[go: up one dir, main page]

WO2000018162A1 - Procede et appareil pour authentifier un logiciel integre dans une unite a distance sur un canal de communication - Google Patents

Procede et appareil pour authentifier un logiciel integre dans une unite a distance sur un canal de communication Download PDF

Info

Publication number
WO2000018162A1
WO2000018162A1 PCT/US1999/021299 US9921299W WO0018162A1 WO 2000018162 A1 WO2000018162 A1 WO 2000018162A1 US 9921299 W US9921299 W US 9921299W WO 0018162 A1 WO0018162 A1 WO 0018162A1
Authority
WO
WIPO (PCT)
Prior art keywords
embedded software
digest
processing
produce
nonce
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US1999/021299
Other languages
English (en)
Inventor
Paul K. Johnson
Roy F. Quick, Jr.
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Priority to AU60428/99A priority Critical patent/AU6042899A/en
Publication of WO2000018162A1 publication Critical patent/WO2000018162A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the present invention relates to communication systems. More specifically, the present invention relates to authenticating embedded software in a remote unit.
  • Wireless communication networks are enjoying notable popularity in all aspects of business, industry and personal life.
  • portable, hand-held communication devices have experienced widespread growth in recent years.
  • Portable devices such as cellular phones are now commonplace with business and personal users alike.
  • advanced systems such as satellite communications systems using portable, hand-held and mobile phones, are on the horizon.
  • Such portable communications devices usually communicate with a base station over an air link.
  • the base station In many situations it is desirable for the base station to ascertain the identity of a particular user terminal. This process is referred to as “authenticating” the user terminal.
  • authenticating the user terminal One such situation is where secure communications with a user terminal are required. Authenticating the user terminal ensures that an "impostor" user terminal has not been substituted for a legitimate user terminal. Further, it is desirable to ascertain the version of the software executing within the user terminal.
  • a secure user terminal (that is, one designed for secure communications) usually contains a read-only memory (ROM) that contains boot software that is guaranteed to execute when the phone is turned on.
  • ROM read-only memory
  • a saboteur could thwart this system by simply substituting a ROM containing impostor boot software for the ROM containing legitimate boot software.
  • Authenticating the software within the ROM ensures that the proper boot software has been executed to secure the link.
  • Authenticating the user terminal embedded software ensures that the user's secure communications capability is intact.
  • Authenticating both the user terminal and the version of the embedded software in the user terminal's memory is useful, for example, in determining whether to download a software upgrade to the user terminal. In this example, authenticating the version of the embedded software can prevent a user from obtaining a software upgrade that was purchased by another user.
  • the present invention is a method, apparatus, and computer program product for authenticating embedded software in the memory of a responder over an unprotected channel.
  • the method includes the steps of transmitting a verify request and a unique nonce from a challenger to the terminal over the unprotected channel; processing the embedded software and the nonce using a cryptographic hash function to produce a hash digest, wherein the embedded software includes a unique identifier; transmitting the hash digest to the challenger; processing a copy of the embedded software and the nonce using the cryptographic hash function to produce a verification hash digest; and authenticating the embedded software when the received hash digest and the verification hash digest match.
  • the present invention is also directed to a responder that includes a processor that processes the embedded software to produce a digest and a transmitter that transmits the digest to the challenger, whereby the challenger can authenticate the embedded software using the digest and a verification digest produced by processing a copy of the embedded software.
  • the present invention is also directed to a challenger that includes a receiver that receives a digest from the terminal, the digest produced by processing the embedded software; and a processor that processes the received digest and a verification digest to produce a result, whereby the embedded software is authenticated when the result indicates a match.
  • One advantage of the present invention is that it authenticates the identity of a remote terminal over an unprotected channel.
  • Another advantage of the present invention is that it authenticates the version of embedded software resident in the memory of a remote terminal over an unprotected channel.
  • FIG. 1 is a block diagram of a communications system according to a preferred embodiment of the present invention.
  • FIG. 2 is a flow diagram describing the operation of the present invention according to a preferred embodiment.
  • FIG. 3 is a flowchart describing the operation of the present invention according to a preferred embodiment.
  • FIG. 4 is an exemplary computer system capable of carrying out the functionality of the present invention.
  • the present invention is a method and apparatus for authenticating embedded software in a remote unit over a communication channel.
  • the present invention can be implemented in any communication system, and is especially useful in communication systems having unprotected communication channels.
