TWI621030B - Method, system, and computer storage medium of software certification using software certification chain - Google Patents

Method, system, and computer storage medium of software certification using software certification chain Download PDF

Info

Publication number
TWI621030B
TWI621030B TW106145278A TW106145278A TWI621030B TW I621030 B TWI621030 B TW I621030B TW 106145278 A TW106145278 A TW 106145278A TW 106145278 A TW106145278 A TW 106145278A TW I621030 B TWI621030 B TW I621030B
Authority
TW
Taiwan
Prior art keywords
software
authentication
carrier
chain
information
Prior art date
Application number
TW106145278A
Other languages
Chinese (zh)
Other versions
TW201928742A (en
Inventor
詹景傑
江彬榮
張耿豪
徐克華
謝永逸
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW106145278A priority Critical patent/TWI621030B/en
Application granted granted Critical
Publication of TWI621030B publication Critical patent/TWI621030B/en
Publication of TW201928742A publication Critical patent/TW201928742A/en

Links

Landscapes

  • Stored Programmes (AREA)

Abstract

一種使用軟體認證鏈進行軟體認證的方法、系統、及電腦儲存媒體,係以位於軟體管理中心之管理系統所發放的軟體認證鏈來對已安裝在軟體載具上的軟體及將安裝在軟體載具上的軟體進行認證。 A method, system, and computer storage medium for software authentication using a software certification chain, which is a software certification chain issued by a management system located in a software management center, and a software installed on a software carrier and installed in a software package Software with the certificate for certification.

Description

使用軟體認證鏈進行軟體認證的方法、系統、及電腦儲存媒體 Method, system, and computer storage medium for software authentication using software certification chain

本發明係關於一種軟體認證的技術,特別是一種使用雜湊演算法及公開金鑰基礎建設(Public Key Infrastructure;PKI)技術所生成的軟體認證鏈進行軟體認證的方法、系統、及電腦儲存媒體。 The invention relates to a software authentication technology, in particular to a method, a system and a computer storage medium for software authentication using a software authentication chain generated by a hash algorithm and a public key infrastructure (PKI) technology.

在資訊***的現今社會,每天以網路作為媒介傳播的軟體、音樂、視頻、遊戲等等的信息量極其龐大。然而對於網路上的軟體安裝檔(檔案),許多人並不知道如何去驗證其是否為合法的軟體安裝檔或是病毒軟體所偽裝的軟體安裝檔。 In today's society where information explosions occur, the amount of information, such as software, music, video, games, etc., that is transmitted daily through the Internet as a medium is extremely large. However, for software installation files (files) on the Internet, many people do not know how to verify that they are legitimate software installation files or software installation files that are disguised by virus software.

雖然有些人知道可以使用傳統的雜湊演算法來計算、驗證網路上的軟體安裝檔是否為可信的軟體安裝檔,然而這樣的驗證方式僅對於還未安裝的軟體安裝檔的驗證有效。一旦軟體安裝檔安裝在使用者的電腦或是電子載具(如:手機、PDA、平板電腦、智慧型手機等)時,就很難 再對安裝好的軟體進行驗證了。如此,使用者便無法得知在軟體的使用過程中,若軟體的內容有所變化,這樣的變化會是軟體運作時的合理變化?還是被其他惡意程式所竄改而導致的變化? While some people know that traditional hash algorithms can be used to calculate and verify that a software installation file on a network is a trusted software installation file, such verification is only valid for verification of software installation files that are not yet installed. Once the software installation file is installed on the user's computer or electronic vehicle (such as: mobile phone, PDA, tablet, smart phone, etc.), it is difficult Then verify the installed software. In this way, the user cannot know that if the content of the software changes during the use of the software, such a change would be a reasonable change in the operation of the software. Or is it caused by changes in other malicious programs?

此外,由於不同規格之電腦、電子載具的硬體設備差異甚大,因此對於不同規格之電腦、電子載具,需選擇不同版本的軟體才能獲得較佳的安裝體驗及保證日後使用不會出問題。然而,這樣視硬體設備差異化而需選擇不同版本軟體來安裝的過程常常造成使用者的困擾。 In addition, because the hardware and equipment of different specifications of computers and electronic vehicles are very different, it is necessary to select different versions of software for different specifications of computers and electronic vehicles to obtain a better installation experience and to ensure that there will be no problems in future use. . However, the process of selecting different versions of the software to be installed depending on the differentiation of the hardware device often causes user confusion.

鑑於前述問題,著實有必要提供一有效的軟體合法性驗證方式與軟體版本推薦方式,來解決使用者所面臨的難題。 In view of the foregoing problems, it is really necessary to provide an effective software legality verification method and software version recommendation method to solve the problems faced by users.

鑑於先前技術所存在的問題,本發明揭示了使用軟體認證鏈進行軟體認證的方法、系統、及電腦儲存媒體。相較於先前技術,本發明之一實施例揭示了使用軟體認證鏈來驗證欲安裝軟體的合法性及主動為使用者推薦適合安裝版本的軟體,以提升使用者在軟體使用上的便捷性。 In view of the problems of the prior art, the present invention discloses a method, system, and computer storage medium for software authentication using a software authentication chain. Compared with the prior art, an embodiment of the present invention discloses using a software authentication chain to verify the legitimacy of a software to be installed and actively recommending a software suitable for the installation version for the user, so as to improve the convenience of the user in software use.

