Method and system for executing a secure application on an untrusted user equipment

摘要

A method for executing a secure application on an untrusted user equipment having storage means with at least one protected region includes establishing a secure or authenticated communication channel between a trusted device and the user equipment. Secure application information of the secure application is provided via the communication channel to be executed on the user equipment. Correctness of the secure application information is checked. Execution of the secure application is initiated on the user equipment via the communication channel such that the secure application is stored in the protected region of the storage means.

主权项

1. A method for executing a secure application on an untrusted user equipment comprising a storage device with at least one protected region, the method comprising:
a) establishing, between a trusted device and the user equipment, a communication channel being at least one of: a secure communication channel, and an authenticated communication channel, wherein the communication channel is established by performing a secret key-challenge between the user equipment and the trusted device; b) providing secure application information of the secure application via the communication channel to be executed on the user equipment; c) checking correctness of the secure application information; and d) initiating execution of the secure application on the user equipment via the communication channel such that the secure application is stored in the at least one protected region of the storage device, wherein the performing the secret key-challenge between the user equipment and the trusted device comprises issuing a challenge including a nonce and issuing a response to the challenge that also includes the nonce, wherein the issuing the challenge including the nonce comprises issuing, by the user equipment, the challenge including a semantically secure encryption function of the nonce and a unique identifier corresponding to the user equipment or a component of the user equipment, and wherein the issuing a response to the challenge that includes the nonce comprises issuing, by an interface application of the trusted device, a semantically secure encryption function of a START command, the nonce, and a unique identifier of the interface application.