Mobile Application Protection Solution Based on 3G Security Architecture and OpenID

Abstract

Copyright attacks on mobile application is a critical issue for mobile network operators (MNOs) and application and content providers who have deployed AS. This paper proposes a solution for this issue that leverages 3G security architecture. A trusted mobile software runtime is designed to control the execution of the mobile application. A dynamic Software ID and security key are created and deployed on both the application store and mobile device for authorization of software execution requests and to invoke web services. The Software ID will be updated each time the mobile application is executed and will be stored on the server side. The mobile software protection model, which is protected by a universal integrated circuit card will be stored on the client side. The proposed solution enables a trusted computing environment that leverages the existing resources and capability of mobile network operators for developers and stakeholders. Thus it can prevent several types of mobile application crack issues including redistribution of the application to unauthorized devices, modification of the application, copy application to other devices through cracking the UICC and unauthorized action to obtain web service URLs to consume the web service.