software data
corresponding to the download request signal, wherein the software comprises
commercial software and software for a developer; generating an error code for the
software data corresponding to the mobile terminal; generating a download file
including the software data and the error code; and transmitting the download file to the
mobile terminal, wherein the mobile terminal controls the execution of the software by
use of an authentication key generated by combining the error code and the mobile
terminal identifier.
Also, the method further comprises the steps of: extracting security level
information corresponding to the software; generating a download file that further
includes the security level information; generating an INF including the security level
information; and transmitting the INF to the mobile terminal, wherein the mobile
terminal compares the security level information included within the INF with the
security level information included within the download file to check for an error of the
INF. Where, the security level information is determined in advance by considering the
range of usable resource of the mobile terminal.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG la is a schematic diagram of the software authentication system according
to the preferred embodiment of the present invention.
FIG lb is a block diagram of the download server according to the preferred
embodiment of the present invention.
FIG lc is a block diagram showing the functions of the mobile terminal
according to the preferred embodiment of the present invention.
FIG 2 is a flowchart of downloading software data in the mobile terminal
according to the preferred embodiment of the present invention.
FIG 3a shows a structure of the download file according to the preferred
embodiment of the present invention.
FIG 3b shows the table of the security level information according to the
preferred embodiment of the present invention.
FIG 4 is a flowchart for generating a download file in the download server
according to the preferred embodiment of the present invention.
FIG 5 is a flowchart of storing the program according to the preferred
embodiment of the present invention.
FIG 6 is a flowchart of executing the software in the mobile terminal according
the preferred embodiment of the present invention.
FIG 7a is a flowchart of authenticating software according to the preferred
embodiment of the present invention.
FIG 7b is a flowchart of preventing software duplication according to the
preferred embodiment of the present invention.
EMBODIMENTS
In particular the terms used in this specification will be defined as follows.
'Mobile terminal' comprises a cellular phone, PCS(Personal Communication
Service), PDA(Personal Digital Assistant) and all mobile terminals that will be
developed in the near future. This mobile terminal will be classified as either a 'user
mobile terminal' or 'developer mobile terminal' according to the preferred embodiment
of the present invention.
'Download server' generates and transmits a download file comprising software
data, an error correction code, and a header to a mobile terminal.
'Software' will be classified into 'software for developer' and 'commercial
software', and the development process can be securely maintained by allowing the
software for developer to be downloaded only to developer mobile terminal.
'Authentication key (hereinafter 'A-key')' is generated by combining the error
code and a mobile terminal identifier, and the duplicated software cannot be executed
without an A-key.
'Mobile terminal identifier' is a unique identifier assigned to each mobile
terminal, and these mobile terminals can be distinguished from each other by use of the
mobile terminal identifier. Electronic serial number can be used as a mobile terminal
identifier.
'Electronic serial number (abbreviated as ΕSN'), which is differentiated from a
manufacturing serial number, is a number string designated to each mobile terminal.
The mobile terminal manufacturers register the ESN with a mobile service provider of a
country where the mobile device will be used. Therefore, through the pre-registered
ESN, the mobile terminal is registered with that mobile service provider or a change of
mobile terminal is accomplished. Since the ESN is unique to each terminal and difficult
to duplicate, preferably the ESN is used as a mobile terminal identifier.
'Configuration Information File (abbreviated as 'INF') contains system
information. Upon installing or running a program, hardware configuration information,
especially driver files suitable for the hardware, can be provided from INF.
Hereinafter, the preferred embodiment of software authentication method and
system according to the present invention will be described in detail with the
accompanying drawings. Also, in describing the present invention with the
accompanying drawings, all the elements of the present invention will be indicated by
the same reference numbers irrespective of the number of drawings.
FIG. la is a schematic diagram of the software authentication system according
to the preferred embodiment of the present invention. Referring to FIG. la, the software
authentication system comprises a download server 100 and a mobile terminal 130, and
can further comprise a local computer 140.
The download server 100 provides software under development or developed
software to the mobile terminal 130 through a network or the local computer 140, which
is coupled to the download server 100.