本發明之一實施例提供了一種使用軟體認證鏈進行軟體認證的方法,其包含以下步驟:判斷一軟體是否已安裝於一軟體載具中,若是,發出欲認證之軟體是否具合法性的一認證需求,若否,則發出欲安裝之軟體的一安裝需求;當一管理系統收到該認證需求與該安裝需求中之任一者時,令該管理系統針對該軟體產生一軟體認證鏈,以將該 軟體認證鏈提供給該軟體載具;以及若該軟體已安裝於該軟體載具中,則該軟體載具基於該軟體認證鏈與該軟體的至少一個特徵值來檢測該軟體的合法性及確認該軟體是否有被竄改;若該軟體未安裝於該軟體載具中,則該軟體載具收集該軟體載具的環境參數,再根據該環境參數,在該軟體認證鏈中循序找出一推薦安裝之軟體版本。 An embodiment of the present invention provides a method for software authentication using a software authentication chain, which includes the following steps: determining whether a software has been installed in a software carrier, and if so, whether the software to be authenticated has legality. The authentication requirement, if not, the installation requirement of the software to be installed; when a management system receives the authentication requirement and the installation requirement, the management system generates a software certification chain for the software. To a software certification chain is provided to the software carrier; and if the software is installed in the software carrier, the software carrier detects the legality and confirmation of the software based on the software certification chain and at least one characteristic value of the software Whether the software has been tampered with; if the software is not installed in the software carrier, the software carrier collects environmental parameters of the software carrier, and then sequentially finds a recommendation in the software certification chain according to the environmental parameter. The software version of the installation.

在另一實施例中,該至少一個特徵值係由該軟體載具基於已安裝之該軟體的安裝檔資訊及設定檔資訊中之至少一者所計算得出。 In another embodiment, the at least one characteristic value is calculated by the software carrier based on at least one of installation file information and profile information of the installed software.

在另一實施例中,該環境參數包含該軟體載具之作業系統資訊、韌體資訊、硬體資訊中之至少一者。 In another embodiment, the environmental parameter includes at least one of operating system information, firmware information, and hardware information of the software carrier.

在另一實施例中,該管理系統係將該軟體之各版本資訊進行雜湊處理,以將所獲得的數值加以簽名,進而產生該軟體認證鏈。 In another embodiment, the management system hashes the version information of the software to sign the obtained value to generate the software authentication chain.

本發明之又一實施例提供了一種使用軟體認證鏈進行軟體認證的方法,其包含以下步驟:判斷一軟體是否已安裝於一軟體載具中,若是,發出欲認證之軟體是否具合法性的一認證需求,若否,則發出欲安裝之軟體的一安裝需求;當一管理系統收到該認證需求與該安裝需求中之任一者時,令該管理系統針對該軟體產生一軟體認證鏈,以將該軟體認證鏈提供給該軟體載具;以及若該軟體已安裝於該軟體載具中,則該軟體認證鏈自行計算出該軟體的至少一個特徵值,以基於一或多個特徵值來檢測該軟體的合法性及確認該軟體是否有被竄改;若該軟體未安裝於該軟體 載具中,則該軟體認證鏈獲取該軟體載具的環境參數,再根據該環境參數,在該軟體載具中找出適合該軟體載具安裝的軟體版本。 A further embodiment of the present invention provides a method for software authentication using a software authentication chain, which includes the following steps: determining whether a software has been installed in a software carrier, and if so, whether the software to be authenticated is legal. An authentication requirement, if not, an installation requirement of the software to be installed; when a management system receives the authentication requirement and the installation requirement, the management system generates a software certification chain for the software. Providing the software certification chain to the software carrier; and if the software is installed in the software carrier, the software certification chain calculates at least one characteristic value of the software by itself based on one or more characteristics Value to check the legitimacy of the software and to confirm whether the software has been tampered with; if the software is not installed in the software In the vehicle, the software certification chain obtains the environmental parameters of the software carrier, and according to the environmental parameter, finds a software version suitable for the software carrier installation in the software carrier.

在又一實施例中,該至少一個特徵值係由該軟體供應鏈基於已安裝之該軟體的安裝檔資訊及設定檔資訊中之至少一者所計算得出。 In still another embodiment, the at least one characteristic value is calculated by the software supply chain based on at least one of installation file information and profile information of the installed software.

在又一實施例中,該環境參數包含該軟體載具之作業系統資訊、韌體資訊、硬體資訊中之至少一者。 In still another embodiment, the environmental parameter includes at least one of operating system information, firmware information, and hardware information of the software carrier.

本發明之再一實施例亦提供一種產生軟體認證鏈的系統,係包含:一控制裝置,係接收針對一版本軟體之更新需求;一確認裝置,係自該控制裝置接收該版本軟體之更新需求;至少一個協同開發裝置,係自該確認裝置接收該版本軟體之更新需求,以將針對該版本軟體之更新需求是否可行的回應傳送至該確認裝置,其中,在該確認裝置接收並確認該至少一個協同開發裝置的回應後,會將一軟體更新可行訊息或一軟體更新不可行訊息傳送至該控制裝置;若該控制裝置收到該軟體更新可行訊息,則會使用版本軟體之相關資訊的特徵值與之前所有版本軟體之相關資訊的特徵值來產生一軟體認證資訊,再針對該軟體認證資訊產生一用以驗證的簽名,以基於該軟體認證資訊與該簽名產生一軟體認證鏈,俾傳送該軟體認證鏈;及一發佈裝置,係將接收自該控制裝置的該軟體認證鏈進行發佈。 A further embodiment of the present invention also provides a system for generating a software authentication chain, comprising: a control device for receiving an update request for a version of software; and a confirmation device receiving an update request of the version software from the control device Receiving, by the acknowledgment device, an update request of the version software to transmit a response to whether the update requirement of the version software is feasible to the acknowledgment device, wherein the acknowledgment device receives and confirms the at least After a response from a collaborative development device, a software update feasible message or a software update infeasibility message is transmitted to the control device; if the control device receives the software update feasible message, the feature information of the version software is used. And generating a software authentication information for the software authentication information, and generating a software authentication chain based on the software authentication information and the signature, and transmitting the software authentication information. The software certification chain; and a publishing device, which will be received from the control device The certified chain of software publishing.

