Go to content Phone human-readable description of the message we trying to accomplish. Search human-readable description of the message we trying to accomplish. Map pin human-readable description of the message we trying to accomplish.

I recently presented on this topic at the Global Platform TEE Seminar last month –http://teeseminar.org/about_the_workshop.asp.

Trustonic are increasingly working with developers using our SDK to secure their applications. So if you didn’t get a chance to attend that event, I’ve written up the five key steps!

Step 1 – Get the SDK

Figure 1  Trustonic Tools

You’ll need to join the Trustonic partner program, to get this underway email enquires@trustonic.com, or go tohttps://www.trustonic.com/products-services/developer-program/.

Step 2 – Move the security critical parts of your application to a Trusted application

You’ll need to identify the security critical parts of your application – the parts that perform cryptographic operations, process/use credentials, require data protection or authenticate the user. These should be implemented by your Trusted Application (TA).

Figure 2  Move Security Code to the TA

The main OS part of your application is called the client application and the trusted part the Trusted application.

Step 3 – Get coding!

Trustonic supply a plugin for eclipse, which has templates for Trusted applications. Once installed you can use this to create your Trusted application project, or base your project on one of our samples. You can use any editor you like of course.

Figure 3  Eclipse Plugin

For the Global Platform talk, I gave a real world sample – a simple one time passcode (OTP) generating application, based on the HMAC OTP RFC – https://tools.ietf.org/html/rfc4226 – “An HMAC-Based One-Time Password Algorithm”.

For this use case, the following needs to be implemented by the TA:

  1. HMAC key generation
  2. Generating the code from a HMAC of a counter value

Then we need something to look after the communication between the application and the TA. We call this theclient application or trusted application connector. On Android platforms this is essentially some Java Native Interface (JNI) code to interface with the Trustonic main OS libraries.

This will:

  1. Instantiate the TA
  2. Send commands or jobs to the TA
  3. Close the TA when we’re finished

The final part of our application is the regular main OS app. In my application these three parts are called: app (main os app), ca (client application) and ta (trusted application).

Figure 4  Main OS App, Client and TA

I decided to use maven http://maven.apache.org/ to handle building these three parts. Maven has a plugin for Android development that works well – http://simpligility.github.io/android-maven-plugin/. This saves me having to manually build each part. I can run mvn install from the command line, or setup a Run configuration to do this for me via eclipse:

Figure 5  Building it all with Maven

Step 4 – Debugging

Trustonic have an emulator that we supply with the SDK. It’s great for testing your application. While I was developing the OTP application, I deployed my application (using maven android:deploy), to my running emulator. So I could iron out the bugs and get it all working nicely.

Figure 6  OTP App Installed on the Emulator

Step 5 – Deploy to a commercial device

Once I’d completed my application, I added support for over the air provisioning of my TA using the Trustonic reference Trusted application manager (TAM). We supply sample code for this with our SDK – it’s a library to include in your application, and a call in your application to provision the TA.

Figure 7   Adding OTA Support

With that in place, I can then run my application on a commercial device, below on an S6:

Figure 8  OTP Application Running on a S6

Related content

Korea’s KB Bank Uses Trustonic In-App Protection to Enhance Mobile Banking Experience

Using Trustonic Application Protection enables KB Bank to dramatically improve the authentication experience for users of its mobile banking app and allow secure high value transactions

2nd April, 2020 – Mobile cybersecurity leader, Trustonic, today announces the successful implementation by KB Kookmin Bank (KB Bank) of Trustonic Application Protection (TAP) to enable a simpler authentication experience for users of its KB Star Banking app.

Trustonic + Lookout – Advanced Mobile Security for Banking & Fintech Apps

The need for in-app protection for critical mobile apps is greater than ever. The partnership between Lookout and Trustonic brings together two of the most robust app security platforms on the market, delivering the advanced security and protection required by banks and fintechs wishing to offer PSD2-compliant services and Strong Customer Authentication (SCA) requirements.

OPTOLANE Chooses Trustonic to Protect New Connected Medical Diagnostic Devices

Best-in-class cybersecurity technology born in the smartphone ecosystem used to secure sensitive patient data.

3rd December, 2019 – Device and application security leader Trustonic today announces that OPTOLANE has selected Trustonic Secured Platform (TSP) to bring security and trust to the company’s new connected medical diagnostic device. The product is primarily used at the point-of-care for early diagnosis and preventative healthcare, particularly for diagnosing cancer, infectious diseases and congenital abnormalities.

Casio Chooses Trustonic to Secure and Enhance Next-gen Smartwatches

Trustonic Secured Platform helps Casio protect new flagship wearable device

September 24, 2019 – Device and application security leader Trustonic today announces that Casio has selected Trustonic Secured Platform (TSP) to bring additional security and trust to its next-generation flagship wearable. The Casio PRO TREK Smart WSD-F21HR launched in August with a range of innovative features, including GPS, offline maps, heart rate and VO2 max measurement, designed for athletes and consumers who enjoy the outdoors.

All SDK posts
Back to top