1. Field of the Invention
The present invention relates to computer security for safely protecting an execution environment of a mobile terminal. More particularly, the present invention relates a system and method for protecting an execution environment of a mobile terminal from a potential damage to software packages based on a computer security technique for verifying the integrity of a software package.
2. Description of the Related Art
Some conventional technologies for verification of software package integrity are based on digital authentication technologies. One such conventional technology is described in U.S. Pat. No. 6,157,721, titled “Systems and Methods using Cryptography to Protect Secure Computing Environments” to Shear et al. (hereinafter, “Shear”). According to Shear, at least one trusted verifying authority validates a software package by analyzing and/or testing the software package. The trusted verification authority digitally signs and certifies that the software package has been verified. After the digital signing, a processing environment of a mobile terminal verifies a signature of the verification authority, and accepts execution and manipulation of the software package in case of a success in the verification or rejects the software package in case of a failure in the verification.
Some conventional techniques for use of the digital signature are based on an encryption algorithm using a public key. The trusted verification authority has two keys such as a public key and a private key, such that the private key is used for encrypting a hash value of the package, and the public key is distributed in the processing environment of the mobile terminal. The encrypted hash value is designated as a certificate of the package. The processing environment of the mobile terminal receives the software package, decrypts a code for the signature of the received software package by using the public key received from the verification authority, and obtains the original hash value of the software package. The processing environment of the mobile terminal calculates the current hash value of the software package and compares the calculated current hash value with the original hash value. If they match, the signature authentication process is regarded as being successful. If they do not match, the signature authentication process fails. Therefore, through the authentication of the digital signature by the processing environment of the mobile terminal, it can be determined whether the software package has not been changed.
However, conventional methods, such as the method of Shear, require a complex public key structure for public key distribution and verification by a verification authority. Moreover, digital signature authentication based on a code of a public key requires a complex modular operation, which increases the number of operations and time required for processing the software package. Accordingly, the conventional methods are not suitable for application to certain execution environments, such as in a mobile terminal.