This invention relates to the field of trusted devices. More particularly, this invention relates to a trusted device for use in establishing communication with one of a plurality of different target devices.
A subscriber identity module (SIM) is a good example of a trusted device. It provides a ‘secure element’ computer processor designed to resist physical tampering and to reject electronic communication by unauthorised parties, placed in the hands of an end user who doesn't control what software runs on the device, in order to facilitate the delivery of services to them.
Whoever controls the device (the authorised party) controls what software runs on it. Because it is physically and cryptographically secure, they can have confidence that the software that runs on the device is the software they put there. They can trust the software to act as their agent, e.g. authorising the card holder to access services, even sometimes while not in communication with the device controller. The device controller does not have to be the entity using the device to provide services: they can act as a gatekeeper, authorising third parties to put agents and information on the device.
An example: Gemalto N.V. manufactures SIM cards, sells them to Vodafone PLC and posts them to Vodafone customers on Vodafone's behalf. Vodafone has software on the cards that let it verify (and, if necessary, prove) that mobile phones connected to its cellular network are operated by particular customers, who it can then bill. Vodafone might also distribute on to the cards a small software program on behalf of Visa, which Visa's mobile app can then use to operate the SIM card like a Visa card, e.g. validating PIN numbers to authorise payment.
In the context of this invention, the trusted device comprises at least a secure element with communication means under the direct control of the secure element. Those means could include near field communication (NFC) other wireless links, and/or user interface elements such as buttons and displays. Thus, a trusted device provides a way of interacting directly with a secure element so that, for example, one could enter a PIN number on-screen and be confident it was going to the software running on the secure element, which is trusted.
A common problem arising in modern digital systems is the need to establish trusted communication with target devices. These target devices could be relatively local, such as a tablet computer connecting to a domestic wife network, or could be more remote, such as using a smartphone to access a bank account managed by a remote server and accessed over a wireless internet connection. Typical solutions employed today require a user to provide a password to authenticate the trusted device to the target device when communication is established. This may require the user to remember a large number of different passwords. This problem becomes greater as the number of target devices with which a user is likely to wish to communicate increases, e.g. as an increasing number of domestic devices become connected in an internet-of-things. It is possible that a trusted device, such as a smartphone, may store multiple passwords for a variety of connections to be established. However, in this circumstance it is still necessary to preserve security by providing a password protecting the trusted device itself and the need to frequently enter a password on a trusted device can become burdensome. Furthermore, security based purely upon passwords is vulnerable if the password becomes known to another party.
Another known form of security relies upon a user having possession of a token (e.g. a code generator) that they must have in their possession, as well as knowledge of a password, in order to connect to a target device. As an example, the security for a connection to the target device may require the user to obtain a one-time code from the token device and also enter a password thereby providing security based upon something that the user possesses (i.e. the token) and something that the user knows (i.e. the password). While such a system may provide increased security, it also decreases the convenience to the user as more steps are required in order to make the connection.
A long established form of security may be provided based purely upon possession of a physical key. As an example, possession of an appropriately shaped metal key may provide the possessor with the ability to open a locked door. An electronic equivalent to possession of such a physical key, may be, for example, the possession of a door pass that can be used to open an electronically secured door lock. While such systems are relatively quick to use, they can require the user to possess multiple physical keys and are also vulnerable to a loss of these keys allowing an unauthorised possessor of the keys to gain access inappropriately.
The present techniques seek to provide a trusted device that provides a secure way of establishing communication with a target device and yet requires a reduced level of on-going user action to establish those communications. These advantages are particularly useful when the number of target devices with which secured communication is desired increase, such as in an environment containing a large number of devices with which a user may wish to communication as part of their normal daily life (i.e. in an internet-of-things environment where many common device contain embedded processing capabilities with which a user wishes to communicate.