With the opening of the software environment of the mobile terminal and with the 3G (Third Generation) specifications, it is becoming possible for third parties (including cellular operators and mobile terminal manufacturers) to make applications for mobile terminals that handle the security element, usually a smart card, in the terminal. An application that is installed in the mobile terminal by the user can be called an installed application. The applications that reside more permanently in the mobile terminal are usually installed into the mobile terminal by the manufacturer when the device is manufactured, and are called a platform library. Throughout this application, we use these two terms: the installed application and the platform library. Usually, the user installs the installed application in the mobile terminal after s/he has acquired the mobile terminal, whereas the manufacturer installs the platform library or part thereof in the mobile terminal before the sale of the mobile terminal to the end-customer.
The Java™ Community Process (JCP) expert group defines a Java™ programming environment for mobile terminals and security elements in a specification called JSR-177 (Java™ Specification Request 177). Because installed applications, such as Java™ midlets, can be loaded into a terminal from multiple sources, and the security environment for those applications differs from the security environment of the security element, there needs to be a mechanism with which the security element application can define the installed applications that can invoke commands on the security element application.
The installed application can be signed, and the mobile terminal will verify the signature and thus the origin of the installed application. The mobile terminal can have separate restrictions on applications coming from cellular operators, manufacturers and others. So the issuer of the application signs the midlet, the mobile terminal verifies the signature and if the signature is that of the cellular operator, the midlet gets the rights specified for that security domain (for example can make a phone call, can access the security element, but cannot write to the mobile terminal operating system area).
The mobile terminal security element, such as a SIM (Subscriber Identity Module) or USIM (UMTS SIM) card, a security element of the terminal itself or a security element in an accessory of the terminal, is needed for secure storage and processing of data. Digital signature creation, for example, requires a very secure element in which to do the operation, because a private key cannot be compromised, and thus the private key cannot leave the security element. Other usages for security elements are access authentication to networks, storing electronic cash values or tickets, or processing financial transactions. So there is a need for installed applications to access the security element for these advanced features.
The basic problem is that the application running in the security element cannot itself verify that the installed application accessing it has the appropriate rights and is a valid application. The cellular operators want to limit SIM access to applications coming from the operators themselves. An attacking application can fake a security code for access granting, and it is not possible to transfer the whole installed application to the security element for verification (indeed it might be so that a valid application is given for verification but the attacking application uses the element after access granting).