Using a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel

摘要

A system and method for establishing a trusted connection on a mobile computing device (102). A shared secret is generated on a trusted platform (106) of the mobile computing device. The shared secret is transported to a secure channel application (118). The secure channel application establishes a secure local communication channel between the trusted platform and a SIM (subscriber identity module)/Smartcard (104) on the mobile computing device. The shared secret is received by the SIM/Smartcard. In one embodiment, the mobile computing device includes a GSM (Global Systems for Mobile Communications) 03.48 application (120) that sends the shared secret to a GSM 03.48 network infrastructure (122) for storage, management, and verification by the GSM 03.48 network infrastructure, and in turn sends the shared secret to the SIM/Smartcard on the mobile computing device.; In an alternative embodiment, a Diffie-Hellman key exchange is performed by the trusted platform to send the shared secret to the SIM/Smartcard. The shared secret, after being received by the SIM/Smartcard, is provided to a secure channel applet (112) on the SIM/Smartcard. The secure channel applet establishes the local communication channel between the SIM/Smartcard and the trusted platform. Once the secure channel application on the trusted platform and the secure channel applet on the SIM/Smartcard both have the shared secret, a transport layer security (TLS)-based handshake can take place to establish the secure local communication channel.