WO2000072149A1 - Pre-verification of applications in mobile computing - Google Patents
Pre-verification of applications in mobile computing Download PDFInfo
- Publication number
- WO2000072149A1 WO2000072149A1 PCT/US2000/011437 US0011437W WO0072149A1 WO 2000072149 A1 WO2000072149 A1 WO 2000072149A1 US 0011437 W US0011437 W US 0011437W WO 0072149 A1 WO0072149 A1 WO 0072149A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- list
- digital
- digital fingerprint
- application program
- application
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Definitions
- This invention relates to verification of application software and applets (generally referred to as applications) prior to running on a processor in a mobile computing environment, for the purposes of insuring that an application is appropriately authorized from a security point of view, whether for system security or other purposes.
- a software vendor is provided with an encryption key that permits the vendor to generate a certificate that has a digital signature generated from the encryption key.
- a user of the software from that software vendor can verify that the software has originated from the authorized vendor by checking the digital signature of the accompanying certificate.
- the certificate is typically a fixed-length "hash" of the software encrypted with the encryption key.
- the user is able to verify the signature because the user is provided with an encryption key from the same security domain as the encritypion key of the vendor, i.e. the two encryption keys share the same route key. The user is therefore able to verify that the digital certificate originates from the authorized security domain.
- the process of verifying a signature of a digital signature is time consuming.
- the process of using the mobile device is degraded in its speed performance. This becomes particularly noticeable if a device is started up and, upon power up, several applications have to be launched and the signatures of all the applications have to be verified. It is a particular need in the mobile computing environment that time to operation upon power-up is minimized. There is a need for a faster method of verifying the authenticity of an application and maintaining security upon application launch, while avoiding the need for lengthy signature verification processes.
- FIG. 1 is block diagram illustrating a mobile computing device in communications with a mobile communications network.
- FIG. 2 is a flow diagram of a process performed by an issuer of a subscriber identity module (SIM).
- FIG. 3 is a flow diagram of a process performed in the mobile communications device of Fig. 1.
- SIM subscriber identity module
- FIG. 4 is a second program performed by the communications device of FIG. 1 , upon receipt of a certification configuration message (CCM).
- CCM certification configuration message
- FIG. 5 is a message format diagram illustrating the format of a CCM message.
- a mobile communications device 10 comprising a transceiver radio 11 , a microprocessor 12 and a program memory 13. Other elements of the mobile communications device 10 are not illustrated but are well known in the art.
- the communications device 10 has a subscriber identity module (SIM) 15 that is typically in the form of a miniature smart card that slots into a receiving slot in the communications device 10.
- SIM subscriber identity module
- the radio 11 is in radio communications with a base station 20 that has a central controller 21.
- FIG. 1 Also illustrated in FIG. 1 in the microprocessor 12 is a hash code generator 14, a program execution process 22, a comparison element 23, an encryption key register 25 and a cryptographic process 26, all implemented in software. Also illustrated is an application 30 stored in the program memory 13. The application 30 has a digital certificate 31 that is a "signed" hash of the application 30. Illustrated in SIM 15 is a list 33 of authorized applications. Further illustrated in FIG. 1 are certain elements of information passing from the base station 20 to the radio 11 , including an application 40 and a certification configuration message 41.
- the mobile communications device 10 is powered up and applications are loaded from the program memory 13 into the microprocessor 12.
- applications For running of an application, a check is made against the list 33 in the SIM 15 to verify whether the application is authorized for running.
- New applications 40 can be received over the air from the base station 20 and stored in program memory 13.
- Configuration change messages 41 can be received from the central control 21 via the base station 20. Other operations and processes are performed that need not be described in detail.
- a list 33 is generated and loaded in the SIM.
- the process of FIG. 2 is performed by the entity issuing the SIM to the subscriber.
- a hash is created by a hash code generator (equivalent to hash code generator 14) of any executable object that is to be permitted to be run on the microprocessor 12.
- This hash is created in step 101 by passing the executable code of the object through a hash generator such as a SHA1 hash generator in a manner known in the art.
- the hash code generator performs a mathematical one-way function on the executable code that has two properties: 1 ) from an arbitrary number of bytes, of input, a finite number of bits of output are generated (e.g. 160 bits) whereby virtually no two inputs give the same output and 2) from an output it is not possible to discern the input.
