Intercede has launched a cloud-based MyTAM service that will enable secure applications to run on Android phones that support trusted environments. MyTAM (My Trusted Application Manager) is aimed at financial services and payment applications, including Bitcoin. It could also be important in corporate environments, especially where BYOD (Bring Your Own Device) is the norm. And it's not just for data access: MyTAM enables secure voice calls over the internet with end-to-end encryption.
Intercede is an established provider of identity solutions. Its MyID is used by both the UK and US governments, by the UK's National Health Service, America's Federal Aviation Administration (FAA), and Kuwait's national identity card, among other things.
However, MyTAM depends on the phone having a suitable ARM processor and Trustonic's Trusted Execution Environment (TEE) when it leaves the factory. Intercede's Nick Cook says this applies to the majority of new Samsung Galaxy devices and some HTC phones, but it could also be added via a firmware update. Samsung's KNOX platform is based on Trustonic's TEE.
To use the system, app developers must develop their software in two parts. They upload the public part of the app to Google Play or a similar app store, and the secure part to Intercede's MyTAM cloud service. When someone runs the app, it transparently downloads the extra code from MyTAM, and runs it in a secure container on the TEE (PDF).
During this process, MyTAM creates a cryptographic key that ensures the app will only run on that particular device. The TEE ensures the encrypted data cannot be accessed by any other programs running on the phone. This includes malware.
Cook says the system could be used over a wide range of line-of-business applications "from very small developers to very large enterprises. Thousands of units is quite possible, up to millions of units. It could be small numbers [of users] but very high value."
Cook concedes that trusted platform technology did not make a big impact when it was introduced to the PC market a dozen years ago, but he says "it's being used much more heavily with Windows 8", and Intercede has products that support it. Edward Snowden's revelations of US and UK government spying have also heightened awareness.
"It's one of those things where the industry is waking up to the importance of information protection using products like MyTAM and MyID. These have really been the missing pieces to give developers and enterprises the ability to use [trusted platforms] in a really simple way."
Cook says a "trusted user interface" will be available later, "if you want to completely isolate your banking transaction from Android. You'll be able to enter a Pin and Android can't see you're doing it."