TRUSTED COMPUTING GROUP UNVEILS MOBILE PHONE SECURITY USE CASES

SAN FRANCISCO, September 27, 2005 – The Trusted Computing Group, a nonprofit industry association that creates open industry specifications that vendors use to create more secure computing products, today announced its plans to enable trust and security in mobile phones and their applications. The organization has created a set of use cases for mobile phone security and intends to have a publicly available specification ready for first half of 2006.

The organization’s mission is to provide specifications as building blocks for virtually every device that touches a network. With mobile phone handset and related application growth exploding worldwide, security has become a concern because many new phones are used for computing tasks, Internet connectivity, ecommerce or content delivery. Just as with PCs, these phones potentially can be hosts or transmitters of viruses and malware and subject to virtual and physical theft.

TCG’s mobile phone work group, whose active members include Authentec, Ericsson, France Telecom, IBM, Infineon, Intel, Lenovo, Motorola, Nokia, Philips, Samsung, Sony, STMicroelectronics, Texas Instruments, VeriSign, Vodaphone and Wave Systems, has been working to identify critical security issues, standardized approaches to them, and implementation of Trusted Computing concepts.

“Security is increasingly important to the users, manufacturers, service providers and application providers for the increasingly complex mobile phone ecosystem and requires an industry-standard approach to ensure consistent and rapid deployment,” noted Janne Uusilehto, chairman, TCG Mobile Phone Work Group and head of product security technologies, Nokia. “TCG’s experience, expert members and cross-industry membership make it an ideal organization to drive standards for more secure mobile phones.”

Today’s document defines the usage of mobile phones in trusted environments. It is intended to guide development of the future specification and to solicit industry input to ensure TCG is meeting industry needs for security.

The use cases defined include:

• Platform integrity to ensure the hardware and software are in a state intended by the manufacturer.
• Device authentication to protect and store identities of users and bind the device to the appropriate user.
• Digital rights management implementation to protect content on the phone.
• SIMlock/device personalization to ensure a device is locked to its network and prevents device theft.
• Secure software download to enable the safe download of updates, patches and other software.
• Secure channel between the device and UTMS Integrated Circuit Card (UICC) to help avoid malicious software that can interfere with applications or otherwise compromise it.
• Mobile ticketing to enable the secure download of tickets and manage them.
• Mobile payment to enable the secure execution of payments.
• Software use to ensure that software is safe and if not, can be removed, replaced or not executed.
• User data protection and privacy to allow users to prevent their information from being accessed or viewed by unauthorized entities and to give users access to services or data that might not require personal information.

The complete use cases and a summary of them are available today online at www.trustedcomputinggroup.org