The mobile terminal 130 has a unique identifier that is assigned to the mobile
terminal 130. If the mobile terminal 130 has the unique identifier, the kind of mobile
terminal can vary as follows: cellular phone, PCS (Personal Communications Service),
PDA (Personal Digital Assistant), etc., can all be the mobile terminal 130.
The mobile terminal 130 can be classified into a developer mobile terminal 110
and a user mobile terminal 120. The developer mobile terminal 110, which is used by
someone who develops software, receives the software from the download server 100
for testing the software under development. Furthermore, the user mobile terminal 120,
which is used by a subscriber who uses the commercial software, receives the software
with or without a fee being charged depending on the situation.
In the present invention, the methods of the mobile terminal 130 for accessing
the download server 100 can be classified into a network method that uses a network for
access and a serial method that uses cable for access. In the network method, the
software is divided into several data packets and transmitted through the conventional
mobile network or the next generation network that will be developed. The developer
who accesses the download server 100 with the developer mobile terminal 110 uses the
serial method for developing the software. When accessing the download server 100 by
the serial method, the developer can access the download server 100 through the local
computer 140. Since more time is required for downloading in the network method, use
of the serial method is preferable for accessing the download server 100 with the
developer mobile terminal 110 for efficiency.
In the preferred embodiment of the present invention, the authentication of
software data can be performed by using the ESN as an identifier for identifying the
mobile terminal 130. The software authentication method is performed immediately
before storing the downloaded software on the mobile terminal 130 by using an A-key
that is generated by combining an error code included within the software and the ESN.
The method for generating the A-key will be described later in connection with FIG. 5.
Since the algorithm for generating the A-key in the present invention is very
simple, this algorithm is suitable for the mobile terminal 130 by taking into
consideration the operating environment of the mobile terminal, namely, the limited
memory capacity and the low CPU performance.
Since the authentication method with sophisticated encryption used in the
general computer increases loads of the mobile terminal 130 and the time for
authenticating increases correspondingly, the method cannot be employed as an
authentication method for the mobile software. Thus, the authentication method using
the A-key generated by combining the error code and ESN is compatible with the
operating environment of the mobile terminal 130. Moreover, the authentication method
can reduce the time for authenticating, and provide a copying prevention effect by using
ESN that is unique to each mobile terminal 130.
FIG. lb is a block diagram of the download server according to the preferred
embodiment of the present invention. In describing the software authentication method
of the present invention, general functions of download server 100 will be omitted.
Referring to FIG. lb, the download server 100 comprises a security level information
setting part 152, an error code generating part 154 and a download file generating part
156, and can further comprise an authenticating part 158 and billing part 160.
The security level information setting part 152 sets security level information
corresponding to each unit of uploaded software. The resource that is permitted to use
the software when the software is operated on the mobile terminal 130 is determined
according to security level information. The security level information will be described
with FIG. 3b.
The error code generating part 154 generates an error code included within the
download file, so that the mobile terminal 130 checks for the occurrence of error in the
received software data by use of the error code.
The download file generating part 156 attaches a header, the error code, and
security level information to the software data to generate the download file.
The authenticating part 158 performs an authentication with the mobile
terminal when the mobile terminal 130 accesses to the download server 100. This
authentication will be performed by use of a subscriber's ID (identification) and
password, and also by use of the mobile terminal identifier, namely, the ESN.
The billing part 160 bills the software data that is downloaded from the
download server 100 to the subscriber. The commercial software can be downloaded or
distributed with charge or without charge, and the billing can be performed for each unit
of software. The charge can be demanded from the subscriber as a service charge of the
mobile terminal or a payment via credit card.
FIG. lc is a block diagram showing the functions of the mobile terminal
according to the preferred embodiment of the present invention. The description of
general functions of the mobile terminal will be omitted for describing the
authentication method in detail. Referring to FIG. lc, the mobile terminal 130
comprises an error code generating part 170, a security level information and error code
comparing part 172, an A-key generating part 174, and an A-key comparing part 176.
The error code generating part 170 functions to generate an error code, and the
generating method is the same as the method of the download server 100. Namely, the
error code generating part 170 generates the error code of the received software data, so
that the mobile terminal 130 can check the occurrence of error in the software data.
