Secure Display and Secure Transactions Using a Handset

The security risks of using standard personal computers and operating systems for confidential transactions such as Internet banking are well-known. This is one reason for the interest in the mobile phone/ handset as a Personal Trusted Device (PTD). However, mobile phones have other shortcomings, for example the constraints of working with a small screen. This paper explores the use of a dedicated device - a Secure Display Device (SDD) - which, when used together with a mobile phone, combines the security of the phone as PTD with the characteristics, such as large display size, that can be offered by non-portable hardware. We describe three prototype SDD systems which we built in order to test these ideas. Two of them use a simulated SDD implemented entirely in software on a personal computer: a Mobile Banking system in which the SDD is used for its display capability, and a Payment System in which the SDD is an Automatic Teller Machine. In addition, we describe our work on a prototype hardware-based implementation of the Mobile Banking system that can be plugged into a standard computer monitor or TV. We conclude by analysing the lessons learnt and canvassing further use cases for SDD systems.