Security certification supports and
accelerates deployment of secure services on connected devices
16 March 2017, Cambridge, UK - Trustonic has
become the first vendor globally to achieve Common Criteria security
certification for a Trusted
Execution Environment (TEE)* device security product. The certification of
Trustonic’s Kinibi TEE paves the way for mass
market delivery of trusted services on connected devices.
The GSMA introduced an initiative to define specifications for embedded
SIMs (eUICCs). The goal is to provide a global standard for the remote
management of M2M connections, allowing the “over-the-air”
provisioning of an initial operator subscription, and the subsequent
change of subscriptions from one
operator to another. A core specification (SGP.02) and a test specification
(SGP.11) have been developed. Test validation will ensure that
embedded SIMs can
deliver robust, secure and ubiquitous connectivity.
Common Criteria certification, which has been performed in line with
the GlobalPlatform TEE Protection Profile**, gives device manufacturers
Trustonic’s TEE product meets an industry-defined security baseline.
Service providers – across markets including financial services,
enterprise, government, internet
of things (IoT) and premium content creation – can also be confident that
their trusted applications are protected from attacks.
Trustonic’s product has also achieved compliance to GlobalPlatform’s
latest functional specifications which incorporates the latest feedback from
Bringing trust to connected devices and apps
Already embedded in more than one billion devices, the
Trustonic TEE offers hardware protection in the form of a secure operating
system which is
completely isolated from the device operating system. This makes it, and
trusted applications residing in it, immune to all software threats resident
on the device and
enables advanced device security, such as biometric authentication and
secure PIN entry. The Root of Trust also ensures that a trusted identity is
preserved within the
device, preventing fraudulent use or copying.
“Life is increasingly digital,” comments George Kanuck, SVP of Global
Sales & Marketing at Trustonic. “With more connected devices and
sensitive digital services
than ever before, the attack surface for hackers is growing. Smartphones
are currently the biggest target, but as connectivity extends to more
wearables, cars and even hospital equipment the threat grows. This is
why security must not be an afterthought. Manufacturers need to ensure
the integrity of their
devices and service providers want assurances that their apps and data
are protected. This is where the TEE comes into its own.”
Continued commitment to compliance
Trustonic’s Kinibi TEE has also been
qualified to the latest version
of GlobalPlatform’s TEE Initial Configuration v1.1. The document describes
implementation requirements for features of the GlobalPlatform Device
scope has been extended to support both Android and Linux
environments, and new deployment use cases like IoT.
Maturity for the mass market
“These accomplishments demonstrate the maturity of the Trustonic
TEE and our commitment to making this flexible device security
technology available to the
mass market. It is never easy to be the first to go through an approval
process but certification brings assurances that our technology can be
trusted by device
manufacturers, service providers and consumers,” adds George.
Trustonic’s TEE is the only open TEE available. Uniquely, it permits
third-party applications to be provisioned after the handset or device has
been deployed, which
opens up vast commercial opportunities for both device manufacturers
and digital service providers. The latter will have the potential to
dynamically add value to the
end user by offering new secure services and functionality, once the
device is already in their hands.
Separately, Kinibi has already been successfully certified to execute
some host card emulation (HCE) payment solutions from various
schemes. To find out more about the Trustonic TEE, visit the website and blog.
Notes to editors
* The TEE is a secure area of the main processor in a smart phone (or
any connected device) that ensures sensitive data is stored, processed
and protected in an
isolated, trusted environment. The TEE's ability to offer isolated safe
execution of authorised security software, known as 'trusted applications',
enables it to provide
end-to-end security by enforcing protection, confidentiality, integrity and
data access rights. The TEE offers a level of protection against software
attacks, generated in
the Rich OS environment. It assists in the control of access rights and
houses sensitive applications, which need to be isolated from the Rich OS.
**GlobalPlatform TEE PP specifies the typical threats the hardware
and software of the TEE needs to withstand. It also details the security
objectives that are to
be met in order to counter these threats and the security functional
requirements that a TEE will have to comply with. A security assurance
level of EAL2+ has been
selected; the focus is on vulnerabilities that are subject to widespread,
Trustonic is a venture formed in 2012 by blue chip leaders in the
semiconductor industry (ARM) and digital security (Gemalto). Trustonic’s
mission is to protect, enrich
and simplify people’s digital lives by enabling optimum security on all
smart connected devices and associated services and applications.
Trustonic has already
pioneered the adoption of advanced Trusted Execution Environment (TEE)
security technology into the world’s leading mobile devices with working
underpinning Samsung Knox, Samsung Pay, Alipay and Symantec VIP.
Trustonic TEE technology is available from 15 of the leading 17 Android
manufacturers and is embedded in more than 750 million devices.