A mobile terminal for use with a cellular or mobile telecommunications network includes a normal execution environment (operating system) (30) and a secure execution environment (32) comprising a Mobile Trusted Module (MTM). The mobile terminal enables the software of the terminal in the secure execution environment (32) to be updated. The terminal 1 may be provided with minimal software initially in the secure execution environment (32), and is operable to subsequently update the software by over the air transmission of software. Also disclosed is a method for managing rights in respect of broadcast, multicast and/or unicast (downloaded) data, relevant in particular to managing access to a broadcast video data stream complying with a mobile digital broadcast scheme. The method defines a service protection platform implemented on mobile terminals having both normal execution environment (i.e. the operating system) and secure execution environment. Service protection is provided by separating the operation of service protection application components into those that operate in the normal environment and those that are adapted to execute only in the secure execution environment. Making the secure execution environment application component interchangeable allows the method to be adapted to any of a number of service protection protocols or “profiles” by downloading only the secure execution environment application component.