Technology

Trustonic was originally formed to commercialize an ARM technology called TrustZone. This enables regular ARM processors to run a second, security focused, operating system alongside the main OS.

Our cybersecurity technology is focused on 3 main areas:

Trusted Execution Environments [TEE]
Trusted User Interface [TUI]
Modem Lock

Trusted Execution Environments (TEE)

Trusted Execution Environments (TEEs) have become a core and necessary part of many devices, including all Android phones and many in-vehicle components.

Trustonic’s TEE OS “Kinibi” is a very mature offering and has been deployed for countless applications across many chipsets. Kinibi 500, the latest iteration, focuses on performance and flexibility, providing 64 bit SMP and broad support for Android and automotive environments, whilst retaining best in class security.

Trustonic's TEE has been deployed in over 2Bn devices

Practical security

Security in the real world needs much more than just a secure OS. Key management and secure software provisioning processes are essential. To support diverse use cases, different software components must be isolated from each other.

Trustonic works with the entire value chain, delivering our TEE as part of the BSP from core silicon providers to simplify the integration process. We support multiple delivery modes for separately signed driver and/or application binaries, including over the air (OTA) updates of individual trusted applications. We also provide reference implementations of the Google specified Gatekeeper and Keymaster applications to fulfil Google requirements and simplify the OEM’s path to Android CTS compliance.

Services we provide

Unlike a secure element or a vHSM, TEEs run at full processor speed, and can run arbitrary application logic. This makes them ideal for many applications beyond simple key storage.

Cryptography
DRM
Secure OTA
Telematics
Payments and payments acceptance
Sharing
economy
Secure peripherals
Biometrics

We offer solutions for high bandwidth secure processing such as Digital Rights Management and secure peripheral access, such as a Secure User Interface. We meet Android Compatibility Test Suite (CTS) or Google Test Suite (GTS) needs, such as providing Keymaster. For financial applications, such as payments or mobile Point of Sale (mPOS), we can protect applications delivered with the device.

Trusted User Interface (TUI)

The Trusted Execution Environment runs a full operating system, and one of the key capabilities this offers is security peripheral access. When these peripherals are in use by the TEE, they are physically disconnected from Android at the bus level, ensuring very strong isolation.

One of the most powerful use cases is the Trusted User Interface (TUI). This provides a secure display and a secure touch interface. Together this enables a display to be completely isolated from the main OS, and from a potential error or malware running in it.

TUI provides secure display and touch interface

Range of solutions

Whilst the TEE itself provides secure drivers enabling TUI, technology itself is useless if it cannot be leveraged. Our software SDK provides a rich XML based layout language, complete with support for animation, and full text layout.

This makes TUI accessible to every developer, rather than just those with embedded expertise.

To support customers more broadly, our Application Security enables this TUI library across our partners’ TEEs. Trusted Applications developed for delivery from app stores can leverage TUI on our Kinibi TEE and Huawei iTrustee devices. We are also developing TUI for our software TEE.

Services we provide

TUI has obvious application security functions, such as PIN entry, but also more generally, such as for secure messaging, automotive applications or financial transactions.

PIN entry
High value assets
Financial transactions
Sensitive data
Secure messaging

The list is not exhaustive and, as the internet of things becomes more prevalent, we expect the range of use cases and applications to expand significantly.

Modem lock

Smartphones all contain a modem which enables them to connect to a 3G/4G/5G network. Mobile operators charge for this access, and in many regions, the device itself is bound to a specific network by configuring the modem appropriately.

Traditional modem configuration is very insecure, and hackers can subvert this process to re-activate stolen devices, or to fraudulently resell devices sold with network use obligations.

Trustonic has developed a solution with our mobile operator and Original Equipment Manufacturer (OEM) partners to avoid this problem. We bind each device to its modem cryptographically, making it next to impossible for the modem to be reconfigured other than under mobile operator control.

Our technology runs in the Trusted Execution Environment (TEE) and leverages the socket-unique identity burnt into every CPU. We bind this to the IMEI number in-factory. Unique per-device cryptographic keys are generated to ensure that every modem configuration message can only be enacted on the targeted device.

This means each individual device can be locked and unlocked or rendered unusable remotely by the mobile operator in the event of theft or device fraud.

Using crytographic techniques, each device is bound to its modem