- the resultant hash code is much shorter than the object itself, but is of sufficient length that is virtually unreproduceable.
- the creation of a hash of an executable object is also referred to as creation of an executable object "fingerprint".
- the hash used is of the same type as that used for signing a digital signature of a new object.
- step 102 the hash code is stored in a protected verified application list 33 in the SIM 15.
- the process of FIG. 2 is executed for every object (application, applet or other object) to be run on the microprocessor 12.
- step 201 Upon the start of the process at step 200, and upon launching of the application or downloading of the applet (step 201 ), a hash is created of the application or applet in step 202 using the hash generator 14. This hash is again the same hash as would be used for computing the digital signature of the application or applet. In step 204, the hash so created is checked by comparison element 23 against the verified application list 33.
- step 206 If the hash value (digital fingerprint) is present in the list (step 206) and if the entry has not expired (step 208), the application or applet is launched in step 210.
- a counter is decremented (or incremented) for that application or applet in step 212 each time it is executed.
- step 206 If no list entry for the object is present (step 206) or if the entry for the object has expired (step 208) full signature verification is performed by cryptographic process 26 in step 220.
- full signature verification the hash already created is one of the inputs of the public key cryptographic process 26 that performs processor-intensive cryptography.
- the digital signature of the application is successfully verified, the application is executed by execute process 22 in step 210.
- the hash of the application is added to the list 33 (as shown by the dashed line in FIG. 1 ). If the digital signature is not verified in step 222, the application is not launched and the process ends at step 230, ready for launch of the next application.
- step 212 the counter (not shown in FIG.1) for that entry is decremented (or incremented) and when the counter reaches zero (or reaches a threshold respectively), step 208 will indicate that the entry has expired when it is next launched.
- the list 33 preferably has a maximum size and a prioritization scheme is used to determine which applications to delete when the list is full and a new entry is added to the list.
- a pointer is stored with the application, pointing to the entry in the list for the authorizing certificate. This avoids having to invalidate the entire verified-application list when a new CCM arrives.
- a list 34 of trusted third party (TTP) certificates is maintained is the SIM 15 or in the mobile device 10.
- This list includes the certificates of all third parties that are trusted by the user of the communication device 10.
- multiple software vendors may be trusted, all authorized by a common root entity in a common security domain, where the root entity is in position of the root key, the trusted third parties certificates are signed with signatures derived from the root key and the TTP list 34 in the mobile device has corresponding digital signatures that it can use to verify the signatures of the TTP certificates.
- the list entries in list 34 contain certificate fingerprints in the form of hashes of the encoded sign certificates.
- the full hash output for the specified algorithm must be used to generate the fingerprint.
- a list generator checks to insure that no two list entries match when a list is created.
- the fingerprint hash is computed over the ASN.1 encoded signed certificate object, first octet to last octet.
- the hash is computed over the signed WTLS certificate in network transmission format, first octet to last octet.
- the signature type and length are indicated by the administrator certificate, which must be present on the device. If no administrator certificate is on the device or the signature does not verify, the message is rejected.
- step 504 a check is performed to check that the CCM is valid. If no administrator certificate is present in the mobile communications device 10 or its SIM 15, or if the administrator certificate signature does not verify with the signature of the CCM 41 , the message is rejected in step 506.
- the communications device 10 begins a scan through the trusted third certificate party list 34 (step 510). At the beginning of a scan, a counter "n" is set to one (step 512). If, for a given certificate in the TTP list 34, there is no stored fingerprint, a fingerprint for that entry "n" is computed in step 514. In step 516, a check is carried out to check whether a fingerprint for an authorized TTP in the CCM message matches a fingerprint in the TTP list 34. If it does not match, the certificates in the TTP list 34 is disabled in step 518. If the fingerprint stored in the list 34 matches the fingerprint received in the CCM 41 , the certificate is enabled in step 520.
- the scan continues in a simple loop counter manner by checking step 522 whether the counter n has reached its maximum value N. If not, the counter is incremented in step 528 and the next fingerprint is checked (with pre-computation of that fingerprint if necessary). When the last fingerprint in the list has been checked, the process ends at step 530.
- the format of a CCM message is illustrated in FIG. 5.
- the CCM is either periodically fetched from the central controller 21 or downloaded by the central controller 21 to the device 10.
- the following is a table of the elements illustrated in FIG. 5.
