G&D and ARM protection for m-apps


ARM and Giesecke & Devrient (G&D) have announced a strategic partnership for the development of highly-secure mobile phone platforms.

Through the combination of ARM TrustZone technology, which creates a protected area in advanced systems-on-chip, and the highly-secure Mobicore operating system developed by G&D, sensitive applications such as electronic payment and online banking via mobile phone will be efficiently protected from security threats. As a first step the two companies will develop a joint prototype.

‘We will be working with ARM to develop the security architecture for the next generation of mobile phones. This will enable people to access highly valuable services with convenience and security,’ explains Dr. Kai Grassie, head of the new business division at G&D.

‘ARM TrustZone technology is already an integral part of the ARM Cortex-A series processors which are currently being deployed in smartphones by many of the industry’s leading handset manufacturers,’ continues Ian Drew, executive VP, marketing, ARM. ‘This collaboration with G&D will enable us to make rapid progress towards enabling secure transactions in next-generation mobile devices.’

Acceptance of mobile applications such as banking, ticketing and payment solutions rests on the security of device and background systems involved. For this reason, both companies have been working on innovative security concepts.

The interplay of TrustZone and Mobicore ensures that if online services require security-sensitive functions such as entry of user name and password or data output on a display, these functions are transferred to the Mobicore high-security operating system running in the TrustZone protected area of an ARM application processor.

As the security-sensitive functions are executed, Mobicore maintains control of the secure area of a system-on-chip. Users can therefore be certain that the data they have entered, such as their username and password, cannot be manipulated by malware on the phone during a payment transaction.