The line between mobile devices (e.g., cell phones, smartphones, Personal Digital Assistant (PDA), etc.) and personal computers is blurring. Traditionally, mobile devices are so-called “thin” clients. A thin client is one that relies heavily on a server computer to fulfill traditional computational roles. The notion of a thin client extends directly to any client-server architecture so that a thin-client application is simply one which relies on its associated server to process most or all of its business logic. However, the trend is for client applications to become fatter, particularly in the area of web development, so that client applications take on more of the computational roles (i.e., business logic). Thus, more and more people are using mobile devices to perform secure transactions. Yet, because of inherent security concerns, mobile devices do not have the same breadth of trusted connectivity found on desktop and laptop computer platforms. For example, mobile device users are reluctant to access confidential information and/or perform financial transactions with a mobile device. Similarly, service providers, such as banks, online payment services and providers of confidential information are less likely to offer access to their services through mobile devices. As a result, mobile device users are limited by the types and availability of many online services, particularly in the business-to-consumer (B2C) or business-to-business (B2B) environment.
For business-to-enterprise (B2E) applications, online services for mobile devices are straight forward and available as service providers can manage application data stored on an employee's mobile device. Mobile device management software allows the service providers to perform tasks on a mobile device, like remote wipe, remote locking, GPS tracking, device configuration, etc. Such control is clearly not acceptable in B2C or B2B environments. In such environments, service providers simply cannot take over a user's mobile device and erase data, perform locks, etc. That is why in the B2C and B2B environments, device misuse creates a larger security concern, especially as fat clients become more prevalent. If a malicious user (such as a person that steals a mobile phone) attempts to access a mobile application server or access application data offline, there is currently limited ability to control this type of unwarranted access.