- "Version” is the version number of the security specification (e.g. version 1 )
- certificateAdvice is enumerated ⁇ enable-all (0), disable-all (1 ), enable-list (2), disable-list (3) ⁇
- listLength is the total length of the following list and must be sent as zero when certificateAdvice is enable-all or disable-all.
- “hashType” is enumerated ⁇ md5 (0), sha-1 (1 ) ⁇
- hashLength is the number of octets output by the selected hash type (16 for MD5 and 20 for SHA-1 ).
- a record must be kept of the domain that authorized a given application. If a CCM message is received while applications are currently running, a check must be made that any applications no longer in the trusted domain have their permissions reconfigured appropriately.
- the format for entry in list 34 is: one octet hashType; 2 octets permissions; and a number of octets of hash value equivalent in length to the hashLength.
- Three type of certificates are provided for: 1 .) operator, 2.) manufacturer, and 3.) trusted third party. It is not necessary that all types be present but the operator and manufacturer root certificates must be present for these domains to be enabled.
- the manufacturer may load initial third party certificates on the device. Further certificates may be downloaded to the device as signed wireless application protocol (WAP) or world wide web (WWW) content. Downloaded certificates must be verified by an existing trusted certificate and are placed in the domain defined by the root certificate at the top of the verification chain for the downloaded certificate.
- Third party root certificates should be in protected memory. All third party certificates are subject to restrictions imposed by valid certificate configuration messages.
- New third party root certificates may be downloaded as signed WAP or WWW content.
- the signature on the content should be of a device administrator.
- the manufacturer root certificate is pre-loaded in protected, preferably read only, memory on the device at manufacture time.
- the manufacturer should include a mechanism to re-key the device due to key compromise. Since the manufacturer root is preferably in read only memory this can be accomplished by having multiple root certificates stored and switching between them with a proprietary change message.
- the operator root certificate is provided on the SIM if support for certificate storage on the SIM exists.
- the operator root may be downloaded using the root download procedure described below. Certificates below a given root are installed in files using a hierarchical structure corresponding to the structure of the domain. For single level domains this is equivalent to a directory for each domain; multi-level domains require a hierarchical directory structure.
- the actions that can be performed for a given certificate are: 1.) addition, 2.) deletion, 3.) mark trusted, 4.) mark un-trusted, 5.) modify fine grain access permissions.
- the ability to perform these actions depends no the certificate type being modified as well as the access level of the entity performing the operation.
- Device users may always delete, mark trusted or untrusted, or modify fine grain access permissions for third party certificates. They may add a third party certificate as long as it is certified by an existing trusted certificate.
- the following procedure may be used to download the operator root certificate.
- the operator service center obtains any required information from the customer and starts the certificate download to the device. This download may be accomplished by defining a special SMS message type.
- the device displays the hash of the certificate and a transaction identifier; hash (certificate/transaction identifier).
- the hash type used should be the same as that used for the certificate signature.
- the customer reads this information back to the operator. If this information is correct the provisioning process is complete.
- Alternative methods to download an operator certificate may be used where appropriate but must insure that the certificate is received by the device unaltered.
