WO2003107201A1 - Method and system for authenticating a software - Google Patents

Method and system for authenticating a software Download PDF

Info

Publication number
WO2003107201A1
WO2003107201A1 PCT/KR2002/001447 KR0201447W WO03107201A1 WO 2003107201 A1 WO2003107201 A1 WO 2003107201A1 KR 0201447 W KR0201447 W KR 0201447W WO 03107201 A1 WO03107201 A1 WO 03107201A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
software
error code
security level
stated
Prior art date
Application number
PCT/KR2002/001447
Other languages
French (fr)
Inventor
Ji-Hun Kwon
Seung-Hyouk Yim
Gwang-Ho Nam
Original Assignee
Ktfreetel Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ktfreetel Co., Ltd. filed Critical Ktfreetel Co., Ltd.
Priority to AU2002368021A priority Critical patent/AU2002368021A1/en
Publication of WO2003107201A1 publication Critical patent/WO2003107201A1/en
Priority to US10/971,597 priority patent/US7707409B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/103Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for protecting copy right
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity

Definitions

  • the present invention relates to a method and system for authenticating
  • the mobile terminal is quite different in performance and capacity
  • the mobile software would be uploaded to a server and then downloaded to a
  • the present invention is proposed to overcome the aforementioned problems of
  • the object of the present invention is to provide an authentication
  • Another object of the present invention is to provide an authentication
  • Still another object of the present invention is to provide an authentication
  • Another object of the present invention is to provide an authentication
  • a computer-readable medium including a program containing
  • the second authentication key is stored in advance by the steps of:
  • the download file comprises software data and a second error code; generating a third error code for the software data in the mobile terminal; storing the software data
  • the mobile terminal identifier is Electronic Serial Number (ESN), and the
  • first error code, the second error code, and the third error code are a frame check
  • the software is software for a developer
  • the first error code the second error code
  • error code and the third error code are a 32 frame check sequence, and if the software is
  • the download file further comprises a header including information
  • the method comprises the steps of: extracting the first security level
  • INF includes second security level information; and comparing the first security level
  • the software is not stored on the mobile terminal. According to another preferred embodiment of the present invention, there is
  • the method comprising the steps of: receiving a download
  • the download request signal includes a
  • mobile terminal identifier of the mobile terminal identifying the mobile terminal by use
  • the mobile terminal comprises a user mobile
  • the software comprises
  • the method further comprises the steps of: extracting security level
  • terminal compares the security level information included within the INF with the security level information included within the download file to check for an error of the
  • the security level information is determined in advance by considering the
  • FIG la is a schematic diagram of the software authentication system according
  • FIG lb is a block diagram of the download server according to the preferred embodiment
  • FIG lc is a block diagram showing the functions of the mobile terminal
  • FIG 2 is a flowchart of downloading software data in the mobile terminal
  • FIG 3a shows a structure of the download file according to the preferred
  • FIG 3b shows the table of the security level information according to the
  • FIG 4 is a flowchart for generating a download file in the download server
  • FIG 5 is a flowchart of storing the program according to the preferred embodiment of the present invention.
  • FIG 6 is a flowchart of executing the software in the mobile terminal according
  • FIG 7a is a flowchart of authenticating software according to the preferred
  • FIG 7b is a flowchart of preventing software duplication according to the
  • 'Mobile terminal' comprises a cellular phone, PCS(Personal Communication
  • This mobile terminal will be classified as either a 'user
  • 'Authentication key (hereinafter 'A-key')' is generated by combining the error
  • 'Mobile terminal identifier' is a unique identifier assigned to each mobile
  • Mobile terminal identifier Electronic serial number can be used as a mobile terminal
  • ⁇ SN' 'Electronic serial number
  • manufacturing serial number is a number string designated to each mobile terminal.
  • the mobile terminal manufacturers register the ESN with a mobile service provider of a
  • the mobile terminal is registered with that mobile service provider or a change of
  • the ESN is used as a mobile terminal identifier.
  • 'Configuration Information File (abbreviated as 'INF') contains system
  • driver files suitable for the hardware can be provided from INF.
  • FIG. la is a schematic diagram of the software authentication system according
  • authentication system comprises a download server 100 and a mobile terminal 130, and
  • can further comprise a local computer 140.
  • the download server 100 provides software under development or developed
  • the mobile terminal 130 has a unique identifier that is assigned to the mobile
  • the mobile terminal 130 If the mobile terminal 130 has the unique identifier, the kind of mobile
  • cellular phone can vary as follows: cellular phone, PCS (Personal Communications Service),
  • PDA Personal Digital Assistant
  • PDA Personal Digital Assistant
  • the mobile terminal 130 can be classified into a developer mobile terminal 110
  • the developer mobile terminal 110 which is used by
  • the user mobile terminal 120 For testing the software under development. Furthermore, the user mobile terminal 120,
  • the download server 100 can be classified into a network method that uses a network for
  • the developer can access the download server 100 through the local
  • software data can be performed by using the ESN as an identifier for identifying the ESN
  • the software authentication method is performed immediately
  • the A-key generated by combining the error code and ESN is compatible with the
  • FIG. lb is a block diagram of the download server according to the preferred embodiment
  • download server 100 general functions of download server 100 will be omitted.
  • the download server 100 comprises a security level information
  • 156 can further comprise an authenticating part 158 and billing part 160.
  • the security level information setting part 152 sets security level information
  • the security level information will be described
  • the error code generating part 154 generates an error code included within the
  • the download file generating part 156 attaches a header, the error code, and
  • the authenticating part 158 performs an authentication with the mobile
  • the billing part 160 bills the software data that is downloaded from the
  • the commercial software can be downloaded or
  • the charge can be demanded from the subscriber as a service charge of the
  • FIG. lc is a block diagram showing the functions of the mobile terminal
  • the mobile terminal 130 Referring to FIG. lc, the mobile terminal 130
  • the error code generating part 170 functions to generate an error code
  • generating method is the same as the method of the download server 100. Namely, the
  • error code generating part 170 generates the error code of the received software data, so
  • the mobile terminal 130 can check the occurrence of error in the software data.
  • the security level information and error code comparing part 172 compares the
  • the occurrence of error in the security level information can be
  • the A-key generating part 174 generates A-key when storing the software data
  • the A-key can be
  • the A-key comparing part 176 controls the execution of the software data by
  • the software data can be controlled by comparing the A-key stored in the mobile
  • FIG. 2 is a flowchart of downloading software data in the mobile terminal
  • mobile terminal 130 accesses the download server 100 through a network. As described
  • 100 can be classified into a network method that uses the network for access and a serial
  • the network method is described mainly with FIG. 2
  • the download server 100 authenticates the mobile terminal 130 that
  • the authentication in the download server 100 is
  • the mobile terminal After authentication, the mobile terminal searches for the software to download,
  • the mobile terminal 130 transmits a download request signal for the
  • the download server upon receiving the download request signal, the download server
  • the download file can comprise a header, the software data, the security
  • the download server After generating the download file, at step 225 the download server transmits
  • the mobile terminal extracts the software data from the download
  • the storage procedure can be divided into error detection,
  • the error detection is to detect the occurrence of
  • the data storage is to store the software data on the mobile terminal 130 if no error
  • the A-key generation is to generate A-key by
  • the mobile terminal 130 can execute the software that corresponds
  • step 230 execution of the software can be controlled by use of the A-key generated at step 230.
  • the execution of step 230 will be described later with FIG. 6 in detail.
  • FIG. 3a shows the structure of the download file according to the preferred embodiment
  • the download server generates the download file
  • the download file comprises a header 300, software data
