Method of authentication at time of update of software embedded in information terminal, system for same and program for same

US 8,612,742 B2
Filed: 11/04/2010
Issued: 12/17/2013
Est. Priority Date: 11/06/2009
Status: Active Grant

First Claim

Patent Images

1. A software update system of an information terminal comprising:

an information terminal;

a software download server connected to the information terminal via a network, the software download server storing update software; and

a security unit communicable with the information terminal via a near field radio network,wherein the software download server creates a time-limited authentication key, computes a hash value of a file included in the update software for each file to create a hash table in which hash values of a file is listed, and encrypts the hash table using the authentication key,the security unit obtains the encrypted hash table and the authentication key from the software download server, andthe information terminal obtains the encrypted hash table from the security unit as a first table, obtains the authentication key from the security unit, determines whether or not a time limit of the authentication key is valid, obtains the encrypted hash table from the software download server as a second table if the time limit is determined to be valid, decrypts the first and second tables using the authentication key, compares the first and second tables after decryption, initiates download of the update software from the software download server if it is determined both the tables are identical to each other, computes a hash value of the downloaded update software as the download is completed, compares the computed hash value with the hash value in either the first or second table after the decryption, and permits activation of the downloaded update software if both hash values are identical to each other.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A load on a server or a network is suppressed at a minimum, the authentication server is not necessary, and download of falsified software is prevented. A server creates a time-limited authentication key, computes a hash value of a file included in update software for each file to create a hash table in which hash values of a file are listed, and encrypts the hash table using the authentication key. A unit obtains the encrypted hash table and the authentication key from a server. An information terminal obtains the encrypted hash table from the unit, obtains the authentication key from the unit, determines whether or not a time limit of the authentication key is valid, obtains the encrypted hash table from the server if the time limit is determined to be valid as a result of the determination, decrypts the tables using the authentication key, compares the tables after decryption, and initiates download of the update software if both the tables are identical to each other.

Citations

10 Claims

1. A software update system of an information terminal comprising:
- an information terminal;
  
  a software download server connected to the information terminal via a network, the software download server storing update software; and
  
  a security unit communicable with the information terminal via a near field radio network,wherein the software download server creates a time-limited authentication key, computes a hash value of a file included in the update software for each file to create a hash table in which hash values of a file is listed, and encrypts the hash table using the authentication key,the security unit obtains the encrypted hash table and the authentication key from the software download server, andthe information terminal obtains the encrypted hash table from the security unit as a first table, obtains the authentication key from the security unit, determines whether or not a time limit of the authentication key is valid, obtains the encrypted hash table from the software download server as a second table if the time limit is determined to be valid, decrypts the first and second tables using the authentication key, compares the first and second tables after decryption, initiates download of the update software from the software download server if it is determined both the tables are identical to each other, computes a hash value of the downloaded update software as the download is completed, compares the computed hash value with the hash value in either the first or second table after the decryption, and permits activation of the downloaded update software if both hash values are identical to each other.
- View Dependent Claims (2, 3)
- - 2. The software update system according to claim 1, wherein the information terminal tries to check existence of the security unit at a constant or inconstant interval until the initiated download is ended, and stops the download if existence of the security unit has not been confirmed as a result of the try.
  - 3. The software update system according to claim 1, wherein the security unit is operable as a mobile terminal, and the mobile terminal is operable as the security unit.

4. An information terminal that updates software embedded therein, wherein the information terminal is configured to:
- obtain an encrypted hash table as a first table from a security unit communicable via a near field radio network, the encrypted hash table being created by a software download server by creating a time-limited authentication key, computing a hash value of a file included in the update software for each file to create a hash table in which hash values of a file are listed, and encrypting the hash table using the authentication key;
  
  obtain the authentication key from the security unit;
  
  determine whether or not a time limit thereof is valid;
  
  obtain the encrypted hash table as a second table from the software download server via a network if the time limit is determined to be valid as a result of the determination;
  
  decrypt the first and second tables using the authentication key;
  
  compare the first and second tables after decryption with each other;
  
  initiate download of the update software from the software download server via a network if both the tables are identical to each other;
  
  compute a hash value of the downloaded update software as the download is completed;
  
  compare the computed hash value with the hash value in either the first or second table after the decryption; and
  
  permit activation of the downloaded update software if both hash values are identical to each other.