在另一實施例中,該控制裝置係使用PKI技術來針對該軟體認證資訊產生用以驗證的該簽名。 In another embodiment, the control device uses PKI technology to generate the signature for verification for the software authentication information.

應理解,以上描述的標的可實施為電腦控制的設備、電腦程式、計算系統,或作為製品,諸如,電腦可讀取儲存媒體。 It should be understood that the subject matter described above can be implemented as a computer-controlled device, computer program, computing system, or as an article of manufacture, such as a computer readable storage medium.

為讓本發明之上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明。在以下描述內容中將部分闡述本發明之額外特徵及優點,且此等特徵及優點將部分自所述描述內容顯而易見,或可藉由對本發明之實踐習得。本發明之特徵及優點借助於在申請專利範圍中特別指出的元件及組合來認識到並達到。應理解,前文一般描述與以下詳細描述兩者均僅為例示性及解釋性的,且不欲約束本發明所主張之範圍。 The above described features and advantages of the invention will be apparent from the description and appended claims. The additional features and advantages of the invention will be set forth in part in the description in the description. The features and advantages of the present invention are realized and attained by the <RTIgt; It is to be understood that both the foregoing general description

11‧‧‧需求裝置 11‧‧‧ demand device

12‧‧‧管理系統 12‧‧‧Management system

14‧‧‧軟體載具 14‧‧‧Software carrier

21‧‧‧控制裝置 21‧‧‧Control device

22‧‧‧確認裝置 22‧‧‧Confirmation device

23A~23C‧‧‧協同開發裝置 23A~23C‧‧‧ collaborative development device

24‧‧‧發佈裝置 24‧‧‧ release device

S31~S34‧‧‧步驟 S31~S34‧‧‧Steps

S41~S44‧‧‧步驟 S41~S44‧‧‧Steps

S51~S55‧‧‧步驟 S51~S55‧‧‧Steps

第1圖所示係為本發明之一實施例中使用軟體認證鏈進行軟體認證的環境示意圖;第2圖所示係為本發明之一實施例中產生軟體認證鏈的系統示意架構圖;第3圖所示係為依據本發明之一實施例,使用軟體認證鏈進行軟體認證的示意流程圖;第4圖所示係為依據本發明之一實施例,使用軟體認證鏈進行軟體認證的示意流程圖;及第5圖所示係為依據本發明之一實施例,產生軟體認證鏈的示意流程圖。 FIG. 1 is a schematic diagram of an environment for performing software authentication using a software authentication chain according to an embodiment of the present invention; FIG. 2 is a schematic structural diagram of a system for generating a software authentication chain according to an embodiment of the present invention; 3 is a schematic flow chart of software authentication using a software authentication chain according to an embodiment of the present invention; FIG. 4 is a schematic diagram of software authentication using a software authentication chain according to an embodiment of the present invention; Flowchart; and Figure 5 is a schematic flow diagram of generating a software certification chain in accordance with an embodiment of the present invention.

以下藉由特定的具體實施形態說明本發明之實施方 式,熟悉此技術之人士可由本說明書所揭示之內容輕易地了解本發明之其他優點與功效,亦可藉由其他不同的具體實施形態加以施行或應用。 The embodiments of the present invention are described below by way of specific embodiments. Other advantages and functions of the present invention can be readily understood by those skilled in the art from this disclosure, and may be practiced or applied by other different embodiments.

此外,本文中的方法或流程之一些或全部操作及/或實質上相等的操作可藉由執行包括在電腦儲存媒體上的電腦可讀取指令(如本文所定義的)來執行。在描述及申請專利範圍中使用的術語「電腦可讀取指令」及「電腦可讀取指令」的變體,在本文經引申使用以包括常式、應用程式、應用模組、程式模組、程式、元件、資料結構、演算法等等。電腦可讀取指令可在各種系統組態上實施,包括單一處理器或多處理器系統、迷你電腦、大型電腦、個人電腦、掌上型計算裝置、基於微處理器的可程式化消費者電子設備或所述者的組合等等。 Moreover, some or all of the operations and/or substantially equivalent operations of the methods or processes herein may be performed by executing computer readable instructions (as defined herein) included on a computer storage medium. Variations of the terms "computer readable instructions" and "computer readable instructions" as used in the description and claims are used herein to include routines, applications, application modules, program modules, Programs, components, data structures, algorithms, and more. Computer readable instructions can be implemented on a variety of system configurations, including single or multiprocessor systems, minicomputers, large computers, personal computers, handheld computing devices, microprocessor-based, programmable consumer electronics Or a combination of the above and so on.

因此,應理解,本文描述的邏輯操作經實施作為電腦實施的動作序列或計算系統上執行的程式模組及/或作為計算系統內部的互連機器邏輯電路或電路模組。實施為取決於計算系統的效能及其他要求的選擇問題。因此,本文描述的邏輯操作不同地被稱為狀態、操作、結構裝置、動作或模組。此等操作、結構裝置、動作及模組可在軟體中、在韌體中、在特殊用途數位邏輯中及所述者的任何組合中實施。 Accordingly, it should be understood that the logic operations described herein are implemented as a computer-implemented sequence of actions or program modules executed on a computing system and/or as interconnected machine logic circuits or circuit modules within a computing system. Implementation is a matter of choice depending on the performance of the computing system and other requirements. Accordingly, the logical operations described herein are referred to variously as states, operations, structural devices, acts, or modules. Such operations, structural devices, acts, and modules may be implemented in software, in firmware, in special purpose digital logic, and in any combination of the foregoing.

