ARM, Partners Create Trustonic for Greater Mobile Device Security

The new company will use ARM’s TrustZone technology and software from Gemalto and G&D to create secure areas in smartphones and tablets away from the OS.

ARM Holdings, whose low-power chip designs dominate the booming smartphone and tablet markets, is leading the effort to create a new company whose aim is to make those mobile computing devices more secure.

ARM, along with security software makers Gemalto of the Netherlands and German company Giesecke & Devrient, on Dec. 18 unveiled Trustonic, a joint venture that is proposing a security standard that is separate from the operating system and can be built into the mobile devices by manufacturers.

Trustonic's technology will enable more secure e-commerce on smartphones and tablets, a key consideration as consumers move away from traditional desktop and notebook PCs and do more on their mobile computing devices, according to Ben Cade, the former ARM executive who is now Trustonic's CEO. Given the growing number of online financial and business transactions—from shopping to banking—being done on smartphones and tablets, these devices need greater security.

"If we do nothing else [in regards to security], we will end up with the situation we have with PCs," Cade told eWEEK.

Trustonic's offering is based on ARM's TrustZone technology, a security solution tightly integrated into ARM-designed Cortex mobile chips that are made by the likes of Samsung Electronics, Qualcomm and Nvidia. The technology was first developed by ARM in 2002, and the first chips with TrustZone came out two years later.

The technology has become a key part of the chips ARM's partnerships offer manufacturers; Cade said that over the past 12 months, "tens of millions to hundreds of millions" of chips with TrustZone have shipped.

Trustonic combines the TrustZone technology with security software from Gemalto and G&D, which had been creating offerings that leverage TrustZone. Through Trustonic, these companies are bringing these solutions into a product that can be embraced by device manufacturers.

The offering enables the creation of a Trusted Execution Environment (TEE) within the mobile device that is separate from the operating system, and thus immune from the malware that targets the OS, Cade said. Within the TEE, users can securely store such sensitive personal information as account data, personal identification numbers (PINs) and passwords. Trustonic will license the TEE technology to chip makers—similar to how ARM licenses its designs to its partners—and will help create a standard that banks, online retailers and service providers can adopt to leverage the TEE in smartphones and tablets.

The TEE environment also could be helpful to enterprises, which are having to deal with an increasing number of mobile devices looking for access to their corporate networks, thanks to such trends as mobile computing, remote workers and bring your own device (BYOD).

In talking about the TEE, Cade compared it to a bank deposit box. Users can take advantage of all the services the bank has to offer—just as they do the capabilities found in smart mobile devices—and their most important and private belongings are securely stored away in the deposit box, away from others. The TEE plays a role similar to that of the deposit box.

In addition to the greater security, TEE will also make doing business online easier and faster, Cade said. A normal e-commerce transaction from a laptop takes 120 keystrokes and 2.5 minutes, he said. From a mobile phone equipped with TEE, a similar transaction would take six keystrokes and seven seconds.

Trustonic officials said the company already has a number of partners, ranging from tech vendors like Nvidia, Cisco Systems, Good Technology, Symantec and Samsung, to companies like 20th Century Fox Home Entertainment and MasterCard.

ARM isn't the only chip maker to push hardware-based security in its processors. Intel, which last year bought security software maker McAfee, in September 2011 unveiled DeepSafe, hardware-based security technology that results from the McAfee acquisition. Intel also has partnerships with MasterCard and Visa.

For their part, officials with chip maker Advanced Micro Devices said in June they were going to incorporate ARM's TrustZone technology into their own x86-based processors.