  • the term "communication channel” includes any medium used for transmission of a signal, including hard-wired, wireless, optic fiber, and the like.
  • An "unprotected” channel is one that does not guarantee that messages cannot be modified during transit over the channel.
  • the above-described environments include, without limitation, cellular communication systems, personal communication systems, satellite communication systems, and many others.
  • the present invention is especially useful in verifying the contents of a memory in a remote unit. These contents are often referred to as
  • embedded software One example of embedded software is the executable code residing in the ROM of a cellular telephone. In that example, the present invention can be used to authenticate the embedded software over the communications link between the cellular telephone and a base station.
  • BIOS BIOS of a personal computer.
  • the present invention could be used to authenticate the BIOS of a personal computer over a modem link or over the Internet.
  • FIG. 1 is a block diagram of a communications system 100 according to a preferred embodiment of the present invention.
  • the system includes a challenger 122 and a responder 102 which communicate over a communications channel 130.
  • Channel 130 can be an unprotected communications channel. However, this is not required by the present invention.
  • Responder 102 includes a transceiver 104, a processor 106 and a memory 108.
  • Transceiver 104 permits responder 102 to communicate over channel 130.
  • memory 108 includes a flash memory 110 and a boot block 112.
  • Flash memory 110 can be any memory that is in-circuit programmable (that is, programmable while mounted within responder 102).
  • Boot block 112 can be any memory that is not in-circuit programmable, such as a read-only memory (ROM).
  • Challenger 122 includes a transceiver 124 capable of communicating over channel 130 and a processor 126 capable of performing the functions of challenger 122 described herein.
  • challenger 122 also includes a memory 128.
  • Challenger 122 and responder 102 can reside within any two communications devices that communicate over a communications channel.
  • challenger 122 could be located at a cellular base station and responder 102 could be part of a cellular telephone.
  • responder 102 could be a satellite telephone at the end of a manufacturing assembly line and challenger 122 could be a test unit verifying the identity of the responder and its software.
  • challenger 122 transmits a verify request to responder 102 over unprotected channel 130.
  • responder 102 processes the embedded software using a hash function to produce a hash digest, as described in detail below.
  • Responder 102 transmits the hash digest to challenger 122 over channel 130.
  • Challenger 122 processes the received hash digest and a verification hash digest to produce a result.
  • Challenger 122 then authenticates the embedded software within responder 102 according to this result.
  • a hash function is a function that converts a variable-length input string, called a pre-image, to a fixed-length output string, called a hash digest, which is generally smaller than the pre-image.
  • a hash function is a simple calculation of the exclusive-or of all of the bytes of the pre-image to produce a one-byte hash digest.
  • the purpose of the hash function is to "fingerprint" the pre-image. In other words, the purpose is to produce a value that indicates whether a candidate pre-image is likely to be the same as a known pre-image.
  • the hash function itself is known.
  • the security of a hash function results from the fact that the process is not reversible. That is, the hash digest is not dependent on the pre-image in any discernable way. Given a hash digest, it is computationally unfeasible to find the pre-image that generated that digest. However, a hash digest is ideal for comparing two pre-images to determine whether they are identical. In general, a single-bit change in a pre-image changes approximately half of the bits in the resulting hash digest.
  • hash digest for certain hash functions.
  • a pre-image contains little data and a large amount of single-value fill data (for example, a fill of all zeroes).
  • a class of hash functions has been developed to remedy this situation.
  • These hash functions are called "cryptographic" hash functions.
  • One such function is the well-known SHA-1 secure hash algorithm.
  • a cryptographic hash function is used to process the embedded software data.
  • the verify request is accompanied by a value referred to as a "nonce."
  • a nonce is a value generated by the challenger for use in challenging a responder.
  • a unique nonce is used.
  • a unique nonce is a value used no more than once for the same p ⁇ rpose.
  • Responder 102 processes the nonce and the embedded software using a hash function to produce the hash digest.
  • the nonce is unique to each challenge of the responder. Therefore, this process produces a different hash digest for each challenge of a given responder. Thus, an impostor responder cannot defeat the authentication merely by transmitting a hash digest that was successfully used by a legitimate responder. This use of a nonce thereby serves to increase the reliability of the authentication.
  • the embedded software includes an identifier that uniquely identifies the user terminal. In a preferred embodiment, the identifier is never transmitted over an unprotected channel. This prevents a saboteur from using an identifier for a legitimate terminal to emulate that terminal. In this embodiment, both the embedded software and the identity of the user terminal are authenticated.
