 The critical layer of security infrastructure for mobile applications and operating systems
Discretix Security Middleware protects sensitive information - such as device and user credentials and e-commerce data - from unauthorized access, while allowing access to the underlying cryptographic libraries. Security Middleware also provides a set of industry standard APIs which interface with both hardware and software cryptographic implementations for easy integration with existing applications.
Discretix Security Middleware Key Components
- Cryptographic Abstraction Layer - The underlying cryptographic implementations differ from one mobile platform to the next. The Security Middleware provides a single API capable of interfacing with both hardware accelerators and software based cryptographic libraries. This flexibility allows handset and platforms vendors to support application developers with a single API across multiple platforms.
- Secure Storage Module - Discretix Security Middleware includes a secure storage mechanism to protect sensitive information from unauthorized changes and to ensure the integrity of system software. The secure storage module can also be used to ensure the confidentiality of subscriber generated content.
- Standard APIs - Discretix Security Middleware provides a complete set of industry-standard APIs including; Symbian Cryptographic API, Microsoft Cryptographic API (MS-CAPI), and PKCS#11. This ensures a smooth integration of existing applications with the underlying security implementation. In addition Discretix provides its own CRYS (Cryptographic Services) API, optimized to work with the CryptoCell family of products.
- Optimized Software Cryptography Library - Discretix Security Middleware includes software cryptographic libraries to be used when hardware cryptographic accelerators are not provided as part of the platform.
Discretix Security Middleware for Open Systems
Open mobile systems allow software applications to be loaded on to the device (typically a smartphone) without the supervision of mobile operator or handset manufacturer. These High Level Operating Systems (HLOS) such as Symbian, Windows Mobile or Linux, introduce a new set of security threats to the mobile device. Discretix Security Middleware provides additional components to address these threats:
- Secure Process Context - By nature of its function the mobile device is constantly switching between different activities, so called context switches. If such a switch occurs during a security related operation, the sensitive information used in that operation can be exposed creating a serious security breach. The Secure Process Context ensures that when a context switch occurs all parameters are encrypted and cleared from run-time memory.
- Secure Storage for Cryptographic Keys - Discretix Security Middleware offers a unique approach to dealing with protected cryptographic keys. The Secure Storage mechanism allows applications to use the cryptographic keys, yet limits the application from directly accessing the keys. This ensures that the cryptographic keys are never exposed outside the secure environment of the Security Middleware.
- Trusted Code - To ensure code-integrity, the Discretix Security Middleware includes a sophisticated overlay manager. The overlay manager ensures that changes cannot be made to the Security Middleware when applications are loaded from program memory to secure memory.
Discretix Security Middleware Support for JAVA Virtual Machines
JAVA Virtual Machines (JVMs) support multiple run-time permissions and restrictions for different mobile applications, termed Protection Domains. Discretix Security Middleware supports digital signature verification and secure storage of certificates that are needed for supporting Protection Domains.
In addition Discretix Security Middleware includes support for all cryptographic operations that are enabled by JAVA through the Security and Trust Services API for J2ME (SATSA, JSR177).
Support for Device Toolkits
Discretix Security Middleware enables the following applications which enhance business reliability, user experience and device security. These toolkits enable the implementation of revenue generating applications such as content management, m-commerce, m-banking and more:
Secure Storage: ensures the strongest security for diverse scenarios employing different authorization mechanisms to protect different types of data, such as enterprise applications and multi-user data applications
IP/Sec: delivers high performance and robust authentication and encryption implementation, supporting multiple handset environments
Device Management: provides the device management process with the highest possible level of security and reliability
Device Anti-Theft: protects the device’s internal ID (IMEI) from illegal alternation, thus preventing a stolen phone from functioning on an unauthorized network
|
