1

2

3

4

5

1

http://tw.news.yahoo.com/article/url/d/a/110914/5/2yp2c.html

4

5

http://www.mobileindustryreview.com/2011/06/idcs-smartphone-forecast-55-increase-this-year-reckons-1-billion-will-ship-by-2015.html

2011 2015 Android 38.9% 43.8%BlackBerry OS 14.2% 13.4%Symbian 20.6% 0.1%iOS 18.2% 16.9%Windows Mobile 3.8% 20.3%Others 4.3% 5.5%

6

Android

2007/11 Google (Open Handset Alliance, OHA) Android

Linux

C/C++

Google Dalvik ( Oracle JVM )

Java

IDE Eclipse

7

Linux Kernel

LibrariesRuntime

Application Framework

Applications

iOS

iPhone OS20106iOS

iPhoneiPod touchiPad

Mac OS X

Objective-C

IDE X-code

8

Cocoa Touch

Media

Core Services

Core OS

Windows Phone

Pocket PC Windows Mobile Windows Phone

Mango

Silverlight XNA

IDE Visual Studio

9

vs.

HTML 5

iPhone/ iPad AndroidCanvas (Canvas Text API )

CSS3 Web Storage Web SQL Database Geolocation API

HTML5 iPhone, iPad, Android

10

2

(Physical Security) (Secure Data Storage) (Strong Authentication with Poor

Keyboard) (Multiple User Support with Security) (Safe Browsing Environment) (Application Isolation) (Information Disclosure) (Virus, Worms, Trojans, Spyware, and Malware) (Difficult Patching/ Updating Process) (Strict Use and Enforcement of SSL) (Phishing) (CSRF) (Location Privacy/ Security) (Insecure Device Driver) (Multiple Factor Authentication)

Source: Mobile Application Security, 2010 (Himanshu Dwivedo, Chris Clark, David Thiel )

12

13

(Physical Security) (Secure Data Storage) (Strong Authentication with Poor

Keyboard) (Multiple User Support with Security) (Safe Browsing Environment) (Application Isolation) (Information Disclosure) (Virus, Worms, Trojans, Spyware, and Malware) (Difficult Patching/ Updating Process) (Strict Use and Enforcement of SSL) (Phishing) (CSRF) (Location Privacy/ Security) (Insecure Device Driver) (Multiple Factor Authentication)

Source: Mobile Application Security, 2010 (Himanshu Dwivedo, Chris Clark, David Thiel )

14

VPN

Internet

Intranet

VPN

15

(Physical Security) (Secure Data Storage) (Strong Authentication with Poor

Keyboard) (Multiple User Support with Security) (Safe Browsing Environment) (Application Isolation) (Information Disclosure) (Virus, Worms, Trojans, Spyware, and Malware) (Difficult Patching/ Updating Process) (Strict Use and Enforcement of SSL) (Phishing) (CSRF) (Location Privacy/ Security) (Insecure Device Driver) (Multiple Factor Authentication)

Source: Mobile Application Security, 2010 (Himanshu Dwivedo, Chris Clark, David Thiel )

16

NIST SP 800-63

NIST SP 800-63

1

2

3 (Two-Factor)

(What you know?) (What you have?) (Who you are?)

4 (Token)

17

(Physical Security) (Secure Data Storage) (Strong Authentication with Poor

Keyboard) (Multiple User Support with Security) (Safe Browsing Environment) (Application Isolation) (Information Disclosure) (Virus, Worms, Trojans, Spyware, and Malware) (Difficult Patching/ Updating Process) (Strict Use and Enforcement of SSL) (Phishing) (CSRF) (Location Privacy/ Security) (Insecure Device Driver) (Multiple Factor Authentication)

Source: Mobile Application Security, 2010 (Himanshu Dwivedo, Chris Clark, David Thiel )

18

19

3

/

21

22

1.

2.

3.

4. Token

5. Token

6. Token

7. Token

23

Two Factor

1.

2.

3.

4.

24

OTP

1.

2.

3.

4. OTP

OTP

25

1.

2.

3.

4.

26

Ex.

1.

2.

3.

4.

27

[ SD ]

PKI

JB root

28

USB Mini-USB Micro-USB USB

29

30

31

4

33

34

1. 2.

3.

OTP

35

36

1. ()

2.

/

3.

4. Token

5. Token

(1/2)

37

/

1.

2.

3. App

4.

5.

6.

App

(2/2)

38

1.

2.

3.

4.

5. TokenToken Token

6. Token

7. Token ( Token )

8.

/

Ex. OpenID OAuth

39

40

1. ID

2.

3.

4.

41

/

1.

2. Token4.

3.

5.

API

Google Facebook API

App

IPC

42

43

1. 2. Token

3.

4.

Oops

44

45

1. App

1.

2a. Token

2b. ID

3. App

4. Token App

5. App

6, Token

46

1.

2.

3. ID

4. TokenToken

5. ID, Token Token ()

6. Token

5

48

49