ARM, Giesecke & Devrient (G&D), Infineon Technologies, Brightsight and Graz University of Technology, Austria have received funding from the EU’s Seventh Framework Programme (FP7) to develop technology that will enable a new kind of secure element to be built into a mobile device’s main processor.
The on-board secure element would enable the device to handle a wide range of secure transactions.
“As financial services, such as banking and payment, become increasingly accessed from mobile devices, it becomes increasingly critical to provide secure, certified cell-phone platforms to ensure such sensitive applications are efficiently protected from security threats,” say the partners in the new Sepia (Secure Embedded Platform with advanced Process Isolation and Anonymity capabilities) project. “Protecting people’s security, privacy, and identity on these devices is therefore a mounting concern. At present, however, there is no common security level across cell phone platforms and the technology varies widely.”
“For the consumer, Sepia should allow execution of security-critical applications such as electronic banking, location-based services, and social networking on cell phones, while ensuring that personal and confidential data such as usernames, passwords, location, and banking and payment details are stored and processed within a separate trusted environment,” they explain. “The expected outcome of Sepia is that these security-critical applications will run in a protected and isolated environment, alongside other services such as games and software downloads, without risk of being affected by viruses, trojans, or other malicious software.”
The three year project will see the Sepia team developing a mobile platform that combines ARM TrustZone technology — which creates a protected area in advanced systems-on-chip — and the MobiCore high-security operating system developed by G&D.
Infineon, meanwhile, is contributing its next-generation secure user credentials and password storage technology. Brightsight is to develop new certification methods that will allow mobile platforms to be certified incrementally and Graz University of Technology will work on techniques to preserve anonymity and the development of security mechanisms for future cell phone processors.