Personal user device and method for selecting a secured user input/output mode in a personal user device
FIELD OF THE INVENTION
The invention relates to a personal user device with a user interface and with selection means for selecting a secured user input/output mode, which secured user input/output mode enables a transfer of data between said user interface and at least one trusted component of said personal user device or connected to said personal user device, wherein said data is protected from an access by an unauthorised application. The invention equally relates to a method for selecting a secured user input/output mode in a personal user device.
BACKGROUND OF THE INVENTION
The term personal user device denotes any end user terminal like a mobile phone, a personal computer or a hand-held computer. A personal user device can be designed to provide a rich functionality by employing a general-purpose operating system which can run applications from different sources. On the other hand, a personal user device can be operating as a personal trusted device. Such a trusted device can be used for example for mobile commerce and other security-sensitive applications over an open network. In
order to provide a maximum of comfort to a user, a personal user devices is equipped for both aspects.
In its function as a trusted device, a personal user device has to be able to exchange sensitive data with other units over open networks in a protected way. A protected transfer can be achieved e.g. by encrypting sensitive data with cryptographic algorithms and protocols using secret cryptographic keys before they are transmitted. Different known communication security protocols, security mechanisms and cryptographic algorithms that can be employed for exchanging sensitive data are mentioned for example in "Development of a Secure Electronic Marketplace for Europe"; in the proceedings of ESORICS '96 (4th European Symposium on Research in Computer Security) , Rome, LNCS 1146, Springer- Verlag, Berlin 1996, 1-14, by Michael Waidner. The security of an encrypted transmission does not only rely on the quality of the used cryptographic techniques, but in addition on an adequate protection of the employed cryptographic keys. However, standard operating systems are vulnerable to viruses and Trojan horses. A Trojan horse can steal a user's secret keys or use them in ways the user did not intend.
A common protection against such threats is to keep the cryptographic keys and functionality in tamper-evident devices which thus can constitute a trusted component. An example for such a trusted component is a smartcard. A smartcards can store a secret key and can be connected to a personal user device, e.g. a PC or a mobile phone. The
personal user device to which a smartcard is connected cannot access the stored secret keys, but it can ask the smartcart to perform a cryptographic function for which the key is needed, like calculating a digital signature or decrypting a message. The access to smartcards is moreover protected by personal identification numbers (PINs) .
But smartcards do not alleviate the problem entirely either. For example, a malicious payment application could ask the user to approve a payment of $10 by typing in the PIN, but once the PIN is available, ask the smartcard to sign a payment message for $100. This inadequacy of smartcards has been pointed out in several documents, e.g. in the above cited document "Development of a Secure Electronic Marketplace for Europe", and in "Hand-held computers can be better smart cards", Usenix security symposium, 1999, by Dirk Balfanz and Edward W. Felten.
A solution to such problems involving smartcards or other trusted components storing secret data is a personal user device with a trusted input/output path to the user, which trusted input/output path cannot be accessed by any unauthorised application. It has been suggested that trusted devices can be implemented on PDAs (personal digital assistant) or Communicator type combined PDA/phones. However, since the trusted device is preferably combined with a general personal user device with a rich functionality as mentioned above, the personal user devices usually runs extensible operating systems like EPOC, Windows CE or Palm OS. Therefore, the trusted user input/output path
has to be able to work in conjunction with a general-purpose operating system. That is, the trusted user input/output path cannot be used exclusively, since many applications which are not security sensitive require a direct access to a user input/output interface. In the SEMPER project described in the cited document "Development of a Secure Electronic Marketplace for Europe" therefore a trusted user interface was suggested.
The basic idea for a trusted user interface is that it runs as a high priority component in a general personal user device. Only this high priority component has access to critical resources like cryptographic keys, while ordinary applications wishing to use the critical resources have to make their requests via this component. In a secure mode, the high priority component has moreover control of the user input/output devices, and no other ordinary application can access the same input/output devices. Therefore, when the personal user device is in secure mode, a user of the personal user device can safely enter sensitive information, such as PINs, and/or be guaranteed that the information displayed on the screen or on another output device is trustworthy.
The trusted user interface can be implemented as a separate operating system. In this case, the hardware should ensure the above features. Alternatively, it can be implemented as a separate process in the same operating system. In this case, the operating system should ensure these features.
A problem with this architecture is how to ensure that the user clearly knows when the trusted user interface is active.
The cited document "Development of a Secure Electronic Marketplace for Europe" proposes to employ a trusted interactive graphical user interface (TINGUIN) which is clearly distinguishable from the graphical user-interface of other applications. The disadvantage with such a secure mode indicator is that an application could put the device into the secure mode without the user being aware of it, and if the user then accidentally makes some input, such as pressing a key, before having noticed the secure mode, the device may consider this input as the user's approval for a sensitive task.
