2. Preface
As the mobile market matures and expands, an increasing
number of security concerns demand attention. With end-users
using their smart-phone for a variety of “lifestyle” applications,
there is a proliferation of security needs that result from the use
of an open environment.
Content protection, corporate environments, connectivity, and
the rise of financial transactions in the mobile market exacerbate
these security concerns, which are relevant not just to the end-
user. Service providers, mobile network operators, OS and
application developers, device manufacturers, platform
providers, and silicon vendors are all key stakeholders in this
market—and thus have a vested interest in seeing proper
security implemented.
3.
4. Trusted Execution
Environment(TEE)
GlobalPlatform, the organization which standardizes
the management of applications on secure chip
technology, has published a white paper that outlines
the benefits of introducing and standardizing the
Trusted Execution Environment (TEE) in mobile
devices.
Trusted Zone(TZ) The security technology from ARM that enables the
construction of a Normal world and
a Secure world.
Trusted Foundation(TF) Trusted Foundations is the leading and proven
Trusted Execution Environment (TEE), which
protects any application or service through hardware-
based security by Trusted Logic Mobility.
5. Overview
TrustZone® to separate the “Secure World” from the “Normal World”:
● The Secure World contains the Trusted Execution Environment that runs
Secure Services;
● The Normal World runs Client Applications that access the secure
services.
The product includes built-in services that provide off-the-shelf security
functionality, such as secure data storage and a cryptographic provider. The
product also allows deployment of custom services, which can, for example,
implement the heart of a Digital Rights Management scheme.
9. Boot Process
For the overall security of the device, it is important that the device implements
a Secure Boot process and that the debug interface is controlled. This usually
implies that the OEM:
● burns some key and other ids during the device manufactory,
● signs the bootloader and the Trusted Foundations image with a secure
boot key,
● disables the JTag interface.
This list is not exhaustive; the OEM should contact Nvidia for further details on
how to enable the Secure Boot proce ss and how to configure the hardware at
the manufactory to reach the appropriate security level.
20. Example, Netflix
Netflix revolutionizes the way people watch TV shows
and movies
With more than 27 million streaming members in the United States, Canada,
Latin America, the United Kingdom, Ireland and the Nordics, Netflix, Inc.
(NASDAQ: NFLX) is the world's leading internet subscription service for
enjoying movies and TV programs. For one low monthly price, Netflix members
can instantly watch movies and TV programs streamed over the internet to
PCs, Macs and TVs. Among the large and expanding base of devices
streaming from Netflix are the Microsoft Xbox 360, Nintendo Wii and Sony PS3
consoles; an array of Blu-ray disc players, internet-connected TVs, home
theatre systems, digital video recorders and internet video players; Apple
iPhone, iPad and iPod touch, as well as Apple TV and Google TV. In all, over
800 devices that stream from Netflix are available.