本發明揭示了一種使用軟體認證鏈進行軟體認證的方法。現在參閱第1圖,其圖示本發明之一實施例中使用軟體認證鏈進行軟體認證的環境示意圖。 The present invention discloses a method for software authentication using a software authentication chain. Referring now to Figure 1, there is shown a schematic diagram of an environment for software authentication using a software certification chain in one embodiment of the present invention.

首先,當需求端(如:使用者、自動安裝程式、軟體合法性檢測程式等)之需求裝置11想要在軟體載具14上安裝特定軟體,如翻譯軟體,但不確定該翻譯軟體是否為合法可用的軟體(如:由軟體開發商所釋出版本之軟體,且未被軟體開發商以外的他人所修改)時;或是需求裝置11想要獲得適合在軟體載具14上運行的翻譯軟體版本建議時,需求裝置11都可以向軟體管理中心之管理系統12要求發放該翻譯軟體的專屬軟體認證鏈。本領域具通常知識者應瞭解,軟體載具14係可安裝、執行軟體的儲存裝置,包含但不限於個人電腦、平板電腦、智慧型手機。 First, when the demanding device (such as a user, an automatic installer, a software legality detecting program, etc.) requires the device 11 to install a specific software, such as a translation software, on the software carrier 14, it is not determined whether the translation software is Legitimately available software (eg, software released by a software developer and not modified by someone other than the software developer); or demand device 11 wants to obtain a translation suitable for running on software carrier 14. When the software version is suggested, the demand device 11 can request the software management chain of the software management center to issue the exclusive software authentication chain of the translation software. Those of ordinary skill in the art should understand that the software carrier 14 is a storage device capable of installing and executing software, including but not limited to a personal computer, a tablet computer, a smart phone.

或者,雖然軟體載具14上已經安裝了特定軟體,如:行事曆軟體,但隨著使用,行事曆軟體的內容已經有了變更,而致使需求裝置11想知道目前使用的行事曆軟體之內容變更是系統使用的正常改變,抑或是被其他程式的惡意竄改時,需求裝置11亦可向管理系統12要求發放該行事曆軟體的專屬軟體認證鏈。 Alternatively, although the specific software has been installed on the software carrier 14, such as calendar software, the content of the calendar software has been changed with use, causing the demand device 11 to know the contents of the currently used calendar software. Whether the change is a normal change in system use or a malicious tampering by another program, the demand device 11 may also request the management system 12 to issue a proprietary software authentication chain for the calendar software.

待需求裝置11自管理系統12取得翻譯軟體與行事曆軟體的專屬軟體認證鏈後,需求裝置11會將這些軟體的軟體認證鏈存放至軟體載具14中,並由軟體載具14中進行翻譯軟體與行事曆軟體的軟體檢查或安裝。 After the demanding device 11 obtains the exclusive software authentication chain of the translation software and the calendar software from the management system 12, the demand device 11 stores the software authentication chain of the software into the software carrier 14, and is translated by the software carrier 14. Software check or installation of software and calendar software.

舉例而言,軟體載具14欲安裝翻譯軟體時,可基於翻譯軟體的專屬軟體認證鏈,進行載具環境檢測,並列出與軟體載具14相關的環境參數(如:作業系統、韌體、硬體資訊等)。接著,軟體載具14在翻譯軟體的專屬軟體認證 鏈中循序找出適合其安裝的翻譯軟體版本來進行後續安裝,以減少軟體安裝或執行時的錯誤。 For example, when the software carrier 14 is to install the translation software, the carrier software environment detection can be performed based on the proprietary software certification chain of the translation software, and the environmental parameters related to the software carrier 14 (eg, operating system, firmware, Hardware information, etc.). Next, the software carrier 14 is certified in the software of the translation software. Step-by-step through the chain to find the version of the translation software that is suitable for its installation for subsequent installations to reduce software installation or execution errors.

另一方面,由於軟體載具14上已安裝了行事曆軟體,故軟體載具14可利用該行事曆軟體的相關資訊(如:安裝檔資訊及設定檔資訊)來計算出對應特徵值,並藉由將該特徵值與行事曆軟體的專屬軟體認證鏈內容進行比對,以確認軟體載具14上所使用的行事曆軟體是否合法,或是否有被竄改過。 On the other hand, since the calendar software is installed on the software carrier 14, the software carrier 14 can use the related information of the calendar software (such as the installation file information and the profile information) to calculate the corresponding feature value, and By comparing the feature value with the content of the exclusive software authentication chain of the calendar software, it is confirmed whether the calendar software used on the software carrier 14 is legal or has been tampered with.

應瞭解的是,本文中所述「特定軟體」泛指任何可在電腦、電子載具、軟體載具(如:手機、PDA、平板電腦、智慧型手機等)上運行的軟體,包含但不限於前述翻譯軟體及行事曆軟體。 It should be understood that the term "specific software" as used herein refers to any software that can run on computers, electronic vehicles, software vehicles (such as mobile phones, PDAs, tablets, smart phones, etc.), including but not Limited to the aforementioned translation software and calendar software.

