Commonly, software is downloaded to communication devices through communication networks such as the Internet, and is used in those communication devices. However, such downloading and use of software raises a risk of data hacking attacks, which can result in unauthorized accesses to data. If unauthorized access is obtained, malicious software can be downloaded to the communication device.
To counter this problem, a variety of technologies for determining authenticity of downloaded software have been developed. For example, a method has been proposed where prior to downloading software, a user is supplied with an Integrated Circuit card (referred to as ‘IC’ card hereinafter) by a provider of the software, the IC card containing a hash value, which enables a user to authenticate the software. (For example, refer to Japanese patent laid-open No. 11-205767). By this method, when a user instructs a communication device to download software after the IC card has been loaded in the communication device, the communication device downloads the software and calculates a hash value of the software using a hash function. Then, the communication device compares the calculated hash value and the hash value stored in the IC card so as to determine whether the values match, and therefore whether the received software is authorized for download to the device.
Relevant to the method described above is the popularity of mobile stations which are able to download Java (registered trademark) application software (referred to as ‘Java-AP software’ hereinafter), and to execute an application program contained in the downloaded Java-AP software (the application program will be referred to as ‘Java-APP’ hereinafter).
When Java-AP software is downloaded to such a mobile station, first an Application Descriptor File (referred to as an ‘ADF’ hereinafter) is downloaded from a server device contained in the World Wide Web (referred to as ‘WWW’ hereinafter) to the mobile station, and then a Java Archive file (referred to as a ‘JAR file’ hereinafter), which contains a Java-APP, is downloaded to the mobile station.
It is to be noted that in this specification the term ‘Java-AP software’ refers to a combination of an ADF and a JAR file. One problem affecting files comprising Java-AP software for download to a mobile station, is that they may be subject to a malicious attack. Accordingly, it is necessary to confirm, in advance, authenticity of software to be downloaded.
An ADF is a file containing information data about a corresponding JAR file. Such information includes, for example, a date when the JAR file was updated. Thus, to maintain parity, when the JAR file is updated the corresponding ADF must also be updated. In this way, by confirming proper correspondence of relevant JAR file and ADF, it is possible to confirm authenticity of Java-AP software.
One method that has been proposed with this aim in view is as follows. First, an ADF and a JAR file having a valid correspondence are integrated in a single file. Then a hash value of the integrated file is calculated. The hash value is used to determine whether a downloaded ADF and a JAR file have a valid correspondence. A method similar to this is proposed in the above-mentioned patent document (Japanese patent laid-open No. 11-205767).
A Java-APP contained in a JAR file will commonly be subject to a variety of modifications which are implemented by a provider to fix bugs in or upgrade the program. However, each time the Java-APP is modified, the hash value of the Java-AP software will change. As a result, it becomes necessary for the provider of the Java-APP, namely a Contents Provider (referred to as ‘CP’ hereinafter), to distribute IC cards containing a new hash value to mobile stations in which the Java-APP has been modified or upgraded. Provision and distribution of such cards upon each modification and upgrade of a program would, however, obviously result in unacceptable costs and logistical problems, and is therefore unrealistic.
In view of this situation, the present invention is aimed at providing a means for confirming authenticity and valid correspondence of multiple files.