Trustonic device security platform achieves world’s first TEE security certification from Common Criteria
March 2017 by Marc Jacob
Trustonic has become the first vendor globally to achieve Common Criteria security certification for a Trusted Execution Environment (TEE)* device security product. The certification of Trustonic’s Kinibi TEE paves the way for mass market delivery of trusted services on connected devices.
Common Criteria certification, which has been performed in line with the GlobalPlatform TEE Protection Profile, gives device manufacturers confidence that Trustonic’s TEE product meets an industry-defined security baseline. Service providers – across markets including financial services, enterprise, government, internet of things (IoT) and premium content creation – can also be confident that their trusted applications are protected from attacks.
Trustonic’s product has also achieved compliance to GlobalPlatform’s latest functional specifications which incorporates the latest feedback from live implementations.
Bringing trust to connected devices and apps
Already embedded in more than one billion devices, the Trustonic TEE offers hardware protection in the form of a secure operating system which is completely isolated from the device operating system. This makes it, and trusted applications residing in it, immune to all software threats resident on the device and enables advanced device security, such as biometric authentication and secure PIN entry. The Root of Trust also ensures that a trusted identity is preserved within the device, preventing fraudulent use or copying.
Continued commitment to compliance
Trustonic’s Kinibi TEE has also been qualified to the latest version of GlobalPlatform’s TEE Initial Configuration v1.1. The document describes implementation requirements for features of the GlobalPlatform Device Specification. The scope has been extended to support both Android and Linux environments, and new deployment use cases like IoT.
Maturity for the mass market
Trustonic’s TEE is the only open TEE available. Uniquely, it permits third-party applications to be provisioned after the handset or device has been deployed, which opens up vast commercial opportunities for both device manufacturers and digital service providers. The latter will have the potential to dynamically add value to the end user by offering new secure services and functionality, once the device is already in their hands.
Separately, Kinibi has already been successfully certified to execute some host card emulation (HCE) payment solutions from various international payment schemes.