phones that enable push e-mail access and office applications have proved extremely popular. They give us- ers a “work anywhere” ability that requires a secure link to their workplace applications through virtual private networking (VPN), secure storage of their data and remote management of the phone by the IT department. Company IT departments are often wary of enabling connectivity access to their networks, fearing that the handsets could carry malware and create attacks from within the network when used on company premises.
These enterprise-type handsets are generally built on high-level operating systems (HLOSs) that provide an open environment to which users can add applications at any time, often with little concern as to the impact on the stability and security of the handset. OEMs want to take advantage of HLOSs but still be in control of what software can run on the phone. By providing the right security, OEMs will be able to help prevent the execution of unauthorized software on the phone, or disable the rollback of software to a previous, less secure version.
Consumers are increasingly using their handsets to access the Internet and perform the same personal and financial transactions as they do from their PCs today. These transactions require SSL/TLS Internet secure protocols as well as a higher level of security for storing personal data on handsets such as credentials, credit card numbers and other personal information. Sensitive information could be exposed in case of loss, theft or through a variety of means, including malware.
Additionally, financial-oriented transactions are emerging, including ticketing and proximity or remote payment functionalities. In some cities you can instantly purchase transportation or movie tickets or pay for a small purchase in a retail outlet by waving your handset next to a point of sales (PoS) device, just as you would with a contactless payment card. These transactions are typically capped at a specific purchase limit; higher levels of security are needed for payments above a certain sum. In some economical models, the handset itself becomes the point of sale, requiring even further degrees of protection.
As described above, hardware-based security measures are becoming an inherent requirement of mobile applications and services for all segments of the mobile market. As the applications and services are deployed, liability models appear to reinforce the need for hardware-based security. Confidentiality and trust are paramount to the adoption and growth in the handset market and mobile services. The wide variety and sources of attacks require a robust hardware- and software-integrated system solution, such as Texas Instruments’ M-Shield mobile security technology.
Current security standards
Several security standards from different groups are currently in the market, including the Open Mobile Terminal Platform (OMTP), Trusted Computing Group (TCG), Open Mobile Alliance (OMA), and Third Generation Partnership Project (3GPP). All of these groups have formalized security standards that require hardware-strengthened security to more fully address the security needs of the mobile market today and in the future. Operators, OEMs, and silicon manufacturers have agreed on the profiles, and they have already been endorsed by chipset manufacturers and security solution providers. Operators are already requiring OEMs to conform to these standards.
M-Sheild™ mobile security technology: making wireless secure