Mobile devices have evolved into open software platforms capable of downloading a huge variety of applications from the internet. These applications are often validated by the device OEM to ensure quality, however not all functionality can be tested and increasingly malicious code is being created to target this class of devices.
In parallel, the demand for mobile devices to handle high-value services is gaining significant momentum. New business models are emerging, from the capability to pay for, download and view the latest Hollywood blockbuster for a specific period, or the ability to pay bills and manage bank accounts remotely from a handset.
These trends have the potential to make the mobile handset the next frontier for software attack vectors such as malware, trojans and rootkits. However, through the application of advanced security technology based on ARM TrustZone technology and integrating SecurCore™ tamper resistant elements it is possible to develop devices that can offer both a feature-rich open operating environment and robust security solutions.
• Secured PIN entry for enhanced user authentication in mobile payments & banking
• Anti-malware that is protected from software attack
• Digital Right Management
• Software license management
• Loyalty-based applications
• Access control of cloud-based documents
• e-Ticketing Mobile TV
Trusted applications that work on a TrustZone technology-based SoC running a Trusted Execution Environment, separated from the main OS, protect from software/malware attack. The TrustZone switch into secure mode provides hardware backed isolation. Trusted applications are typically containerized allowing for example trusted applications from different payment companies to co-exist on a device. Processor Support
ARM TrustZone technology is an integral feature of all Cortex-A class processors and was introduced through the ARM Architecture Security Extensions. These extensions provide a consistent programmers model across vendors, platforms, and applications while providing a true hardware backed security environment.
ARM processors supporting TrustZone include:
GlobalPlatform API Support
ARM has donated its TrustZone API to GlobalPlatform and this has developed into the TEE Client API. ARM has also been working with other leading companies to develop the TEE Internal API that interfaces between the Trusted OS and the Trusted Application. Please see the GlobalPlatform website for more details. The expectation is that the standardization of the TEE will lead to a rapid growth in the deployment of trusted applications.