SUMMARY OF THE INVENTION
It is an object of the invention to ensure that a user of a personal user device clearly knows when a secured user input/output mode is selected.
This object is reached on the one hand with a personal user device with a user interface and with selection means for selecting a secured user input/output mode. The secured user input/output mode enables a transfer of data protected from an access by an unauthorised application between said user interface and at least one trusted component of said personal user device or connected to said personal user
device. According to the invention, the personal user device further includes activating means which enable a user of said personal user device to cause said selection means to select said secured user input/output mode. On the other hand, the object is reached with such activating means.
In addition, the stated object is reached with a method for selecting a secured user input/output mode in a personal user device, which secured user input/output mode enables a transfer of data protected from an access by an unauthorised application between a user interface of said personal user device and at least one trusted component of said personal user device or connected to said personal user device. The secured user input/output mode is selected according to the invention upon request by a user.
The invention proceeds from the idea that the most reliable way to ensure that a user knows whether a secured input/output mode has been selected or not is to let this mode be activated by the user himself. Thus it is proposed with the personal user device and the method of the invention that a human user can activate the selection of the secured input/output mode which provides a trusted input/output path between the user and trusted components of the system. In order to guarantee a maximum protection, at least for certain actions, like e.g. a digital signing of messages, exclusively a user should be able to activate the selection of the secured user input/output mode. In these cases, activating the secured input/output mode should not be possible for normal and potentially untrusted
applications on the device, which makes the device more secure.
The personal user device can select the secured user input/output mode by informing the operating system and/or the hardware of the personal user device about the requested change of mode.
Preferred embodiments of the invention become apparent from the subclaims.
The activating means preferably include a dedicated security button on the personal user device that has to be pressed by a user in order to cause a selection of the secured input/output mode. Such a security button should be clearly identifiable by a user. A security button can moreover be provided with a dedicated driver which is completely unaccessible through user-level programs. If the driver is residing in a flash memory, it is preferably signed by a root key. It is further preferred that the security is based on signed ROM (Read Only Memory) images and keys residing on CPU-ASICs (Central Processing Unit - Application Specific Integrated Circuits) . The security button could be for example the power button or a similarly implemented button that does not utilise the keyboard driver. With a security button as activating means, it is thus possible to achieve a particularly high security.
Alternatively, the activating means can be based on existing devices. It can be requested, e.g. that a specific sequence
of keys is pressed, or an option is popping up on the display of the personal user device forming part of the user input/output interface when a predetermined button like a power on/off button is pressed. The display of such an option may also be caused by an application requesting an action that requires a secured input/output mode. The option can be selected by the user again using either a dedicated security button, one or more of regular keys or any other suitable input means .
Preferably, che secured input/output mode can only be activated by the user for predetermined actions requested by an application. Such predetermined actions can be for example signing or decrypting a received message.
In addition to including activating means for enabling a user to determine the beginning of a secured input/output mode, there may also be deactivating means enabling a user to deactivate a secured input/output mode in order to prevent that the user thinks he is still in the secured input/output mode, even though all actions for which the secured input/output mode was selected have been completed and the personal user device has already switched back to a normal mode.
Preferably, the personal user device indicates in addition in some way to the user that a secure mode is active. This may be achieved either by hardware, for example by a special LED of the personal user device, or by software. In the latter case, e.g. a background pattern may be displayed, or
colours etc . which are recognisable by the user and not available to untrusted applications. Such a background may even be selectable by the user.
There are several possibilities of realising the secured user input/output mode and, depending on this realisation, different kinds of applications have to be considered to be unauthorised.
In one preferred embodiment, the secured user input/output mode is realised similar as described in the background of the invention, i.e. a dedicated process is run by the selection means. This dedicated process corresponds to the mentioned high priority component run by the trusted user interface. In this case, preferably only the dedicated process is considered to be authorised, while all other applications are considered to be unauthorised. As a consequence, only the dedicated process has access to a user interface while the secured user input/output mode is activated.
In another preferred realisation, however, any application may be considered authorised, as long as it can be identified by some characteristic to be authorised, e.g. by a code signing and/or by the location from which the application is loaded, like an integrated disk of a personal user device, a CD-ROM, or some external server. With respect to a required code signing, it can be checked in particular whether there is any signing at all and, in addition, whether the code signature matches to a specific memory-
image text segmen . Some check sum can moreover be checked for determining whether the binary image of the executable program of an application was changed compared to the original binary image, e.g. because they contain a virus. Applications with a changed binary image of their executable program should be considered to be unauthorised regardless of other criteria. A secured user input/output mode is then guaranteed by preventing the secured input/output mode to be selected when any unauthorised application is running. All unauthorised applications detected to be active might be terminated in order to be able to select said secured user input/output mode. Advantageously, however, it is left to the user to decide, whether the unauthorised applications are actually terminated or not, and therefore, whether the secured user input/output mode is to be entered.