  • the header 300 includes information for the
  • the mobile terminal extracts information for the error code from the header,
  • the mobile terminal can detect the occurrence of error in the
  • the software data 320 is a data file corresponding to the software that the
  • the mobile terminal requests, and preferably the data file is downloaded in the compressed
  • the security level information 340 includes information about resources that
  • the software can access when the software is executed on the mobile terminal.
  • usable resource of the mobile terminal 130 is determined by the security level information, and the security level information can be designated to each unit of
  • the error code 360 is used to detect the error in the software data that occurred
  • the download server 100 includes the error code 360 in order to detect error. Further, the error code 360 is the same as the download server 100.
  • mobile terminal 130 that receives the download file can detect the occurrence of error in
  • the error code 360 can be generated by one of a parity check and Cyclic
  • the error code 360 is Frame Check
  • the mobile terminal 130 generates FCS
  • CRC 16 and CRC 32 can be selectively used according to the type of the mobile terminal 130. According to the
  • CRC 16 can be used to detect the error
  • CRC 32 can be used to detect the error in the software for a
  • CRC 32 can be used for downloading the commercial software.
  • CRC 32 can be used for downloading the commercial software.
  • CRC 16 can be used as error
  • the ARQ corrects error by requesting retransmission of the
  • FEC is not a
  • suitable correction method for the mobile terminal 130 Accordingly, it is preferable to use ARQ as an error correction method in the present invention.
  • the header, the security level information and the error code are 1 byte, 1 byte
  • FIG. 3b shows a table of the security level information according to the
  • the security level information 340 is
  • the security and stability can be maintained when the software is run
  • API enables an
  • DBMS management system
  • FIG. 3b it is not intended that the present invention is limited to the exemplary classification shown in FIG. 3b.
  • 'Level 1' 344 allows the software to access mobile identification number (MIN)
  • MIN is 34 bits indicating 10 digits of the
  • phone number assigned to the mobile terminal and generally called a 'phone number'.
  • the software can access the wireless resources such as TCP/IP, UDP, HTTP, and control
  • FIG. 4 is a flowchart for generating a download file in the download server
  • download server 100 for testing and commercial software data after development can be
  • the download server 100 generates the download file including the software that the mobile terminal requests and transmits the download file to the
  • the download server 100 receives the download request signal
  • the download server 100 extracts the software data
  • the download server 100 can compress the software data and include
  • the download file must generate the error code by
  • the download server 100 checks the kind of software that the
  • FCS error code
  • FCS 16 Fre Check Sequence 16
  • FCS 16 checking error occurrence of the
  • FCS 32 checking error occurrence
  • FCS 32 checking error occurrence of the commercial software
  • FCS 16 software for developer is performed by FCS 16.
  • FCS 16 software for developer is performed by FCS 16.
  • FCS 16 performed by FCS 16 to increase the authentication speed.
  • step 410 if the software is the software for a
  • FCS 32 is generated at step 415.
  • the method for generating FCS 32 is as
  • the download server generates a header indicating
  • error code is FCS 32 and the security level information.
  • step 410 if the software is the commercial software,
  • FCS 16 is generated at step 425. In order to increase the authentication speed, it is
  • FCS 16 rather than FCS 32.
  • ox8005 as divisor can be predetermined.
  • step 425 through step 430 Since the analysis of step 425 through step 430 is the same as the steps 415
  • the download server generates the download file that includes the
  • download server transmits the generated download file to the mobile terminal 130.
  • FIG. 5 is a flowchart of storing the program according to the preferred
  • the mobile terminal 130 generates an A-key corresponding to the software.
  • the software is not executed
  • step 500 the mobile terminal 130
  • the header includes information about an error code. Namely, information
  • FCS error code for the software data
  • FCS 16 or FCS 32 are examples of FCS 16 or FCS 32.
  • the mobile terminal 130 checks the kind of FCS by use of the error
  • the mobile terminal 130 compares the security level information
  • download server 100 it is preferable to receive INF corresponding to the download file.
  • the INF includes not only information required when installing the software
  • the mobile terminal 130 extracts security level information from INF and
  • INF is not identical to the security level information extracted from the download file
  • the mobile terminal 130 At step 520 the mobile terminal 130 generates FCS for the software data.
  • the error code is FCS 16
  • FCS is generated by the CRC 16 method. Also, if the error code is FCS 32, the FCS
  • the mobile terminal 130 compares the FCS, the error code
  • step 530 the mobile terminal 130 stores the
  • the software data are included in the download file in the present invention.
  • the software data in the form of a compressed file are
  • the software is stored in the form of the compressed file and
  • the mobile terminal 130 generates the A-key by combining an
  • A-key is stored in the memory of the mobile terminal 130.
  • the present invention the
  • A-key stored in the memory can be managed by a program manager.
  • the program manager can manage the allocation of the program.
  • program manager which operates on a platform of mostly all mobile terminals
  • step 500 through step 540 the software data are stored in the mobile terminal
  • FIG. 6 is a flowchart of executing the software in the mobile terminal according
  • the mobile terminal 130 receives an execution command for the
  • FCS i.e., the error code
  • the mobile terminal 130 extracts ESN from the memory.
  • the mobile terminal generates A-key by combining the error code and ESN.
  • exclusive OR is performed as a combination method. It is preferable to generate A-key
  • the mobile terminal 130 compares the A-key generated at step 615
  • A-key stored in memory which is stored at step 540, execution of the software will not
  • the software is executed.
  • the software can be executed by
  • FIG. 7a and FIG. 7b are flowcharts of authenticating software according to the
  • the software under development or post-development software are provided to the user.
  • the download server are downloaded to the mobile terminal through a network or serial
  • FIG. 6 shows the method for preventing duplication of the
  • FIG. 7a and FIG. 7b show the methods for preventing
  • FIG. 7a is a flowchart of authenticating software according to the preferred
  • the download server 100 receives a download request signal from
  • step 705 the mobile terminal 130 that accessed the download server 100.
  • download server 100 checks whether the mobile terminal 130 is a developer mobile
  • an ID and password used as an identifier can be used to distinguish each developer.
  • the ESN of the developer mobile terminal can be used.
  • ESN-registered developer mobile terminal could receive the software under
  • step 710 if the mobile terminal 130 is not a
  • the download server terminates access or transmits a
  • the mobile terminal 130 is a developer mobile terminal 110
  • download server 100 extracts the corresponding software data at step 710 and generates
  • download server 100 transmits the generated download file to the mobile terminal 130.
  • FIG. 4 the same description will be omitted here.
  • FIG. 7b is a flowchart of preventing duplication of software data according to
  • the local computer 140 extracts ESN from the mobile terminal 130.
  • the local computer 140 determines whether or not the mobile terminal 130 is the
  • ESN of the developer mobile terminal 110 by use of ESN.
  • ESN of the developer mobile terminal 110 ESN of the developer mobile
  • terminal 110 is stored in advance in the storage of the local computer 140.
  • step 755 if a developer mobile terminal 110 is not
  • the local computer 140 can display a disapproval message for downloading
  • the download server 100 extracts the corresponding software data
  • download file is transmitted to the local computer 140 at step 785. Since the steps 765
  • the local computer 140 transmits the download file to the mobile
  • invention can prevent duplication and execution of the software for the mobile terminal.
  • the present invention provides software authentication suitable for the
  • the present invention can prevent the duplication of the software under

Abstract

The present invention relates to a method and system for authenticating software. A method and system for authenticating software in a mobile terminal is as follows: receive an execution instruction for software installed in said mobile terminal through an inputting means, generate a first error code for said software, extract a mobile terminal identifier of said mobile terminal, generate a first authentication key by combining said mobile terminal identifier and said first error code, and execute said software when said first authentication key corresponds to a second authentication key stored in said mobile terminal. By authenticating the software for a wireless mobile terminal, the present invention can prevent unauthorized duplication and execution of the software at the mobile terminal.