- a method of operation of a mobile communications device comprising: maintaining a list of application programs and, for each application program, a digital fingerprint of that application program; upon execution of an application program, checking the list for an entry that includes the digital fingerprint of the application program, and executing the application program if the digital fingerprint is present; else performing digital signature verification for the application program if the digital fingerprint is not present in the list.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU46743/00A AU4674300A (en) | 1999-05-25 | 2000-04-28 | Pre-verification of applications in mobile computing |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US31830599A | 1999-05-25 | 1999-05-25 | |
US09/318,305 | 1999-05-25 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2000072149A1 true WO2000072149A1 (en) | 2000-11-30 |
Family
ID=23237596
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/011437 WO2000072149A1 (en) | 1999-05-25 | 2000-04-28 | Pre-verification of applications in mobile computing |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU4674300A (en) |
WO (1) | WO2000072149A1 (en) |
Cited By (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002065803A1 (en) * | 2001-02-09 | 2002-08-22 | Nokia Corporation | Method, network access element and mobile node for service advertising and user authorization in a telecommunication system |
WO2002097620A2 (en) * | 2001-05-31 | 2002-12-05 | Qualcomm Incorporated | Safe application distribution and execution in a wireless environment |
EP1303153A1 (en) * | 2001-10-10 | 2003-04-16 | Vodafone Group PLC | Apparatus and method for selecting software modules in a mobile terminal |
WO2003088053A2 (en) * | 2002-04-15 | 2003-10-23 | Giesecke & Devrient Gmbh | Method for securing a program |
WO2003019337A3 (en) * | 2001-08-27 | 2004-01-29 | Bayerische Motoren Werke Ag | Method for providing software to be used by a control unit of a vehicle |
WO2004042998A1 (en) * | 2002-11-08 | 2004-05-21 | Nokia Corporation | Software integrity test in a mobile telephone |
WO2004079483A2 (en) * | 2003-03-06 | 2004-09-16 | International Business Machines Corporation | Method and apparatus for authorizing execution for applications in a data processing system |
EP1574928A1 (en) * | 2002-12-12 | 2005-09-14 | Fujitsu Limited | Program execution control apparatus, os, client terminal, server, program execution control system, program execution control method, and program execution control program |
JP2005528678A (en) * | 2002-04-18 | 2005-09-22 | アドバンスト・マイクロ・ディバイシズ・インコーポレイテッド | Method for initializing a computer system including a processor capable of operating in a secure execution mode |
WO2005114539A2 (en) * | 2004-05-20 | 2005-12-01 | Computer Associates Think, Inc. | Systems and methods for excluding user specified applications |
GB2415521A (en) * | 2004-05-25 | 2005-12-28 | Hewlett Packard Development Co | Creating a trusted environment in a mobile computing platform |
EP1732263A1 (en) * | 2005-06-07 | 2006-12-13 | Sony Ericsson Mobile Communications AB | Method and apparatus for certificate roll-over |
EP1764721A2 (en) * | 2005-09-15 | 2007-03-21 | NTT DoCoMo INC. | Apparatus and method for controlling access to an external memory |
WO2007062955A1 (en) * | 2005-12-01 | 2007-06-07 | Sony Ericsson Mobile Communications Ab | Secure digital certificate storing scheme for flash memory and electronic apparatus |
DE102006021592A1 (en) * | 2006-05-09 | 2007-07-19 | Siemens Ag | Mobile phone function implementing method, involves implementing called mobile phone function by mobile phone when determined security level of program authorizes call of mobile phone function |
WO2008001060A1 (en) * | 2006-06-29 | 2008-01-03 | Symbian Software Limited | Revoking malware in a computing device |
WO2008096891A1 (en) * | 2007-02-09 | 2008-08-14 | Ntt Docomo, Inc. | Terminal device and software inspecting method |
WO2010131106A1 (en) * | 2009-05-12 | 2010-11-18 | Nokia Corporation | Method, apparatus, and computer program for providing application security |
US8166546B2 (en) * | 2003-03-28 | 2012-04-24 | Minolta Co., Ltd. | Controlling computer program, controlling apparatus, and controlling method for detecting infection by computer virus |
US8191109B2 (en) * | 2006-02-24 | 2012-05-29 | Nokia Corporation | Application verification |
US8296575B2 (en) | 2001-06-29 | 2012-10-23 | Nokia Corporation | Method for protecting electronic device, and electronic device |
