公开(公告)号：US20160330030A1

公开(公告)日：2016-11-10

申请号：US15109235

申请日：2015-03-06

申请人： SOONGSIL UNIVERSITY RESEARCH CONSORTIUM TECHNO-PARK

发明人： Jeong-Hyun Yi ,  Myeong-Ju Ji ,  Ji-Woong Bang ,  Tae-Joo Cho

IPC分类号： H04L9/32 ,  G06F21/52 ,  G06F21/12 ,  H04L29/06

CPC分类号： H04L9/3236 ,  G06F21/12 ,  G06F21/44 ,  G06F21/52 ,  H04L9/3239 ,  H04L63/0876

摘要： A user terminal for detecting forgery of an application program based on a hash value and a method of detecting forgery of an application program using the user terminal are disclosed. The user terminal includes a communication circuit, a hash value generation circuit and a forgery determination circuit. When the application program is executed, the communication circuit transmits information of the user terminal and the application program to an authentication server on a platform level to receive an original hash value of the application program from the authentication server, or to receive the original hash value from a peripheral device paired with the user terminal. The hash value generation circuit generates the hash value of the application program on the platform level. The forgery determination circuit compares the original hash value received from the authentication server or the peripheral device with the generated hash value on the platform level to determine whether the application program is tampered. Accordingly, the user terminal may be protected from a tampered application program. In addition, since forgery of the application program is detected on the platform level, it may overcome limitations of tamper detection technologies on an application program level that can be evaded by an attacker.

摘要翻译： 公开了一种用于基于散列值检测应用程序的伪造的用户终端和使用该用户终端检测应用程序的伪造的方法。 用户终端包括通信电路，散列值生成电路和伪造判定电路。 当执行应用程序时，通信电路将用户终端和应用程序的信息发送到平台级的认证服务器，以从认证服务器接收应用程序的原始散列值，或接收原始散列值 从与用户终端配对的外围设备。 哈希值生成电路在平台级生成应用程序的哈希值。 伪造判定电路将从认证服务器或外围设备接收到的原始散列值与平台级别生成的散列值进行比较，判断应用程序是否被篡改。 因此，可以保护用户终端免受篡改的应用程序的影响。 另外，由于在平台级别检测到应用程序的伪造，所以可以克服在攻击者可以避免的应用程序级上的篡改检测技术的限制。