  • FIGS. 2 and 3 are a flow diagram and a flowchart, respectively, describing the operation of the present invention according to a preferred embodiment.
  • the process begins in step 302 when challenger 122 transmits a challenge, including a verify request and a nonce, to responder 102.
  • Nonce 204 is a value that is created specifically for a particular challenge.
  • nonce 204 is generated by challenger 122, and is not known to responder 102 prior to the challenge.
  • Challenger 122 can transmit the challenge in a variety of ways. For example, in a cellular telephone system, the challenge can be transmitted to responder 102 over a paging channel or a traffic channel.
  • the verify request is received by processor 106, which processes nonce
  • nonce 204 and the embedded software stored in memory 108 using hash function 210B to produce hash digest 212B, as shown in step 310.
  • nonce 204 and the embedded software are catenated by catenator 206B to form a pre- image 208B for processing by hash function 210B.
  • hash function 210B is a cryptographic hash function such as SHA-1.
  • the embedded software includes an identifier that uniquely identifies the user terminal. In this embodiment, both the embedded software and the identity of the user terminal are authenticated.
  • Pre-image 208B is processed using a hash function 210B to produce a hash digest 212B, as shown in step 310.
  • Responder 102 then transmits hash digest 212B to challenger 122 over channel 130, as shown in step 312.
  • Challenger 122 processes the received hash digest 212B and a verification hash digest 212A to produce a result 216, as shown in step 306.
  • challenger 122 compares hash digest 212B and verification hash value 212A using difference element 214 to produce a result 216.
  • the generation of verification hash digest 212A is discussed below.
  • Challenger 122 then authenticates the embedded software based on result 216. If result 216 indicates a match, then the embedded software is authenticated. In a preferred embodiment, challenger 122 generates verification hash digest 212A using the same method that responder 102 uses to generate hash digest 212B. An exact copy of the embedded software stored in memory 108 of responder 102 is stored in memory 128 of challenger 122. In one embodiment, the copy of the embedded software includes the same identifier as the embedded software in the user terminal. In this embodiment, both the embedded software and the identity of the user terminal are authenticated.
  • challenger 122 processes nonce 204 and the copy of the embedded software, stored in memory 128 of challenger 122, using the same hash function as responder 102, to produce the verification hash digest 212A, as shown in step 304.
  • nonce 204 and the embedded software are catenated by catenator 206A to form a pre-image 208A for processing by hash function 210A.
  • catenator 206A to form a pre-image 208A for processing by hash function 210A.
  • other methods can be used to produce a pre-image using the nonce and the embedded software without departing from the scope of the present invention, as would be apparent to one skilled in the relevant arts.
  • the present invention may be implemented using hardware, software or a combination thereof and may be implemented in a computer system or other processing system. In fact, in one embodiment, the invention is directed toward one or more computer systems capable of carrying out the functionality described herein.
  • An example computer system 400 is shown in FIG. 4.
  • the computer system 400 includes one or more processors, such as processor 404.
  • the processor 404 is connected to a communication bus 406.
  • Various software embodiments are described in terms of this example computer system. After reading this description, it will become apparent to a person skilled in the relevant art how to implement the invention using other computer systems and/or computer architectures.
  • Computer system 400 also includes a main memory 408, preferably random access memory (RAM), and can also include a secondary memory 410.
  • main memory 408 preferably random access memory (RAM)
  • the secondary memory 410 can include, for example, a hard disk drive 412 and /or a removable storage drive 414, representing a floppy disk drive, a magnetic tape drive, an optical disk drive, etc.
  • the removable storage drive 414 reads from and /or writes to a removable storage unit 418 in a well known manner.
  • Removable storage unit 418 represents a floppy disk, magnetic tape, optical disk, etc. which is read by and written to by removable storage drive 414.
  • the removable storage unit 418 includes a computer usable storage medium having stored therein computer software and /or data.
  • secondary memory 410 may include other similar means for allowing computer programs or other instructions to be loaded into computer system 400.
  • Such means can include, for example, a removable storage unit 422 and an interface 420. Examples of such include a program cartridge and cartridge interface (such as that found in video game devices), a removable memory chip (such as an EPROM, or PROM) and associated socket, and other removable storage units 422 and interfaces 420 which allow software and data to be transferred from the removable storage unit 418 to computer system 400.
  • Computer system 400 can also include a communications interface 424.
  • Communications interface 424 allows software and data to be transferred between computer system 400 and external devices.
  • Examples of communications interface 424 can include a modem, a network interface (such as an Ethernet card), a communications port, a PCMCIA slot and card, etc.
