New security proposed for do-it-all phones

Trusted Computing Group is set to lay out new hardware-based security standard for mobile phones.

As mobile phones become digital do-it-alls, handsets need better protection from hackers and from unauthorized access when they're lost or stolen, says an industry group proposing new, hardware-based security standards for the devices.

The Trusted Computing Group (TCG)--backed by big names like Nokia, Motorola, Intel, Samsung, VeriSign and Vodafone--plans to unveil its plan Tuesday at a conference sponsored by the Cellular Telecommunications & Internet Association. The TCG has already developed similar specifications for PCs and servers.

In addition to voice calls, cell phones are increasingly used for taking pictures, keeping a calendar and sending text messages and e-mail. In the future they could replace wallets, say industry pundits, with consumers whipping out a specially equipped phone instead of a credit card to pay for a purchase. That would make securing the gadgets even more important.

Locking up cell phones

The Trusted Computing Group provides 10 examples of what its plan for hardware-based security could enable in mobile phones.

1. Platform integrity to ensure the hardware and software are in a state intended by the manufacturer.

2. Device authentication to protect and store identities of users and bind the device to the appropriate user.

3. Digital rights management to protect content on the phone.

4. SIMlock/device personalization to ensure a device is locked to its network and can't be easily stolen.

5. Secure software download to enable the safe download of updates, patches and other software.

6. Secure channel between different parts of the phone to prevent tampering by malicious software.

7. Mobile ticketing to enable the secure download of tickets and manage them.

8. Mobile payment to enable the secure execution of payments.

9. Software use to ensure software is safe, and if not, that it can be removed, replaced or not executed.

10. User data protection to allow users to prevent their information from being accessed or viewed by unauthorized people and to give users access to services or data that might not require personal information.

Source: Trusted Computing Group.

"Without proper security, mobile phones may become a target for hackers and malicious software," said Janne Uusilehto, senior technology manager at Nokia and chairman of the TCG's Mobile Phone Working Group. "The benefit of hardware-based security is that users can rely on their phone and (know) that private data is protected."

The proposed standard doesn't just protect user data. The security hardware also enables copyright protection, according to the TCG, a feature demanded by the entertainment industry. This so-called digital rights management technology could mean access to more exclusive content on cell phones, but it could also limit the content that will play on devices.

Additionally, says the TCG, cell phone operators could use the technology to get more control over the devices they sell. Operators would get a better way to lock devices to their networks and tighten control over which services and software can run on the gadgets. But user-rights advocates complain that such things limit consumers' choice and freedom.

The TCG's plans call for mobile handset hardware to support features similar to those of the Trusted Platform Module. The TPM is a security chip designed for PCs and servers that enables a variety of security features, including authentication, protected storage and secure e-mail. The TPM technology will need to be adapted because mobile phones are much smaller than PCs.

At the CTIA wireless event, the TCG will introduce its plans by sharing "use cases" for hardware-based security in cell phones. The group

Featured Video

We pummel the powder in Nissan's Winter Warrior concepts

Equipped with suspension lifts and actual tracks, these concepts are meant to reach places that no ordinary vehicle can.

by Jon Wong