The security level information and error code comparing part 172 compares the
security level information and error codes to find the occurrence of error in the security
level information and software data included within the download file. That is, the
occurrence of error in the software data can be checked by comparing the error code
generated by the error code generating part 170 with the error code extracted by the
download server. Also the occurrence of error in the security level information can be
checked by comparing the security level information included within the download file
with the security level information included within INF that was received separately
from the download file.
The A-key generating part 174 generates A-key when storing the software data
received from the download server on the mobile terminal 130. The A-key can be
generated by combining the error code and ESN of the mobile terminal 130.
The A-key comparing part 176 controls the execution of the software data by
use of the A-key generated by the A-key generating part 174. Namely, the execution of
the software data can be controlled by comparing the A-key stored in the mobile
terminal with the A-key generated whenever the software data is executed.
FIG. 2 is a flowchart of downloading software data in the mobile terminal
according to the preferred embodiment of the present invention.
Currently, much mobile software has already been commercialized and under
development along with the popularization of the mobile terminal. Thus, this mobile
software can be protected from unauthorized duplication or illegal duplication by the
present invention. Namely, according to the present invention, the mobile software data
will be provided to the mobile terminal 130 that the server authenticates. Also, even if
the mobile software in the authenticated mobile terminal were duplicated to other
mobile terminal without permission, the duplicated software would not be executed
because of the A-key.
Hereinafter, the download procedure of software in the download server
according to the present invention will be described with FIG. 2. At step 200, the
mobile terminal 130 accesses the download server 100 through a network. As described
in FIG. la, the methods of the mobile terminal 130 for accessing the download server
100 can be classified into a network method that uses the network for access and a serial
method that uses cable for access. The network method is described mainly with FIG. 2
and the serial method will be described with FIG. 7b.
At step 205, the download server 100 authenticates the mobile terminal 130 that
accesses the download server 100. The authentication in the download server 100 is
performed with an ID and password of the subscriber, i.e., the mobile terminal's user.
After authentication, the mobile terminal searches for the software to download,
and at step 210, the mobile terminal 130 transmits a download request signal for the
searched software to the download server 100.
At step 215, upon receiving the download request signal, the download server
extracts the requested software data and generates a download file that includes the
software data. The download file can comprise a header, the software data, the security
level information, and the error code.
After generating the download file, at step 225 the download server transmits
the download file to the mobile terminal 130.
At step 230, the mobile terminal extracts the software data from the download
file and stores it on memory. The storage procedure can be divided into error detection,
data storage, and an A-key generation. The error detection is to detect the occurrence of
error in the software data and the security level information of the received download
file. The data storage is to store the software data on the mobile terminal 130 if no error
is detected in the error detection. The A-key generation is to generate A-key by
combining the error code and the ESN. The data storage will be described with FIG. 5
in detail.
At step 235, the mobile terminal 130 can execute the software that corresponds
to the software data stored on the mobile terminal. When executing the software, the
execution of the software can be controlled by use of the A-key generated at step 230.
The execution of step 230 will be described later with FIG. 6 in detail.
FIG. 3a shows the structure of the download file according to the preferred
embodiment of the present invention. When receiving the download request signal
from the mobile terminal 130, the download server generates the download file
including the software data corresponding to the download request signal and transmits
the generated download file to the mobile terminal 130.
Referring to FIG. 3a, the download file comprises a header 300, software data
320, security level information 340, and an error code 360.
According to the present invention, the header 300 includes information for the
error code. The mobile terminal extracts information for the error code from the header,
and generates the error code by the same method of the download server 100. Then by
comparing the error codes, the mobile terminal can detect the occurrence of error in the
software data.
The software data 320 is a data file corresponding to the software that the
mobile terminal requests, and preferably the data file is downloaded in the compressed
form. If the data file is compressed, the download server 100 must generate an error
code for the compressed data file.
The security level information 340 includes information about resources that
the software can access when the software is executed on the mobile terminal. The
usable resource of the mobile terminal 130 is determined by the security level
information, and the security level information can be designated to each unit of
software respectively. The security level information will be described with FIG. 3b in
detail.
The error code 360 is used to detect the error in the software data that occurred
during transmission.
