Microprocessor smart cards have been commonly used to protect keys and secret data of given applications from service providers. Being considered as a “anti-tamper” device, the smart cards have been used to protect payment applications from banks, ticketing applications from transportation authorities or personal data for access control purposes.
Nevertheless, the history of the microprocessor smart cards also teach about the difficulties of service providers and secure element owners to reach agreements to exploit a service in cooperation. In particular, and in spite of the huge potential of the secure elements in terms of secure storage capabilities, business model barriers and technical complexity have limited their possibilities to exploit in areas such as mobile contactless payments or mobile ticketing.
In the coming Internet of Things (IoT) ecosystem a multiplicity of service providers will deploy new services related to the billions or even trillions of devices that belongs to end users, enterprises, service providers or to other entities. In such a context it is essential to set the grounds to avoid the success of certain IoT applications (e.g. those managing very sensitive assets and/or handling critical authentication processes to access to services providers services) into mobile devices depending on the above referred agreements between the service providers and the secure elements owners.
In such a context it would be desirable to develop mobile device applications that would be tamper-resistant even if not partly stored in a tamper-resistant device such as a SIM card or a micro-SD card (owned by a party that is typically different than the service provider).
Most of the applications (related to messaging, productivity, entertainment, music, health, social networks, news, sports, etc.) that a user may download from an application market (such an iTunes, Google Play or Blackberry World) cannot claim to be tamper-resistant, but it is maybe due to the fact that the assets they protect are considered as not being “so critical”.
It is nevertheless well understood that mobile payment applications or other type of applications giving access to services from services providers need to be tamper-resistant protected. In particular, in the context of this invention, it is considered that a mobile device application providing access to presence related services need to be anti-tamper, and this invention provides methods to achieve that target even if not using, for example, a microprocessor smart card to either perform part of the mobile device application processing or to store sensitive data of the service providers' mobile device applications.