Secure Device Architecture (SDA)
for Mobile and Networking Devices
AuthenTec Secure Device Architecture (SDA) combines existing and new AuthenTec products with third party components to provide the most comprehensive framework available to assist device vendors in addressing their encryption needs. The new SDA offers device vendors flexibility needed for the diverse requirements of different users, while offering standards compatibility and new features that create unique product differentiation.
Main Features of AuthenTec’s SDA
- A Comprehensive Solution - meets all encryption requirements within a single, unified architecture, including data-at-rest, data-in-motion, and user authentication and identity management.
- Offers Customer Differentiation - by integrating security solutions that were previously discrete/isolated, the architecture enables new capabilities that enhance both security and the user experience, creating differentiation in customer devices. For instance, the integration of a smart fingerprint sensor and a VPN client enables a single fingerprint swipe to launch the VPN client, unlock access to user credentials, and establish a secure connection to the security gateway.
- Provides State-of-the-art Security - incorporates security features including FIPS 140 and TrustZone. By treating TrustZone as one of several middleware options underlying SDKs and security applications, AuthenTec’s SDA enables device vendors to migrate to TrustZone with minimal cost, complexity, and time-to-market.
AuthenTec’s SDA enables superior integration across four different levels:
Hardware - AuthenTec’s SafeXcel Crypto Module for hardware-based platform security, packet engines for protocol-level operation acceleration, and smart sensors for user authentication and identification, together with CPU-provided security operations from suppliers like ARM and MIPS and third party security peripherals.
Middleware - vendors can choose between AuthenTec’s SafeZone middleware for typical environments needing hardware-based key storage and usage or ARM’s TrustZone™ middleware for advanced environments requiring a complete Trusted Execution Environment (TEE). AuthenTec’s SDA is compatible with Trustzone middleware offerings such as Giesecke and Devrient’s Mobicore® and Texas Instruments’ M-Shield™.
Software Development Kits (SDKs) - toolkits that enable efficient implementation of encryption for local data storage as well as a full range of secure networking protocols including DTLS, IPsec, MACsec, SSH, and SSL/TLS. The architecture also encompasses AuthenTec’s TrueSuite SDK for identity management. All SDKs offer the choice of standalone operation, operation on top of AuthenTec’s SafeZone middleware, and operation on top of TrustZone.
Applications - designed to meet the encryption needs of the full range of applications including applications like browser, email, and media player that are built into the device OS, as well as third-party applications that are downloaded from App Stores. At the application level, AuthenTec’s Secure Device Architecture also includes AuthenTec’s DataDefender for application separation and QuickSec™ VPN Client for Android.
The new components unveiled as part of AuthenTec SDA include:
MatrixDAR™ - a data-at-rest (DAR) solution that encrypts data stored locally on a device hard drive or removable media such as an SD card. MatrixDAR is available immediately with support for Android Gingerbread and Ice Cream Sandwich and other Linux-based devices.
SafeZone™/FIPS - a FIPS 140-certified version of AuthenTec’s SafeZone middleware for platform security. SafeZone/FIPS is available as a pure software solution supporting a full range of cryptography operations and providing secure storage and access control for sensitive keys.