According to the present invention, the download file that is transmitted from
the download server 100 includes the error code 360 in order to detect error. Further, the
mobile terminal 130 that receives the download file can detect the occurrence of error in
the software data by use of the error code 360. The method for detecting the occurrence
of error using the error code 360 is described in more detail.
The error code 360 can be generated by one of a parity check and Cyclic
Redundancy Check(abbreviated as 'CRC'). The parity check, the simplest error
detection method, adds a parity bit on the end of a data block; however, it cannot detect
error when an even number of errors occur. Thus, it is preferable to use CRC in the
present invention rather than the parity check. The error code 360 is Frame Check
Sequence (hereinafter 'FCS') when using CRC. According to the method for detecting
the occurrence of error in the mobile terminal, the mobile terminal 130 generates FCS
for the software data by the same method of the download server 100, and compares the
error code in the download file to the generated FCS to detect the occurrence of error.
When using CRC in the present invention, CRC 16 and CRC 32 can be
selectively used according to the type of the mobile terminal 130. According to the
preferred embodiment of the present invention, CRC 16 can be used to detect the error
in the commercial software for an ordinary user in order to increase the speed of
authentication, and CRC 32 can be used to detect the error in the software for a
developer in order to increase efficiency of verification in the developing procedure.
According to another preferred embodiment of the present invention, since
there is high possibility of error occurrence other than the wired network because the
commercial software is generally transmitted through the mobile communication
network, CRC 32 can be used for downloading the commercial software. However,
since the software for a developer is transmitted through cable, there is low possibility
of error occurrence other than the wireless network. Thus, CRC 16 can be used as error
code. In the present invention, it is preferable to correct error as well as detect error.
It is preferable to use the automatic repeat request (abbreviated as 'ARQ') as an
error correcting method. The ARQ corrects error by requesting retransmission of the
data block having error from the transmitter after detecting error. In addition to ARQ,
there is another error correction method, i.e., forward error correction (abbreviated
'FEC'). Since FEC can perform error detection and error correction simultaneously, the
reverse channel is not needed and the continuous data flow is possible. However, since
large overhead occurs for detecting and correcting error simultaneously, FEC is not a
suitable correction method for the mobile terminal 130. Accordingly, it is preferable to
use ARQ as an error correction method in the present invention.
Also, in another data structure of the download file according to the present
invention, the header, the security level information and the error code are 1 byte, 1 byte
and 4 bytes, respectively.
FIG. 3b shows a table of the security level information according to the
preferred embodiment of the present invention. The security level information 340 is
designated for each unit of software, and the software can use the resource of the mobile
terminal 130 within a range that the security level permits. Using the security level
information 340, the security and stability can be maintained when the software is run
on the mobile terminal 130. According to the present invention, the grades of the
security level can be classified into an application programming interface (abbreviated
as 'API') security, a directory security, a library security, etc. and obviously the grades
can be subdivided according to the importance of the system access. API enables an
application program to use other programs such as an operating system(OS) or database
management system(DBMS). Setting the range for an access right to an OS, file or
library can solve problems related to security of personal information stored in the
mobile terminal 130 and downloading of the mobile terminal when the software data is
running.
Hereinafter, the function of the security level information 340 is described with
FIG. 3b, however, it is not intended that the present invention is limited to the
exemplary classification shown in FIG. 3b.
'Level 0' 342 allows the software to access most mobile terminal's resources
and relates to ESN, subscriber information such as channel allocation or stability of the
mobile terminal and the wireless network.
'Level 1' 344 allows the software to access mobile identification number (MIN)
and the current state of the mobile terminal. MIN is 34 bits indicating 10 digits of the
phone number assigned to the mobile terminal and generally called a 'phone number'.
At 'level 2' 346, making a call and sending SMS are possible. At 'level 3' 348,
the software can access the wireless resources such as TCP/IP, UDP, HTTP, and control
files at 'level 4' 350. At 'level 5' 352 the software can control the serial communication,
and at 'level 6' 354 all developers are allowed to access
FIG. 4 is a flowchart for generating a download file in the download server
according to the preferred embodiment of the present invention. The database coupled
to the download server 100 stores software under development and commercial
software data. After making a source code for the software data, the software developer
complies the source code to produce the software data and uploads the software data to
the download server 100. Software data under development can be uploaded to the
download server 100 for testing and commercial software data after development can be
uploaded to the download server 100, too. When the mobile terminal 130 transmits the
download request signal, the download server 100 generates the download file including
the software that the mobile terminal requests and transmits the download file to the
mobile terminal 130. The procedure of generating the download file in the download
server 100 will be described with FIG. 4.