US8356351B2 (en) | 2007-01-19 | 2013-01-15 | International Business Machines Corporation | Method and device for verification of code module in virtual machine |
EP2633464A1 (en) * | 2010-10-29 | 2013-09-04 | Nokia Corp. | Software authentication |
EP2684152A1 (en) * | 2011-03-09 | 2014-01-15 | Irdeto B.V. | Method and system for dynamic platform security in a device operating system |
CN103886246A (en) * | 2012-12-22 | 2014-06-25 | 三星电子株式会社 | Method and apparatus for supporting dynamic change of authentication means for secure booting |
CN104243151A (en) * | 2013-06-06 | 2014-12-24 | 中国银联股份有限公司 | Mobile device-based authentication method and authentication apparatus |
WO2017052832A1 (en) * | 2015-09-25 | 2017-03-30 | Qualcomm Incorporated | Techniques for managing certificates on a computing device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5692047A (en) * | 1995-12-08 | 1997-11-25 | Sun Microsystems, Inc. | System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources |
US5717757A (en) * | 1996-08-29 | 1998-02-10 | Micali; Silvio | Certificate issue lists |
US5893118A (en) * | 1995-12-21 | 1999-04-06 | Novell, Inc. | Method for managing globally distributed software components |
US6021492A (en) * | 1996-10-09 | 2000-02-01 | Hewlett-Packard Company | Software metering management of remote computing devices |
-
2000
- 2000-04-28 AU AU46743/00A patent/AU4674300A/en not_active Withdrawn
- 2000-04-28 WO PCT/US2000/011437 patent/WO2000072149A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5692047A (en) * | 1995-12-08 | 1997-11-25 | Sun Microsystems, Inc. | System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources |
US5893118A (en) * | 1995-12-21 | 1999-04-06 | Novell, Inc. | Method for managing globally distributed software components |
US5717757A (en) * | 1996-08-29 | 1998-02-10 | Micali; Silvio | Certificate issue lists |
US6021492A (en) * | 1996-10-09 | 2000-02-01 | Hewlett-Packard Company | Software metering management of remote computing devices |
Non-Patent Citations (1)
Title |
---|
"Computer Dictionary", 1997, MICROSOFT PRESS * |
Cited By (63)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7171198B2 (en) | 2001-02-09 | 2007-01-30 | Nokia Corporation | Method, network access element and mobile node for service advertising and user authorization in a telecommunication system |
WO2002065803A1 (en) * | 2001-02-09 | 2002-08-22 | Nokia Corporation | Method, network access element and mobile node for service advertising and user authorization in a telecommunication system |
USRE48001E1 (en) | 2001-05-31 | 2020-05-19 | Qualcomm Incorporated | Safe application distribution and execution in a wireless environment |
US7099663B2 (en) | 2001-05-31 | 2006-08-29 | Qualcomm Inc. | Safe application distribution and execution in a wireless environment |
US8588766B2 (en) | 2001-05-31 | 2013-11-19 | Qualcomm Incorporated | Safe application distribution and execution in a wireless environment |
WO2002097620A3 (en) * | 2001-05-31 | 2004-05-06 | Qualcomm Inc | Safe application distribution and execution in a wireless environment |
US8112076B2 (en) | 2001-05-31 | 2012-02-07 | Qualcomm Incorporated | Safe application distribution and execution in a wireless environment |
US7684792B2 (en) | 2001-05-31 | 2010-03-23 | Qualcomm Incorporated | Safe application distribution and execution in a wireless environment |
WO2002097620A2 (en) * | 2001-05-31 | 2002-12-05 | Qualcomm Incorporated | Safe application distribution and execution in a wireless environment |
US8296575B2 (en) | 2001-06-29 | 2012-10-23 | Nokia Corporation | Method for protecting electronic device, and electronic device |
WO2003019337A3 (en) * | 2001-08-27 | 2004-01-29 | Bayerische Motoren Werke Ag | Method for providing software to be used by a control unit of a vehicle |
US9262617B2 (en) | 2001-08-27 | 2016-02-16 | Bayerische Motoren Werke Aktiengesellschaft | Method for providing software to be used by a control unit of a vehicle |
EP1303153A1 (en) * | 2001-10-10 | 2003-04-16 | Vodafone Group PLC | Apparatus and method for selecting software modules in a mobile terminal |
DE10216601A1 (en) * | 2002-04-15 | 2003-10-30 | Giesecke & Devrient Gmbh | Program assurance procedures |
WO2003088053A3 (en) * | 2002-04-15 | 2004-04-01 | Giesecke & Devrient Gmbh | Method for securing a program |
WO2003088053A2 (en) * | 2002-04-15 | 2003-10-23 | Giesecke & Devrient Gmbh | Method for securing a program |
JP2005528678A (en) * | 2002-04-18 | 2005-09-22 | アドバンスト・マイクロ・ディバイシズ・インコーポレイテッド | Method for initializing a computer system including a processor capable of operating in a secure execution mode |