接著,請參考第2圖,其圖示本發明之一實施例中產生軟體認證鏈的系統示意架構圖。首先,當有開發者針對一現存軟體進行後續開發,並欲以開發後的軟體作為新版本軟體發佈時,其會向軟體管理中心之管理系統12提交軟體更新需求。待管理系統12收到軟體更新需求時,軟體管理中心之管理系統12的控制端之控制裝置21會發送軟體更新訊息給確認端之確認裝置22。 Next, please refer to FIG. 2, which illustrates a schematic architecture diagram of a system for generating a software authentication chain in an embodiment of the present invention. First, when a developer develops for an existing software and wants to release the software as a new version of the software, it will submit the software update request to the management system 12 of the software management center. When the to-be-managed system 12 receives the software update request, the control device 21 of the control terminal of the management system 12 of the software management center transmits a software update message to the confirmation device 22 of the confirmation terminal.

由於軟體開發經常是由許多開發者的協力完成,因此在軟體管理中心之管理系統12決定是否同意軟體更新需求之前,需由管理系統12的確認裝置22統合該軟體的所有協力開發者(即,協同開發端之協同開發裝置23A-23C)的意見,並徵詢協同開發裝置23A-23C以確認此更新需求 是否會影響軟體本身的其他功能。 Since software development is often done by a number of developers, all the collaborative developers of the software need to be integrated by the verification device 22 of the management system 12 before the management system 12 of the software management center decides whether to approve the software update requirements (ie, Cooperate with the development side of the collaborative development device 23A-23C) and consult the collaborative development device 23A-23C to confirm the update request Whether it will affect other functions of the software itself.

之後,待協同開發裝置23A-23C都確認完成後,會將軟體更新是否可行的回應傳送回確認裝置22。然後,確認裝置22會對協同開發裝置23A-23C的回應進行統整,並得出軟體更新可行或不可行的結果。此時,確認裝置22會再把結果傳送回控制裝置21。應瞭解的是,前述三個協同開發裝置23A-23C係為示例性,而非為限制性。在實際情況中,協同開發裝置個數可能僅為一個;或者,隨著環境、需求變化,協同開發裝置亦可能多達數十個或數百個,端視當時情況而定。 Thereafter, after the completion of the cooperation development devices 23A-23C, the response to whether the software update is feasible is transmitted back to the confirmation device 22. The validation device 22 then integrates the responses of the collaborative development devices 23A-23C and concludes that the software update is feasible or not feasible. At this time, the confirmation device 22 transmits the result back to the control device 21. It should be understood that the aforementioned three collaborative development devices 23A-23C are exemplary and not limiting. In actual situations, the number of collaborative development devices may be only one; or, as the environment and needs change, the number of collaborative development devices may be as many as tens or hundreds, depending on the situation at the time.

當結果是軟體更新可行時,控制裝置21會把新版本軟體的相關資訊(如:安裝檔資訊、設定檔資訊等)進行雜湊處理以獲得其特徵值,之後再結合之前所有版本軟體的特徵值(之前所有版本軟體的特徵值亦是同上述處理方式而獲得。即,針對該些軟體的相關資訊進行雜湊處理),來產生軟體認證資訊。 When the result is that the software update is feasible, the control device 21 hashes the relevant information of the new version software (such as the installation file information, the profile information, etc.) to obtain the feature value, and then combines the feature values of all the previous versions of the software. (The feature values of all previous versions of the software are also obtained in the same manner as described above. That is, the related information of the software is hashed) to generate software authentication information.

此後,由控制裝置21對此軟體認證資訊進行簽名以作為新版軟體認證鏈、並將其發佈到發佈裝置24。應注意的是,前述針對不同版本軟體產生特徵值的方法以及簽名的方法(例如:公開金鑰基礎建設(Public Key Infrastructure;PKI)技術)可以由網際網路服務提供者(Internet Service Provider;ISP)自行決定。 Thereafter, the software authentication information is signed by the control device 21 as a new version of the software authentication chain and distributed to the distribution device 24. It should be noted that the foregoing method for generating feature values for different versions of software and methods for signing (for example, Public Key Infrastructure (PKI) technology) may be provided by an Internet Service Provider (ISP). )L.

現在,參看第3圖,其圖示依據本發明之一實施例,使用軟體認證鏈進行軟體認證的示意流程圖。首先,在步 驟S31,軟體管理中心之管理系統12收到需求裝置11要求檢查特定軟體是否合法或請求提供適合軟體載具14安裝之軟體版本的要求。 Referring now to FIG. 3, a schematic flow diagram of software authentication using a software authentication chain in accordance with an embodiment of the present invention is illustrated. First, at step In step S31, the management system 12 of the software management center receives the requirement that the demand device 11 requests to check whether the specific software is legal or requests to provide a software version suitable for the installation of the software carrier 14.

接下來,在步驟S32,軟體管理中心之管理系統12針對特定軟體產生專屬軟體認證鏈。此軟體認證鏈包含該特定軟體各個版本的相關資訊(如:安裝檔資訊、設定檔資訊等)的特徵值。 Next, in step S32, the management system 12 of the software management center generates a proprietary software authentication chain for the specific software. This software certification chain contains the feature values of the relevant information of each version of the specific software (such as: installation file information, profile information, etc.).

接著,在步驟S33,需求裝置11可自軟體管理中心之管理系統12取得已產生的軟體認證鏈,然後再將此軟體認證鏈提供給軟體載具14,其中軟體載具14需已安裝或是待安裝該特定軟體。 Next, in step S33, the demand device 11 can obtain the generated software authentication chain from the management system 12 of the software management center, and then provide the software authentication chain to the software carrier 14, wherein the software carrier 14 needs to be installed or The specific software to be installed.

