Trustonic’s TEE OS “Kinibi” is a very mature offering and has been deployed for countless applications across many chipsets. Kinibi 500, the latest iteration, focuses on performance and flexibility, providing 64 bit SMP and broad support for Android and automotive environments, whilst retaining best in class security.
Trustonic's TEE has been deployed in over 2Bn devices
Security in the real world needs much more than just a secure OS. Key management and secure software provisioning processes are essential. To support diverse use cases, different software components must be isolated from each other.
Trustonic works with the entire value chain, delivering our TEE as part of the BSP from core silicon providers to simplify the integration process. We support multiple delivery modes for separately signed driver and/or application binaries, including over the air (OTA) updates of individual trusted applications. We also provide reference implementations of the Google specified Gatekeeper and Keymaster applications to fulfil Google requirements and simplify the OEM’s path to Android CTS compliance.
Services we provide
Unlike a secure element or a vHSM, TEEs run at full processor speed, and can run arbitrary application logic. This makes them ideal for many applications beyond simple key storage.
We offer solutions for high bandwidth secure processing such as Digital Rights Management and secure peripheral access, such as a Secure User Interface. We meet Android Compatibility Test Suite (CTS) or Google Test Suite (GTS) needs, such as providing Keymaster. For financial applications, such as payments or mobile Point of Sale (mPOS), we can protect applications delivered with the device.
The Trusted Execution Environment runs a full operating system, and one of the key capabilities this offers is security peripheral access. When these peripherals are in use by the TEE, they are physically disconnected from Android at the bus level, ensuring very strong isolation.
One of the most powerful use cases is the Trusted User Interface (TUI). This provides a secure display and a secure touch interface. Together this enables a display to be completely isolated from the main OS, and from a potential error or malware running in it.
TUI provides secure display and touch interface
Range of solutions
Whilst the TEE itself provides secure drivers enabling TUI, technology itself is useless if it cannot be leveraged. Our software SDK provides a rich XML based layout language, complete with support for animation, and full text layout.
This makes TUI accessible to every developer, rather than just those with embedded expertise.
To support customers more broadly, our Application Security enables this TUI library across our partners’ TEEs. Trusted Applications developed for delivery from app stores can leverage TUI on our Kinibi TEE and Huawei iTrustee devices. We are also developing TUI for our software TEE.
Services we provide
TUI has obvious application security functions, such as PIN entry, but also more generally, such as for secure messaging, automotive applications or financial transactions.
The list is not exhaustive and, as the internet of things becomes more prevalent, we expect the range of use cases and applications to expand significantly.
Smartphones all contain a modem which enables them to connect to a 3G/4G/5G network. Mobile operators charge for this access, and in many regions, the device itself is bound to a specific network by configuring the modem appropriately.
Traditional modem configuration is very insecure, and hackers can subvert this process to re-activate stolen devices, or to fraudulently resell devices sold with network use obligations.
Trustonic has developed a solution with our mobile operator and Original Equipment Manufacturer (OEM) partners to avoid this problem. We bind each device to its modem cryptographically, making it next to impossible for the modem to be reconfigured other than under mobile operator control.
Our technology runs in the Trusted Execution Environment (TEE) and leverages the socket-unique identity burnt into every CPU. We bind this to the IMEI number in-factory. Unique per-device cryptographic keys are generated to ensure that every modem configuration message can only be enacted on the targeted device.
This means each individual device can be locked and unlocked or rendered unusable remotely by the mobile operator in the event of theft or device fraud.
Using crytographic techniques, each device is bound to its modem
At its simplest a Digital Hologram™ is a ‘ticket’. If the device can show that it has a ticket, then it can be assumed to have been involved in a specific event – for example it passed a QA stage, was shipped by a specific courier, was upgraded, booted, serviced etc.
To issue such a ticket, the ticket-issuer itself must be trusted, and tickets are individually cryptographically protected. This means that holograms can be used to limit activity – preventing over production at an outsourced factory for example, or to provide traceability throughout an extended lifecycle.
Digital Holograms™ leverage both in device security and cloud ledgers. Events can be recorded throughout the lifecycle of a device and are stored in an offline micro-ledger, and later reconciled with the cloud. This information is ultimately linked to a ‘digital twin’ representing the device itself.
This in turns provides a secure record of authorized events, allowing deep analysis of individual devices and populations – but also allows for simple questions to be answered based on complex sets of criteria – such as whether a device should be allowed to connect to a web service.