09:55 AM

Group Developing Standards For Secure Cell Phone Hardware

The Trusted Computing Group plans to deliver a spec before June for functions including device authentication, third-party digital rights management, and software downloads.

SAN JOSE, Calif. — An ad hoc industry group has taken its first step toward delivering in the first half of 2006 a hardware-security standard for cellphones.

The Trusted Computing Group released 11 user scenarios that are the basis for the spec it will release before next June.

The TCG established a standard for verifying the integrity of PCs more than a year ago. It specifies use of a security device, called the Trusted Platform Module (TPM), that creates cryptographic keys to identify a system’s integrity and provide secure data storage and execution space as needed. Developing a version of that spec for the more complex mobile sector has so far proved slow going.

That is due in part to the wide variety and diversity of stakeholders in the cellular industry. Active members in the TCG’s mobile work group include Authentec, Ericsson, France Telecom, IBM, Infineon, Intel, Lenovo, Motorola, Nokia, Philips, Samsung, Sony, STMicroelectronics, Texas Instruments, VeriSign, Vodaphone and Wave Systems.

The group has developed 11 user scenarios to guide its parallel efforts on drafting technical requirements and the final spec itself. The specification is currently about 70-percent complete, according to Janne Uusilehto, a senior technology manager in Nokia Corp.’s technology platforms group who chairs the TCG mobile group.

That draft differs from the existing PC spec in two major ways. While PCs have generally chosen to implement the TPM as a standalone chip, cellphones will likely embed the function in a block inside an existing chip. In addition, PC users have the option of turning off all TPM functions; however, cellphone users will not be able to turn off certain base security functions required by carriers or service providers, said Uusilehto.

Using the TCG’s technology, cellphones will be able to provide hardware-backed security for functions such as device authentication, third-party digital rights management and software downloads. A full list of the 11 user scenarios is at

The technology is expected to open several doors, including encouraging premium content owners such as music studios to release their products to mobile phones via over-the-air services. Currently, studios are reluctant to release content to phones, fearing piracy.

“This spec will go a long way to addressing that,” said Thomas Hardjono, a TCG member and a principal scientist at VeriSign, which recently acquired businesses that sells ringtones and wallpaper for cellphones and hopes to begin selling full music tracks as well.

The technology has been presented to studios by at least one TCG member company. However, TCG members would not comment on the studio’s reception to the mobile spec to date.

The new spec “gives us an opportunity to have multiple sources of interoperable hardware that integrate these security services,” said Uusilehto of Nokia. “Because it is an open spec we also get the benefit of a wide review from industry security specialists, and the customers wind up with more reliable handsets,” he added.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of January 18, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.