G&D and ARM to develop mobile device security solutions

By Sarah Clark • Updated nfcw.com

ARM and Giesecke & Devrient (G&D) have announced a strategic partnership aimed at the development of highly secure mobile phone platforms. The partnership will combine ARM’s TrustZone technology, which creates a protected area in advanced systems-on-chip, and G&D’s secure MobiCore operating system to develop secure solutions for sensitive applications such as electronic payment and online banking via mobile phone. As a first step, the two companies will develop a joint prototype.

“We will be working with ARM to develop the security architecture for the next generation of mobile phones,” says Dr Kai Grassie, head of the new business division at G&D. “This will enable people to access highly valuable services with convenience and security.”

“ARM TrustZone technology is already an integral part of the ARM Cortex-A series processors which are currently being deployed in smartphones by many of the industry’s leading handset manufacturers,” explained Ian Drew, executive vice president of marketing at ARM. “This collaboration with G&D will enable us to make rapid progress towards enabling secure transactions in next-generation mobile devices.”

Acceptance of mobile applications such as banking, ticketing and payment solutions rests on the security of device and background systems involved, say the two companies. For this reason, both have been working on innovative security concepts.

“The interplay of TrustZone and MobiCore ensures that if online services require security-sensitive functions such as entry of user name and password or data output on a display, these functions are transferred to the MobiCore high-security operating system running in the TrustZone protected area of an ARM application processor,” the two companies explain. “As the security-sensitive functions are executed, MobiCore maintains control of the secure area of a system-on-chip. Users can therefore be certain that the data they have entered, such as their username and password, cannot be manipulated by malware on the phone during a payment transaction.”

ARM is also creating a range of training and architectural service packages based around a TrustZone/MobiCore reference system which will help reduce time-to-market for secure embedded system development. ARM will release its first secure system training course based around hardware system integration and the TrustZone API next month. This will be followed by an ARM Active Assist on-site design review service package, a secure systems development training package based on MobiCore, the release of the TrustZone Address Space Controller to secure multiple regions of off-chip memory and the TrustZone reference system later in the year.

ARM and G&D will be presenting their joint concepts at the Mobile World Congress from 15 to 18 February in Barcelona.

Next: Visit the NFCW Expo to find new suppliers and solutions