At step 400, the download server 100 receives the download request signal
from the mobile terminal 130. The download server 100 extracts the software data
corresponding to the download request signal from the database. The extracted software
data may or may not be in the form of a compressed file. If the software data is not
compressed, then the download server 100 can compress the software data and include
the compressed software data with the download file. When this compressed file is
included with the download file, the download file must generate the error code by
being related to the compressed software data.
At step 410, the download server 100 checks the kind of software that the
mobile terminal 130 requests. According to the present invention, software can be
divided into software for a developer and commercial software. Allowing the software
for a developer to be downloaded only to the developer mobile terminal can secure the
development procedure.
With regard to the possibility of error occurrence and the efficiency of
development, it is preferable to generate the error code according to the kind of
software. For example, when using CRC according to the present invention, the error
code can be generated by either a CRC 32 polynomial or CRC 16 polynomial.
Hereinafter, the error code that is generated by CRC 32 will be noted as FCS
32(Frame Check Sequence 32). Also, the error code that is generated by CRC 16 will be
noted as FCS 16(Frame Check Sequence 16). Thus, checking error occurrence of the
commercial software is performed by FCS 16 and checking error occurrence of the
software for developer is performed by FCS 32. Of course, checking error occurrence of
the commercial software is performed by FCS 32 and checking error occurrence of the
software for developer is performed by FCS 16. In the preferred embodiment of the
present invention, checking the error occurrence on the commercial software is
performed by FCS 16 to increase the authentication speed.
According to the result of step 410, if the software is the software for a
developer, FCS 32 is generated at step 415. The method for generating FCS 32 is as
follows: assuming that the data size of the commercial software is n bits, when carrying
n bits by 16 bits and dividing by the predetermined k bits, then r bits remain. The
remaining r bits are FCS 32. As aforementioned, if k is 32, then ox04clldb7 as divisor
can be predetermined. At step 420, the download server generates a header indicating
that the error code is FCS 32 and the security level information.
According to the result of step 410, if the software is the commercial software,
FCS 16 is generated at step 425. In order to increase the authentication speed, it is
preferable to use FCS 16 rather than FCS 32. Assuming that the data size of the
commercial software is n bits, when carrying n bits by 16 bits and dividing by the
predetermined k bits, then r bits remain. The remaining r bits are FCS 16. As
aforementioned, if k is 16, then ox8005 as divisor can be predetermined.
Since the analysis of step 425 through step 430 is the same as the steps 415
through 420, the same description will be omitted here.
At step 435, the download server generates the download file that includes the
software data, the security level information, and the error code. Also, at step 440, the
download server transmits the generated download file to the mobile terminal 130.
FIG. 5 is a flowchart of storing the program according to the preferred
embodiment of the present invention. According to the present invention, when storing
the software, the mobile terminal 130 generates an A-key corresponding to the software.
After generating the A-key, the execution of the software is controlled by the A-key.
According to the present invention, when the software in one mobile terminal
attempts to be duplicated for another mobile terminal, the execution of the software is
not permitted because A-keys in each mobile terminal are not identical. That is, since
the error code for the software data and ESN are encoded, the software is not executed
at the mobile terminal having a different ESN.
Hereinafter, the procedure for storing a program including the step of
generating an A-key will be described with FIG. 5. At step 500, the mobile terminal 130
extracts a header from the download file. As described above, the download file
comprises a header, software data and FCS, and can further comprise security level
information. The header includes information about an error code. Namely, information
included in the header indicates that the error code for the software data, i.e., FCS, is
FCS 16 or FCS 32.
At step 505, the mobile terminal 130 checks the kind of FCS by use of the error
code information included in the header. Further, at step 510 the mobile terminal
extracts FCS and security level information from the download file.
At step 515, the mobile terminal 130 compares the security level information
extracted from the download file with the security level information extracted from INF
to check the occurrence of error in the security level information.
