Technology Technology Technology

Secure OS technology

Security at the core

Governments and industry are prioritizing security as a core design principle. Trustonic’s Secure OS solution combines a Trusted Execution Environment (TEE) and Trusted Identity for robust hardware protection. It ensures secure code execution, data storage, authentication, and a secure channel for data and applications.

Trusted Execution Environments (TEE)

Security at the heart

Trusted Execution Environments (TEE) have become a core and necessary part of many devices, including all Android phones and many in-vehicle components.

Trustonic’s TEE OS ‘Kinibi’ is a highly mature product that has been deployed for countless applications across many chipsets. Kinibi 600, the latest iteration, focuses on performance and flexibility, providing 64-bit SMP and broad support for Android and automotive environments, whilst retaining best-in-class security. It also introduces support for the new ARM V9 architecture.


Practical security

Security goes beyond a secure OS. Key management and secure software provisioning are crucial. Trustonic collaborates with the entire value chain, offering our TEE as part of the BSP for streamlined integration. We support various delivery modes for separately signed driver and application binaries, including OTA updates. Additionally, we provide reference implementations of Google’s Gatekeeper and Keymaster applications, ensuring Google compliance and simplifying the Android CTS process for OEMs.


Services we provide

Unlike a secure element or a HSM, our TEE runs at full processor speed and can run arbitrary application logic. This makes them ideal for many applications beyond simple key storage.

We offer solutions for high bandwidth secure processing (such as Digital Rights Management), and secure peripheral access (such as a Secure User Interface). We meet Android Compatibility Test Suite (CTS) or Google Test Suite (GTS) requirements, such as providing Keymaster. For financial applications, such as payments or mobile Point of Sale (mPOS), we can protect applications delivered with the device.

Trusted User Interface (TUI)

Securing user access

The Trusted Execution Environment runs a full operating system, and one of the key capabilities this offers is secure peripheral access. When these peripherals are in use by the TEE, they are physically disconnected from Android at the bus level, ensuring very strong isolation.

One of the most powerful use cases is the Trusted User Interface (TUI). This provides a secure display and a secure touch interface. Together, these enable a display to be completely isolated from the main OS, and from a potential error or malware running in it.


Range of solutions

Our TEE ensures secure drivers for Trusted User Interfaces (TUI). But technology is pointless without leverage. Our SDK offers an XML layout language with animation and text layout support, making TUI accessible to all developers, not just experts.

The TUI has obvious application security functions, such as PIN entry. It can also be used more generally, for secure messaging, automotive applications or financial transactions. The list is not exhaustive and, as the Internet of Things becomes more prevalent, we expect the range of use cases and applications to expand significantly.



Information-rich Attestation

In an era of growing digital reliance, trust between clients and devices is vital. Our solution ensures trust by identifying devices and understanding their capabilities, vulnerabilities, and nuances. Our ‘information-rich’ approach enables devices to provide valuable data, fostering trust. With a device-side architecture designed for adaptability and evolving security needs, our product leverages Entity Attestation Tokens (EAT) as a foundation. Simplify device attestation with our robust and flexible solution.


Our solution is built on the foundations of industry expertise

IETF Standards: We adhere to the International Engineering Task Force’s (IETF) defined standard claims and overall guidelines, ensuring superior security and compliance

Global Platform Collaboration: In partnership with Global Platform, we’ve developed advanced claims specifically tailored to Trusted Execution Environments (TEEs) and Secure Elements (SEs)

Android and Boot Claims by Google: Our platform is compatible with Google’s focus on Android and boot claims, allowing seamless integration with the world’s most popular mobile operating system

Our Entity Attestation Tokens (EATs) are not only encrypted but also signed to guarantee the utmost level of security. The digital signature serves as proof that the token originates from a reputable entity, providing an additional layer of trust for our clients

Our platform enables services to leverage claims data for enhanced decision-making regarding entity trustworthiness. By providing valuable context, we empower businesses to make informed choices to protect their digital assets and ensure secure connections.


Simplify your trusted application creation process

Take the complexity out of trusted application development. With QEMU based SDK, you can easily develop, validate and debug Trusted Applications or Secure Drivers based on Global Platform APIs. Streamline your process and focus on what matters most – creating robust, secure solutions tailored to your specific requirements.

Get in touch

Contact us to find out more

Please leave us a message and our team will get back to you.

Oops! We could not locate your form.