The invention concerns a mobile station comprising a mobile end device and comprising security resources, as well as an application loading system and a risk assessment system, respectively having a mobile station.
A mobile station comprises a mobile end device, and as a rule in addition a subscriber identity module (also called a Secure Element SE) which is operable in the end device and with which the end device is operable in a mobile radio network. The subscriber identity module or Secure Element SE is designed in many mobile radio systems as a removable subscriber card (microprocessor chip card), e.g. as a SIM card, alternatively as a hard-implemented eUICC (embedded UICC; UICC=Universal Integrated Circuit Card).
A mobile end device is understood to be a device for utilization of a mobile radio system, e.g. a mobile telephone, smart phone or PDA (personal digital assistant) having a mobile-telephone function.
There is known under the designation Trustzone (trademark of the company ARM) architecture a two-tier runtime architecture, comprising two runtime environments, for a microprocessor system. A first, insecure runtime environment called “Normal Zone” or “Normal World” is controlled by a normal operating system (e.g. Android, Windows Phone, iOS). A second, secure or trustworthy runtime environment called “Trustzone” or “Trusted World” or “Secure World” or “Trusted Execution Environment TEE” is controlled by a security operating system.
The subscriber identity module, the normal runtime environment and the secure runtime environment constitute security resources of the mobile station which offer different security levels. The normal runtime environment is comparatively insecure, i.e. has a low security level. A SIM card has a comparatively high security level, the secure runtime environment TEE a medium one.
Many users of applications for mobile stations demand that applications that they utilize in their mobile stations adhere to a certain security level. Otherwise they might not be willing to utilize the application in their mobile stations. Providers of applications for mobile stations are hence interested in being able to guarantee a defined security level for their applications. The security level of an application depends on the security resources of the mobile station, however. Only if the mobile station's security resources meet a certain minimum standard can the application guarantee a sufficient degree of security.
WO 2011/131365 A1 describes a system and a method for subsequently configuring an application already located in a mobile end device. A central server has information about possible security resources (end-device configurations with different runtime environments and/or security elements) of mobile end devices and about security levels corresponding to the security resources. In dependence on a security level of the end device which the central server has detected, the server selects a matching application configuration and configures the application already located in the end device so as to match the security level. Only one application variant needs to be held on the server. The subsequent configuration nevertheless produces an application configuration corresponding to the security level.
The system and method from WO 2011/131365 A1 assume that the security resources (end-device configuration) of an end device are known, or at least theoretically known, to the end device itself. Only then can the end device request the matching configuration from the server.
The security resources of a mobile station can change, however. For example, a secure runtime environment can be added or removed. Likewise, a SIM card can be removed. It is therefore not guaranteed that the security resources assumed e.g. according to the end device's model number correspond to the actual security resources.