An Implementation Of Trusted Computing Based On Trusted Application

Under the expansion of mobile intelligent terminal and the rapid developing ofmobile networks, people become more and more concerned with the security ofmobile Internet. The center of innovation on moile security has moved from the priorpersonal computer to the now mobile intelligent terminals. In the field of mobileInternet, the traditional threat problems such as network fishing, copyright protection,organization access security,etc. has been magnified and become more serious.For the security problems of the mobile Internet world, we come up with anapplication layer security protocol “One-time Application”. OTA uses a random codeand two timers to assure security.The random code is used to authenticate users andtheir terminals, while two timers counting the login and service. Except of hardwareinformation typed when user registering the system, the protocol itself claim no morehard information, therefore a user do not have to to carry something like USB Key orRSA dynamic password card all the time, they also do not have to worry about oncetheir hardware lose. In addition, the protocol require neither measurement of the trustroot nor as the whole software stack which is more easy to use than those as TrustedComputing Group’s Trust Platform Module technology or ARM company’s TrustZone,and is easier to be implemented. Moreover,during transmission, the application isencrypted. Once the application is used, it no longer valid, this can greatly reduces thepossibility of attacker’s monitoring and simulating of a software, so further attacksuch as software tampering and data capture is almost impossible.At last,we come up with a prototype system that implement the OTA protocol, theresult reaches the expected goal. As a complement of scalability,we specific somedefects that has to be improved of the protocol, and share some ideas about thefeatures of a specific design which expands our brain. Then,we conclude that, in thefield of mobile security, the One-time Application has a very broad prospect in mobileapplication.