Generally speaking, the present invention relates to a portable communication apparatus for providing communication services to a user through a man-machine interface of the apparatus. More specifically, the invention relates to a portable communication apparatus of the type having a controller, an operating system, a local storage device for storing a first application, a secure resource which is only accessible from the operation system, and wireless interface for connecting the portable communication apparatus to a remote device.
Examples of a portable communication apparatus as set out above are a mobile telephone, a cordless telephone, a portable digital assistant, a communicator, a paging device, an electronic payment device, or a portable navigating device. For the rest of this document, reference will be made to a mobile telephone for any mobile communications network such as GSM, EDGE or UMTS. However, the invention is not limited to merely a mobile telephone. On the contrary, the invention is best defined by the appended independent claims.
Traditionally, older mobile telephones were only capable of providing speech communication between two human users through a mobile communications network and, in many situations, a public switched telephone network. More recently, mobile telephones have been provided with additional functionality, such as capability of providing data or facsimile communication between the portable communication apparatus and another electronic device. Moreover, such telephones often contain simple utility applications, such as a built-in electronic telephone book, a calculator, an alarm function or a video game.
Even more recently, numerous advanced additional utility applications have been introduced for mobile telephones. Such advanced utility applications include short-range supplementary data communication between the mobile telephone and for instance a portable computer, a printer, a wireless headset accessory, etc. One example of such short-range supplementary data communication facilities is commonly referred to as Bluetooth and operates in a 2.4 GHz frequency band, which is often referred to as ISM (“Instrumental, Scientific and Medical”).
Other examples of advanced utility applications are wireless electronic payment (“electronic wallet”), smartcard applications (such as SIM Toolkit applications), wireless access to global networks (such as WAP-“Wireless Application Protocol” for accessing resources on the Internet), etc.
Consequently, a mobile telephone of today, and certainly in the future, will host a number of applications, which share common resources of the mobile telephone. The commonly shared resources will include the man-machine interface, particularly a display of the mobile telephone, but also secure or private resources, such as information stored in a SIM card (“Subscriber Identification Module”) or another memory in the mobile telephone. These applications will be executed in different environments within the mobile telephone, for instance in a WAP/Java/HTML (“Hyper Text Markup Language”) browser, a processor on the SIM card or another type of smartcard, directly in the operating system of the mobile telephone, etc. Moreover, some applications may be executed outside the mobile telephone in an external device connected to the telephone. Furthermore, applications may be downloaded to the mobile telephone after the manufacturing thereof.
Many of these applications may be activated or launched by events occurring without reach of the user's immediate control or attention. In most cases the applications will communicate with the user through the man-machine interface of the mobile telephone, particularly its display. Due to the limited size of the display, an active application will often have full control of the entire display. When another application is activated, it may then take over the control of the display and other parts of the man-machine interface, such as the keyboard of the mobile telephone. Sudden switches between such applications running in different environments inside the mobile telephone or in an external device will be difficult for the user to notice, understand and handle correctly. Consequently, it will be hard for the user to realize that an application from a different origin, of a different type or in a different environment is now suddenly in control of the man-machine interface.
Moreover, an application running in a low-security environment could impersonate an application running in a high-security environment. For instance, a WAP application could pretend to be a SIM/smartcard-based application. Similarly, an external application could pretend to be an application within the mobile telephone.
The above is of particular concern, if the user uses the mobile telephone to perform some kind of secure transaction on behalf of him/her based on secure resources in the mobile telephone. For instance, if the mobile telephone is used as a wireless electronic payment device, it is utterly important for the user to know, without any doubt, what type of application that he/she is currently communicating with through the man-machine interface, that the active application is trustworthy, and that the application is communicating securely and directly with the secure resources of the mobile telephone and the man-machine interface thereof without any risk of another application interfering with, modifying or capturing any secure data involved in the communication.
Unfortunately, in most existing utility application environments for mobile telephones, the security issues are only optional but not mandatory. For instance, security features like WTLS (“Wireless Transport Layer Security”) are only optional in WAP 1.1 and 1.2 and also WIM (“Wireless Identity Module”).
Moreover, short-range supplementary data applications (such as Bluetooth) may be activated through suddenly established links, if the user carries the mobile telephone in a vicinity of a remote device capable of such communication.
In view of the above, when it comes to advanced utility applications, the only existing safe alternative for a user of a mobile telephone according to the above is to verify the mobile telephone itself as well as its implementation of optional parts of the communication standards involved, the SIM-card/smartcard provided by the telephone operator and, finally, the security of each individual node in the communication link between the mobile telephone and a remote device.