According to the present invention, when receiving the download file from the
download server 100, it is preferable to receive INF corresponding to the download file.
Preferably the INF includes not only information required when installing the software
in the mobile terminal 130 but also security level information. That is, after receiving
INF, the mobile terminal 130 extracts security level information from INF and
compares it to the security level information extracted from the download file.
According to the result of this comparison, if the security level information included in
INF is not identical to the security level information extracted from the download file,
then the storage process is suspended. Furthermore, according to the result of this
comparison, if the security level information included in INF is identical to the security
level information extracted from the download file, at step 520 the mobile terminal 130
generates FCS for the software data. In the present invention, if the error code is FCS 16,
the FCS is generated by the CRC 16 method. Also, if the error code is FCS 32, the FCS
is generated by CRC 32 method.
At step 525, the mobile terminal 130 compares the FCS, the error code
extracted from the download file, with the FCS generated at step 520. According to the
results of the comparison, if the FCS extracted from the download file is not identical
with the FCS generated at step 520, the storing process is suspended. Also, if FCS
extracted from the download file is identical with the FCS generated at step 520, the
storing process proceeds to step 530. At step 530, the mobile terminal 130 stores the
software data extracted from the download file in the memory of the mobile terminal
130.
In the present invention, the software data are included in the download file in
the form of a compressed file. The software data in the form of a compressed file are
stored in the mobile terminal 130, so the memory of the mobile terminal 130 can be
efficiently used. Preferably the software is stored in the form of the compressed file and
executed by use of INF when the mobile terminal is operated. Namely, it is preferable to
use INF when executing the software without separating the storage step and executing
step in the computer program.
At step 535, the mobile terminal 130 generates the A-key by combining an
error code and ESN stored in the memory of the mobile terminal. Obviously various
combinations exist, and in the preferred embodiment of the present invention, the
combination can be performed by an exclusive logical OR. In the exclusive OR, i.e.,
one of Boolean operators, the result of an operation is true when one of two inputs is
true and the other is false. Furthermore, the result of the exclusive OR is namely that the
A-key is stored in the memory of the mobile terminal 130. In the present invention, the
A-key stored in the memory can be managed by a program manager. Generally, the
program manager, which operates on a platform of mostly all mobile terminals,
manages the application programs.
In step 500 through step 540, the software data are stored in the mobile terminal
130.
FIG. 6 is a flowchart of executing the software in the mobile terminal according
the preferred embodiment of the present invention. In the present invention, even if the
software data were duplicated without permission, the execution of the software data
could be controlled by use of the A-key. Hereinafter, the control on the execution of the
software will be described with FIG. 6.
At step 600, the mobile terminal 130 receives an execution command for the
software data through an inputting means. At step 605, the mobile terminal 130
generates FCS, i.e., the error code, for the software data. In the present invention, the
software data is stored in the form of the compressed file.
Further, at step 610, the mobile terminal 130 extracts ESN from the memory.
At step 615, the mobile terminal generates A-key by combining the error code and ESN.
Obviously various combination methods exist, and in the present invention, the
exclusive OR is performed as a combination method. It is preferable to generate A-key
by the same combination of step 535 in FIG. 5.
At step 620, the mobile terminal 130 compares the A-key generated at step 615
with the A-key stored in memory, which is stored at step 540 in FIG. 5. According to
the results of this comparison, if the A-key generated at step 615 is not identical to the
A-key stored in memory, which is stored at step 540, execution of the software will not
occur. If the A-key generated at step 615 is identical to the A-key stored in memory,
which is stored at step 540, the software is executed. The software can be executed by
use of INF.
FIG. 7a and FIG. 7b are flowcharts of authenticating software according to the
preferred embodiment of the present invention.
The software under development or post-development software are provided to
the mobile terminal 100 from the download server 100. The software data uploaded to
the download server are downloaded to the mobile terminal through a network or serial
method.
Additionally, FIG. 6 shows the method for preventing duplication of the
downloaded software data; FIG. 7a and FIG. 7b show the methods for preventing
duplication at the download server 100. Situations in which a subscriber may use
programs via an unauthenticated method are as follows: downloading the software for a
developer in the user mobile terminal 120 through network access (FIG. 7a), and
downloading software data in the user mobile terminal 120 through serial access (FIG.
