A set of security standards designed to lock down mobile devices has been hammered out and is set to be unveiled at the CTIA Wireless IT and Entertainment show in Los Angeles next month.
Called the Mobile Security Specification, it is billed as the basis for a new generation of secure phones and mobile devices that will be harder to tamper with and more secure. The standards' backers include Nokia, Samsung and France Telecom.
The specification has been years in development, said Janne Uusilehto, head of Nokia product security and the chairman of the working group developing this technology. "It is a big deal. This is the first time that we have created such common security specifications for all handheld devices," Uusilehto said.
The specifications are built on work done by the TCG (Trusted Computing Group), an industry association that has already created similar standards for PCs, servers and networks.
Uusilehto's Mobile Phone Work Group expects to announce the specification on 13 September at the CTIA show, provided that the remaining minor details can be worked out. The specification will be published here.
The Nokia executive declined to say when his company or others will be producing phones that comply with the new specification, but he predicted that manufacturers would soon begin using the technology to lock down basic parts of their devices, such as the OS (operating system).
When these devices appear, they will make things more difficult for data thieves and mobile virus writers. Down the line, the technology could be used to build electronic wallets into mobile phones.
In general terms, the specification calls on hardware vendors to store protected information in a secure area of the phones called the MTM (Mobile Terminal Module). Similar to the Trusted Platform Module used in PCs, the MTM could be used to ensure that the phone's OS, applications and data have not been tampered with.
This type of trusted module could also be used by network operators to ensure that the phones on their network can't be used if they are stolen, said Mark Redman, a principal engineer with Freescale Semiconductor who is familiar with the specification. "That is probably one of the biggest concerns that the mobile phone operators have at this stage," he said.
Though some companies may be early adopters of the Mobile Security Specification, it could take years before users reap any benefits, said Roger Kay, an analyst with Endpoint Technologies Associates who serves as on the TCG's advisory council. "What typically will happen is that there may be some early adopters who start adhering to the specification before it's fully accepted," he said. "Just because [the TCG standard] promulgates, it doesn't mean that it's going to be adopted."
Even after years of development, there is still debate about whether trusted modules are the right approach for the PC industry, he said. "The most interesting, most advanced features are going to take years, because everybody has to agree to adhere to the new standard."