Get Started Today! Contact Us For More Information

Mobile Security

Why do we need a TEE?

The answer is simple Mobile  and “smart” devices have evolved into open software platforms capable of downloading a huge variety of applications via the internet, as more and more smart connected devices are being used to store and access sensitive information and valuable content they are increasingly becoming targets of malware, viruses and piracy-   software alone is proving to be insecure and now requires a component of hardware-based security to provide adequate protection. The rise of mobile financial services,  online media and entertainment content, and cloud –based  connectivity in corporate environments all require increased levels of security. The TEE isolates secure applications and keeps them away from any malware  or viruses which might be downloaded inadvertently.


Business benefits and dependencies In the connected Ecosystem

The TEE is at the core of a “smart connected ecosystem” and  is relied upon by all it’s components. Device and chipmakers use TEEs to build platforms that have trust built in from the start, while service and content providers rely on integral trust to start launching innovative services and new business opportunities. To illustrate: Mobile manufacturers need to have a TEE environment present to satisfy the business requirements of different content providers. Mobile Network Operators benefit from the TEE, since it will enable them to offer more and higher value services to customers, facilitating increased revenues. Content providers want the TEE to ensure that their product remains secure and can be deployed to numerous platforms in a common manner Payment service providers want increased protections and standardization to be able to streamline service and application development and reduce the need to support different proprietary environments. Through the application of advanced security technology based on ARM TrustZone technology and integrating tamper resistant elements it is possible to develop devices that can offer both a feature-rich open operating environment and robust security solutions.


What is a Trusted Execution Environment (TEE)?

The TEE is a secure area that resides in the main processor of a smart phone (or any smart device) and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as 'trusted applications', enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights. Devices developed according to the recommendations of the TrustZone Ready Program and utilize TrustZone technology, deliver a platform that is capable of supporting a full Trusted Execution Environment (TEE) and security aware applications and secure services.


High Value Service Enablement  

Video Content Protection

• Digital Rights Management  
• Secure High Definition Content  
• Wired and Wireless HD  Playback  

Mobile Payments & Banking

• Secure PIN entry 
• Secure Display 
• e-Ticketing 
• Public transport 
• Toll 
• Loyalty-based applications  


• Access control of cloud-based documents  
• Secure communication   
• Anti-malware that is protected from software attack 
• Software license management


TEE and The Next Generation Mobile Security Framework

There are three mobile environments which make up the security framework within a mobile phone. Each has a different task:  

Rich Operating System (Rich OS): An environment created for versatility and richness where device applications, such as Android, Symbian OS, and Windows Phone for example, are executed. It is open to third party download after the device is manufactured. Security is addressed here but is limited due to it's design and functions it performs.  

Trusted Execution Environment (TEE): Made up of software and hardware, the TEE offers a level of protection against software attacks, generated in the Rich OS environment. It assists in the control of access rights and houses sensitive applications, which need to be isolated from the Rich OS and effectively acts as a firewall between the “normal world”  and “secure world”  For example, the TEE is the ideal environment for content providers offering a video for a limited period of time that need to keep their premium content (e.g. HD video) secure so that it cannot be shared for free.

Secure Operating System (Secure OS): A secure kernel which runs in parallel with a fully featured Rich OS, on the same processor core.  It includes drivers for the Rich OS ("normal world") to communicate with the secure kernel ("secure world"). Anything can be made as part of the trusted infrastructure, from interfaces, display, keypad to regions of PCI-E address space and memories. User space applications cannot access protected regions within the system.  

Secure Element (SE): The SE is comprised of software and tamper resistant hardware. It allows high levels of security and can even work in tandem with the TEE. The SE is mandatory for hosting proximity payment applications or official electronic signatures where the highest level of security is required. The TEE may also offer a trusted user interface to securely transmit a personal identification number (PIN), which is required in order to make high value transactions. It also filters access to applications stored directly on the SE.


INSIDE TEE Enablement Components

INSIDE solutions are compliant with GlobalPlatform specifications and integrate seamlessly inside trusted execution environments based on ARM TrustZone frameworks.

Content Protection

INSIDE’s Fusion products offer  HDCP and  DTCP-IP solutions to secure High Definition (HD) video content for wired and wireless device-to-device streaming As well as  Embedded DRM Fusion agents to support Microsoft PlayReady providing a modular architecture that allows fast and easy integration on any platform with any multimedia to fulfill the highest security requirement for premium early window content. 


Enterprise Security

Providing secure remote access to sensitive corporate information and applications requires that both the person’s identity information used for login authentication as well as the VPN communication channel maintain its privacy, integrity and confidentiality.  INSIDE enables the use of a TEE to protect the users information and secure communications over IPSEC and SSL through its  SafeZoneFIPS- Certified Cryptographic modules, and  QuickSec software development kits.


Vault IP

VaultIP is a Secure Element delivered, as a synthesizable Verilog RTL source code VaultIP is an embedded security platform that operates independently as an SE and/or to fortify a TEE against software attacks.


Get to Market Faster with Optimized Security IP

Mobile devices with 24x7 connectivity are pervasive and enabling new ways of doing business. With the arrival of Multi-core performance for application processors these devices can run virtually any application, including many which handle highly sensitive, valuable and mission critical information.  Now you can incorporate secure elements in your chip design to  prevent against attacks designed to exploit the weaknesses in an application or operating system by extracting, modifying or destroying information held within the device.


Multi-Vector Protection

Implemented in Hardware IP, it comprises a tightly integrated set of modules optimized for the ARM architecture.  It provides the ‘trust anchor’ needed by a Secure Operating System to run effectively within a TEE.   VaultIP implements this 'trust anchor’ as a hardware interface to an area of secure, non-volatile memory where keys and other security assets are stored.  All use of these assets go thru VaultIP,; they are never used directly by software, protecting them from software attacks.

The VaultIP ‘Trust Anchor’ can also be implemented in semiconductor designs that do not include a TEE. The secure, non-volatile memory management capabilities are integrated with software operations via a set of VaultIP Access APIs, protecting keys and other sensitive material from any exposure to software attacks.

Download Vault IP Data Sheet