1. Field of the Invention
The present invention relates to a method for downloading software from a host device to an electronic device via a telecommunication line.
2. Description of Related Art
Systems in which a host device is connected to an electronic device via a telecommunication line require high security; when a host device updates the software stored in the electronic device, the electronic device needs to verify the authenticity of the software which will be downloaded.
An electronic device obtains the certificate of authenticity data (for example, hash values returned by a hash function) from a host device to certify the authenticity of the software which will be downloaded; it also obtains the verification of authenticity data by the same calculation to verify authenticity with respect to the software downloaded from the host device, and compares the certificate of authenticity data with the verification of authenticity data to verify that the downloaded software is valid; only when it is judged valid, the electronic device allows the downloaded software to run.
Further, for a system that requires higher security, a security standard has been determined; when providing a service that has a risk of illegal actions such as illegal downloads, a mutual verification process is definitely performed between the host device and the electronic device to verify that the both parties are trustworthy; then the download starts.
Unexamined Japanese Patent Application 2001-195247 (“JP 2001-195247”) has disclosed that a program executing device provided in a target device (an electronic device) stores only the software, out of the software downloaded from the host device, whose security (authenticity) has been verified by a security verification means in a safe storage device, and reads the software from this safe storage device to run it.
However, if the download of software is interrupted because of a communication failure caused by a communication line problem or a power failure, there is a risk that the certificate of authenticity data obtained from the host device by the target device (electronic device) may be lost. Therefore, conventionally, in order for the target device to restart the download, the certificate of authenticity data needs to be obtained from the host device all over again. Further, in the system in which a security standard is determined and higher security is required, a mutual verification process needs to be performed again between the host device and the target device (the electronic device).
In a conventional system, if the mutual verification process is omitted at the time of restarting the download, there is a risk that even without knowledge of the mutual verification process, someone trying to steal confidential data from the system can intentionally interrupt a normal download and have the electronic device download the software which has been maliciously tampered with when the download is restarted the next time.
For this reason, a conventional system needs to perform the essential mutual verification process with respect to and obtaining the certificate of authenticity data from the host device at the time of restarting the download, requiring a longer time to restart the normal operation of the system.
In the conventional system disclosed in JP 2001-195247, additional memory is provided to temporarily store the software in order to verify safety with a safety verification means. The software is first stored in this temporary storage memory; when the safety of the software is verified, the software is stored in a safe memory device. Thus, a temporary storage memory needs to be additionally provided, increasing cost due to an increased memory size.