ARM forms a TEE JV with Gemalto and G&D
ARM will own 40% of the venture, which is unnamed but will be based in the UK. ARM will also be providing engineers and a small marketing team, according to the Wall Street Journal. Gemalto and G&D will each hold 30% and contribute operating systems, patents and engineers. ARM executive Ben Cade will head the new company with an initial staff level of around 80.
ARM, which designs the microprocessor architecture that is found in the majority of smartphones and tablets, says the aim of the JV is to create a trusted execution environment (TEE) based on the ARM TrustZone security technology, for connected devices. This “secure environment for software execution” will also tap hardware security and industry standard interfaces, such as those from GlobalPlatform. The TEE is a secure hardware-software architecture built into tablets and smartphones. It runs in isolation parallel to the main operating system (e.g. Android). Attacks performed on the main OS or the applications running on the OS cannot reach the software and data protected in the TEE. The TEE complements the Secure Element to tackle security issues in the device, while preserving the existing legal framework and avoiding concerns related to any liability shifts. This is said to make it safer to carry out things like mobile payments, banking and commerce.
Analysts think venture is following the strategy adopted by Intel with its US$ 7.68 billion (EUR 5.86 billion) acquisition of security-software provider McAfee that resulted in the chip vendor releasing its DeepSAFE security product that also sits below the OS.
“This is an absolute defensive move against Intel, and what they're doing with McAfee,” Patrick Moorhead, an analyst at technology research firm Moor Insights & Strategy, told Dow Jones Newswires. “When money is involved security is a primary concern, and in light of that simple truth, it has become a major point of differentiation for firms looking to gain market share,” comments Chris Moore of The Motley Fool Blog Network. Intel is targeting mobile and one of its initiatives has been to tackle payment processing security. In February 2012, the company has also announced a partnership with Visa to provide an NFC-based payment system for phones equipped with Intel’s mobile chipset (cf. SIW #12-10). Intel’s approach is to partner with an established network, emphasize security and hope it is enough to help break into the mobile market. Until now, Intel has been unable to gain a foothold in mobile due to the enormous footprint of competitor ARM and is looking for any edge it can find.
Particularly of interest is ARM’s dominance in the smartphone chipset market, since smartphones are the most convenient vehicle for mobile payments. ARM’s increased focus on mobile security should help the company and more importantly mobile at large. Because of its wide footprint, an increased focus on security from ARM should have a wider impact than other companies looking to improve security in the mobile field. With security being such a hot button issue, ARM’s move could do more to spur adoption than any other single effort in the space. Even competitors have to welcome a plan that has the potential to draw more consumers into the market. It also offers ARM another selling point for their chips and has the upside of potentially spurring even greater smartphone adoption.Meanwhile, being competitors on the market, as of software for security technology, Gemalto and G&D follow two different business models. Trusted Logic, a Gemalto company, was the first to come up with software for TrustZone, which it calls Trusted Foundations (cf. Smart Insights Weekly #11-18), reports NFC Times. G&D followed with its own product, MobiCore (cf. SIW #11-09). However, while Gemalto licenses its Trusted Foundations to makers of ARM-based processors, G&D grants MobiCore to chip makers to further charge fees to service providers when they use the secure environment for applications.
US-based chip makers Texas Instruments (TI) and Qualcomm have adopted the TEE for some of their silicon, with TI licensing Trusted Foundations and Qualcomm going with MobiCore. But there are few services secured with the vendor products available to smartphone users. And while other chip makers have adopted the technology or plan to do so, most appear to be holding back, along with device makers.
“We want to accelerate the security ecosystem, and we want to accelerate that by avoiding fragmentation,” said Kai Grassie, SVP at G&D. Companies’ officials believe a JV is needed to reduce the fragmentation. GlobalPlatform has released its first version of a TEE system architecture specification in December 2011 (cf. SIW #12-08). Now, ARM, Gemalto and G&D pick up the baton, though they have yet to disclose what business model to found their JV on.