Description

METHOD AND SYSTEM FOR AUTHENTICATING A SOFTWARE
FIELD OF THE INVENTION
The present invention relates to a method and system for authenticating
software, and more particularly, a method and system for using the software on an
authenticated mobile terminal through the authentication process when using the
software downloaded from a server in a mobile terminal.
BACKGROUND OF THE INVENTION
Up to now, even an unauthorized mobile terminal can freely download and use
a software, which was developed after extensive time and effort, and duplicate the
downloaded software to another mobile terminal. Also, since the duplication without
permission results in copyright infringement, litigation is quite possible to prevent it
from continuing.
Especially, various wireless Internet contents have been developed along with
the wide use of mobile terminal; however, the technical solutions for protecting
copyrights of software for a mobile terminal are wholly lacking.
Also, the mobile terminal is quite different in performance and capacity
compared with a conventional computer such as a PC (personal computer). Namely, the
software for a mobile terminal (hereinafter 'mobile software') can be distinguished from the software for a conventional computer with regard to the small data size due to the
limited memory capacity and the CPU performance of the mobile terminal.
Thus, an authentication method compatible with the characteristics of the
mobile software is possible, however, no authentication method has yet to be developed.
Also, the mobile software would be uploaded to a server and then downloaded to a
mobile terminal even in the course of development due to the characteristics of the
mobile terminal.
Still a high possibility exists that the mobile software under development might
be duplicated and exploited by a competitor. Thus, there is a need for an authentication
method to protect the mobile software from being duplicated without permission.
DETAILED DESCRIPTION OF THE PRESENT INVENTION
The present invention is proposed to overcome the aforementioned problems of
the prior art. The object of the present invention is to provide an authentication
method and system that protects the mobile software from unauthorized duplication but
allows for execution through an authentication method and system compatible with the
mobile software.
Also, another object of the present invention is to provide an authentication
method and system that protects the copyright owner of the mobile software
substantially preventing unauthorized duplication. Also, still another object of the present invention is to provide an authentication
method and system compatible with the characteristics of mobile terminal.
Finally, another object of the present invention is to provide an authentication
method and system that prevents the unauthorized duplication of the mobile software
being developed.
To achieve aforementioned objects, according to the present invention, there is
provided a method for authenticating mobile software and a system thereof. Also, there
is provided a computer-readable medium including a program containing
computer-executable instructions for performing a method for authenticating software.
According to another preferred embodiment of the present invention, there is
provided a method for authenticating software in a mobile terminal, the method
comprising the steps of: receiving an execution instruction for software installed in the
mobile terminal through an inputting means; generating a first error code for the
software; extracting a mobile terminal identifier of the mobile terminal; generating a
first authentication key by combining the mobile terminal identifier and the first error
code; and executing the software when the first authentication key corresponds to a
second authentication key stored in the mobile terminal.
Also, the second authentication key is stored in advance by the steps of:
receiving a download file from a download server coupled to the mobile terminal,
wherein the download file comprises software data and a second error code; generating a third error code for the software data in the mobile terminal; storing the software data
on the mobile terminal if the second error code corresponds to the third error code;
extracting the mobile terminal identifier from the mobile terminal; and generating the
second authentication key by combining the mobile terminal identifier and the second
error code in the mobile terminal.
And, the mobile terminal identifier is Electronic Serial Number (ESN), and the
first error code, the second error code, and the third error code are a frame check
sequence generated by CRC method.
Also, if the software is software for a developer, the first error code, the second
error code, and the third error code are a 32 frame check sequence, and if the software is
a commercial software, the first error code, the second error code, and the third error
code are a 16 frame check sequence.
And, the download file further comprises a header including information
relative to the first error code, and further comprises first security level information.
And, the method comprises the steps of: extracting the first security level
information for the download file; receiving INF from the download server, wherein the
INF includes second security level information; and comparing the first security level
information with the second security level information, wherein if the first security level
information and the second security level information do not correspond with each other
according to the comparison, the software is not stored on the mobile terminal. According to another preferred embodiment of the present invention, there is
provided a method for authenticating software in a download server coupled to a mobile
terminal through a network, the method comprising the steps of: receiving a download
request signal from the mobile terminal, wherein the download request signal includes a
mobile terminal identifier of the mobile terminal; identifying the mobile terminal by use
of the mobile terminal identifier, wherein the mobile terminal comprises a user mobile
terminal and a developer mobile terminal; determining whether or not the software is
permitted to be downloaded at the mobile terminal; extracting software data
corresponding to the download request signal, wherein the software comprises
commercial software and software for a developer; generating an error code for the
software data corresponding to the mobile terminal; generating a download file
including the software data and the error code; and transmitting the download file to the
mobile terminal, wherein the mobile terminal controls the execution of the software by
use of an authentication key generated by combining the error code and the mobile
terminal identifier.
Also, the method further comprises the steps of: extracting security level
information corresponding to the software; generating a download file that further
includes the security level information; generating an INF including the security level
information; and transmitting the INF to the mobile terminal, wherein the mobile
terminal compares the security level information included within the INF with the security level information included within the download file to check for an error of the
INF. Where, the security level information is determined in advance by considering the
range of usable resource of the mobile terminal.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG la is a schematic diagram of the software authentication system according
to the preferred embodiment of the present invention.
FIG lb is a block diagram of the download server according to the preferred
embodiment of the present invention.
FIG lc is a block diagram showing the functions of the mobile terminal
according to the preferred embodiment of the present invention.
FIG 2 is a flowchart of downloading software data in the mobile terminal
according to the preferred embodiment of the present invention.
FIG 3a shows a structure of the download file according to the preferred
embodiment of the present invention.
FIG 3b shows the table of the security level information according to the
preferred embodiment of the present invention.
FIG 4 is a flowchart for generating a download file in the download server
according to the preferred embodiment of the present invention.
FIG 5 is a flowchart of storing the program according to the preferred embodiment of the present invention.
FIG 6 is a flowchart of executing the software in the mobile terminal according
the preferred embodiment of the present invention.
FIG 7a is a flowchart of authenticating software according to the preferred
embodiment of the present invention.
FIG 7b is a flowchart of preventing software duplication according to the
preferred embodiment of the present invention.
EMBODIMENTS
In particular the terms used in this specification will be defined as follows.
'Mobile terminal' comprises a cellular phone, PCS(Personal Communication
Service), PDA(Personal Digital Assistant) and all mobile terminals that will be
developed in the near future. This mobile terminal will be classified as either a 'user
mobile terminal' or 'developer mobile terminal' according to the preferred embodiment
of the present invention.
'Download server' generates and transmits a download file comprising software
data, an error correction code, and a header to a mobile terminal.
'Software' will be classified into 'software for developer' and 'commercial
software', and the development process can be securely maintained by allowing the
software for developer to be downloaded only to developer mobile terminal. 'Authentication key (hereinafter 'A-key')' is generated by combining the error
code and a mobile terminal identifier, and the duplicated software cannot be executed
without an A-key.
'Mobile terminal identifier' is a unique identifier assigned to each mobile
terminal, and these mobile terminals can be distinguished from each other by use of the
mobile terminal identifier. Electronic serial number can be used as a mobile terminal
identifier.
'Electronic serial number (abbreviated as ΕSN'), which is differentiated from a
manufacturing serial number, is a number string designated to each mobile terminal.
The mobile terminal manufacturers register the ESN with a mobile service provider of a
country where the mobile device will be used. Therefore, through the pre-registered
ESN, the mobile terminal is registered with that mobile service provider or a change of
mobile terminal is accomplished. Since the ESN is unique to each terminal and difficult
to duplicate, preferably the ESN is used as a mobile terminal identifier.
'Configuration Information File (abbreviated as 'INF') contains system
information. Upon installing or running a program, hardware configuration information,
especially driver files suitable for the hardware, can be provided from INF.
Hereinafter, the preferred embodiment of software authentication method and
system according to the present invention will be described in detail with the
accompanying drawings. Also, in describing the present invention with the accompanying drawings, all the elements of the present invention will be indicated by
the same reference numbers irrespective of the number of drawings.
FIG. la is a schematic diagram of the software authentication system according
to the preferred embodiment of the present invention. Referring to FIG. la, the software