WO2004042998A1 (en) * | 2002-11-08 | 2004-05-21 | Nokia Corporation | Software integrity test in a mobile telephone |
US7437563B2 (en) | 2002-11-08 | 2008-10-14 | Nokia Corporation | Software integrity test |
EP1574928A4 (en) * | 2002-12-12 | 2007-11-21 | Fujitsu Ltd | Program execution control apparatus, os, client terminal, server, program execution control system, program execution control method, and program execution control program |
EP1574928A1 (en) * | 2002-12-12 | 2005-09-14 | Fujitsu Limited | Program execution control apparatus, os, client terminal, server, program execution control system, program execution control method, and program execution control program |
US7308578B2 (en) | 2003-03-06 | 2007-12-11 | International Business Machines Corporation | Method and apparatus for authorizing execution for applications in a data processing system |
WO2004079483A2 (en) * | 2003-03-06 | 2004-09-16 | International Business Machines Corporation | Method and apparatus for authorizing execution for applications in a data processing system |
WO2004079483A3 (en) * | 2003-03-06 | 2004-12-09 | Ibm | Method and apparatus for authorizing execution for applications in a data processing system |
US8166546B2 (en) * | 2003-03-28 | 2012-04-24 | Minolta Co., Ltd. | Controlling computer program, controlling apparatus, and controlling method for detecting infection by computer virus |
WO2005114539A2 (en) * | 2004-05-20 | 2005-12-01 | Computer Associates Think, Inc. | Systems and methods for excluding user specified applications |
WO2005114539A3 (en) * | 2004-05-20 | 2006-04-27 | Computer Ass Think Inc | Systems and methods for excluding user specified applications |
US8060867B2 (en) | 2004-05-20 | 2011-11-15 | Computer Associates Think, Inc. | Systems and methods for excluding user specified applications |
GB2415521A (en) * | 2004-05-25 | 2005-12-28 | Hewlett Packard Development Co | Creating a trusted environment in a mobile computing platform |
WO2006131505A1 (en) * | 2005-06-07 | 2006-12-14 | Sony Ericsson Mobile Communications Ab | Method and apparatus for certificate roll-over |
EP1732263A1 (en) * | 2005-06-07 | 2006-12-13 | Sony Ericsson Mobile Communications AB | Method and apparatus for certificate roll-over |
US8028167B2 (en) | 2005-06-07 | 2011-09-27 | Sony Ericsson Mobile Communications Ab | Method and apparatus for certificate roll-over |
EP1764721A3 (en) * | 2005-09-15 | 2007-12-05 | NTT DoCoMo INC. | Apparatus and method for controlling access to an external memory |
EP1764721A2 (en) * | 2005-09-15 | 2007-03-21 | NTT DoCoMo INC. | Apparatus and method for controlling access to an external memory |
US8132262B2 (en) | 2005-09-15 | 2012-03-06 | Ntt Docomo, Inc. | External memory management apparatus and external memory management method |
JP2009517749A (en) * | 2005-12-01 | 2009-04-30 | ソニー エリクソン モバイル コミュニケーションズ, エービー | Secure memory for storing digital certificates for electronic devices and flash memory |
JP4843051B2 (en) * | 2005-12-01 | 2011-12-21 | ソニー エリクソン モバイル コミュニケーションズ, エービー | Secure memory for storing digital certificates for electronic devices and flash memory |
WO2007062955A1 (en) * | 2005-12-01 | 2007-06-07 | Sony Ericsson Mobile Communications Ab | Secure digital certificate storing scheme for flash memory and electronic apparatus |
US8195945B2 (en) | 2005-12-01 | 2012-06-05 | Sony Mobile Communications Ab | Secure digital certificate storing scheme for flash memory and electronic apparatus |
US8191109B2 (en) * | 2006-02-24 | 2012-05-29 | Nokia Corporation | Application verification |
DE102006021592A1 (en) * | 2006-05-09 | 2007-07-19 | Siemens Ag | Mobile phone function implementing method, involves implementing called mobile phone function by mobile phone when determined security level of program authorizes call of mobile phone function |
WO2008001060A1 (en) * | 2006-06-29 | 2008-01-03 | Symbian Software Limited | Revoking malware in a computing device |
US8356351B2 (en) | 2007-01-19 | 2013-01-15 | International Business Machines Corporation | Method and device for verification of code module in virtual machine |
US8392988B2 (en) | 2007-02-09 | 2013-03-05 | Ntt Docomo, Inc. | Terminal device and method for checking a software program |
WO2008096891A1 (en) * | 2007-02-09 | 2008-08-14 | Ntt Docomo, Inc. | Terminal device and software inspecting method |
US8839458B2 (en) | 2009-05-12 | 2014-09-16 | Nokia Corporation | Method, apparatus, and computer program for providing application security |
