The newly announced Samsung Galaxy S3 may not only have an amazing new 32nm Quad-core ARM Cortex-A9 processor with a new accelerated higher frequency Quad-core Mali-400 GPU offering perhaps the fastest ARM SoC in the world at the moment. Samsung may also have done the right choice to fully enable and activate ARM TrustZone through the MobiCore integrated security platform directly onto the Exynos 4412 SoC. The Trusted Execution Environment (TEE) is joint venture between ARM (40%), Gemalto (30%) and Giesecke & Devrient (30%) which is currently in the process of getting approval from the European Commission for European Wide mass adoption as the default secure mobile authentication system.
While ARM TrustZone has been talked about for a while, it being supported in many ARM Processors, as far as I know it hasn’t been activated on any of those processors yet, the full Trusted Execution Environment (TEE) ecosystem has not yet been implemented in a mass market phone. The idea is to provide a 100% secure system for mobile payment, enterprise productivity, mobile banking applications, online commerce and premium content services. I believe ARM TrustZone can even be used for a fast and easy 100% secure authentication on your phone every time you log-in to your Google Account, and I believe that you may even set it up to 100% securely authenticate you when you log-in to any Open ID or other username/password protected websites on the Internet, Facebook, Twitter and any others included.
Basically consider these usage scenarios:
1. E-commerce: You click to buy something online, no need to type in credit card infos. Your phone automatically turns on in safe mode (identifiable by secure LED light lighting up on the side of the phone), you type your 4 digit pin code, payment 100% secure activated, the web page automatically updates, no click needed, and says thanks for your payment.
2. NFC or Online Payments/Money transfers: Tap your phone with the person you want to give some money to, or click on payment link in email or elsewhere online. Your phone automatically turns on in safe mode (identifiable by secure LED light lighting up on the side of the phone), you type your 4 digit pin code, payment or money transfer 100% secure activated. Both receiver and sender automatically get confirmation payment or money transfer has happened instantly.
3. Securely log-in to your Google or other web account. Click to login. Instead of using Google’s current 2-step verification (code being sent by SMS or Android app), a new easier, better and more secure 2-step verification system is established using ARM TrustZone TEE. As soon as you click to login, you don’t even need to type your password in the web browser, your phone automatically turns on in safe mode (identifiable by secure LED light lighting up on the side of the phone), you type your 4 digit pin code, you are 100% securely logged into your Google account.
Etc. Same system for 100% securely logging on to corporate networks and applications. You can also setup different pin codes depending on the different class of applications. For example your important payment systems may have a different pin code than basic website logons.
The idea of the ARM TrustZone Trusted Execution Environment is that once that security LED light is turned on on your phone, you can be assured that what you see on the screen is the encrypted alternative OS environment to authenticate you and authorize actions that it then encrypts and sends back through the Android OS to the Internet. For example it displays “Paying $20 to X” as you enter your pin code and click OK or you click cancel if you don’t agree. Again using encryption. Using systems of 128bit encryption, in theory this system should be 100% secure. As long as users always make sure to check that the security LED light is on on their phone when they enter their pin codes and click for authorizations.
If implemented correctly, ARM TrustZone will not only much improve security online, it will also make authentication and authorization processes easier and faster online. With the Galaxy S3 and the correct implementation of ETT support throughout the Internet, the Chrome browser, Android, you may never need to remember usernames and passwords for all websites again, you just use the same few PIN codes on your phone to do all your authentications, authorizations and every type of secure authenticated activities on the Internet.
I am very excited about the upcoming mass adoption of ARM TrustZone, because I believe we are going to see an explosion of awesomely advanced applications for secure authentication, online payments, mobile payments and the feeling for users is going to be that they are soon going to trust using their phones to replace their wallets, passports, credit cards, and that people are going to have a tool to be able to trust any and every website, as those will never be able to see your passwords as consumers will always be protected by the normal set of consumer protections and that online scams, online security breaches will be a thing of the past. ARM TrustZone Trusted Execution Environment means the end of paper money, it means the end of ticketing, it means the end of credit cards, it means the end of membership cards, it means the end of usernames and passwords online.
Here is the press release:
G&D announces MobiCore® integrated security platform to support Samsung GALAXY S III in Europe
Munich, May 4, 2012 – Giesecke & Devrient (G&D) today announced that its MobiCore security platform will be integrated in Samsung GALAXY S III smartphones distributed in Europe. Thanks to MobiCore, the NFC-capable smartphone from Samsung will be the first mobile device to boast a protected area on its application processor in which security-sensitive applications can be securely run and downloaded dynamically. The MobiCore platform will provide a secure execution environment for mobile payments authentication, emails or corporate VPN access.
The first application installed in the Mobicore-protected area on the Samsung GALAXY S III is a digital rights management (DRM) application which provides digital content with effective protection against misuse. In addition, G&D’s Trusted Service Management (TSM) solution will enable organizations such as network operators and banks to install and customize additional security-critical apps in the protected area of the smartphone. Samsung GALAXY S III, with integrated MobiCore security platform, will be made commercially available first in Europe and will then be rolled out globally.
- Google Wallet should use ARM TrustZone for 100% security (armdevices.net)
- ARM, Gemalto and G&D form joint-venture to secure mobile devices, improve privacy (thenextweb.com)