authentication system comprises a download server 100 and a mobile terminal 130, and
can further comprise a local computer 140.
The download server 100 provides software under development or developed
software to the mobile terminal 130 through a network or the local computer 140, which
is coupled to the download server 100.
The mobile terminal 130 has a unique identifier that is assigned to the mobile
terminal 130. If the mobile terminal 130 has the unique identifier, the kind of mobile
terminal can vary as follows: cellular phone, PCS (Personal Communications Service),
PDA (Personal Digital Assistant), etc., can all be the mobile terminal 130.
The mobile terminal 130 can be classified into a developer mobile terminal 110
and a user mobile terminal 120. The developer mobile terminal 110, which is used by
someone who develops software, receives the software from the download server 100
for testing the software under development. Furthermore, the user mobile terminal 120,
which is used by a subscriber who uses the commercial software, receives the software
with or without a fee being charged depending on the situation. In the present invention, the methods of the mobile terminal 130 for accessing
the download server 100 can be classified into a network method that uses a network for
access and a serial method that uses cable for access. In the network method, the
software is divided into several data packets and transmitted through the conventional
mobile network or the next generation network that will be developed. The developer
who accesses the download server 100 with the developer mobile terminal 110 uses the
serial method for developing the software. When accessing the download server 100 by
the serial method, the developer can access the download server 100 through the local
computer 140. Since more time is required for downloading in the network method, use
of the serial method is preferable for accessing the download server 100 with the
developer mobile terminal 110 for efficiency.
In the preferred embodiment of the present invention, the authentication of
software data can be performed by using the ESN as an identifier for identifying the
mobile terminal 130. The software authentication method is performed immediately
before storing the downloaded software on the mobile terminal 130 by using an A-key
that is generated by combining an error code included within the software and the ESN.
The method for generating the A-key will be described later in connection with FIG. 5.
Since the algorithm for generating the A-key in the present invention is very
simple, this algorithm is suitable for the mobile terminal 130 by taking into
consideration the operating environment of the mobile terminal, namely, the limited memory capacity and the low CPU performance.
Since the authentication method with sophisticated encryption used in the
general computer increases loads of the mobile terminal 130 and the time for
authenticating increases correspondingly, the method cannot be employed as an
authentication method for the mobile software. Thus, the authentication method using
the A-key generated by combining the error code and ESN is compatible with the
operating environment of the mobile terminal 130. Moreover, the authentication method
can reduce the time for authenticating, and provide a copying prevention effect by using
ESN that is unique to each mobile terminal 130.
FIG. lb is a block diagram of the download server according to the preferred
embodiment of the present invention. In describing the software authentication method
of the present invention, general functions of download server 100 will be omitted.
Referring to FIG. lb, the download server 100 comprises a security level information
setting part 152, an error code generating part 154 and a download file generating part
156, and can further comprise an authenticating part 158 and billing part 160.
The security level information setting part 152 sets security level information
corresponding to each unit of uploaded software. The resource that is permitted to use
the software when the software is operated on the mobile terminal 130 is determined
according to security level information. The security level information will be described
with FIG. 3b. The error code generating part 154 generates an error code included within the
download file, so that the mobile terminal 130 checks for the occurrence of error in the
received software data by use of the error code.
The download file generating part 156 attaches a header, the error code, and
security level information to the software data to generate the download file.
The authenticating part 158 performs an authentication with the mobile
terminal when the mobile terminal 130 accesses to the download server 100. This
authentication will be performed by use of a subscriber's ID (identification) and
password, and also by use of the mobile terminal identifier, namely, the ESN.
The billing part 160 bills the software data that is downloaded from the
download server 100 to the subscriber. The commercial software can be downloaded or
distributed with charge or without charge, and the billing can be performed for each unit
of software. The charge can be demanded from the subscriber as a service charge of the
mobile terminal or a payment via credit card.
FIG. lc is a block diagram showing the functions of the mobile terminal
according to the preferred embodiment of the present invention. The description of
general functions of the mobile terminal will be omitted for describing the
authentication method in detail. Referring to FIG. lc, the mobile terminal 130
comprises an error code generating part 170, a security level information and error code
comparing part 172, an A-key generating part 174, and an A-key comparing part 176. The error code generating part 170 functions to generate an error code, and the
generating method is the same as the method of the download server 100. Namely, the
error code generating part 170 generates the error code of the received software data, so
that the mobile terminal 130 can check the occurrence of error in the software data.
The security level information and error code comparing part 172 compares the
security level information and error codes to find the occurrence of error in the security
level information and software data included within the download file. That is, the
occurrence of error in the software data can be checked by comparing the error code
generated by the error code generating part 170 with the error code extracted by the
download server. Also the occurrence of error in the security level information can be
checked by comparing the security level information included within the download file
with the security level information included within INF that was received separately
from the download file.
The A-key generating part 174 generates A-key when storing the software data
received from the download server on the mobile terminal 130. The A-key can be
generated by combining the error code and ESN of the mobile terminal 130.
The A-key comparing part 176 controls the execution of the software data by
use of the A-key generated by the A-key generating part 174. Namely, the execution of
the software data can be controlled by comparing the A-key stored in the mobile
terminal with the A-key generated whenever the software data is executed. FIG. 2 is a flowchart of downloading software data in the mobile terminal
according to the preferred embodiment of the present invention.
Currently, much mobile software has already been commercialized and under
development along with the popularization of the mobile terminal. Thus, this mobile
software can be protected from unauthorized duplication or illegal duplication by the
present invention. Namely, according to the present invention, the mobile software data
will be provided to the mobile terminal 130 that the server authenticates. Also, even if
the mobile software in the authenticated mobile terminal were duplicated to other
mobile terminal without permission, the duplicated software would not be executed
because of the A-key.
Hereinafter, the download procedure of software in the download server
according to the present invention will be described with FIG. 2. At step 200, the
mobile terminal 130 accesses the download server 100 through a network. As described
in FIG. la, the methods of the mobile terminal 130 for accessing the download server
100 can be classified into a network method that uses the network for access and a serial
method that uses cable for access. The network method is described mainly with FIG. 2
and the serial method will be described with FIG. 7b.
At step 205, the download server 100 authenticates the mobile terminal 130 that
accesses the download server 100. The authentication in the download server 100 is
performed with an ID and password of the subscriber, i.e., the mobile terminal's user. After authentication, the mobile terminal searches for the software to download,
and at step 210, the mobile terminal 130 transmits a download request signal for the
searched software to the download server 100.
At step 215, upon receiving the download request signal, the download server
extracts the requested software data and generates a download file that includes the
software data. The download file can comprise a header, the software data, the security
level information, and the error code.
After generating the download file, at step 225 the download server transmits
the download file to the mobile terminal 130.
At step 230, the mobile terminal extracts the software data from the download
file and stores it on memory. The storage procedure can be divided into error detection,
data storage, and an A-key generation. The error detection is to detect the occurrence of
error in the software data and the security level information of the received download
file. The data storage is to store the software data on the mobile terminal 130 if no error
is detected in the error detection. The A-key generation is to generate A-key by
combining the error code and the ESN. The data storage will be described with FIG. 5
in detail.
At step 235, the mobile terminal 130 can execute the software that corresponds
to the software data stored on the mobile terminal. When executing the software, the
execution of the software can be controlled by use of the A-key generated at step 230. The execution of step 230 will be described later with FIG. 6 in detail.
FIG. 3a shows the structure of the download file according to the preferred
embodiment of the present invention. When receiving the download request signal
from the mobile terminal 130, the download server generates the download file
including the software data corresponding to the download request signal and transmits
the generated download file to the mobile terminal 130.
Referring to FIG. 3a, the download file comprises a header 300, software data
320, security level information 340, and an error code 360.
According to the present invention, the header 300 includes information for the
error code. The mobile terminal extracts information for the error code from the header,
and generates the error code by the same method of the download server 100. Then by
comparing the error codes, the mobile terminal can detect the occurrence of error in the
software data.
The software data 320 is a data file corresponding to the software that the
mobile terminal requests, and preferably the data file is downloaded in the compressed
