Today's mobile phones typically serve as computing platforms for software and firmware that is supplied by a number of vendors. For example, a device manufacturer supplies the device with software and/or firmware that enables the operation of different components of the device, such as the radio interface and smart card reader modules, while an application processor manufacturer supplies the software and firmware related to the operation of the application processor. Furthermore, an operating system and user applications may be supplied by one or more software vendors.
There are factors that impose strict requirements on the security and integrity protection of the mobile computing platform and/or software and firmware run on the platform. For example, usage of radio frequencies is highly regulated by authorities. Another example is the prevention of device hijacking so that the mobile device cannot be used anonymously for malicious purposes. This means, that a mobile device operating as a computing platform needs to be able to control the operation of software running on the mobile device such that e.g. unauthorized modification of radio configuration parameters can be prevented.
The requirement of trusted computing on a mobile device has been addressed e.g. by the introduction of the mobile trusted module concept by Trusted Computing Group. In said concept, e.g. modifications to system configuration parameters may be controlled by a mobile trusted module that itself runs in a secure computing environment provided by the mobile device. Modifications to e.g. system configuration parameters and parameters representing a particular state of a computer program module may be made by using Reference Integrity Metrics (RIM) certificates. The RIM certificates requesting modifications to configuration and state parameters may be signed by verification keys issued e.g. by the mobile trusted module to parties that are authorized to make said modifications. If a party is in possession of a properly issued and validated verification key, said party may be able to authorize any state change on the mobile device, including those the modification of which may compromise device security or cause the mobile device to operate against regulations. In other words, the authorization enjoyed by a holder of a proper verification key may not be appropriately limited in current mobile computing platforms.