The invention relates to a method for downloading software from a server to a terminal in a telephone system comprising a plural number of terminals and a management system server that monitors and controls the operation of the terminals, a terminal of the system comprising means for storing one or more software.
As radio telephone systems become increasingly common and their coverage areas growxe2x80x94the systems often replacing those implemented by fixed line telephone connectionsxe2x80x94it has become necessary to develop telephone networks supporting radio telephone systems such as cellular radio systems. Such telephones are needed, for example, in areas where fixed line telephone connections do not exist, or in applications in which the terminal is in a place, for example in a moving vehicle, where connection to a fixed network is not easily available. The present invention can be applied particularly to systems implemented by means of cellular radio systems.
The systems and terminals involved include pay phones, so-called WLL (wireless local loop) terminals, payment terminals at points of sale and smart card terminals supporting transfer of money between a card and a bank.
The functions in current terminals are to a large extent implemented by means of various types of software. The terminal comprises a processor and memory into which the necessary software is stored. When the user selects a function, the software is read from the memory and carried out. In the designing of terminals, a compromise between the number of functions and the available memory capacity has been necessary. Due to reasons of cost, the size of the memory in the terminals cannot be infinitely increased, therefore the memory limits the number of the functions.
Let us study, by way of example, a pay phone system implemented by means of a radio system. The system comprises a plural number of pay phones, each communicating with base stations over a radio path. For the radio path and the base station, the terminals functioning as pay phones do not deviate in any way from conventional subscriber terminals. For collection of payments, the pay phones comprise a collection device that can typically be a payment card reading device. Numerous different payment cards are available, such as different types of credit cards, reloadable payment cards, bank cards, etc. In addition, the card types vary according to the card manufacturer and the company offering the card, and different facilities can be selected for one and the same card. Each card type requires the terminal to be provided with software supporting the card, i.e. a card application. The card application comprises the routines required for the terminal""s user interface, for controlling the card and for performing a transaction, such as a payment.
To have card applications supporting all card types stored into the memory of a terminal reading a card would require such a large memory that the terminal would be expensive. Furthermore, the adding of new card applications to the terminal would require the software of the entire equipment to be changed at hardware maintenance.
Problems similar to those relating to pay phones also affect other wireless devices in which payment cards are read, such as reloading devices allowing electronic money to be loaded from a bank account to a payment card.
To solve the above problem, it is advantageous if software can be downloaded through the network when necessary, thereby allowing the terminal""s memory to be optimally utilized. When a card is inserted into a terminal which does not have software corresponding to the card, the terminal can download the needed software to its memory through the network from a predetermined server.
This method has, however, its shortcomings. The use of software downloaded from a network involves risks that must be taken into account. It is important that the software to be downloaded is flawless and does not contain software viruses, for example, or other harmful elements. It is also important to be able to verify that the software is downloaded from the correct server and that it is manufactured by the correct software manufacturer. A defective software can cause malfunction in the terminal, such as unintended calls and transactions to wrong addresses.
An object of the invention is therefore to provide a method and an apparatus implementing the method so as to allow the above problems to be solved. This is achieved with a method for downloading software from a server to a terminal, the method comprising the steps of attaching to the software a certificate confirming the authenticity of the software manufacturer and the loader; downloading the software from a source computer to the server; calculating a check sum for the software and the certificate; and downloading the software from the server to the terminal. The method of the invention further comprises the steps of adding the check sum confirming the authenticity of the software to the software at the server before the software is downloaded to terminals; generating a second check sum at the terminal from the downloaded software, after the software has been downloaded; and checking the authenticity of the software at the terminal by comparing the first check sum with the second.
The invention further relates to a telephone system comprising a plural number of terminals and a server monitoring and controlling the operation of the terminals, the server being arranged to calculate a check sum for the software and the certificate attached to the software; a terminal of the telephone system comprising means for storing one or more software, and the system comprising one or more source computers arranged to upload software to the server, the terminals being arranged to download the software from the server. In the telephone system of the invention the server is arranged to attach to the software a first check sum confirming the authenticity of the software before the software is downloaded to the terminals, and a terminal is arranged to generate a second check sum from the downloaded software, after the software has been loaded, and that the terminal is arranged to check the authenticity of the software by comparing the first check sum with the second.
The dependent claims relate to preferred embodiments of the invention.
The method and system of the invention provide several advantages. With the solution of the invention it is easy to ensure that the software is safe and that it is uploaded to the server from a safe source computer. The invention employs digital signature to ensure the authenticity of the software. Corresponding methods have earlier been applied only in connection with electronic mail transmissions.