form. If the data file is compressed, the download server 100 must generate an error
code for the compressed data file.
The security level information 340 includes information about resources that
the software can access when the software is executed on the mobile terminal. The
usable resource of the mobile terminal 130 is determined by the security level information, and the security level information can be designated to each unit of
software respectively. The security level information will be described with FIG. 3b in
detail.
The error code 360 is used to detect the error in the software data that occurred
during transmission.
According to the present invention, the download file that is transmitted from
the download server 100 includes the error code 360 in order to detect error. Further, the
mobile terminal 130 that receives the download file can detect the occurrence of error in
the software data by use of the error code 360. The method for detecting the occurrence
of error using the error code 360 is described in more detail.
The error code 360 can be generated by one of a parity check and Cyclic
Redundancy Check(abbreviated as 'CRC'). The parity check, the simplest error
detection method, adds a parity bit on the end of a data block; however, it cannot detect
error when an even number of errors occur. Thus, it is preferable to use CRC in the
present invention rather than the parity check. The error code 360 is Frame Check
Sequence (hereinafter 'FCS') when using CRC. According to the method for detecting
the occurrence of error in the mobile terminal, the mobile terminal 130 generates FCS
for the software data by the same method of the download server 100, and compares the
error code in the download file to the generated FCS to detect the occurrence of error.
When using CRC in the present invention, CRC 16 and CRC 32 can be selectively used according to the type of the mobile terminal 130. According to the
preferred embodiment of the present invention, CRC 16 can be used to detect the error
in the commercial software for an ordinary user in order to increase the speed of
authentication, and CRC 32 can be used to detect the error in the software for a
developer in order to increase efficiency of verification in the developing procedure.
According to another preferred embodiment of the present invention, since
there is high possibility of error occurrence other than the wired network because the
commercial software is generally transmitted through the mobile communication
network, CRC 32 can be used for downloading the commercial software. However,
since the software for a developer is transmitted through cable, there is low possibility
of error occurrence other than the wireless network. Thus, CRC 16 can be used as error
code. In the present invention, it is preferable to correct error as well as detect error.
It is preferable to use the automatic repeat request (abbreviated as 'ARQ') as an
error correcting method. The ARQ corrects error by requesting retransmission of the
data block having error from the transmitter after detecting error. In addition to ARQ,
there is another error correction method, i.e., forward error correction (abbreviated
'FEC'). Since FEC can perform error detection and error correction simultaneously, the
reverse channel is not needed and the continuous data flow is possible. However, since
large overhead occurs for detecting and correcting error simultaneously, FEC is not a
suitable correction method for the mobile terminal 130. Accordingly, it is preferable to use ARQ as an error correction method in the present invention.
Also, in another data structure of the download file according to the present
invention, the header, the security level information and the error code are 1 byte, 1 byte
and 4 bytes, respectively.
FIG. 3b shows a table of the security level information according to the
preferred embodiment of the present invention. The security level information 340 is
designated for each unit of software, and the software can use the resource of the mobile
terminal 130 within a range that the security level permits. Using the security level
information 340, the security and stability can be maintained when the software is run
on the mobile terminal 130. According to the present invention, the grades of the
security level can be classified into an application programming interface (abbreviated
as 'API') security, a directory security, a library security, etc. and obviously the grades
can be subdivided according to the importance of the system access. API enables an
application program to use other programs such as an operating system(OS) or database
management system(DBMS). Setting the range for an access right to an OS, file or
library can solve problems related to security of personal information stored in the
mobile terminal 130 and downloading of the mobile terminal when the software data is
running.
Hereinafter, the function of the security level information 340 is described with
FIG. 3b, however, it is not intended that the present invention is limited to the exemplary classification shown in FIG. 3b.
'Level 0' 342 allows the software to access most mobile terminal's resources
and relates to ESN, subscriber information such as channel allocation or stability of the
mobile terminal and the wireless network.
'Level 1' 344 allows the software to access mobile identification number (MIN)
and the current state of the mobile terminal. MIN is 34 bits indicating 10 digits of the
phone number assigned to the mobile terminal and generally called a 'phone number'.
At 'level 2' 346, making a call and sending SMS are possible. At 'level 3' 348,
the software can access the wireless resources such as TCP/IP, UDP, HTTP, and control
files at 'level 4' 350. At 'level 5' 352 the software can control the serial communication,
and at 'level 6' 354 all developers are allowed to access
FIG. 4 is a flowchart for generating a download file in the download server
according to the preferred embodiment of the present invention. The database coupled
to the download server 100 stores software under development and commercial
software data. After making a source code for the software data, the software developer
complies the source code to produce the software data and uploads the software data to
the download server 100. Software data under development can be uploaded to the
download server 100 for testing and commercial software data after development can be
uploaded to the download server 100, too. When the mobile terminal 130 transmits the
download request signal, the download server 100 generates the download file including the software that the mobile terminal requests and transmits the download file to the
mobile terminal 130. The procedure of generating the download file in the download
server 100 will be described with FIG. 4.
At step 400, the download server 100 receives the download request signal
from the mobile terminal 130. The download server 100 extracts the software data
corresponding to the download request signal from the database. The extracted software
data may or may not be in the form of a compressed file. If the software data is not
compressed, then the download server 100 can compress the software data and include
the compressed software data with the download file. When this compressed file is
included with the download file, the download file must generate the error code by
being related to the compressed software data.
At step 410, the download server 100 checks the kind of software that the
mobile terminal 130 requests. According to the present invention, software can be
divided into software for a developer and commercial software. Allowing the software
for a developer to be downloaded only to the developer mobile terminal can secure the
development procedure.
With regard to the possibility of error occurrence and the efficiency of
development, it is preferable to generate the error code according to the kind of
software. For example, when using CRC according to the present invention, the error
code can be generated by either a CRC 32 polynomial or CRC 16 polynomial. Hereinafter, the error code that is generated by CRC 32 will be noted as FCS
32(Frame Check Sequence 32). Also, the error code that is generated by CRC 16 will be
noted as FCS 16(Frame Check Sequence 16). Thus, checking error occurrence of the
commercial software is performed by FCS 16 and checking error occurrence of the
software for developer is performed by FCS 32. Of course, checking error occurrence of
the commercial software is performed by FCS 32 and checking error occurrence of the
software for developer is performed by FCS 16. In the preferred embodiment of the
present invention, checking the error occurrence on the commercial software is
performed by FCS 16 to increase the authentication speed.
According to the result of step 410, if the software is the software for a
developer, FCS 32 is generated at step 415. The method for generating FCS 32 is as
follows: assuming that the data size of the commercial software is n bits, when carrying
n bits by 16 bits and dividing by the predetermined k bits, then r bits remain. The
remaining r bits are FCS 32. As aforementioned, if k is 32, then ox04clldb7 as divisor
can be predetermined. At step 420, the download server generates a header indicating
that the error code is FCS 32 and the security level information.
According to the result of step 410, if the software is the commercial software,
FCS 16 is generated at step 425. In order to increase the authentication speed, it is
preferable to use FCS 16 rather than FCS 32. Assuming that the data size of the
commercial software is n bits, when carrying n bits by 16 bits and dividing by the predetermined k bits, then r bits remain. The remaining r bits are FCS 16. As
aforementioned, if k is 16, then ox8005 as divisor can be predetermined.
Since the analysis of step 425 through step 430 is the same as the steps 415
through 420, the same description will be omitted here.
At step 435, the download server generates the download file that includes the
software data, the security level information, and the error code. Also, at step 440, the
download server transmits the generated download file to the mobile terminal 130.
FIG. 5 is a flowchart of storing the program according to the preferred
embodiment of the present invention. According to the present invention, when storing
the software, the mobile terminal 130 generates an A-key corresponding to the software.
After generating the A-key, the execution of the software is controlled by the A-key.
According to the present invention, when the software in one mobile terminal
attempts to be duplicated for another mobile terminal, the execution of the software is
not permitted because A-keys in each mobile terminal are not identical. That is, since
the error code for the software data and ESN are encoded, the software is not executed
at the mobile terminal having a different ESN.
Hereinafter, the procedure for storing a program including the step of
generating an A-key will be described with FIG. 5. At step 500, the mobile terminal 130
extracts a header from the download file. As described above, the download file
comprises a header, software data and FCS, and can further comprise security level information. The header includes information about an error code. Namely, information
included in the header indicates that the error code for the software data, i.e., FCS, is
FCS 16 or FCS 32.
At step 505, the mobile terminal 130 checks the kind of FCS by use of the error
