Taking smartphone security to the next level

This entry was posted on Tuesday, August 2nd, 2016.

Asaf Ashkenazi, a senior director at Rambus’ security division, recently gave a keynote presentation about the future of mobile security at the Linley Group’s Mobile and Wearables Conference.

According to Ashkenzai, the demand for trusted applications on mobile devices has increased significantly in recent years.

“As the amount of valuable data stored and communicated across mobile devices continues to grow, the need for robust security solution becomes even more important,” he told conference participants.


“For example, there is a critical need for a security platform capable of addressing the distribution and authentication of cryptographic keys throughout the lifecycle of a device. From chip management to device personalization to downstream feature provisioning, it is important to create a trusted path from the SoC manufacturing supply chain to downstream service providers with a complete silicon-to-cloud solution.”

As Ashkenazi notes, this is precisely why Rambus’ CryptoManager platform establishes a hardware-based root-of-trust by embedding a security core in the SoC itself. This allows vendors to securely provision unique keys for each chip during the silicon manufacturing and testing process.

“With CryptoManager, an OEM building a device with an SoC from a chipset vendor does not need to provision keys or take any extra steps to enable security features,” he explained. “Service providers can also securely and conveniently provision keys over the air. Moreover, CryptoManager can be deployed across a wide range of key verticals, including mobile digital rights management, mobile payments and smart ticketing.”


In addition to its flagship hardware core, says Ashkenazi, the CryptoManager platform offers customers multiple implementation options, such as an integrated Software Agent and Trusted Execution Environment (TEE), as well as a stand-alone Software Agent. The former is implemented via software as a protected element within a trusted OS to deliver a combination of security and flexibility. Similarly, the latter is implemented in the software layer of a device OS to facilitate a high level of flexibility.

“Put simply, CryptoManager offers our customers and partners far more than key provisioning capabilities,” he added. “We support enhanced security for applications and data, alongside full device lifecycle management.”

Indeed, as we’ve previously discussed on Rambus Press, CryptoManager is a complete silicon-to-cloud solution for the distribution and authentication of cryptographic keys throughout the lifecycle of a device. The platform enables dynamic SoC management and device personalization in the supply chain, securing applications and services via in-field key provisioning.

CryptoManager includes a Security Engine, which is a flexible root-of-trust implemented as hardware or software, for secure provisioning, configuration, keying and authentication throughout the lifecycle of a device. A local and cloud-based CryptoManager Infrastructure and Trusted Provisioning Services support the Security Engine, providing chipmakers, device OEMs, secure application developers and service providers a scalable and flexible trust management solution.

By offering a secure foundation for downstream device configuration, chipmakers are granted the flexibility needed for post-manufacturing inventory management, while service providers have a trusted path to consumers for feature enablement and service delivery in applications including secure mobile banking, identity and entertainment, as well as IoT device security.

Interested in learning more? You can check out our official CryptoManager product page here.