METHOD AND DEVICE FOR PROVIDING VERIFYING APPLICATION INTEGRITY

US 20170270319A1
Filed: 11/26/2015
Published: 09/21/2017
Est. Priority Date: 11/28/2014
Status: Abandoned Application

First Claim

Patent Images

1. A device for processing an application, the device comprising:

a communications interface configured to receive the application;

memory configured to store the application and a signed checksum; and

a hardware processing unit configured to;

modify the application to obtain a modified application;

send a checksum generated for the modified application to a trusted entity;

receive a signed checksum from the trusted entity, the signed checksum corresponding to the sent checksum; and

store the signed checksum in the memory.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device downloads and installs an APK file for the application, during which the code is modified. A checksum for the modified code is sent to a trusted entity that checks that the received checksum matches a stored checksum for the application. If so, the received checksum is signed and returned to the device where it is stored. The device can then check the integrity of the modified code by calculating a checksum for the modified code that is compared to the signed checksum. The solution is particularly suitable for devices using the Android OS since the DEX during installation is optimized to an ODEX for which there is no certified checksum.

24 Citations

View as Search Results

15 Claims

1. A device for processing an application, the device comprising:
- a communications interface configured to receive the application;
  
  memory configured to store the application and a signed checksum; and
  
  a hardware processing unit configured to;
  
  modify the application to obtain a modified application;
  
  send a checksum generated for the modified application to a trusted entity;
  
  receive a signed checksum from the trusted entity, the signed checksum corresponding to the sent checksum; and
  
  store the signed checksum in the memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The device of claim 1, wherein the application is received with a first checksum and wherein the hardware processing unit is further configured to use the first checksum to verify the integrity of the application.
  - 3. The device of claim 1, wherein the hardware processing unit is further configured to use the signed checksum to verify the integrity of the modified application at runtime of the modified application.
  - 4. The device of claim 1, wherein the application is implemented as interpreted code and the modified application is implemented as an optimized interpreted code or as a native code.
  - 5. The device of claim 4, wherein the processing unit is configured to replace a checksum for the interpreted code with the signed checksum in a header for the interpreted code or the optimized interpreted code.
  - 6. The device of claim 1, wherein the device is a smartphone or a tablet.
  - 7. The device of claim 1, wherein the trusted entity is implemented in the device.
  - 8. The device of claim 7, wherein the trusted entity is configured to store at least one checksum for the application, to verify that the checksum for the modified application matches a stored checksum for the application, and to use a signing key to sign the checksum for the modified application.
  - 9. The device of claim 8, wherein the signing key is protected using software protection techniques.
  - 10. The device of claim 1, wherein the trusted entity is a separate device and wherein the communications interface is further configured to receive the checksum for the modified application from the hardware processing unit and send the checksum for the modified application to the trusted entity, and to receive the signed checksum from the trusted entity and send the signed checksum to the hardware processing unit.
  - 11. The device of claim 1, wherein the hardware processing unit is further configured to send an activation code for the application together with the checksum for the modified application.
  - 12. The device of claim 1, wherein the hardware processing unit is configured to receive the signed checksum together with a signing certificate.

13. A method for processing an application comprising at a device:
- receiving by a communications interface the application;
  
  modifying by a hardware processor the application to obtain a modified application;
  
  sending by the hardware processor via the communications interface a checksum generated for the modified application to a trusted entity;
  
  receiving by the hardware processor via the communications interface a signed checksum from the trusted entity, the signed checksum corresponding to the sent checksum; and
  
  storing by the hardware processor the signed checksum in memory.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein receiving the application further comprises receiving a first checksum and wherein the method further comprises using by the hardware processor the first checksum to verify the integrity of the application.
  - 15. The method of claim 13, further comprising using by the hardware processor the signed checksum to verify the integrity of the modified application at runtime of the modified application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
Thomson Licensing (Vantiva SA)
Inventors
SALMON-LEGAGNEUR, Charles, KARROUMI, Mohamed

Application Number

US15/531,434
Publication Number

US 20170270319A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1004   to protect a block of data ...

G06F 21/51   at application loading time...

G06F 21/64   Protecting data integrity, ...

G06F 21/645   using a third party

H04L 2209/64   Self-signed certificates

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

H04L 9/50   using hash chains, e.g. blo...

METHOD AND DEVICE FOR PROVIDING VERIFYING APPLICATION INTEGRITY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND DEVICE FOR PROVIDING VERIFYING APPLICATION INTEGRITY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links