Mobile Trust

Enterprise Mobility

Mobile Trust

By Michael Stanford  |  March 17, 2014

ARM processors have TrustZone; Samsung (News - Alert) has Knox; Apple has Enclave; smart cards (credit cards with embedded chips) and UICC (SIM) cards have GlobalPlatform. So, how do they all relate to each other?

First, they are all aimed at providing trust. The user must be able to trust the device, the device must be able to trust its software and the user, remote services must be able to trust the client systems. The entire edifice of trust must be built on a reliable root. Since software is so slippery, that root must be hardware.

ARM processors have a hardware-supported operating mode called TrustZone that only allows known trusted code to perform system functions. In a TrustZone-enabled system, the user can trust the device not to run malware. 

Apple (News - Alert)'s Enclave is reportedly built on TrustZone. Currently, Enclave's main use is in the iPhone 5's fingerprint authentication feature. So it's an example of getting the device to trust the user.

TrustZone also provides an underpinning for a security framework called Trusted Execution Environment, promulgated by an organization called GlobalPlatform. GlobalPlatform was founded by credit card manufacturers to standardize smart cards; its specifications are also used in mobile phone SIM cards (now called UICCs).

The Trusted Execution Environment is behind Samsung's Knox smartphone security framework, which is giving Samsung a competitive advantage in enterprise environments.

GlobalPlatform's step up in security from the Trusted Execution Environment is the Secure Element. This is the chip on smart cards and phone SIMs. Google (News - Alert) Wallet relies on a Secure Element when you use your phone as a credit card in a  near field  communications contactless payment' transaction. Before Android KitKat, Google Wallet required the phone to have a smart card chip on the motherboard or plugged into the SD Card slot. From KitKat on, the LTE (News - Alert) UICC can act as the Secure Element. This is an example of the remote service (the bank or credit card company) being able to trust the client system.

GlobalPlatform's membership includes credit card companies, mobile network operators, chip companies, and software companies. It is an encouraging example of corporations in widely separated industries working together to grow their pie and to make life easier for regular people.

Michael Stanford (News - Alert) has been an entrepreneur and strategist in VoIP for more than a decade. (Visit his blog at

Michael Stanford has been an entrepreneur and strategist in VoIP for more than a decade. (Visit his blog at

Edited by Stefania Viscusi