摘要 |
In a secure data system 100, secure data is stored on a mobile device 102. A request is received from a requesting application 106, 108 to release one or more data items associated with a user, e.g. user credentials. One or more inputs are received from the user 110 specifying (i.e. confirming) if the requested data items can be released. The user input may also comprise verification of user identity, i.e. user authentication. If a received user input specifies that a requested data item can be released then the item is released to the requesting application. Each time access to a data item is requested a certificate associated with the user may be checked and, if invalid, access to all stored data items is revoked. The secure data may be provisioned by an external provisioning system 104, (206, fig. 2) and is, preferably, stored in a secure data store (200, fig. 2), e.g. encrypted. The requesting means, input device and data store may operate within a trusted execution environment whilst the requesting application may operate outside that environment. |