  • Software and data transferred via communications interface 424 are in the form of signals which can be electronic, electromagnetic, optical or other signals capable of being received by communications interface 424. These signals 426 are provided to communications interface 424 via a channel 428. This channel
  • 428 carries signals 426 and can be implemented using wire or cable, fiber optics, a phone line, a cellular phone link, an RF link and other communications channels.
  • computer program medium and “computer usable medium” are used to generally refer to media such as removable storage device 418, a hard disk installed in hard disk drive 412, and signals 426. These computer program products are means for providing software to computer system 400.
  • Computer programs are stored in main memory 408 and/or secondary memory 410. Computer programs can also be received via communications interface 424. Such computer programs, when executed, enable the computer system 400 to perform the features of the present invention as discussed herein. In particular, the computer programs, when executed, enable the processor 404 to perform the features of the present invention. Accordingly, such computer programs represent controllers of the computer system 400.
  • the software may be stored in a computer program product and loaded into computer system 400 using removable storage drive 414, hard drive 412 or communications interface 424.
  • the control logic when executed by the processor 404, causes the processor 404 to perform the functions of the invention as described herein.
  • the invention is implemented primarily in hardware using, for example, hardware components such as application specific integrated circuits (ASICs). Implementation of the hardware state machine so as to perform the functions described herein will be apparent to persons skilled in the relevant art(s). In yet another embodiment, the invention is implemented using a combination of both hardware and software. Memory Fill
  • Hash functions work best when supplied by varying data. Hash functions are weakened when the pre-image contains "empty space" populated by all ones, all zeros, or a repeating pattern. Such empty space occurs often when a memory, such as a ROM, is programmed with embedded software. ROMs are commercially available only in a few pre-determined capacities, such as one megabyte, two megabytes, and the like. Because the software is unlikely to fill such a ROM completely, empty space is likely to occur. In a preferred embodiment of the present invention, the empty space within memory 108 of responder 102 is populated with a predetermined bit pattern, such as a random bit pattern. The pre-image for the hash function then includes the embedded software and the predetermined bit pattern. Such a varied pre-image increases the likelihood that no two hash digests will be the same. This process makes the responder's response to the challenger more difficult to emulate.
  • the present invention is ideal for performing a software update for a remote terminal.
  • the updating authority that is, challenger 122
  • the updating authority has access to a copy of the contents of the memory 108 of responder 102, including the unique identifier associated with the terminal. These values are used as described above to authenticate the identity of responder 102 and to determine the version of the embedded software in responder memory 108.
  • the unique identifier is used by both challenger 122 and responder 102 in establishing a secure encryption key and /or in generating an initialization vector.
  • the software update code is encrypted using the key and/or vector before it is sent to responder 102 over unprotected channel 130. This process guarantees that only the authenticated responder 102 receives the software update. Such a system is especially useful where commercial software updates are purchased on an individual terminal basis.
  • the present invention is also ideal for ensuring that a responder 102 is loaded with the proper software during its manufacture. At some point during the manufacturing process, memory 108 is loaded with the embedded software for the responder.
  • the present invention can be used to verify that the proper software has been successfully loaded into the responder. Significantly, this test can occur over an unprotected channel on the factory floor.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé, un appareil, et un produit programme informatique permettant d'authentifier un logiciel intégré dans la mémoire d'un émetteur de réponses sur un canal non protégé. Le procédé de cette invention consiste tout d'abord à émettre une demande de vérification et une valeur unique d'un interrogateur audit émetteur de réponses, par l'intermédiaire du canal non protégé, puis à traiter le logiciel intégré et la valeur au moyen d'une fonction hachage cryptographique afin de produire une chaîne de sortie de hachage, ledit logiciel intégré comprenant un identificateur unique. Ce procédé consiste ensuite à transmettre cette chaîne de sortie de hachage à l'interrogateur, puis à traiter une copie du logiciel intégré et de la valeur au moyen de la fonction hachage cryptographique, afin de produire une chaîne de sortie de hachage de vérification. Ce procédé consiste enfin à authentifier le logiciel intégré si la chaîne de sortie de hachage reçue et la chaîne de sortie de hachage vérifiée correspondent.
PCT/US1999/021299 1998-09-18 1999-09-15 Procede et appareil pour authentifier un logiciel integre dans une unite a distance sur un canal de communication Ceased WO2000018162A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU60428/99A AU6042899A (en) 1998-09-18 1999-09-15 Method and apparatus for authenticating embedded software in a remote unit over a communications channel

