Authentication techniques often require that a given user present one-time passwords (OTPs) or other short-lived cryptographic credentials in order to gain access to a protected resource. Such short-lived cryptographic credentials may be generated by an authentication token configured with a long-term base credential, also commonly referred to as a “seed.” One particular example of an authentication token is the RSA SecurID® user authentication token, commercially available from RSA, The Security Division of EMC Corporation, of Bedford, Mass., U.S.A.
An authentication token may be a hardware token, typically implemented as a small, hand-held device carried by the user.
Alternatively, an authentication token may be implemented as a software token within a mobile communication device such as a mobile telephone, a laptop computer, a wireless email device, a personal digital assistant (PDA), etc. This type of arrangement is advantageous in that it avoids the need to carry an entirely separate hardware device that is utilized only for authentication purposes. The short-lived cryptographic credentials are typically generated in a secure hardware environment of the mobile communication device, using one or more long-term credentials stored in the secure hardware environment. However, various applications running on the communication device, such as web browsing and email programs, may require use of the cryptographic credentials but run outside of the secure hardware environment. This can be problematic in that malicious software code on the communication device may gain access to any cryptographic credentials that are used by the applications outside of the secure hardware environment.
One possible approach to addressing this problem is to require that any security-sensitive portions of the applications execute in the secure hardware environment. However, this creates additional issues. For example, a secure hardware environment generally cannot support dynamic addition of application programs, also referred to herein as “scripts,” which are widely used in customizing mobile communication devices to user preferences. If the secure hardware environment were configured to allow dynamic addition of scripts, it would be easier for an attacker to implant an application that disclosed the cryptographic credentials utilized by other applications.
Accordingly, improved techniques are needed for protecting cryptographic credentials that are generated and stored on mobile communication devices in the presence of dynamic addition of scripts.