In addition it should be prevented in this embodiment of the invention that any unauthorised application is activated as long as the secured input/output mode is selected. Thus a secure runtime environment has to be implemented. With the same effort, an always-on security-mode approach could be realised. All authorised applications, on the other hand, can directly access the user input/output means even during the secured user input/output mode.
In a further preferred embodiment of the invention, when a user actuates the activating means, the executable programs of all applications currently running in the personal user device are first checked for determining whether there is a change in the binary image of the respective executable
program, before a secure mode can be selected. The user can then be offered that all applications of which the executable program is considered to have changed are terminated. In case the user signals to terminate all or selected applications of which the executable program is considered to have changed, all or selected ones of these applications are terminated. A change of the binary image can be detected e.g. by comparing a disk image check sum or signature with a memory image check sum or signature.
The invention can be used in all end user terminals which support security features for which an interaction by the user is needed, like e.g. for e-payments. Such terminals may be for example mobile phones or PCs.
BRIEF DESCRIPTION OF THE FIGURES
In the following, the invention is explained in more detail with reference to a drawing which shows schematically an architecture of a personal user device to which the invention is applied.
DETAILED DESCRIPTION OF THE INVENTION
The only figure depicts components of a personal user device that can be used equally for general purposes and for security sensitive transactions. Moreover, the figure shows a user U of this personal user device.
The personal user device includes a general purpose operating system 1, a hardware 2 and a trusted user interface 3 comprising a security button. Moreover, the personal user device includes a regular user interface comprising a display and different keys, which is not depicted in the figure. Some elements of the trusted user device 3 and the regular user device are used in common by both devices, e.g. the display. Further, a first application 4 and other applications 5 are installed on the personal user device. Finally, a smart card with critical resources 6 like cryptographic keys has been detachably connected to the personal user device by the user U. Operating system 1, hardware 2 and critical resources 6 are connected to the trusted user interface 3, to the regular user interface and to the applications 4, 5 via a kernel interface 7. Only a high priority component run by the trusted user interface 3, however, has access to connected critical resources 6. The regular and the trusted user interface 3 are further connected with the installed applications 4, 5 via an application program interface 8.
The personal user device has access to other devices, servers or any other kind of systems via an open network. The interface of the personal user device to the open network is not depicted in the figure.
The operating system 1 of the personal user device is a general-purpose operating system which can run applications from different sources, i.e. either from the personal user device itself or from some remote location connected to the
personal user device via the open network. During normal operation, applications 4, 5 are able to exchange data directly with the input/output means of the regular user interface via the application program interface 8.
The functioning of the personal user device in accordance with the invention will now be explained for an exemplary situation, in which the first application 4 requests that the user U digitally signs a message received from some other device via the open network.
The application program interface 8 comprises several functions that are responsible for initiating a secured user input/output mode for different security sensitive actions that may be requested by one of the applications 4, 5. One of these functions is for example a sign() function, which initiates a secured user input/output mode, in case an application 4, 5 requests a message to be signed by the user U. Another function may be a decrypt () function, which initiates a secured user input/output mode, in case an application 4, 5 provides an encrypted message that has to be decrypted before it can be read by the user U.
In a first step, the first application 4 invokes the sign() function in the application program interface 8 with the message that is to be signed as a parameter. The application program interface 8 knows now that a secured user input/output mode might be about to be selected by the user U.
Invoking the sign() function in the application program interface 8 automatically results in two different actions. On the one hand, the implementation of the sign() primitive displays an information to the user U on the display of the regular user interface via a mailbox type messaging mechanism. The information states that a signature request was received from an application 4 and that signing requires the user U to activate a trusted mode. On the other hand, the function call is registered with the trusted user interface 3, which is implemented in this example as a separate operating system.
In case the user U does not want to sign the message, he presses some predetermined key or keys of the regular user interface. As a result, the application program interface 8 is informed that the requested secured user input/output mode was not selected by the user U and that the normal mode operation continues. The function call registered with the trusted user interface 3 is cancelled. If, in contrast, the user U considers signing the message, he now has to press the security button of the trusted user interface 3 on the personal user device. In an alternative implementation, he might have to press a predetermined sequence of the regular keys of the regular user interface.