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15624098A 1998-09-18 1998-09-18
US09/156,240 1998-09-18

Publications (1)

Publication Number Publication Date
WO2000018162A1 true WO2000018162A1 (fr) 2000-03-30

Family

ID=22558711

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/021299 Ceased WO2000018162A1 (fr) 1998-09-18 1999-09-15 Procede et appareil pour authentifier un logiciel integre dans une unite a distance sur un canal de communication

Country Status (2)

Country Link
AU (1) AU6042899A (fr)
WO (1) WO2000018162A1 (fr)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002065258A3 (fr) * 2001-02-13 2003-08-28 Qualcomm Inc Procede et appareil pour authentifier un logiciel integre dans une unite a distance sur un canal de communication
WO2003088697A1 (fr) * 2002-04-17 2003-10-23 Deutsche Telekom Ag Procede et dispositif de communication pour la signature electronique d'un message dans un telephone radio mobile
WO2003100583A1 (fr) * 2002-05-28 2003-12-04 Symbian Limited Code executable par un support amovible inviolable
WO2005066736A1 (fr) * 2003-12-31 2005-07-21 Honeywell International Inc. Authentification de donnees et detection de violation
GB2416956A (en) * 2004-07-29 2006-02-08 Nec Technologies Method of testing integrity of a mobile radio communications device and related apparatus
WO2006116871A3 (fr) * 2005-05-05 2006-12-21 Certicom Corp Authentification de retroinstallation sur un micrologiciel
DE102007007481A1 (de) * 2007-02-15 2008-08-21 Giesecke & Devrient Gmbh Verfahren zur Analyse einer Softwarekonfiguration eines tragbaren Datenträgers
US7882352B2 (en) * 2002-05-28 2011-02-01 Nokia Corporation Secure mobile wireless device
WO2014048630A1 (fr) * 2012-09-28 2014-04-03 Siemens Aktiengesellschaft Test d'intégrité de données sur les propriétés d'un appareil par un appareil de test
EP2639726A4 (fr) * 2010-11-10 2014-09-03 Toshiba Kk Système fournisseur de services et dispositif d'unité
US20150195289A1 (en) * 2012-02-07 2015-07-09 Visa International Service Association Mobile human challenge-response test
JP2017532837A (ja) * 2014-08-25 2017-11-02 ホアウェイ・テクノロジーズ・カンパニー・リミテッド プレアソシエーションサービスディスカバリのためのシステムおよび方法
US11036863B2 (en) 2017-08-01 2021-06-15 Dell Products, L.P. Validating an image using an embedded hash in an information handling system
EP4468186A4 (fr) * 2022-02-22 2025-10-01 Ntt Inc Système d'authentification, dispositif de génération, procédé de génération et programme de génération