此後,於步驟S34,若軟體載具14中已安裝該特定軟體,則軟體載具14可基於軟體認證鏈內容與該特定軟體的相關資訊(如:安裝檔資訊、設定檔資訊等)檢查該特定軟體的合法性及軟體中是否有檔案被竄改或是被植入惡意軟體。另一方面,若軟體載具14中仍未安裝該特定軟體,則軟體載具14在專屬軟體認證鏈中循序找出適合其安裝的軟體版本。 Thereafter, in step S34, if the specific software is installed in the software carrier 14, the software carrier 14 can check the software certification chain based on the information about the specific software (such as: installation information, profile information, etc.) The legitimacy of a particular software and whether files in the software have been tampered with or implanted with malicious software. On the other hand, if the specific software is not installed in the software carrier 14, the software carrier 14 sequentially finds the software version suitable for its installation in the exclusive software certification chain.

應瞭解的是,在第3圖中所示的軟體認證鏈係為一靜態的檔案,故無論軟體載具14上是否已安裝該特定軟體,皆需軟體載具14主動查看軟體認證鏈的內容,才能完成特定軟體的檢查或找出適合其安裝的軟體版本。 It should be understood that the software authentication chain shown in FIG. 3 is a static file, so whether the specific software is installed on the software carrier 14, the software carrier 14 is required to actively view the contents of the software certification chain. In order to complete the inspection of a specific software or find a software version suitable for its installation.

再來,請參看第4圖,其圖示依據本發明之另一實施例,使用軟體認證鏈進行軟體認證的示意流程圖。請注意, 第4圖的步驟S41-S43與第3圖的步驟S31-S33大致相同,不同處在於步驟S44。 Referring again to FIG. 4, a schematic flow diagram of software authentication using a software authentication chain in accordance with another embodiment of the present invention is illustrated. Please note, Steps S41-S43 of Fig. 4 are substantially the same as steps S31-S33 of Fig. 3, except for step S44.

應瞭解的是,在第4圖中所示的軟體認證鏈係為一動態的程式,其除了包含該特定軟體各個版本的相關資訊(如:安裝檔資訊、設定檔資訊等)的特徵值外,亦可主動檢查特定軟體的合法性及找出適合軟體載具14安裝的軟體版本。 It should be understood that the software authentication chain shown in FIG. 4 is a dynamic program, except for the feature values of relevant information (such as installation file information, profile information, etc.) of each version of the specific software. It is also possible to actively check the legitimacy of a particular software and find a software version suitable for the installation of the software carrier 14.

回到步驟S44,若軟體載具14上已安裝該特定軟體,則軟體認證鏈可使用該特定軟體的相關資訊(如:安裝檔資訊、設定檔資訊等)檢查該特定軟體的合法性及是否有檔案被竄改或是被植入惡意軟體。另一方面,若軟體載具14上仍未安裝該特定軟體,則軟體認證鏈可在其所含特定軟體的各個版本相關資訊中找出適合軟體載具14安裝的軟體版本。 Going back to step S44, if the specific software is installed on the software carrier 14, the software certification chain can check the legality of the specific software and whether the specific software is related (such as: installation file information, profile information, etc.). Some files have been tampered with or have been implanted with malicious software. On the other hand, if the specific software is not installed on the software carrier 14, the software certification chain can find a software version suitable for the installation of the software carrier 14 among the information about each version of the specific software included therein.

最後,請參看第5圖,其圖示依據本發明之一實施例,產生軟體認證鏈的示意流程圖。 Finally, please refer to FIG. 5, which illustrates a schematic flow diagram of generating a software authentication chain in accordance with an embodiment of the present invention.

首先,在步驟S51,當軟體管理中心之管理系統12收到軟體更新需求時,其控制裝置21會發送軟體更新訊息給確認裝置22。接著,在步驟S52,確認裝置22會將收到的軟體更新訊息傳送給協同開發裝置23A-23C,並要求協同開發裝置23A-23C確認此更新需求是否會影響軟體本身其他功能。 First, in step S51, when the management system 12 of the software management center receives the software update request, its control device 21 transmits a software update message to the confirmation device 22. Next, in step S52, the confirmation device 22 transmits the received software update message to the collaborative development device 23A-23C, and requests the collaborative development device 23A-23C to confirm whether the update request affects other functions of the software itself.

此後,於步驟S53,待協同開發裝置23A-23C都確認完成後,會將軟體更新是否可行的回應傳送回確認裝置 22。爾後,確認裝置22會對協同開發裝置23A-23C的回應進行統整,並得出軟體更新可行或不可行的結果。此時,確認裝置22會再把軟體更新可行或不可行訊息傳送回控制裝置21以作為回應。 Thereafter, in step S53, after the completion of the confirmation of the cooperative development devices 23A-23C, the response to whether the software update is feasible is transmitted back to the confirmation device. twenty two. Thereafter, the validation device 22 will coordinate the responses of the collaborative development devices 23A-23C and conclude that the software update is feasible or not feasible. At this point, the verification device 22 will again transmit a software update feasible or infeasible message back to the control device 21 in response.

在步驟S54,待控制裝置21收到軟體更新可行訊息,控制裝置21會把此版本軟體相關資訊(如:安裝檔資訊及設定檔資訊)的特徵值,及先前所有版本相關資訊的特徵值加以整理,來產生新的軟體認證資訊,並由軟體管理中心之管理系統12對此軟體認證資訊進行簽名以產生新版軟體認證鏈。 In step S54, the device 21 to be controlled receives the software update feasible message, and the control device 21 adds the feature values of the software related information (such as the installation file information and the profile information) and the feature values of all the previous version related information. The software certification information is generated, and the software certification information is signed by the software management center management system 12 to generate a new software certification chain.

