ARM TrustZone Powered Mobile Payments

Posted by Charbax – March 6, 2010

ARM is presenting this hardware based secure payments and authentication system which all future mobile devices may be shipping with. The functionalities of those calculators that people use for their netbanking can thus be integrated in the future mobile phones, to let people do secure payments and authentication using a simple 4 number pin code on their mobile phone. The way they do it is that they guide the keyboard entries directly into a separate secure encrypted OS that functions separately from Android to do the secure authentication that then sends back the certificate (or how it’s called) back to the web based application. This kind of system, I would guess, could also be integrated in laptops, or you could use your phone to authenticate yourself on any website very securely using any computer.

You can find more information about this at: http://www.arm.com/markets/mobile/trustzone-and-mobile-payments.php

  • http://www.facebook.com/people/David-Ashwood/625672157 David Ashwood

    Security through obscurity isn't.
    Tied to the phone? Phone cloning has been around for a long time.
    People do reuse passwords but they also reuse PIN's – what would you rather have a 7+char password or a 4 char pin?

  • http://armdevices.net/ Charbax

    If I understand this correctly, the PIN is only between you and the phone. So for example someone stealing your phone cannot use it to transfer money or authenticate unless they know your 4 digit pin code. The secure thing towards the web app happens at another highly encrypted level in the hardware which I think is not connected with your pin code. I'd rather have one pin code for net banking, payments, another pin code for all my web apps, than having to type in passwords on web browser sessions and have to think of having a different password for each site for it to be secure, and regularly change the password.

  • http://j.mp/alban Alban Rampon

    Hi David,
    TrustZone could be called a special environment to which access is regulated. As this is embedded, in order to clone it you would need to reverse engineer at the die level = deprocess the chip.
    This is not a matter of obscurity, but this way any keylogger or trojan would be useless and that is the point: working in a safe known environment.
    Cheers, Alban.

  • Pingback: John Bruggerman of Cadence on EDA360 at ARM Techcon 2010 – ARMdevices.net

  • Pingback: TI OMAP5 28nm ARM Cortex-A15 sampling second half 2011 already – ARMdevices.net

  • Pingback: Google Wallet should use ARM TrustZone for 100% security – ARMdevices.net