CN102804194A (en) * | 2009-05-12 | 2012-11-28 | 诺基亚公司 | Method, Apparatus, And Computer Program For Providing Application Security |
WO2010131106A1 (en) * | 2009-05-12 | 2010-11-18 | Nokia Corporation | Method, apparatus, and computer program for providing application security |
CN102804194B (en) * | 2009-05-12 | 2016-01-20 | 诺基亚公司 | For providing method and the device of application security |
EP2633464A1 (en) * | 2010-10-29 | 2013-09-04 | Nokia Corp. | Software authentication |
EP2633464A4 (en) * | 2010-10-29 | 2014-08-20 | Nokia Corp | Software authentication |
US9635048B2 (en) | 2011-03-09 | 2017-04-25 | Irdeto B.V. | Method and system for dynamic platform security in a device operating system |
EP2684152A4 (en) * | 2011-03-09 | 2014-08-20 | Irdeto Bv | Method and system for dynamic platform security in a device operating system |
US10333967B2 (en) | 2011-03-09 | 2019-06-25 | Irdeto B.V. | Method and system for dynamic platform security in a device operating system |
EP2684152A1 (en) * | 2011-03-09 | 2014-01-15 | Irdeto B.V. | Method and system for dynamic platform security in a device operating system |
EP2746982A1 (en) * | 2012-12-22 | 2014-06-25 | Samsung Electronics Co., Ltd | Method and apparatus for supporting dynamic change of authentication means for secure booting |
CN103886246A (en) * | 2012-12-22 | 2014-06-25 | 三星电子株式会社 | Method and apparatus for supporting dynamic change of authentication means for secure booting |
US9971895B2 (en) | 2012-12-22 | 2018-05-15 | Samsung Electronics Co., Ltd. | Method and apparatus for supporting dynamic change of authentication means secure booting |
CN104243151A (en) * | 2013-06-06 | 2014-12-24 | 中国银联股份有限公司 | Mobile device-based authentication method and authentication apparatus |
TWI562653B (en) * | 2013-06-06 | 2016-12-11 | ||
EP3007092A4 (en) * | 2013-06-06 | 2017-01-11 | China Unionpay Co., Ltd | Mobile device-based authentication method and authentication apparatus |
WO2017052832A1 (en) * | 2015-09-25 | 2017-03-30 | Qualcomm Incorporated | Techniques for managing certificates on a computing device |
CN108028760A (en) * | 2015-09-25 | 2018-05-11 | 高通股份有限公司 | For managing the technology of the certificate on computing device |
Also Published As
Publication number | Publication date |
---|---|
AU4674300A (en) | 2000-12-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2000072149A1 (en) | Pre-verification of applications in mobile computing | |
JP4628468B2 (en) | Providing limited access to mobile device functions | |
US8627086B2 (en) | Secure loading and storing of data in a data processing device | |
US7373509B2 (en) | Multi-authentication for a computing device connecting to a network | |
US20080003980A1 (en) | Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof | |
US7886355B2 (en) | Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof | |
US7539868B2 (en) | Run-time firmware authentication | |
US6889212B1 (en) | Method for enforcing a time limited software license in a mobile communication device | |
RU2356169C2 (en) | Affixment of software to hardware with application of cryptography | |
KR100492840B1 (en) | System for preventing electronic memory tampering | |
US20060059547A1 (en) | Method of verifying downloaded software and corresponding device | |
JP4856080B2 (en) | Secure loading and storage of data to data processing equipment | |
JP2000059440A (en) | Verification of data transfer based on specific id code | |
US20030163685A1 (en) | Method and system to allow performance of permitted activity with respect to a device | |
US20040025027A1 (en) | Secure protection method for access to protected resources in a processor | |
US7000117B2 (en) | Method and device for authenticating locally-stored program code | |
EP2171633A1 (en) | Method for remote message attestation in a communication system | |
WO2012067847A1 (en) | System and method for end to end encryption | |
US20030059049A1 (en) | Method and apparatus for secure mobile transaction | |
CN110650478A (en) | OTA method, system, device, SE module, program server and medium | |
WO2002065258A2 (en) | Method and apparatus for authenticating embedded software in a remote unit over a communications channel | |
WO2000018162A1 (en) | Method and apparatus for authenticating embedded software in a remote unit over a communications channel | |
RU2408071C2 (en) | Protected data loading and storage in data processing device | |
CN117176347B (en) | Mobile application certificate verification method and system | |
CN117009948A (en) | Identity credential sharing method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |