Mobile Security

1. What are the main benefits of hardware-based security?
   Hardware-based security equips the device with a robust trusted element that serves numerous applications and services such as DRM, Commerce and Device Management. Hardware-based security also makes security transparent to the end-user, improves the performance of the security solution and reduces its power consumption.

   Back to top

2. I have security on my SIM card. Do I still need an embedded security solution for the handset?
   As a smartcard, SIM card provides a very high level of protection for stored data. However, once this data is used by the handset it immediately becomes susceptible to attacks. While the GSM standard ensures a channel between the operator's server and the SIM card using a proprietary GSM encryption algorithm, handset applications can only use SIM card to provide static secure storage. Having no other secure storage for secret keys that can be used for authentication eliminates the capability to ensure a secure channel between the SIM and the handset; only with embedded security on the handset can a secure channel be established between the card and the handset. SIM cards also have very limited communication rate as well as limited storage. Hence, the handset still needs a comprehensive solution that includes support for secure handset boot, for a wide range of cryptographic operations and schemes, for secure storage that can protect any information and for security toolkits that utilize these capabilities to support applications such as Digital Rights Management.

   Back to top

3. What is a secure flash controller?
   Secure flash controller is a controller with integrated hardware-based security. Secure flash controllers support several capabilities, such as: secure boot, code and data integrity verification; secure storage of sensitive information; and hardware-based cryptographic capabilities. Typically, secure controllers also include counter-measures to thwart physical and side-channel attacks. In order to ensure that data flow from the flash interface to the host interface is not hampered, secure flash controllers support on-the-fly processing of sensitive information (without loading the CPU). Secure flash controllers also support secure life cycle states in order to ensure that the flash device can be personalized in a secure environment, and that code cannot be modified illicitly while the device is in the field.

   Back to top

4. Does embedded security affect the user experience?
   Properly implemented, hardware-based security solutions will not affect the user experience. These solutions benefit from significant performance improvements as well as reduced power consumption, providing an experience which is comparable to the wireline communications.

   Back to top

5. Why do I need security, the GSM standard already includes security?
   The security of GSM standards is aimed at protecting the voice channel.
   However, additional security mechanisms are required for enterprise, financial and personal data services and applications, such as mobile TV, protected content, remote authentication and banking transactions, as well as for protecting mobile and portable devices.

   Back to top

Mobile DRM

1. What are the advantages of supporting multiple schemes within the same framework?
   Handset manufacturers must meet market demands to suppor different DRM schemes in different geographical locations. The Multi-Scheme DRM client supports this requirement as well as multiple schemes on the same device.

   Back to top

2. Which Schemes are supported today as part of the Discretix Multi-Scheme DRM Client?
   The Discretix Multi-Scheme DRM client today supports OMA DRM v1.0, OMA DRM v2.0, Microsoft WM-DRM 10 and CPRM. In addition, the Discretix DRM framework is designed to allow a simple and easy expansion for new DRM features and schemes.

   Back to top

3. How can the Discretix Multi-Scheme DRM be ported to a new environment?
   A core feature of the Discretix Multi-Scheme DRM Client is its ease of implementation. This is achieved by use of a common interface to the underlying security sub-system and a single API to the application layer. The Discretix Multi-Scheme DRM integrates into a wide range of operating systems and application frameworks using a thin dedicated porting layer.

   Back to top

4. On which operating systems had Discretix already ported the Multi-Scheme DRM Client?
   Discretix has vast experience porting its Multi-Scheme DRM to a large number of operating systems and environments including: Symbian, UIQ, Windows Mobile, Linux, Nucleus, OSE, APOXI, BREW and more. Additional operating systems and applications frameworks can be added upon request.

   Back to top

5. What business models are enabled by the Discretix Multi-Scheme DRM?
   The Discretix Multi-Scheme DRM supports all the business models defined in OMA DRM v2.0 and WM-DRM, and has the flexibility to support additional models as they emerge. Supported business models include: Purchasing, Renting, Subscription, Review, Metering, Tracking and Super Distribution. This variety of revenue models expands the content reach to new potential customers.

   Back to top

6. What is the DRM implementation ROI?
   DRM is paving the way for Mobile Content Business Models. A robust DRM deployment facilitates revenue generation from Premium Content. Discretix Technologies, a long-time provider of security solutions, confirms the highest security level with the best user experience while consuming the protected content.

   Back to top

Discretix Security Products

1. What are the key considerations for DRM implementation?
   The key considerations for any DRM implementations are Security and User Experience. The DRM solution must be implemented in a way that premium content is not leaked from the device due to security issues while in parallel maintaining the overall user experience and ensuring that DRM is transparent from the user point of view.

   Back to top

2. What are the main components of the CryptoCell solution?
   The CryptoCell includes a hardware root of trust, cryptographic engines and a cryptographic services library, as well as a secure Middleware.
   The hardware elements include a Secret device unique root key, a Digital Random Number Generator (DRNG), hash, and symmetric and asymmetric encryption engines.
   The Cryptographic library includes a rich yet optimized and easy-to-use cryptographic API.
   CryptoCell includes additional hardware-based security mechanisms, such as Secure Boot, Secure Debug Port protection, Secure Device Life Cycle and others.
   The CryptoCell is provided as a complete system component, and includes system interfaces such as bus interface, clocking and reset.
   The CryptoCell is designed for quick and easy integration into existing and new designs.

   Back to top

3. What are the main components of the CryptoFlash solution?
   CryptoFlash is a multi-layered security solution which includes hardware-based cryptographic engines, root of trust and secure storage infrastructure (in the form of synthesizable RTL).
   The hardware-based cryptographic engines include symmetric encryption, hash, Public Key Infrastructure (PKI) for encryption and signatures and a Digital Random Number Generator (DRNG). CryptoFlash provides on-the-fly performance exceeding USB 2.0 data rate of 480 Mb/s.
   The Middleware layer provides a comprehensive interface for cryptographic services and supports cryptographic protocols and standards such as FIPS 140-2, PKCS#1, ANSI X9.31 and secure tunneling.
   CryptoFlash ensures secure boot, on-the-fly overlay verification, secure personalization process (through the use of Secure Device Life Cycle states) and secure storage of credentials and data. CryptoFlash is optimized for flash-based devices with its sector-aware, overlay-ready code and power conserving hardware. CryptoFlash can be integrated into any flash controller from 32 bit controllers to basic 8-bit controllers.

   Back to top

4. Does Discretix provide industry standard encryption algorithms?
   Yes, Discretix provides industry standard encryption algorithms. Such standards are subject to continuous analysis worldwide, are commonly used, and are accepted by industry and standardization bodies.

   Back to top

5. Does CryptoCell work with ARM TrustZone?
   Yes. Discretix CryptoCell works with the ARM TrustZone mechanism to provide the complete security solution required for today's advanced devices. CryptoCell uses the TrustZone mechanism to create a Secure Execution Environment on devices with open operating systems, while providing a security API for applications such as DRM and Commerce.

   Back to top

6. What is the primary function of the Discretix Security Middleware?
   Discretix's Security Middleware is an essential layer of security infrastructure for mobile applications and operating systems, fulfilling the dual role of protecting sensitive information and allowing access to the underlying cryptographic libraries. The Security Middleware protects information such as device and user credentials, DRM information, and e-commerce data from unauthorized access. The Security Middleware also provides a set of industry standard API’s for easy integration with existing applications. The API interfaces both hardware and software cryptographic implementations, thereby reducing the integration effort.

   Back to top

7. What is a Multi-Scheme DRM client?
   A Multi-Scheme Digital Rights Management (DRM) client protects the distribution and consumption of premium content on mobile devices. The DRM client provides a complete implementation of the key schemes in use today – OMA DRM v1.0, OMA DRM v2.0, Microsoft WM-DRM 10 and CPRM – as well as the flexibility to add new schemes as they become available. The Discretix Multi-Scheme DRM client easily integrates into a wide range of mobile platforms and operating systems.

   Back to top

8. Do the Discretix solutions employ counter-measures against attacks?
   All of Discretix's solutions include counter-measures. These counter-measures protect against timing attacks, power analysis attacks, fault attacks and software attacks. Protection against attacks is executed both at the hardware level and at the Middleware level.

   Back to top

9. Is CryptoCell integrated into the baseband or into the application processor?
   Discretix CryptoCell solution is a security infrastructure element. As such, designers can integrate CryptoCell either to the baseband processor or to the application processor, depending on their security needs. Discretix also provides a multi-processor solution, where a single CryptoCell can integrate into both the baseband processor and the application processor at the same time. Such integration involves both hardware and Middleware components, enabling both processors to utilize the single security resource.

   Back to top

10. Which operating systems does CryptoCell support?
    The CryptoCell Middleware is written in ANSI-C. As such, it is very easy to integrate it with numerous operating systems, RTOS and also systems without any operating systems backbone. To date, the CryptoCell middleware has been integrated with Symbian, Linux, Windows Mobile, Brew, OSE, Nucleus, ThreadX and also Desktop Windows.

    Back to top

11. Can Discretix provide a software alternative to its hardware cores? 
    Yes. The CryptoCell hardware core has an equivalent software core. This software core achieves two main goals; first, it enables the development of software while the hardware chip is still non-existent. Second, if an immediate solution is needed for an existing chip, the software version of the engines can be used, providing equivalent cryptographic functionality. Of course, a software core has security drawbacks that do not exist in the hardware core.

    Back to top