7b).
FIG. 7a is a flowchart of authenticating software according to the preferred
embodiment of the present invention. The software under development has to be
uploaded into the download server 100 and downloaded at the mobile terminal 130 for
testing. In this situation, by preventing the software under development from being
duplicated without permission at the user mobile terminal 120, access to the information
about the software under development can be prevented. Hereinafter, the method for
authenticating software according to the preferred embodiment of the present invention
will be described with FIG. 7a.
At step 700, the download server 100 receives a download request signal from
the mobile terminal 130 that accessed the download server 100. At step 705, the
download server 100 checks whether the mobile terminal 130 is a developer mobile
terminal 110. One embodiment for distinguishing a developer mobile terminal in the
present invention is as follows: if all mobile terminals must comply with the
authentication process via an ID and password when accessing the download server, the
developer who registers his ID and password in advance can receive the software under
development. Specifically, an ID and password used as an identifier can be used to
distinguish each developer.
According to another embodiment of distinguishing a developer mobile
terminal in the present invention, the ESN of the developer mobile terminal can be used.
In this situation, even if the developer were changed, the developer who has the
ESN-registered developer mobile terminal could receive the software under
development without a change in the database of the download server 100.
According to the result of the step 710, if the mobile terminal 130 is not a
developer mobile terminal 110, the download server terminates access or transmits a
disapproval message. If the mobile terminal 130 is a developer mobile terminal 110, the
download server 100 extracts the corresponding software data at step 710 and generates
a download file including the extracted software data at step 715. At step 720, the
download server 100 transmits the generated download file to the mobile terminal 130.
Since the steps 710 through 720 are the same as the steps 415 through 440 in
FIG. 4, the same description will be omitted here.
FIG. 7b is a flowchart of preventing duplication of software data according to
the preferred embodiment of the present invention. According to the present invention,
it is more efficient to receive a download file from the local computer 140 through serial
communication than from the download server 100 through a mobile network. Since
software downloads frequently occur during the procedure of developing software,
efficiency while developing software can be improved by using serial communication,
which has low error occurrence and high download speed, for downloading. Thus, by
permitting the receipt of a download file through serial communication only with the
developer mobile terminal, security for the software under development can be
maintained. Hereinafter, the download procedure through serial communication will be
described with FIG. 7b. Assume that the mobile terminal 130 and the local computer
140 are connected to each other by cable, and the local computer 140 accesses the
download server 100.
At step 750, the local computer 140 extracts ESN from the mobile terminal 130.
The local computer 140 determines whether or not the mobile terminal 130 is the
developer mobile terminal 110 by use of ESN. Here, ESN of the developer mobile
terminal 110 is stored in advance in the storage of the local computer 140.
According to the result of step 755, if a developer mobile terminal 110 is not
indicated, the local computer 140 can display a disapproval message for downloading
on a display device. If developer mobile terminal 110 is indicated, the local computer
transmits the download request signal to the download server at step 760.
At step 765, the download server 100 extracts the corresponding software data
and generates the download file including the extracted software data at step 770. The
download file is transmitted to the local computer 140 at step 785. Since the steps 765
through 770 are same as the steps 415 through 440 in FIG. 4, the same description will
be omitted here.
At step 790, the local computer 140 transmits the download file to the mobile
terminal 130. Through the aforementioned steps, the software for developer is
downloaded only to the developer mobile terminal 110, so unauthorized duplication can
be prevented. Although the present invention has been described with the preferred
embodiment, the spirit and the scope of the present invention will be determined only
by the following claims. Also, it will be apparent for those skilled in the art that
modifications or amendments to the aforementioned embodiment within the spirit and
the scope of the present invention are possible without departing from the boundary of
the claimed invention.
Industrial applicability
By authenticating the software for a wireless mobile terminal, the present
invention can prevent duplication and execution of the software for the mobile terminal.
Also, by preventing duplication of the software for mobile terminal, the present
invention can protect the copyright of a software developer or software developing
company.
Also, the present invention provides software authentication suitable for the
mobile terminal.
Finally, the present invention can prevent the duplication of the software under
development.