ARM, the UK firm whose technology is a de facto standard for mobile phones and handheld computers, has introduced a hardware-level security technology for protecting copyrighted content, secure passwords and other sensitive data on mobile devices.
TrustZone, which has some parallels to Microsoft's controversial Next-Generation Secure Computing Base for PCs (formerly known as Palladium), will be built into ARM cores early next year and could begin appearing in products in 2005, the company said. It could help spread the adoption of applications such as m-commerce and corporate mobile computing, by ensuring that important data will not fall into the wrong hands.
ARM said the technology is intended to be far less draconian than Secure Computing Base, which many have criticised as a thinly-veiled attempt to prevent PC users from carrying out activities deemed unacceptable by copyright holders.
"I don't see the same interest from the (mobile phone network) operators in being quite so prescriptive as in the PC world," said Richard York, ARM's secure technologies programme manager. "There is a strong interest in making sure the user experience is positive. If they begin selling services that strongly restrict what you can do with content, I am sceptical they will take off."
TrustZone is a low-level technology that builds security into the processor core itself, and allows operating systems makers, handset vendors and silicon manufacturers to come up with their own security systems based on the hardware platform. York said that a Palladium-style system could be built upon the ARM technology, if a software maker wished to do so. It aims to replace existing proprietary systems that add a security component outside the core, which ARM says can cause problems for mobile device software.
"There are solutions out there already, but they are not very standardised," York said. "The vendors have to rewrite bits of their firmware for different chipsets, and that is a pain for them. This is as much about standardisation as anything else."
The system is designed for an emerging generation of "open" operating systems, such as Linux, Symbian OS, Palm OS and Windows CE, which are far more complex than mobile phone makers' own proprietary software. They introduce a greater potential for security risks because they are capable of running more complex applications.
Handset makers and network providers are under increasing pressure to come up with advanced features such as allowing a mobile phone to double as a credit card, but want to ensure they can adequately protect such data, York said.
"If you trust your mobile device with really valuable data like corporate access codes and e-commerce data, end users as well as corporate providers don't want that to be lost if their handset is stolen," he said. "If we can show an improving level of security, that makes it easier to sell these applications."
He said that the potential for mobile viruses, while widely discussed, is not yet a major concern for handset makers. There is also not yet significant interest in digital rights management technology for copyrighted downloads for mobile devices, he said, although TrustZone is designed to handle both DRM and anti-virus applications.
Industry observers said such technology will be important in paving the way for more advanced mobile device applications.
"Phone software must remain inviolate from any actions of downloaded software, and only hardware-enforced security can provide this level of trust," said analyst Martin Reynolds of Gartner in a statement. "Security-enhanced processors are an essential component for the future of mobile phone technology, opening the way for a vast ecosystem of third-party applications."
ARM's cores are used by chip manufacturers such as Texas Instruments and Intel, and power most mobile phone handsets and handheld computers, as well as set top boxes and other embedded devices.