code information included in the header. Further, at step 510 the mobile terminal
extracts FCS and security level information from the download file.
At step 515, the mobile terminal 130 compares the security level information
extracted from the download file with the security level information extracted from INF
to check the occurrence of error in the security level information.
According to the present invention, when receiving the download file from the
download server 100, it is preferable to receive INF corresponding to the download file.
Preferably the INF includes not only information required when installing the software
in the mobile terminal 130 but also security level information. That is, after receiving
INF, the mobile terminal 130 extracts security level information from INF and
compares it to the security level information extracted from the download file.
According to the result of this comparison, if the security level information included in
INF is not identical to the security level information extracted from the download file,
then the storage process is suspended. Furthermore, according to the result of this
comparison, if the security level information included in INF is identical to the security
level information extracted from the download file, at step 520 the mobile terminal 130 generates FCS for the software data. In the present invention, if the error code is FCS 16,
the FCS is generated by the CRC 16 method. Also, if the error code is FCS 32, the FCS
is generated by CRC 32 method.
At step 525, the mobile terminal 130 compares the FCS, the error code
extracted from the download file, with the FCS generated at step 520. According to the
results of the comparison, if the FCS extracted from the download file is not identical
with the FCS generated at step 520, the storing process is suspended. Also, if FCS
extracted from the download file is identical with the FCS generated at step 520, the
storing process proceeds to step 530. At step 530, the mobile terminal 130 stores the
software data extracted from the download file in the memory of the mobile terminal
130.
In the present invention, the software data are included in the download file in
the form of a compressed file. The software data in the form of a compressed file are
stored in the mobile terminal 130, so the memory of the mobile terminal 130 can be
efficiently used. Preferably the software is stored in the form of the compressed file and
executed by use of INF when the mobile terminal is operated. Namely, it is preferable to
use INF when executing the software without separating the storage step and executing
step in the computer program.
At step 535, the mobile terminal 130 generates the A-key by combining an
error code and ESN stored in the memory of the mobile terminal. Obviously various combinations exist, and in the preferred embodiment of the present invention, the
combination can be performed by an exclusive logical OR. In the exclusive OR, i.e.,
one of Boolean operators, the result of an operation is true when one of two inputs is
true and the other is false. Furthermore, the result of the exclusive OR is namely that the
A-key is stored in the memory of the mobile terminal 130. In the present invention, the
A-key stored in the memory can be managed by a program manager. Generally, the
program manager, which operates on a platform of mostly all mobile terminals,
manages the application programs.
In step 500 through step 540, the software data are stored in the mobile terminal
130.
FIG. 6 is a flowchart of executing the software in the mobile terminal according
the preferred embodiment of the present invention. In the present invention, even if the
software data were duplicated without permission, the execution of the software data
could be controlled by use of the A-key. Hereinafter, the control on the execution of the
software will be described with FIG. 6.
At step 600, the mobile terminal 130 receives an execution command for the
software data through an inputting means. At step 605, the mobile terminal 130
generates FCS, i.e., the error code, for the software data. In the present invention, the
software data is stored in the form of the compressed file.
Further, at step 610, the mobile terminal 130 extracts ESN from the memory. At step 615, the mobile terminal generates A-key by combining the error code and ESN.
Obviously various combination methods exist, and in the present invention, the
exclusive OR is performed as a combination method. It is preferable to generate A-key
by the same combination of step 535 in FIG. 5.
At step 620, the mobile terminal 130 compares the A-key generated at step 615
with the A-key stored in memory, which is stored at step 540 in FIG. 5. According to
the results of this comparison, if the A-key generated at step 615 is not identical to the
A-key stored in memory, which is stored at step 540, execution of the software will not
occur. If the A-key generated at step 615 is identical to the A-key stored in memory,
which is stored at step 540, the software is executed. The software can be executed by
use of INF.
FIG. 7a and FIG. 7b are flowcharts of authenticating software according to the
preferred embodiment of the present invention.
The software under development or post-development software are provided to
the mobile terminal 100 from the download server 100. The software data uploaded to
the download server are downloaded to the mobile terminal through a network or serial
method.
Additionally, FIG. 6 shows the method for preventing duplication of the
downloaded software data; FIG. 7a and FIG. 7b show the methods for preventing
duplication at the download server 100. Situations in which a subscriber may use programs via an unauthenticated method are as follows: downloading the software for a
developer in the user mobile terminal 120 through network access (FIG. 7a), and
downloading software data in the user mobile terminal 120 through serial access (FIG.
7b).
FIG. 7a is a flowchart of authenticating software according to the preferred
embodiment of the present invention. The software under development has to be
uploaded into the download server 100 and downloaded at the mobile terminal 130 for
testing. In this situation, by preventing the software under development from being
duplicated without permission at the user mobile terminal 120, access to the information
about the software under development can be prevented. Hereinafter, the method for
authenticating software according to the preferred embodiment of the present invention
will be described with FIG. 7a.
At step 700, the download server 100 receives a download request signal from
the mobile terminal 130 that accessed the download server 100. At step 705, the
download server 100 checks whether the mobile terminal 130 is a developer mobile
terminal 110. One embodiment for distinguishing a developer mobile terminal in the
present invention is as follows: if all mobile terminals must comply with the
authentication process via an ID and password when accessing the download server, the
developer who registers his ID and password in advance can receive the software under
development. Specifically, an ID and password used as an identifier can be used to distinguish each developer.
According to another embodiment of distinguishing a developer mobile
terminal in the present invention, the ESN of the developer mobile terminal can be used.
In this situation, even if the developer were changed, the developer who has the
ESN-registered developer mobile terminal could receive the software under
development without a change in the database of the download server 100.
According to the result of the step 710, if the mobile terminal 130 is not a
developer mobile terminal 110, the download server terminates access or transmits a
disapproval message. If the mobile terminal 130 is a developer mobile terminal 110, the
download server 100 extracts the corresponding software data at step 710 and generates
a download file including the extracted software data at step 715. At step 720, the
download server 100 transmits the generated download file to the mobile terminal 130.
Since the steps 710 through 720 are the same as the steps 415 through 440 in
FIG. 4, the same description will be omitted here.
FIG. 7b is a flowchart of preventing duplication of software data according to
the preferred embodiment of the present invention. According to the present invention,
it is more efficient to receive a download file from the local computer 140 through serial
communication than from the download server 100 through a mobile network. Since
software downloads frequently occur during the procedure of developing software,
efficiency while developing software can be improved by using serial communication, which has low error occurrence and high download speed, for downloading. Thus, by
permitting the receipt of a download file through serial communication only with the
developer mobile terminal, security for the software under development can be
maintained. Hereinafter, the download procedure through serial communication will be
described with FIG. 7b. Assume that the mobile terminal 130 and the local computer
140 are connected to each other by cable, and the local computer 140 accesses the
download server 100.
At step 750, the local computer 140 extracts ESN from the mobile terminal 130.
The local computer 140 determines whether or not the mobile terminal 130 is the
developer mobile terminal 110 by use of ESN. Here, ESN of the developer mobile
terminal 110 is stored in advance in the storage of the local computer 140.
According to the result of step 755, if a developer mobile terminal 110 is not
indicated, the local computer 140 can display a disapproval message for downloading
on a display device. If developer mobile terminal 110 is indicated, the local computer
transmits the download request signal to the download server at step 760.
At step 765, the download server 100 extracts the corresponding software data
and generates the download file including the extracted software data at step 770. The
download file is transmitted to the local computer 140 at step 785. Since the steps 765
through 770 are same as the steps 415 through 440 in FIG. 4, the same description will
be omitted here. At step 790, the local computer 140 transmits the download file to the mobile
terminal 130. Through the aforementioned steps, the software for developer is
downloaded only to the developer mobile terminal 110, so unauthorized duplication can
be prevented. Although the present invention has been described with the preferred
embodiment, the spirit and the scope of the present invention will be determined only
by the following claims. Also, it will be apparent for those skilled in the art that
modifications or amendments to the aforementioned embodiment within the spirit and
the scope of the present invention are possible without departing from the boundary of
the claimed invention.
Industrial applicability
By authenticating the software for a wireless mobile terminal, the present
invention can prevent duplication and execution of the software for the mobile terminal.
Also, by preventing duplication of the software for mobile terminal, the present
invention can protect the copyright of a software developer or software developing
company.
Also, the present invention provides software authentication suitable for the
mobile terminal.
Finally, the present invention can prevent the duplication of the software under
development.

