Securing applications is becoming increasingly critical.

As the use of mobile devices to access services increases, so does the associated fraud. This brings the potential for financial loss, personal information theft and damage to both reputation and brand. Securing apps through the use of specialized hardware has always been the most secure method, but has traditionally been hard to achieve.

Trustonic solutions help to solve these issues by delivering access to hardware-based security features on over one billion devices

Trustonic Application Protection (TAP) is a unique mobile security solution which delivers the most secure application protection for any mobile device. It boasts a unique combination of software and hardware-based security which provides optimal protection for mobile apps and associated sensitive data. Using Trustonic’s common API set, apps need to be developed just once and a single application is built, supporting both hardware and software security.

1 billion + Trustonic's hardware backed TEE has been embedded into more than one billion devices as of February 2017

Application protection, software and hardware, android and iOS

TAP – one set of source code compiled into multiple target platforms

The appropriate security is then deployed automatically at the time of use, based on the device’s particular capabilities. Hardware security will always be prioritized where available, and market-leading software protection, based on white box cryptography and advanced code protection technology, will be deployed elsewhere, ensuring full coverage across all end user devices.

Trusted User Interface (TUI)

Trustonic’s TEE delivers a trusted user interface (TUI), which ensures rogue applications can neither see information on the display, nor access the touchscreen. The TUI enables features such as secure passcode or PIN entry to be performed without the potential for credentials to be exposed to rogue applications. It also enables applications to display secure messages to users, safe from snooping apps.

What is a Trusted Execution Environment (TEE)?

A TEE is an environment within the main processor on a device which enables a secure operating system and Trusted Applications (TAs) to run. This secure operating system runs alongside the normal operating system (e.g. Android). Trustonic developed the secure operating system and has worked with leading OEMs to embed it into smart devices. The TEE is used by the OEMs to secure system services such as DRM and the biometric sensors, but can also be used by service providers, post deployment, to secure their apps.

This second operating system and its apps run in full hardware isolation from the main device operating system. The TEE enables the secure execution and processing of these TAs, ensuring confidentiality and integrity.

What is software protection?

Software protection utilizes a set of techniques to protect sensitive assets in an application and to detect potential attackers. Whitebox cryptography is used, which is a special way of implementing cryptographic algorithms to protect confidential information, including encryption keys. A set of code protection measures are delivered, including code obfuscation, anti-debug protection, jailbreak and root detection to protect Android or iOS apps.

The benefits of Trustonic software protection are:

  • FIPS140-2 certified cryptographic library
  • Java Android and Native C protection
  • Protections tuned to deliver the lowest performance impact
  • Advanced tools to profile application security and performance

Trustonic embeds a unique, hardware-based Root of Trust into every device, enabling TAP users to securely bind their services to trusted hardware.

Applications protected by the Trustonic TEE are immune from software-based attacks and data is therefore secure from malware or other similar threats. In fact, most phone manufacturers use the TEE themselves to protect device and OS features, including video services (DRM) and biometrics sensors. TEE security is delivered at the hardware processor level (using, for instance, ARM TrustZone for ARM-based processors), and cannot be bypassed by software, even if a device has been jailbroken/rooted.

For devices that do not support the Trustonic TEE, the Trustonic Application Protection solution automatically selects the best of breed, software-based technology to secure code, keys and data.

The software protection comprises white-box technology, which provides secure storage and secure cryptographic algorithms, as well as code obfuscation and application anti-tamper technology.

These protection mechanisms work together to deliver a full software solution. The software protection incorporated into Trustonic Application Protection is certified to FIPS 140-2, while both protection mechanisms are delivered transparently to the application developer as part of a single standardized GlobalPlatform API. See www.globalplatform.org for more details.

Click here to contact Trustonic to learn how you can start working with TAP