Trustonic Secured Platform

The Trustonic Secured Platform (TSP) is a hardware-based security solution embedded in many of the world’s smart, connected devices – smartphones, tablets, machine-to-machine and IoT devices.

TSP is based on an open Trusted Execution Environment (TEE) embedded at the manufacturing stage in smart, connected devices. It includes built-in cryptographic algorithms and a secure file system for secure data persistence. It is a versatile environment that can be integrated on different System on Chip (SoC) platforms supporting ARM TrustZone technology.

TSP leverages ARM TrustZone to provide physical separation of the operating platform into two distinct areas; the normal world, with a conventional, rich operation system (e.g Android), and the secure world. TSP is an open environment which provides an API for service providers and app developers to design and build trusted applications.

The TSP is a platform upon which advanced, secure services can be built, whether as a base for services developed by the device maker (OEM), downstream by the mobile network operator (MNO), or in the field by third party developers, deployed through the app stores.

The Trustonic Secured Platform ensures that device makers can secure their devices and protect critical services to a level simply not possible by software, thus bringing market-leading differentiation to the global marketplace for the first time.

The Trustonic Secured Platform comprises two key components – the Trustonic TEE and the Trustonic Key Provisioning Host (KPH).

The Trustonic TEE is a hardware-secured environment embedded in the silicon of a connected device, based on hardware roots of trust. The TEE delivers hardware-secured services for applications:

  • Securing sensitive code execution and storage
  • Securing the installation of third party services after device deployment
  • Securing interaction between the user and the underlying services (touchscreen, fingerprint sensor…)
  • Interfacing with Secure Elements where relevant

Trustonic's Key Provisioning Host (KPH) is used to inject Trustonic Binding Keys securely onto devices during the manufacturing phase. It is a mature product which has been used to produce more than 700 million devices globally.


  • Meets the most-demanding OEM requirements for production environments:
  • Uses on-device key generation for securely generating  the key and the receipt data in the device
  • Can be located centrally within the OEM infrastructure, without loss of performance or risk of interrupting production
  • Uses an HSM on a central server for signing the receipts

To bring the more advanced features and services of the TSP to life, Trustonic gives service providers the choice of either developing the infrastructure connecting services (apps) to trusted devices or licensing an out-of-the-box solution from one of several third parties. The process of connecting services to devices, Trusted Application Management, enables the validation of authentic devices, the authorisation of app installation and the utilisation of TEE services on that specific device.

Application developers can utilise the full power of TSP-enabled devices through our unified app protection solution, Trustonic Hybrid Protection and the related Developer Programme.


Connect with us