最後,在步驟S55,控制裝置21會將此新版軟體認證鏈發佈到發佈裝置24。 Finally, in step S55, the control device 21 will issue the new version of the software certification chain to the distribution device 24.

上述實施形態僅例示性說明本發明之原理、特點及其功效,並非用以限制本發明之可實施範疇,任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施形態進行修飾與改變。任何運用本發明所揭示內容而完成之等效改變及修飾,均仍應為申請專利範圍所涵蓋。因此,本發明之權利保護範圍,應如申請專利範圍所列。 The above-described embodiments are merely illustrative of the principles, features, and effects of the present invention, and are not intended to limit the scope of the present invention. Any person skilled in the art can recite the above without departing from the spirit and scope of the present invention. The embodiment is modified and changed. Any equivalent changes and modifications made by the disclosure of the present invention should still be covered by the scope of the patent application. Therefore, the scope of protection of the present invention should be as set forth in the scope of the patent application.

Claims (10)

一種使用軟體認證鏈進行軟體認證的方法,包含以下步驟:判斷一軟體是否已安裝於一軟體載具中,若是,發出欲認證之該軟體是否具合法性的一認證需求,若否,則發出欲安裝之該軟體的一安裝需求;當一管理系統收到該認證需求與該安裝需求中之任一者時,令該管理系統針對該軟體產生一軟體認證鏈,以將該軟體認證鏈提供給該軟體載具;以及若該軟體已安裝於該軟體載具中,則該軟體載具基於該軟體認證鏈與已安裝之該軟體的至少一個特徵值來檢測已安裝之該軟體的合法性及確認已安裝之該軟體是否有被竄改;若該軟體未安裝於該軟體載具中,則該軟體載具收集該軟體載具的環境參數,再根據該等環境參數,在該軟體認證鏈中循序找出一推薦安裝之軟體版本。 A method for software authentication using a software authentication chain, comprising the steps of: determining whether a software has been installed in a software carrier, and if so, issuing an authentication request for whether the software to be authenticated has legality, and if not, issuing An installation requirement of the software to be installed; when a management system receives the authentication requirement and the installation requirement, the management system generates a software certification chain for the software to provide the software certification chain Giving the software carrier; and if the software is installed in the software carrier, the software carrier detects the legality of the installed software based on the software certification chain and at least one characteristic value of the installed software And confirming whether the installed software has been tampered with; if the software is not installed in the software carrier, the software carrier collects environmental parameters of the software carrier, and then in the software certification chain according to the environmental parameters Find out the recommended software version of the installation. 如申請專利範圍第1項所述之方法,其中,該至少一個特徵值係由該軟體載具基於已安裝之該軟體的安裝檔資訊及設定檔資訊中之至少一者所計算得出。 The method of claim 1, wherein the at least one characteristic value is calculated by the software carrier based on at least one of installation file information and profile information of the installed software. 如申請專利範圍第1項所述之方法,其中,該等環境參數包含該軟體載具之作業系統資訊、韌體資訊、硬體資訊中之至少一者。 The method of claim 1, wherein the environmental parameters include at least one of operating system information, firmware information, and hardware information of the software carrier. 如申請專利範圍第1項所述之方法,其中,該管理系統係將該軟體之各版本資訊進行雜湊處理,以將獲得的數 值加以簽名,進而產生該軟體認證鏈。 The method of claim 1, wherein the management system hashes each version of the software to obtain the number The value is signed to generate the software certification chain. 一種使用軟體認證鏈進行軟體認證的方法,包含以下步驟:判斷一軟體是否已安裝於一軟體載具中,若是,發出欲認證之該軟體是否具合法性的一認證需求,若否,則發出欲安裝之該軟體的一安裝需求;當一管理系統收到該認證需求與該安裝需求中之任一者時,令該管理系統針對該軟體產生一軟體認證鏈,以將該軟體認證鏈提供給該軟體載具;以及若該軟體已安裝於該軟體載具中,則該軟體認證鏈自行計算出已安裝之該軟體的至少一個特徵值,以基於該至少一個特徵值來檢測已安裝之該軟體的合法性及確認已安裝之該軟體是否有被竄改;若該軟體未安裝於該軟體載具中,則該軟體認證鏈獲取該軟體載具的環境參數,再根據該等環境參數,在該軟體載具中找出適合該軟體載具安裝的軟體版本。 A method for software authentication using a software authentication chain, comprising the steps of: determining whether a software has been installed in a software carrier, and if so, issuing an authentication request for whether the software to be authenticated has legality, and if not, issuing An installation requirement of the software to be installed; when a management system receives the authentication requirement and the installation requirement, the management system generates a software certification chain for the software to provide the software certification chain Giving the software carrier; and if the software is installed in the software carrier, the software certification chain calculates at least one characteristic value of the installed software by itself to detect the installed based on the at least one characteristic value The legality of the software and whether the installed software has been tampered with; if the software is not installed in the software carrier, the software certification chain obtains the environmental parameters of the software carrier, and according to the environmental parameters, Find the software version suitable for the software carrier installation in the software carrier. 如申請專利範圍第5項所述之方法,其中,該至少一個特徵值係由該軟體供應鏈基於已安裝之該軟體的安裝檔資訊及設定檔資訊中之至少一者所計算得出。 The method of claim 5, wherein the at least one characteristic value is calculated by the software supply chain based on at least one of installation file information and profile information of the installed software. 如申請專利範圍第5項所述之方法,其中,該等環境參數包含該軟體載具之作業系統資訊、韌體資訊、硬體資訊中之至少一者。 The method of claim 5, wherein the environmental parameters include at least one of operating system information, firmware information, and hardware information of the software carrier. 一種具有儲存於其上之電腦可讀取指令的電腦儲存媒體,當一電腦執行該等電腦可讀取指令時,可完成申請 專利範圍第1-7項中任一項所述之方法。 A computer storage medium having computer readable instructions stored thereon, which can be completed when a computer executes the computer readable commands The method of any of claims 1-7. 一種產生軟體認證鏈的系統,係包含:一控制裝置,係接收針對一版本軟體之更新需求;一確認裝置,係自該控制裝置接收該版本軟體之更新需求;至少一個協同開發裝置,係自該確認裝置接收該版本軟體之更新需求,以將針對該版本軟體之更新需求是否可行的回應傳送至該確認裝置,其中,在該確認裝置接收並確認該至少一個協同開發裝置的回應後,會將一軟體更新可行訊息或一軟體更新不可行訊息傳送至該控制裝置;若該控制裝置收到該軟體更新可行訊息,則會使用該版本軟體之相關資訊的特徵值與之前所有版本軟體之相關資訊的特徵值來產生一軟體認證資訊,再針對該軟體認證資訊產生一用以驗證的簽名,以基於該軟體認證資訊與該簽名產生一軟體認證鏈,俾傳送該軟體認證鏈;及一發佈裝置,係將接收自該控制裝置的該軟體認證鏈進行發佈。 A system for generating a software authentication chain includes: a control device that receives an update request for a version of software; a confirmation device receives an update request of the version software from the control device; and at least one collaborative development device is The confirmation device receives an update request of the version software to transmit a response to whether the update requirement of the version software is feasible to the confirmation device, wherein after the confirmation device receives and confirms the response of the at least one collaborative development device, Transmitting a software update feasible message or a software update infeasible message to the control device; if the control device receives the software update feasible message, the feature value of the related information of the version software is used to be related to all previous versions of the software. Generating a software authentication information, and generating a signature for verification based on the software authentication information, generating a software authentication chain based on the software authentication information and transmitting the software authentication chain; and transmitting the software authentication chain; The device sends the software authentication chain received from the control device . 如申請專利範圍第9項所述之系統,其中,該控制裝置係使用公開金鑰基礎建設(Public Key Infrastructure;PKI)技術來針對該軟體認證資訊產生該用以驗證的該簽名。 The system of claim 9, wherein the control device uses the Public Key Infrastructure (PKI) technology to generate the signature for verification for the software authentication information.
TW106145278A 2017-12-22 2017-12-22 Method, system, and computer storage medium of software certification using software certification chain TWI621030B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106145278A TWI621030B (en) 2017-12-22 2017-12-22 Method, system, and computer storage medium of software certification using software certification chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106145278A TWI621030B (en) 2017-12-22 2017-12-22 Method, system, and computer storage medium of software certification using software certification chain

