Issue No. 02 - February (1997 vol. 30)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/2.566159
<p>The market for devices like mobile phones, multifunctional watches, and personal digital assistants is growing rapidly. Most of these mobile user devices need security for their prospective electronic commerce applications. </p> <p>While new technology has simplified many business and personal transactions, it has also opened the door to high-tech crime. In this article, we investigate design options for mobile user devices that are used in legally significant applications. Such applications authorize transactions: mobile phone calls, access to an office or car, electronic payment in stores, retrieval of stored medical data, and access to information on portable computers. Digital signatures-the electronic equivalent of handwritten signatures-are at the core of most of these applications and are explained briefly in the "Digital Signatures" sidebar. A trustworthy mobile user device should suit its purpose well and have credible quality. </p> <p>Because mobile user devices act on someone's behalf, we use the analogy of agents to describe approaches to security. There are three types of agent trustworthiness: </p> <p>Personal-agent trust. Here, the device must act according to the user's wishes while it is in the user's hands. For example, it should not sign unintended statements or unintentionally delete electronic money. </p> <p>Captured-agent trust. In this case, the user is protected even if the mobile user device is lost, stolen, or given away (inserted into a point-of-sale terminal or sent away for maintenance). For example, the finder or thief should not be able to sign statements in the legitimate user's name. </p> <p>Undercover-agent trust. In this case the mobile user devices will protect a third party from the device's legitimate user. For example, in prepaid offline payment systems users have so-called "electronic cash" in their mobile user devices, which they can use without connecting to a bank. The bank wants the mobile user device to prevent its legitimate user from "spending" the same bit string in several shops. Contrary to popular belief, undercover-agent trust is not needed in many applications, including online payment systems and general signature applications. </p> <p>A mobile user device by itself may not be able to keep data secret or uncorrupted-it may not be tamper-resistant. A tamper-resistant device is called a security module, whether the security mechanism is on a separate device or incorporated into the mobile user device itself. Such devices secure "mobile" applications and applications on stationary devices like PCs and public kiosks, if all security-relevant actions are controlled via the trustworthy mobile device. </p>
M. Schunter, A. Pfitzmann, B. Pfitzmann and M. Waidner, "Trusting Mobile User Devices and Security Modules," in Computer, vol. 30, no. , pp. 61-68, 1997.