Claims

Claims
1. A method for authenticating software in a mobile terminal, said method comprising
the steps of:
(a) receiving an execution instruction for software installed in said mobile
terminal through an inputting means;
(b) generating a first error code for said software;
(c) extracting a mobile terminal identifier of said mobile terminal;
(d) generating a first authentication key by combining said mobile terminal
identifier and said first error code; and
(e) executing said software when said first authentication key corresponds to a
second authentication key stored in said mobile terminal.
2. The method as stated in claim 1, wherein said second authentication key is stored in
advance by said steps of:
receiving a download file from a download server coupled to said mobile
terminal, wherein said download file comprises software data and a second error code;
generating a third error code for said software data in said mobile terminal;
storing said software data on said mobile terminal if said second error code
corresponds to said third error code;
extracting said mobile terminal identifier from said mobile terminal; and generating said second authentication key by combining said mobile terminal
identifier and said second error code in said mobile terminal.
3. The method as stated in claim 1 or claim 2, wherein said mobile terminal identifier is
Electronic Serial Number (ESN).
4. The method as stated in claim 1 or claim 2, wherein said first error code, said second
error code, and said third error code are a frame check sequence generated by CRC
method.
5. The method as stated in claim 4, wherein said first error code, said second error code,
and said third error code are a 32 frame check sequence if said software is software for a
developer.
6. The method as stated in claim 4, wherein said first error code, said second error code,
and said third error code are a 16 frame check sequence if said software is a commercial
software.
7. The method as stated in claim 2, wherein said download file further comprises a
header including information relative to said first error code.
8. The method as stated in claim 2, wherein said download file further comprises first
security level information.
9. The method as stated in claim 7 further comprising the steps of:
extracting said first security level information for said download file;
receiving INF from said download server, wherein said INF includes second
security level information; and
comparing said first security level information with said second security level
information,
wherein if said first security level information and said second security level
information do not correspond with each other according to the comparison, said
software is not stored on said mobile terminal.
10. A method for authenticating software in a download server coupled to a mobile
terminal through a network, said method comprising the steps of:
(a) receiving a download request signal from said mobile terminal, wherein said
download request signal includes a mobile terminal identifier of said mobile terminal;
(b) identifying said mobile terminal by use of said mobile terminal identifier,
wherein said mobile terminal comprises a user mobile terminal and a developer mobile terminal;
(c) determining whether or not said software is permitted to be downloaded at
said mobile terminal;
(d) extracting software data corresponding to said download request signal,
wherein said software comprises commercial software and software for a developer;
(e) generating an error code for said software data corresponding to said mobile
terminal;
(f) generating a download file including said software data and said error code;
and
(g) transmitting said download file to said mobile terminal,
wherein said mobile terminal controls the execution of said software by use of
an authentication key generated by combining said error code and said mobile terminal
identifier.
11. The method as stated in claim 10, wherein said mobile terminal identifier is
Electronic Serial Number (ESN).
12. The method as stated in claim 10, wherein said error code is a frame check sequence
generated by CRC method.
13. The method as stated in claim 10, wherein if said software is software for a
developer according to the determination method at said step (c), said software can be
downloaded only at a developer mobile terminal.
14. The method as stated in claim 10, wherein if said software is commercial software at
said step (e), said error code is a frame check sequence 16.
15. The method as stated in claim 10, wherein if said software is software for a
developer at said step (e), said error code is a frame check sequence 32.
16. The method as stated in claim 10, wherein said step (e) comprises the steps of:
extracting security level information corresponding to said software;
generating a download file that further includes said security level information;
generating an INF including said security level information; and
transmitting said INF to said mobile terminal,
wherein said mobile terminal compares said security level information included
within said INF with said security level information included within said download file
to check for an error of said INF.
17. The method as stated in claim 16, wherein said security level information is determined in advance by considering the range of usable resource of said mobile
terminal.
18. The method as stated in claim 10, wherein at said step (e) said download file further
comprises a header including information of said error code.
19. A computer-readable medium including a program containing computer-executable
instructions for performing a method for authenticating software, wherein the program
practices the method as stated in one of claims 1-9.
20. A software authentication system for performing a method for authenticating
software as stated in one of claims 10-18 comprising:
a memory for storing a program; and
a processor coupled to said memory for performing said program,
wherein said processor performs said method according to said program.
PCT/KR2002/001447 2002-04-30 2002-07-31 Method and system for authenticating a software WO2003107201A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2002368021A AU2002368021A1 (en) 2002-04-30 2002-07-31 Method and system for authenticating a software
US10/971,597 US7707409B2 (en) 2002-04-30 2004-10-21 Method and system for authenticating software

