A Trusted Execution Environment (TEE) is an environment within the main processor on a device which enables a secure operating system and Trusted Applications (TAs) to run on it. This secure operating system runs alongside the normal operating system (e.g. Android). Trustonic has developed a secure operating system, called Kinibi, and has worked with leading OEMs to embed it into their devices. To date, Kinibi been embedded into over 1.2 billion devices.

$0.00 Bill of materials cost for embedding a TEE into a device.

Trustonic’s TEE, Kinibi, can be used to guarantee that sensitive data is stored, processed and protected in a trusted and physically isolated environment.

Trustonic Secured Platforms (TSP) deliver an open TEE which is embedded into devices at the manufacturing stage, giving the ability to load and execute trusted applications at the time of manufacture, as well as post-deployment.

TSP includes built-in cryptographic algorithms and a secure file system for secure data persistence. It is a versatile environment that can be integrated with different technology platforms supporting multiple architectures including ARM’s TrustZone.

Trustonic’s Trusted Execution Environment (Kinibi)

  • Is secured by hardware
  • Is based on hardware Roots of Trust
  • Secures sensitive code execution and storage
  • Secures the installation of third party services after device deployment
  • Secures interaction between the user and the underlying services (touchscreen, fingerprint sensor…)
  • Interfaces with Secure Elements where relevant
  • Is proven and embedded into over 1.2 billion devices

Trustonic’s Key Provisioning Host

  • Injects Trustonic Binding Keys securely onto devices
  • Meets the most demanding OEM requirements for production environments
  • Uses on-device key generation for securely generating the key and the receipt data in the device
  • Can be located centrally within the OEM infrastructure, without loss of performance or risk of interrupting production
  • Uses a Hardware Security Module (HSM) on a central server for signing the receipts
Diagram showing the process of embedding a TEE and ROT into a processor at a factory.

Kinibi can also be used to drive secure peripherals, examples of which are a Trusted User Interface, Trusted NFC or Trusted Biometrics. By delivering a Trusted User Interface, the display and touchpad can be secured, delivering the ability to perform functions such as secure passcode entry and secure messaging.

Embedding Trustonic’s TSP into devices delivers access to powerful and flexible security with no additional bill of materials cost. It enables end users of the device to load secure applications fully isolated from attack by trojans or other software threats resident in the normal OS.

Kinibi is certified against GlobalPlatform, FIPS 140-2 and Common Criteria standards. GlobalPlatform is a member-driven standardization body that develops specifications to facilitate the secure deployment and management of multiple applications on secure technology. Trustonic is a lead contributor to the GlobalPlatform TEE working groups and believes that standardization is key to the success of these solutions in the industry.

Click here to contact Trustonic to learn how you can start working with TSP