With the advent of mobile e-commerce, the security of mobile phones and other mobile terminals has become a prime concern. Such terminals shall be referred to herein simply as “mobile terminals” or “wireless communication terminals”. In many current mobile terminals, a removable type of security element is included. This removable security element is called the subscriber identity module (SIM). A SIM is typically present in a mobile terminal that operates according to the well-known Global System for Mobile (GSM) standard. A SIM can include mechanisms for securing the radio link of the mobile terminal.
One problem with a removable security element is that to make the element removable, a connection must be exposed to the outside world. This connection can present an opportunity for tampering with the mobile terminal. Thus, when new mobile terminals include applications such as e-commerce applications, another type of “security module” is used which is hard-wired into the terminal. A security module of this type typically consists of a core of security related functions such as random number generation, encryption, and hash algorithms, built into the semiconductor logic of the mobile terminal.
FIG. 1 illustrates the known method and apparatus for securing transactions with a security module as described above. FIG. 1 only shows the portions of a mobile terminal which are involved in this process. The mobile terminal is controlled by a control processor, 100, which is part of a processing platform. The control processor is typically a microprocessor, digital signal processor, or embedded processor, which serves as the main or central processing unit (CPU) for the mobile terminal. Security module 102 is typically embedded in logic, which in turn is implemented by one or more custom or semi-custom semiconductor chips, or an application specific integrated circuit (ASIC). Control processor 100 addresses display device 104 through display memory (typically random access memory or RAM) 106. Control processor 100 and security module 102 may or may not be on the same ASIC. In this example, the display is a liquid crystal display (LCD). Control processor 100 receives user input from user input devices 108 through interface 110. A keypad is a typical user input device, but by no means the only type of user input device that can be present. Radio tower 120 transmits and receives signals between a base station, 121, and the mobile terminal. Ultimately, complementary security function such as key exchange, encryption/decryption, authentication, and verification are provided through base station 121 by server 122, which is connected through wide area network (WAN) 123 to gateway 124. Gateway 124 is connected to a switching node, in this example mobile switching center (MSC) 125, which serves the base station. Numbers in circles in FIG. 1 represent process steps. When a transaction is sought to be authenticated and authorized by a merchant or similar party, transaction information is sent over the air to the mobile terminal, and then handled by the control processor and forwarded to security module 102, as shown at step (1). The security module performs several tasks such as authenticating the transaction and verifying integrity, and forwards the information back through the control processor to be written to the display memory, 106, for display at step (2). The control processor, controls this process. User input, as shown at 108, is received by the control processor through interface 110, under the control of the control processor, and back to the security module at step (3). The security module verifies the information and forwards it back to the control processor, which eventually sees that the user input, authenticating and authorizing the transaction via a digital signature (for non-repudiation), is sent back to the base station at step (4), for eventual processing by the other network elements.
Although the security module in the scenario described above verifies incoming and outgoing messages, local display at the mobile terminal as well as user input processing is managed an controlled by the mobile terminal's control processor or CPU. Although the security module prevents data from being maliciously tampered with as it is being sent-back and forth between the control processor and the base station, a virus, 126, resident in the processing platform of the mobile terminal, could still interfere with the proper display of transaction information, and the proper indication of authorization by the user.