As soon as the user U presses the security button, the trusted user interface 3 of the personal user device is informed. To this end, a message including information about the requesting application and about the purpose of the
requested secure mode could be written for example to a predetermined location to which the trusted user interface has access. Possibly, the trusted user interface 3 has to be activated first. The trusted user interface 3 now switches to the secured input/output mode. In this mode, only the high priority component of the trusted user interface 3 has control of the user input/output means, as indicated by the dashed line between the user U and the trusted user interface 3. None of the applications 4, 5 can access the user input/output means until the normal input/output mode is re-established. Since moreover only the high priority component of the trusted user interface 3 has access to the critical resources 6 of the connected smartcard, a trusted transfer path has thus been established between the user U and the critical resources 6 via the trusted user interface 3. The secured input/output mode is further indicated to the user U by activating the LED included for this purpose in the personal user device.
The high priority component of the trusted user interface 3 handles the registered function call by displaying the message that is to be signed to the user U on the display now forming part of the trusted user interface, and by asking the user U whether the message should be signed. The user U checks the message and if he decides to sign it, presses a key in the standard user interface indicated in the display together with the message and enters a specific password chosen by the user U at an earlier point of time.
In order to obtain a digital signature for the requesting user U from the critical resources 6, the high priority component of the trusted user interface 3 then invokes a sign() system call on the kernel interface 7, including as parameter the message that is to be signed and the password entered by the user U. The kernel interface 7 comprises several such system functions corresponding to the functions of the application programme interface. The smartcard with the critical resources 6 checks the password and, if the password turns out to be correct, calculates the digital signature of the user U for the received message. The high priority component of the trusted user interface 3 receives this digital signature as return value from the critical resources 6 and passes it on to the first application 4 via the application program interface 8. Dashed lines between the critical resources 6 and the first application 4 in the figure indicate the indirect access of the application 4 to the critical resources 6 that was thus realised via the trusted user interface 3. The high priority component of the trusted user interface 3 moreover indicates to the application program interface 8 that the secure mode operation has been completed.
The personal user device turns off the LED indicating the secure mode and re-activates the access of the applications 4, 5 to the regular user interface. The first application 4 and the other applications 5 can now proceed with their normal operation.
Thus, the activating means are realised in this example by the security button and functions in the trusted user interface that are able to interpret a pressing of this button. The selection means are realised by the trusted user interface, which informs the operating system and the hardware about the trusted mode activated by the user.
In a second embodiment of a personal user device according to the invention, the secure input/output mode can also be activated by a user, but the selection of the secure user input/output mode is realised in a different way. The personal user device of the second embodiment has a similar design as the personal user device of the first embodiment.
In case a user wants to set the personal user device into the secure input/output mode, he presses the security button. The operating system checks whether any unauthorised applications are currently active. This is done by checking, whether the application has a code signing that can be verified by the personal user device.
If any unauthorised application is found to be running, the operating systems presents an option to the user on a display to terminate all unauthorised applications. In case the user selects this option, all unauthorised applications are terminated.
If no unauthorised application is found to be running or if all unauthorised applications were terminated, the operating system turns on a green LED indicating to the user that the
secured input/output mode was selected. While the green LED is on, the operating software prevents that any unauthorised application starts.
Therefore, it is guaranteed that during the secure input/output mode, only authorised applications can access the input/output terminal of the personal user device, since only authorised applications are allowed to be or to start running in this mode.
If any unauthorised application was found to be running and the user does not select the displayed option to terminate all found unauthorised applications, the green LED is not turned on. Thereby, the user knows that the device is in unsecure mode, and that he should not make any payments with the personal user device or carry out any other security sensitive actions.
When the user completed all actions for which he activated the secure input/output mode, he has to press the security button again to terminate the secure input/output mode and to enable unauthorised applications to be run again.
In addition, the user can be given a list of detected unauthorised applications that might contain viruses on the display. An option is presented to the user to erase all or selected ones of these listed applications. In case the user decides to erase one or several of the listed applications, he chooses the presented option indicating the applications selected for erasure, and as consequence, the applications
are erased. Before choosing the option, however, he should again press the security button in order to activate the secure input/output mode, since otherwise, the kill prompt windows might be captured.
The first and the second presented embodiments of the invention therefore both enable a selection of a secured input/output mode upon request of a user of a personal user device, only the realisation of the secured input/output mode is different.
In the first embodiment, exclusively a high priority component run by the trusted user interface for any application for which a secure input/output mode is required, has control of the user input/output means during a secured input/output mode. Only this high priority component can therefore be or contain an authorised application, while all other applications are considered as unauthorised applications, which may at the most request the selection of the secured input/output mode via the API.
In the second embodiment, in contrast, there is not necessarily a high priority component run by a trusted user interface. Rather, any application that contains a code signing that proves to be acceptable can have access to the user input/output means during a secured input/output mode. It is only ensured that at this time, all other applications not comprising such a code signature are not allowed to be running by the operating system.