Secure devices have been used for years in applications presenting the need for strong security. The exponential growth of the internet has also had the unfortunate side effect of speeding up the dissemination of malware and facilitating access to malware creation techniques. New threats such as spyware have emerged during last decade, making feasible attacks based upon spying the communications between a host and a smart card, and making necessary to adapt the way secure devices are being used.
A traditional architecture for the use of secure devices involves a local connection of those appliances to a host computer. This computer may be a handset, a PC, and ATM machine, or any other type of device. Generally one secure device is connected to one host computer to secure access to a specific service or application from that host computer. An application is typically executed on the host computer which communicates with the secure device, usually by means of APDU commands whenever needed. Current solutions using a secure element to protect content are based on the concept of one secure element inserted inside a terminal to view content on that same terminal.
The need for a local connection between the secure device and the host computer sometimes creates a problem by limiting the range of devices usable for an application. This problem can go as far as preventing the deployment of application involving smart devices due to the lack of equipment supporting their use.
As an example, in the field of secure IPTV devices, secure devices are on the one hand suitable for content ciphering/deciphering, but on the other hand, there is an emergence and a growth of a nomadicity constraints requiring access to the premium TV content any time, anywhere, from any device (PC, Mobile, TV, game station . . . ). The multiplication of the form factor of viewing devices makes a lot more difficult the large scale deployment of secure devices for content decryption.
In the traditional model, the secure element needs to be physically connected to the host computer in order to secure the service. However different terminals are likely to present sometimes different incompatible connectivity requirements for the secure element, leading to the need to support different form factors which is costly, complex and inconvenient for the user.
It is an object of the invention to provide a method for enabling access to security services exposed by networked secure elements. Thereto, the present invention provides a method for a client device to access to remote secure data on a remote secure device, said secure data being associated to a remote service, characterized in that it comprises creating a secure peer to peer channel between a client application of a client device and said remote secure device so as the client device and the remote secure device exchange data securely and bidirectionally.
According to one aspect of the invention,                the method may comprise transferring a user interface from the remote secure device;        the method may comprise accessing to the remote secure data after an authentication of a user;        the method may comprise using a server for establishing a mutual authentication between the client device and the secure remote device, said server allowing only one user to register at the same time;        the method may comprise using a SIP server, said server allowing only one user to register at the same time at a SIP address;        the method may comprise using a PC or a handset as client device;        the method may comprise building secure IMS applications.        