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5398285A (en) * 1993-12-30 1995-03-14 Motorola, Inc. Method for generating a password using public key cryptography
US5442645A (en) * 1989-06-06 1995-08-15 Bull Cp8 Method for checking the integrity of a program or data, and apparatus for implementing this method
WO1998010611A2 (fr) * 1996-09-05 1998-03-12 Ericsson Inc. Systeme destine a empecher toute tentative de manipulation frauduleuse d'une memoire electronique

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5442645A (en) * 1989-06-06 1995-08-15 Bull Cp8 Method for checking the integrity of a program or data, and apparatus for implementing this method
US5398285A (en) * 1993-12-30 1995-03-14 Motorola, Inc. Method for generating a password using public key cryptography
WO1998010611A2 (fr) * 1996-09-05 1998-03-12 Ericsson Inc. Systeme destine a empecher toute tentative de manipulation frauduleuse d'une memoire electronique

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LEIN HARN ET AL: "A SOFTWARE AUTHENTICATION SYSTEM FOR INFORMATION INTEGRITY", COMPUTERS & SECURITY. INTERNATIONAL JOURNAL DEVOTED TO THE STUDY OF TECHNICAL AND FINANCIAL ASPECTS OF COMPUTER SECURITY,NL,ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM, vol. 11, no. 8, 1 December 1992 (1992-12-01), pages 747-752, XP000332279, ISSN: 0167-4048 *

