Authenticated program execution method
Abstract
According to a conventional technique, in the case where a program is stored into a non-volatile memory once and then activated, authentication of the program is performed immediately before such activation. However, calculations such as decryption of encrypted values are required before the activation of the program starts, which causes the problem that responsiveness is decreased in proportion to the time required for calculations. In order to solve this problem, authentication of a program is performed immediately before such program is stored, so that no authentication is performed or only a part of the authentication is performed to verify the validity of certificates at program activation time.
Claims
exact text as granted — not AI-modified1 . An authenticated program execution method, comprising:
authenticating a program included in a transport stream and storing the authenticated program, as an authenticated stored program, into a broadcast receiver according to information concerning storage of each data file of the program; and executing the authenticated stored program, wherein the authenticating and storing comprises executing authentication operations that include:
verifying whether two hash values are consistent, one hash value of the two hash values being calculated from each data file included in the program and an other hash value of the two hash values being stored in a hash file corresponding to each data file;
verifying whether a certificate file included in the program is valid;
verifying whether a decrypted value and a hash value are consistent, the decrypted value being obtained by decrypting a signature value of a signature file included in the program using a public key of a leaf certificate included in the certificate file of the program, the hash value being calculated from a hash file located in a top directory of the program; and
authenticating the program and storing each data file of the program as the authenticated stored program according to the information concerning storage without executing the authenticated stored program when all of the following are satisfied: the two hash values are verified to be consistent; the certificate file is verified to be valid; and the decrypted value and the hash value are verified to be consistent,
wherein the executing the authenticated stored program comprises:
re-executing, when the authenticated stored program is executed, on the authenticated stored program, the verifying whether the certificate file is valid, among processes that include the verifying whether the two hash values are consistent, the verifying whether the certificate file is valid, and the verifying whether the decrypted value and the hash value are consistent, the processes being performed on the authenticated stored program; and
re-authenticating the authenticated stored program and executing the authenticated stored program only when the certificate file included in the authenticated stored program is verified to be valid,
wherein the authenticating and storing the program includes executing all of the authentication operations without executing the program, and the executing the authenticated stored program includes executing at least one and less than all of the authentication operations, and wherein the certificate file is verified to be valid when two root certificates match, one of the two root certificates being in the certificate file included in the program and an other of the two root certificates being installed in the broadcast receiver.
2 . The authenticated program execution method according to claim 1 ,
wherein the verifying whether the certificate file included in the program is valid includes verifying a validity period of each certificate in the certificate file included in the program, and wherein the certificate file is verified to be valid when the two root certificates match and a time at which the authentication is performed is within the validity period of each certificate in the certificate file.
3 . An apparatus for authenticating a program, comprising:
a program authenticator that authenticates a program included in a transport stream and stores the authenticated program, as an authenticated stored program, into a broadcast receiver according to information concerning storage of each data file of the program; and a program executor that executes the authenticated stored program, wherein the program authenticator comprises:
a hash calculator that verifies whether two hash values are consistent, one hash value of the two hash values being calculated from each data file included in the program and an other hash value of the two hash values being stored in a hash file corresponding to each data file;
a certificate extractor that verifies whether a certificate file included in the program is valid; and
a signature value decrypter that verifies whether a decrypted value and a hash value are consistent, the signature value decrypter obtaining the decrypted value by decrypting a signature value of a signature file included in the program using a public key of a leaf certificate included in the certificate file of the program, and the signature value decrypter calculating the hash value from a hash file located in a top directory of the program,
wherein the program authenticator authenticates the program and stores each data file of the program as the authenticated stored program according to the information concerning storage, without the program executor executing the authenticated stored program, when all of the following are satisfied: the hash calculator verifies that the two hash values are consistent; the certificate extractor verifies that the certificate file is valid; and the signature value decrypter verifies that the decrypted value and the hash value are consistent, wherein, when the program executor executes the authenticated stored program, among the hash calculator, the certificate extractor, and the signature value decrypter, the certificate extractor verifies that the certificate file included in the authenticated stored program is valid, wherein the program executor executes the authenticated stored program only when the certificate extractor verifies that the certificate file included in the authenticated stored program is valid, wherein the program authenticator authenticates and stores the program as the authenticated stored program without the program executor executing the authenticated stored program when each of the hash calculator, the certificate extractor, and the signature value decrypter perform their respective verifications, and the program executor executes the authenticated stored program when at least one and less than all of the hash calculator, the certificate extractor, and the signature value decrypter perform their respective verifications, and wherein the certificate extractor verifies that the certificate file is valid when two root certificates match, one of the two root certificates being in the certificate file included in the program and an other of the two root certificates being installed in the broadcast receiver.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.