Technology

Trustonic was originally formed to commercialize an ARM technology called TrustZone. This enables regular ARM processors to run a second, security focused, operating system alongside the main OS.

Our cybersecurity technology is focused on 4 main areas:

Trusted Execution Environments [TEE]
Trusted User Interface [TUI]
Modem Lock
Digital Holograms

Trusted Execution Environments (TEE)

Trusted Execution Environments (TEEs) have become a core and necessary part of many devices, including all Android phones and many in-vehicle components.

Trustonic’s TEE OS “Kinibi” is a very mature offering and has been deployed for countless applications across many chipsets. Kinibi 500, the latest iteration, focuses on performance and flexibility, providing 64 bit SMP and broad support for Android and automotive environments, whilst retaining best in class security.

Trustonic's TEE has been deployed in over 2Bn devices

Practical security

Security in the real world needs much more than just a secure OS. Key management and secure software provisioning processes are essential. To support diverse use cases, different software components must be isolated from each other.

Trustonic works with the entire value chain, delivering our TEE as part of the BSP from core silicon providers to simplify the integration process. We support multiple delivery modes for separately signed driver and/or application binaries, including over the air (OTA) updates of individual trusted applications. We also provide reference implementations of the Google specified Gatekeeper and Keymaster applications to fulfil Google requirements and simplify the OEM’s path to Android CTS compliance.

Automotive Use Case

Services we provide

Unlike a secure element or a vHSM, TEEs run at full processor speed, and can run arbitrary application logic. This makes them ideal for many applications beyond simple key storage.

Cryptography
DRM Icon
DRM
Over The Air Provisioning
Secure OTA
Connected Car Icon
Telematics
Developing CPOC
Payments and payments acceptance
Personal Data Share Icon
Sharing
economy
Secure Peripherals Icon 2
Secure peripherals
Biometrics

We offer solutions for high bandwidth secure processing such as Digital Rights Management and secure peripheral access, such as a Secure User Interface. We meet Android Compatibility Test Suite (CTS) or Google Test Suite (GTS) needs, such as providing Keymaster. For financial applications, such as payments or mobile Point of Sale (mPOS), we can protect applications delivered with the device.

Trusted User Interface (TUI)

The Trusted Execution Environment runs a full operating system, and one of the key capabilities this offers is security peripheral access. When these peripherals are in use by the TEE, they are physically disconnected from Android at the bus level, ensuring very strong isolation.

One of the most powerful use cases is the Trusted User Interface (TUI). This provides a secure display and a secure touch interface. Together this enables a display to be completely isolated from the main OS, and from a potential error or malware running in it.

TUI provides secure display and touch interface
Design Code Run

Range of solutions

Whilst the TEE itself provides secure drivers enabling TUI, technology itself is useless if it cannot be leveraged. Our software SDK provides a rich XML based layout language, complete with support for animation, and full text layout.

This makes TUI accessible to every developer, rather than just those with embedded expertise.

To support customers more broadly, our Application Security enables this TUI library across our partners’ TEEs. Trusted Applications developed for delivery from app stores can leverage TUI on our Kinibi TEE and Huawei iTrustee devices. We are also developing TUI for our software TEE.

TUI Use Case
TUI use case 2

Services we provide

TUI has obvious application security functions, such as PIN entry, but also more generally, such as for secure messaging, automotive applications or financial transactions.

PIN entry
High value assets
Secure Payment Icon
Financial transactions
Secure Database Storage Icon
Sensitive data
Security Advisory Icon
Secure messaging

The list is not exhaustive and, as the internet of things becomes more prevalent, we expect the range of use cases and applications to expand significantly.

Modem lock

Smartphones all contain a modem which enables them to connect to a 3G/4G/5G network. Mobile operators charge for this access, and in many regions, the device itself is bound to a specific network by configuring the modem appropriately.

Traditional modem configuration is very insecure, and hackers can subvert this process to re-activate stolen devices, or to fraudulently resell devices sold with network use obligations.

Trustonic has developed a solution with our mobile operator and Original Equipment Manufacturer (OEM) partners to avoid this problem. We bind each device to its modem cryptographically, making it next to impossible for the modem to be reconfigured other than under mobile operator control.

Our technology runs in the Trusted Execution Environment (TEE) and leverages the socket-unique identity burnt into every CPU. We bind this to the IMEI number in-factory. Unique per-device cryptographic keys are generated to ensure that every modem configuration message can only be enacted on the targeted device.

This means each individual device can be locked and unlocked or rendered unusable remotely by the mobile operator in the event of theft or device fraud.

Using crytographic techniques, each device is bound to its modem

Digital holograms

Digital Holograms™ are a technology for enabling trust over the lifecycle of an event. Whereas the Root of Trust (RoT) establishes device identity and some basic information about the device at a point in time, Digital Holograms™ are a more general purpose means of recording events that happen to a device throughout its lifecycle.

At its simplest a Digital Hologram™ is a ‘ticket’. If the device can show that it has a ticket, then it can be assumed to have been involved in a specific event – for example it passed a QA stage, was shipped by a specific courier, was upgraded, booted, serviced etc.

To issue such a ticket, the ticket-issuer itself must be trusted, and tickets are individually cryptographically protected. This means that holograms can be used to limit activity – preventing over production at an outsourced factory for example, or to provide traceability throughout an extended lifecycle.

Digital Holograms™ leverage both in device security and cloud ledgers. Events can be recorded throughout the lifecycle of a device and  are stored in an offline micro-ledger, and later reconciled with the cloud.   This information is ultimately linked to a ‘digital twin’ representing the device itself.

This in turns provides a secure record of authorized events, allowing deep analysis of individual devices and populations – but also allows for simple questions to be answered based on complex sets of criteria – such as whether a device should be allowed to connect to a web service.