ARM joint venture Trustonic launched to secure mobile services

A new company called Trustonic has officially launched today with a security platform for embedding into ARM-based mobile devices, with the aim of protecting services such as payments and premium content services.

Trustonic is a joint venture between ARM and digital security firms Gemalto and Giesecke & Devrient, which will focus on the development of a Trusted Execution Environment (TEE) to provide a common security standard for connected devices such as smartphones and laptops.

The TEE builds upon ARM's TrustZone technology, security extensions that have been built into the core of ARM-based processors for several years that provide hard separation of secure and non-secure data, while also incorporating technology and assets from the other two firms.

In effect, the TEE is a self-contained operating system that runs parallel to the device's main operating system, be it Android or something else, and provides security services for specific functions.

"It's more than just an OS, depending on how you look at it. The proposition is that it offers self-contained security processing to keep trusted apps and data secure, as well as handling key management services," Trustonic chief technology officer Jon Geater told V3.

Developers can gain greater security by using the TEE to handle functions such as payment processing or authentication, while the bulk of their application is simply a standard Android app, Geater explained.

By integrating the TEE, device makers will be able to deliver a service-independent security platform that isolates and protects sensitive assets such as passcodes, fingerprints and certificates, according to Trustonic.

Meanwhile, service providers targeting the platform will know that they are dealing with a trusted device that can provide a secure connection and keep customer data secure.

The firm lists a number of industry partners lining up behind the new platform, including Samsung, Cisco, Good Technology, MasterCard, Wave Systems and Discretix.

Trustonic's technology takes the MobiCore platform from Giesecke & Devrient as its starting point, and this is already used by Samsung in its Exynos application processor, Geater said.

The technology is already deployed in some form in some Android handsets, such as the Samsung Galaxy S3. Trustonic is seeking to expand this, although the firm was not at liberty to name vendors that are looking to integrate the TEE in future.

"Right now, there is nothing concrete we can say about other platforms, but there will be developments," Geater added.