Giesecke & Devrient and ARM Protect Mobile Applications from Data Theft
MUNICH, GERMANY AND CAMBRIDGE, UK – February 3, 2010. ARM [(LSE: ARM); (Nasdaq: ARMH)], and the specialist for security technology Giesecke & Devrient (G&D) today announced a strategic partnership for the development of highly-secure mobile phone platforms. Through the combination of ARM® TrustZone® technology, which creates a protected area in advanced systems-on-chip, and the highly-secure MobiCore© operating system developed by G&D, sensitive applications such as electronic payment and online banking via mobile phone will be efficiently protected from security threats. As a first step the two companies will develop a joint prototype.
“We will be working with ARM to develop the security architecture for the next generation of mobile phones. This will enable people to access highly valuable services with convenience and security,” explains Dr. Kai Grassie, head of the New Business division at G&D.
“ARM TrustZone technology is already an integral part of the ARM Cortex™-A series processors which are currently being deployed in smartphones by many of the industry’s leading handset manufacturers,” said Ian Drew, executive vice president, Marketing, ARM. “This collaboration with G&D will enable us to make rapid progress towards enabling secure transactions in next-generation mobile devices.”
Acceptance of mobile applications such as banking, ticketing and payment solutions rests on the security of device and background systems involved. For this reason, both companies have been working on innovative security concepts.
The interplay of TrustZone and MobiCore ensures that if online services require security-sensitive functions such as entry of user name and password or data output on a display, these functions are transferred to the MobiCore high-security operating system running in the TrustZone protected area of an ARM application processor. As the security-sensitive functions are executed, MobiCore maintains control of the secure area of a system-on-chip. Users can therefore be certain that the data they have entered, such as their username and password, cannot be manipulated by malware on the phone during a payment transaction.
ARM is also creating a range of training and architectural service packages based around a TrustZone / MobiCore reference system which will help reduce time-to-market for secure embedded system development. ARM will release its first secure system training course based around hardware system integration and the TrustZone API next month. This will be followed by an ARM Active Assist on-site design review service package, a secure systems development training package based on MobiCore, the release of the TrustZone Address Space Controller to secure multiple regions off-chip memory and the TrustZone reference system later in the year.
ARM and G&D will present their joint concepts at the Mobile World Congress from February 15 to 18, 2010, in Barcelona.