A user device provided with appropriate communication equipment can be used for communication via a communication system. A communication system can be seen as a facility that enables communication sessions between two or more entities such as mobile devices or other nodes associated with the communication system. The communication may comprise, for example, communication of voice, multimedia content, and other data. A session may, for example, be a telephone call type session between two users, a multi-party session, for example a conference call, or a data communication session between at least one user and a node such as an application server (AS). The communication between the communication system and the user device may be over a wireless interface or via a fixed connection.
Various types of services can be provided to users of devices. An example of services is where content, such as images, videos, audio files or other data, may be downloaded from an application server. Examples of content downloading include downloading of screensavers, wallpaper, games, applications, video or music download services. Users may also send data to other entities via a communication system. For example, a user may create something, such as take a photo or make a video, and send his creation in a digitized form, i.e. as content data to a server. The work may then be downloaded from the server by other parties interested of the same subject.
Services that are provided via a communications system are typically implemented using a client/server model. In client/server model a server in a network may control user accounts and billing and manage a catalogue of premium content from which a user can make purchases. A bespoke client application is downloaded or preinstalled on a user device and acts as an agent between the user and the server. When the user purchases content, the client requests the content from the server which passes the premium content to the client for use. For example, in a music player application this would typically be an mp3 file which the client stores to the local file system encrypted and allows the user to play but not copy to other devices.
High-level, object oriented programming languages are commonly used in creating the required software applications. Java programming language is an example of such object oriented languages. There is increasing interest to be able to use Java or another object oriented language to create new and exciting services for mobile users.
A problem with the client/server scenario is that it may be difficult, if not impossible to identify whether an application running on the user device has been tampered with or not. This may be especially a concern with mobile user devices. A tampered (hacked) application can save content unprotected or abuse the service in some other way. For example, it can send false account details, falsify identity numbers (e.g. International Mobile Equipment Identity; IMEI) and so forth.
Furthermore, whilst object oriented languages such as the Java may be ideal for the deployment of client applications, they also make it easy for hackers to reverse-engineer modify and re-install hacked versions of the client. To the server, these hacked clients are indistinguishable from legitimate clients. This may make it very difficult to devise a client/server based service which is secure from attack.
A further drawback is caused by the fact that applications based on Java or similar language are also relatively easy to distribute over the internet. This makes it easy for hackers to distribute their hacked client to others who can then install the hacked client on their own devices and also gain free access to the service provided. In other words, to gain free access does not necessarily require expensive or specialist equipment, it may just require a standard mobile device, for example a standard mobile phone or other relatively simple device, an internet connection and some knowledge of where to get a hacked application from.
Currently, a number of mechanisms have been proposed to overcome this problem. None of the proposals, however, appears capable of preventing client applications being modified and run on user devices.
In accordance with a proposal encryption keys are added into the client application. However, putting the encryption scheme into the client application, and thus available for third parties, increases the risk of sensitive information of the security scheme ending into the hands of the hackers.
A possibility is to try to design the service such that it is less vulnerable to attack. For example, many music download services offer free previews that are designed such that instead of letting the user listen to the whole track, the web based service may offer only a limited time of preview. The services then charges the user before full content is downloaded. This may be effective in most fixed broadband internet applications. However, this may create problems in a wireless environment. For example, the limitation means that the client must download the content twice, i.e. once as a limited preview and once as the full content. This may be expensive, time consuming and may unnecessarily consume wireless communication capacity. Secondly, charging for content before downloading may not be acceptable because the connection to a mobile device may not be reliable in all circumstances. Instead, mobile users may expect to be charged only when the download completes. However, this may be easy to hack so to the server the download always appears to fail.
A possibility is to make every client unique. One way to prevent wide-spread breakout of a service is to put a unique key into every client. The client must send this key to the server during server connection. When the service operator suspects a client is hacked, the operator can add the key of the client to a blacklist in the server thus limiting the damage caused. However, this scheme may not be practical in the mass-market mobile applications. For example, Java applications such as MIDP2.0 must be signed. To include a different key in every copy of the application would require that a unique key is added to the application and each application signed with a certificate by the maker before it is distributed to the user. This may considerably decrease the desirability of the application.
The service provider may also decide not to use a client application that is based on an object oriented language or other similar language for the service. Instead, the service provider will only provide the service on user devices where key parts of the service application are fixedly integrated into an operating system or other platform of the device. If an integrated platform is used, this means that the service application must be part of every device and cannot be installed post production as an after market enhancement.
The term platform is understood to mean something on which something else runs. Thus it can refer to the hardware and/or software environment in which a program runs. For example, the hardware is a platform on which a software runs. The hardware and operating system provides a platform on which an application runs. Java Virtual Machine is an example of a platform on which java applications may run.
Open Mobile Alliance (OMA) has defined a Digital Rights Management (DRM) protocol which attempts to protect content by never sending the ‘critical’ (e.g. the keys/rights object) information to applications running on mobile devices. Instead, content is sent directly to the platform, for example operating system of the mobile device. In the case of mobile devices, the operating system is provided by the device manufacturer and cannot be easily modified later on. Although this may make the system relatively secure, the OMA DRM cannot be used for many services because it does not offer the ability for a 3rd party client application in the terminal to control the download, display or other usage of the content. Furthermore, it does not easily allow a mechanism for 3rd party branding or value adding.