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002065258A3 (fr) * 2001-02-13 2003-08-28 Qualcomm Inc Procede et appareil pour authentifier un logiciel integre dans une unite a distance sur un canal de communication
WO2003088697A1 (fr) * 2002-04-17 2003-10-23 Deutsche Telekom Ag Procede et dispositif de communication pour la signature electronique d'un message dans un telephone radio mobile
US7882352B2 (en) * 2002-05-28 2011-02-01 Nokia Corporation Secure mobile wireless device
WO2003100583A1 (fr) * 2002-05-28 2003-12-04 Symbian Limited Code executable par un support amovible inviolable
JP2005527905A (ja) * 2002-05-28 2005-09-15 シンビアン リミテッド 実行可能なコードを格納するタンパーエビデントな取り外し可能な媒体
US8205094B2 (en) * 2002-05-28 2012-06-19 Nokia Corporation Tamper evident removable media storing executable code
WO2005066736A1 (fr) * 2003-12-31 2005-07-21 Honeywell International Inc. Authentification de donnees et detection de violation
US8407479B2 (en) 2003-12-31 2013-03-26 Honeywell International Inc. Data authentication and tamper detection
GB2416956A (en) * 2004-07-29 2006-02-08 Nec Technologies Method of testing integrity of a mobile radio communications device and related apparatus
GB2416956B (en) * 2004-07-29 2007-09-19 Nec Technologies Method of testing integrity of a mobile radio communications device and related apparatus
WO2006116871A3 (fr) * 2005-05-05 2006-12-21 Certicom Corp Authentification de retroinstallation sur un micrologiciel
US8566791B2 (en) 2005-05-05 2013-10-22 Blackberry Limited Retrofitting authentication onto firmware
CN101218588B (zh) * 2005-05-05 2010-05-19 塞尔蒂卡姆公司 具有可认证的固件的附件设备及布置和认证该固件的方法
DE102007007481A1 (de) * 2007-02-15 2008-08-21 Giesecke & Devrient Gmbh Verfahren zur Analyse einer Softwarekonfiguration eines tragbaren Datenträgers
EP2639726A4 (fr) * 2010-11-10 2014-09-03 Toshiba Kk Système fournisseur de services et dispositif d'unité
US9705893B2 (en) * 2012-02-07 2017-07-11 Visa International Service Association Mobile human challenge-response test
AU2017203608B2 (en) * 2012-02-07 2018-09-20 Visa International Service Association Mobile human challenge-response test
US20150195289A1 (en) * 2012-02-07 2015-07-09 Visa International Service Association Mobile human challenge-response test
WO2014048630A1 (fr) * 2012-09-28 2014-04-03 Siemens Aktiengesellschaft Test d'intégrité de données sur les propriétés d'un appareil par un appareil de test
US9674216B2 (en) 2012-09-28 2017-06-06 Siemens Aktiengesellschaft Testing integrity of property data of a device using a testing device
CN104662555A (zh) * 2012-09-28 2015-05-27 西门子公司 通过检验设备对设备特性数据的完整性的检验
JP2017532837A (ja) * 2014-08-25 2017-11-02 ホアウェイ・テクノロジーズ・カンパニー・リミテッド プレアソシエーションサービスディスカバリのためのシステムおよび方法
US10250698B2 (en) 2014-08-25 2019-04-02 Futurewei Technologies, Inc. System and method for securing pre-association service discovery
US11036863B2 (en) 2017-08-01 2021-06-15 Dell Products, L.P. Validating an image using an embedded hash in an information handling system
EP4468186A4 (fr) * 2022-02-22 2025-10-01 Ntt Inc Système d'authentification, dispositif de génération, procédé de génération et programme de génération

Also Published As

Publication number Publication date
AU6042899A (en) 2000-04-10

Similar Documents

Publication Publication Date Title
US7506381B2 (en) Method for securing an electronic device, a security system and an electronic device
US7437574B2 (en) Method for processing information in an electronic device, a system, an electronic device and a processing block
US8600056B2 (en) Method and system for controlling the locking/unlocking of the network access functions of a multifunction terminal
EP0977451B1 (fr) Vérification d'un transfert de données basé sur des codes d'identification uniques
CN107085675B (zh) 受控安全代码验证
US20060059547A1 (en) Method of verifying downloaded software and corresponding device
JP4488354B2 (ja) 電子機器へのデータのローディング方法
KR101324891B1 (ko) 코드 및 데이터 서명을 개선하기 위한 방법 및 장치
US20050091501A1 (en) Loading data into a mobile terminal
WO2000018162A1 (fr) Procede et appareil pour authentifier un logiciel integre dans une unite a distance sur un canal de communication
WO2002065258A2 (fr) Procede et appareil pour authentifier un logiciel integre dans une unite a distance sur un canal de communication
US20060190996A1 (en) Apparatus and system for remotely verifying integrity of memory for mobile platform, and method therefor
WO2022017314A1 (fr) Procédé, appareil, système et support de stockage pour la lecture d'informations
WO2000072149A1 (fr) Verification prealable d'applications dans un environnement informatique mobile
US20040111618A1 (en) Software integrity test
CN112805702B (zh) 仿冒app识别方法及装置
US9571489B2 (en) System and method for performing commands from a remote source
CN114143197B (zh) 物联网设备ota升级方法、装置、设备及可读存储介质
US7287161B2 (en) Method and system for testing a program, and a device
KR20050058653A (ko) 이동통신 단말기의 인증방법
KR20070017455A (ko) 프로세서 내에서의 보호된 리소스들로의 억세스에 대한안전한 보호 방법
KR20180060814A (ko) 어플리케이션의 무결성을 검증하기 위한 어플리케이션 서버 및 그 제어 방법
KR20040073125A (ko) 이동 통신 단말기의 인증 방법

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase