Symantec and Giesecke & Devrient (G&D) signed an agreement today to collaborate on developing protected security applications for smartphones and tablets. The partnership is significant because the collaboration will address a major obstacle in mobile security which has been holding back the reliance on smart devices for critical applications. The cooperation aims to leverage the Trusted Execution Environment (TEE), a hardware technology which aims attest the authenticity of a platform and the operating system (OS) in order to ensure that an authentic OS starts up in a trusted environment. TEE consequently allows the trusted OS to deploy addition security capabilities. G&D offers the Trusted Service Manager (TSM) and the underlying TEE to protect cryptographic keys and credentials. Symantec will use the TSM to re-enforce security in its Symantec Validation and ID Protection Service (VIP) two-factor authentication.
Trusted computing, such as TEE and Trusted Platform Module (TPM), are part of an industry initiative of the Trusted Computing Group (TCG). For almost ten years, the group has been working on formalizing, applying and extending the technology to computer systems by developing new hardware and software modules, as well as appropriate protocols for the models. While trusted computing is highly successful in the desktop and laptop market, it has had difficulty in mobile applications. The mobile version of the TPM, the Mobile Trusted Module (MTM) needs to provide trusted computing functionality while having to operate under a constrained hardware area with limited power dissipation capabilities. Traditional security protocols such as SSL/TLS and cryptographic algorithms are high-energy consumers and therefore have a significant impact on battery life. It seems however, that G&D has managed to overcome these fairly significant hurdles with its TEE.
G&D has been focused on developing this capability for a while. Last year, it formed a joint venture with ARM and Gemalto last year to develop a TEE based on ARM’s TrustZone. The integrated technology enables the creation of a protected area in the hardware, where security relevant functions are isolated and accessed securely within the OS. The TSM can then deploy and manage OTA the different secured applications. Symantec will be able to take advantage of this functionality for its own security applications. This will allow a truly end-to-end security deployment that starts deep in the hardware and can be leveraged through to the cloud. For both players, this partnership is opportune – the mobile market is ready to truly embrace next-generation applications, and the duo is answering the need for critical security. The partnership will allow Symantec and G&D to break ahead in the mobile security market.