Publications (2)

Publication Number Publication Date
TWI621030B true TWI621030B (en) 2018-04-11
TW201928742A TW201928742A (en) 2019-07-16

Family

ID=62639879

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106145278A TWI621030B (en) 2017-12-22 2017-12-22 Method, system, and computer storage medium of software certification using software certification chain

Country Status (1)

Country Link
TW (1) TWI621030B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090300761A1 (en) * 2008-05-28 2009-12-03 John Park Intelligent Hashes for Centralized Malware Detection
TW201403376A (en) * 2012-06-22 2014-01-16 Ologn Technologies Ag Systems, methods and apparatuses for securing root certificates

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090300761A1 (en) * 2008-05-28 2009-12-03 John Park Intelligent Hashes for Centralized Malware Detection
TW201403376A (en) * 2012-06-22 2014-01-16 Ologn Technologies Ag Systems, methods and apparatuses for securing root certificates

Also Published As

Publication number Publication date
TW201928742A (en) 2019-07-16

Similar Documents

Publication Publication Date Title
CN108399329B (en) Method for improving security of trusted application program
US10891383B2 (en) Validating computer resource usage
US8788829B2 (en) System and method for interapplication communications
EP3061027B1 (en) Verifying the security of a remote server
JP5597230B2 (en) Information operation device, information output device, and information operation program
CN102300065A (en) Security authentication method for android-platform-based smart television software
CN108460273B (en) Application management method of terminal, application server and terminal
US20090288155A1 (en) Determining an identity of a third-party user in an saml implementation of a web-service
CN109634615B (en) Issuing method, verification method and device of application installation package
CN107729746B (en) Installed application program tamper-proofing method and system based on digital signature
US20130212383A1 (en) Revocation Information for Revocable Items
JP2010508567A (en) Disabling malware on computing devices
EP3598333B1 (en) Electronic device update management
WO2019109943A1 (en) Cloud platform management method and apparatus, electronic device and readable storage medium
WO2020143906A1 (en) Method and apparatus for trust verification
CN110688428B (en) Method and device for issuing intelligent contracts
CN114444134A (en) Data use authorization method, system and device
CN115085905A (en) Transaction data evidence checking method, device, equipment and medium based on block chain
US20100306517A1 (en) security of operation of a computing device through the use of vendor ids
TWI621030B (en) Method, system, and computer storage medium of software certification using software certification chain
US20160269420A1 (en) Apparatus for verifying safety of resource, server thereof, and method thereof
CN114629658B (en) Application signature method, device, equipment and storage medium
CN110046493B (en) Data processing method, device, equipment and machine-readable medium
JP5834118B2 (en) Information operation device, information output device, and information operation program
US20120272167A1 (en) Methods, apparatuses and computer program products for providing a mechanism for same origin widget interworking