Communication apparatus, first communication apparatus, method of communication apparatus, and method of first communication apparatus
US-2024406188-A1 · Dec 5, 2024 · US
System and method for verifying integrity of software package in mobile terminal
US9832651B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9832651-B2 |
| Application number | US-76187410-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 16, 2010 |
| Priority date | May 8, 2009 |
| Publication date | Nov 28, 2017 |
| Grant date | Nov 28, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and system for verifying integrity of a software package in a mobile terminal is provided. The method includes receiving a catalog of available software packages from a distributor and displaying the catalog, if a desired software package to be installed is selected from the displayed catalog, acquiring a software package IDentifier (ID) corresponding to the selected software package from the catalog, transmitting the software package ID to the distributor to receive the selected software package corresponding to the software package ID and to transmit the software package ID to a verification authority, receiving, from the verification authority, integrity evidence information corresponding to the software package ID and verifying the integrity of the selected software package, and outputting a notification for notifying a user of a result of the verification and managing the selected software package according to a received user selection.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for verifying integrity of a software package in a mobile terminal, the method comprising: acquiring a software package identifier (ID) corresponding to a software package selected from a catalog of available software packages, wherein the catalog of available software packages is received from a distribution computer; transmitting the software package ID to the distribution computer and a verification computer; receiving the selected software package and second integrity evidence information corresponding to the software package ID from the distribution computer; receiving first integrity evidence information from the verification computer; determining whether integrity of the selected software package is verified by comparing the second integrity evidence information, received from the distribution computer, with the first integrity evidence information; and outputting a notification for notifying a user of a result of the determination and managing the selected software package according to a received selection, wherein the determining whether integrity of the selected software package is verified comprises: determining whether the second integrity evidence information, received from the distribution computer, is equivalent to the first integrity evidence information, received from the verification computer, by comparing the second integrity evidence information with the first integrity evidence information; if the second integrity evidence information, received from the distribution computer, is equivalent to the first integrity evidence information, received from the verification computer, determining that the integrity of the selected software package is verified; and if the second integrity evidence information, received from the distribution computer, is not equivalent to the first integrity evidence information, received from the verification computer, determining that the integrity of the selected software package is not verified, wherein the first integrity evidence information and the second integrity evidence information include a hash value of an encrypted hash function that is executed in the selected software package. 2. The method of claim 1 , further comprising: requesting the distribution computer to provide the catalog of available software packages if a user-request for a catalog for a desired software package is received; receiving the catalog generated by the distribution computer in response to the request; and displaying the catalog received from the distribution computer. 3. The method of claim 1 , wherein the first integrity evidence information is received from the verification computer, if the first integrity evidence information corresponding to the software package ID is found by the verification computer. 4. The method of claim 3 , further comprising: receiving information indicating that the first integrity evidence information does not exist from the verification computer, if the first integrity evidence information is not found by the verification computer. 5. The method of claim 1 , wherein managing the selected software package comprises: outputting the notification to notify the user that the integrity of the selected software package is verified, if it is determined that the integrity of the selected software package is verified; and proceeding with installation of the selected software package upon receiving a user-request to install the selected software package. 6. The method of claim 1 , wherein managing the selected software package comprises: notifying the user that the integrity of the selected software package is not verified, if it is determined that the integrity of the selected software package is not verified; and proceeding with installation of the selected software package upon receiving a user-request to install the selected software package. 7. The method of claim 1 , wherein managing the selected software package comprises: outputting the notification to notify the user that the integrity of the selected software package is not verified, if it is determined that the integrity of the selected software package is not verified; and deleting the selected software package upon receiving a user-request to delete the selected software package. 8. The method of claim 1 , wherein first integrity evidence information of each of the available software packages is generated by the verification computer, if each of the available software packages complies with a specification of each of the available software packages and is stored in the verification computer. 9. The method of claim 8 , wherein the first integrity evidence information is generated by the verification computer and transmitted to the distribution computer. 10. The method of claim 8 , wherein the first integrity evidence information and the software package ID are transmitted from the verification computer to a developer of the selected software package. 11. The method of claim 10 , wherein the developer transmits the software package ID, a software package corresponding to the software package ID, and the first integrity evidence information for the software package to the distribution computer, and the distribution computer stores the software package ID, the software package, and the first integrity evidence information for the software package transmitted from the developer. 12. The method of claim 1 , wherein the selected software package is received from the distribution computer through at least one of wired communication and wireless communication. 13. A mobile terminal for verifying integrity of a software package in the mobile terminal, the mobile terminal comprising: a communication unit configured to receive a catalog of available software packages from a distribution computer; and a processor configured to: acquire a software package identifier (ID) corresponding to a software package selected from the catalog, transmit the software package ID to the distribution computer and a verification computer via the communication unit, receive the selected software package and second integrity evidence information corresponding to the software package ID from the distribution computer via the communication unit, determine whether integrity of the selected software package is verified by comparing the second integrity evidence information, received from the distribution computer, with first integrity evidence information if the first integrity evidence information is received from the verification computer, and output a notification for notifying a user of a result of the determination and manage the selected software package according to a received selection, wherein the processor is further configured to: determine whether the second integrity evidence information, received from the distribution computer, is equivalent to the first integrity evidence information, received from the verification computer, by comparing the second integrity evidence information with the first integrity evidence information, determine that the integrity of the selected software package is verified if the second integrity evidence information, received from the distribution computer, is equivalent to the first integrity evidence information, received from the verification computer, and determine that the integrity of the selected software package is not verified if the second integrity evidence information, received from the distribution computer, is not equivalent to the first integrity evidence information, received from the verification computer, wherein the first integrity evidence information an
Assignees
Inventors
Classifications
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
- H04W12/10Primary
Integrity · CPC title
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
Protecting application or service provisioning, e.g. securing SIM application provisioning · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9832651B2 cover?
- A method and system for verifying integrity of a software package in a mobile terminal is provided. The method includes receiving a catalog of available software packages from a distributor and displaying the catalog, if a desired software package to be installed is selected from the displayed catalog, acquiring a software package IDentifier (ID) corresponding to the selected software package f…
- Who is the assignee on this patent?
- Korkishko Tymur, Lee Kyung-Hee, Samsung Electronics Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04W12/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).