5. A method of updating software of an information terminal in a system, the system including the information terminal, a software download server that is connected to the information terminal via a network and stores update software, and a security unit communicable with the information terminal via a near field radio network, the method comprising:
- the software download server creating a time-limited authentication key, computing a hash value of a file included in the update software for each file to create a hash table in which hash values of a file are listed, and encrypting the hash table using the authentication key;
  
  the security unit obtaining the encrypted hash table and the authentication key from the software download server; and
  
  the information terminal obtaining the encrypted hash table as a first table from the security unit, obtaining the authentication key from the security unit, determining whether or not a time limit of the authentication key is valid, obtaining the encrypted hash table as a second table from the software download server if the time limit is determined to be valid as a result of the determination, decrypting the first and second tables using the authentication key, comparing the first and second tables after decryption, initiating download of the update software from the software download server if both the tables are identical to each other, computing a hash value of the downloaded update software as the download is completed, comparing the computed hash value with the hash value in either the first or second table after the decryption, and permitting activation of the downloaded update software if both hash values are identical to each other.
- View Dependent Claims (6, 7)
- - 6. The method of updating software of an information terminal according to claim 5, wherein the information terminal tries to check existence of the security unit at a constant or inconstant interval until the initiated download is ended, and the download is stopped when the existence of the security unit is not confirmed as a result of the try.
  - 7. The method of updating software of an information terminal according to claim 5, wherein the security unit is operable as the mobile terminal, and the mobile terminal is operable as the security unit.

8. A method of updating software embedded in an information terminal, comprising:
- obtaining an encrypted hash table as a first table from a security unit communicable via a near field radio network, the encrypted hash table being created by a software download server by creating a time-limited authentication key, computing a hash value of a file included in the update software for each file to create a hash table in which hash values of a file are listed, and encrypting the hash table using the authentication key;
  
  obtaining the authentication key from the security unit;
  
  determining whether or not a time limit thereof is valid;
  
  obtaining the encrypted hash table as a second table from the software download server via a network if the time limit is determined to be valid as a result of the determination;
  
  decrypting the first and second tables using the authentication key;
  
  comparing the first and second tables after decryption with each other;
  
  initiating download of the update software from the software download server via a network if both the tables are identical to each other;
  
  computing a hash value of the downloaded update software as the download is completed;
  
  comparing the computed hash value with the hash value in either the first or second table after the decryption; and
  
  permitting activation of the downloaded update software if both hash values are identical to each other.

9. A non-transitory computer readable medium storing a software update program for updating software installed in an information terminal, the software update program causing a computer used as the information terminal to:
- obtain an encrypted hash table as a first table from a security unit communicable via a near field radio network, the encrypted hash table being created by a software download server by creating a time-limited authentication key, computing a hash value of a file included in the update software for each file to create a hash table in which hash values of a file are listed, and encrypting the hash table using the authentication key;
  
  obtain the authentication key from the security unit;
  
  determine whether or not a time limit thereof is valid;
  
  obtain the encrypted hash table as a second table from the software download server via a network if the time limit is determined to be valid as a result of the determination;
  
  decrypt the first and second tables using the authentication key;
  
  compare the first and second tables after decryption with each other;
  
  initiate download of the update software from the software download server via a network if both the tables are identical to each other;
  
  compute a hash value of the downloaded update software as the download is completed;
  
  compare the computed hash value with the hash value in either the first or second table after the decryption; and
  
  permit activation of the downloaded update software if both hash values are identical to each other.
- View Dependent Claims (10)
- - 10. The non-transitory computer readable medium according to claim 9, wherein the software update program causes the computer used as the information terminal to try to check existence of the security unit at a constant or inconstant interval until the initiated download is ended, and to stop the download when the existence of the security unit is not confirmed as a result of the try.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Platforms, Ltd. (NEC Corporation)
Original Assignee
NEC Infrontia Corporation (NEC Corporation)
Inventors
Hirabayashi, Yasushi
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
WANG, HARRIS C

Application Number

US13/395,604
Publication Number

US 20120173867A1
Time in Patent Office

1,139 Days
Field of Search

713/150
US Class Current

713/150
CPC Class Codes

G06F 21/123   by using dedicated hardware...

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2137   Time limited access, e.g. t...

Method of authentication at time of update of software embedded in information terminal, system for same and program for same

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Method of authentication at time of update of software embedded in information terminal, system for same and program for same

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links