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2002-0023618A KR100453504B1 (en) 2002-04-30 2002-04-30 Method and system for authenticating a software
KR2002/23618 2002-04-30

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US10/971,597 Continuation US7707409B2 (en) 2002-04-30 2004-10-21 Method and system for authenticating software

Publications (1)

Publication Number Publication Date
WO2003107201A1 true WO2003107201A1 (en) 2003-12-24

Family

ID=29728604

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2002/001447 WO2003107201A1 (en) 2002-04-30 2002-07-31 Method and system for authenticating a software

Country Status (3)

Country Link
KR (1) KR100453504B1 (en)
AU (1) AU2002368021A1 (en)
WO (1) WO2003107201A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007098509A1 (en) * 2006-02-24 2007-08-30 Qualcomm Incorporated System and method for downloading user interface components to wireless devices
WO2006053304A3 (en) * 2004-11-12 2009-04-02 Pufco Inc Volatile device keys and applications thereof
EP2115641A2 (en) * 2007-01-23 2009-11-11 Ascenna Mobile, Inc. Automated authentication process for application clients
US7681103B2 (en) 2002-04-16 2010-03-16 Massachusetts Institute Of Technology Reliable generation of a device-specific value
US8584118B2 (en) 2004-10-20 2013-11-12 Nokia Corporation Terminal, method and computer program product for validating a software application
US8630410B2 (en) 2006-01-24 2014-01-14 Verayo, Inc. Signal generator based device security
US8782396B2 (en) 2007-09-19 2014-07-15 Verayo, Inc. Authentication with physical unclonable functions
EP3436949A4 (en) * 2016-07-29 2020-03-25 Hewlett-Packard Development Company, L.P. Data recovery with authenticity

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100926822B1 (en) * 2007-12-04 2009-11-12 (주)유디피 Method for providing protection means of software, and network SYSTEM performing the same

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10327139A (en) * 1997-05-23 1998-12-08 Advance Co Ltd Data communication system
US5909437A (en) * 1995-06-02 1999-06-01 Airspan Communications Corporation Software download for a subscriber terminal of a wireless telecommunications system
JPH11203128A (en) * 1998-01-09 1999-07-30 Canon Inc Digital software distribution system, terminal and recording medium
US6253326B1 (en) * 1998-05-29 2001-06-26 Palm, Inc. Method and system for secure communications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5909437A (en) * 1995-06-02 1999-06-01 Airspan Communications Corporation Software download for a subscriber terminal of a wireless telecommunications system
JPH10327139A (en) * 1997-05-23 1998-12-08 Advance Co Ltd Data communication system
JPH11203128A (en) * 1998-01-09 1999-07-30 Canon Inc Digital software distribution system, terminal and recording medium
US6253326B1 (en) * 1998-05-29 2001-06-26 Palm, Inc. Method and system for secure communications

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7818569B2 (en) 2002-04-16 2010-10-19 Massachusetts Institute Of Technology Data protection and cryptographic functions using a device-specific value
US8386801B2 (en) 2002-04-16 2013-02-26 Massachusetts Institute Of Technology Authentication of integrated circuits
US7904731B2 (en) 2002-04-16 2011-03-08 Massachusetts Institute Of Technology Integrated circuit that uses a dynamic characteristic of the circuit
US7681103B2 (en) 2002-04-16 2010-03-16 Massachusetts Institute Of Technology Reliable generation of a device-specific value
US7840803B2 (en) 2002-04-16 2010-11-23 Massachusetts Institute Of Technology Authentication of integrated circuits
US7757083B2 (en) 2002-04-16 2010-07-13 Massachusetts Institute Of Technology Integrated circuit that uses a dynamic characteristic of the circuit
US8584118B2 (en) 2004-10-20 2013-11-12 Nokia Corporation Terminal, method and computer program product for validating a software application
US7702927B2 (en) 2004-11-12 2010-04-20 Verayo, Inc. Securely field configurable device
US7839278B2 (en) 2004-11-12 2010-11-23 Verayo, Inc. Volatile device keys and applications thereof
US7564345B2 (en) 2004-11-12 2009-07-21 Verayo, Inc. Volatile device keys and applications thereof
WO2006053304A3 (en) * 2004-11-12 2009-04-02 Pufco Inc Volatile device keys and applications thereof
US8756438B2 (en) 2004-11-12 2014-06-17 Verayo, Inc. Securely field configurable device
US8630410B2 (en) 2006-01-24 2014-01-14 Verayo, Inc. Signal generator based device security
WO2007098509A1 (en) * 2006-02-24 2007-08-30 Qualcomm Incorporated System and method for downloading user interface components to wireless devices
US8270941B2 (en) 2006-02-24 2012-09-18 Qualcomm Incorporated System and method for downloading user interface components to wireless devices
US8666363B2 (en) 2006-02-24 2014-03-04 Qualcomm Incorporated System and method for downloading user interface components to wireless devices
EP2115641A2 (en) * 2007-01-23 2009-11-11 Ascenna Mobile, Inc. Automated authentication process for application clients
EP2115641A4 (en) * 2007-01-23 2012-08-01 Ascenna Mobile Inc Automated authentication process for application clients
US8782396B2 (en) 2007-09-19 2014-07-15 Verayo, Inc. Authentication with physical unclonable functions
EP3436949A4 (en) * 2016-07-29 2020-03-25 Hewlett-Packard Development Company, L.P. Data recovery with authenticity

Also Published As

Publication number Publication date
KR20030085270A (en) 2003-11-05
KR100453504B1 (en) 2004-10-20
AU2002368021A1 (en) 2003-12-31

Similar Documents

Publication Publication Date Title
US7707409B2 (en) Method and system for authenticating software
US8683610B2 (en) Method and apparatus for managing digital rights of secure removable media
CN110008757B (en) Data protection method and system in updating of terminal firmware of Internet of things
CN101099385B (en) Methods and apparatus for enforcing application level restrictions on local and remote content
EP1776799B1 (en) Enhanced security using service provider authentication
US8452970B2 (en) System and method for code signing
CN1946222B (en) Software certification device for mobile communication terminal and method thereof
US20130114808A1 (en) System and method for providing an indication of randomness quality of random number data generated by a random data service
KR19980042805A (en) Methods, devices and products to verify that the data in the data file is genuine
US20060137007A1 (en) Revoking a permission for a program
CN111079091A (en) Software security management method and device, terminal and server
CN109863475A (en) The upgrade method and relevant device of a kind of application in safety element
CN110135149A (en) A kind of method and relevant apparatus of application installation
CN104683299A (en) Control method for software registration, authentication server and terminal
US7610625B2 (en) Program control system, program control method and information control program
US7437563B2 (en) Software integrity test
KR100453504B1 (en) Method and system for authenticating a software
EP1422958B1 (en) Permission token management system, permission token management method, program and recording medium
CN112689285B (en) Authorization authentication method and system for mobile terminal SDK
CN112732676B (en) Block chain-based data migration method, device, equipment and storage medium
CN1570865A (en) Method for downloading computer data to mobile phone
KR20130125245A (en) Method and system for maintaining integrity of software installed in mobile device
CN1311340C (en) Method for comparing versions when downloading computer data to mobile phone
CN1311341C (en) Method for conducting digital signature when downloading computer data to mobile phone
CN107438078B (en) Application safety protection system and method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 10971597

Country of ref document: US

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP