Tools
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

A handful of companies led by ARM, Intercede, Solacia and Symantec, joined by Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix have announced a jointly developed Open Trust Protocol (OTrP) for securing IoT networks.

They say that OTrP combines a secure architecture with trusted code management, using technologies proven in large-scale banking and sensitive data applications on mass-market devices such as smartphones and tablets.

Marc Canel, vice president of security systems, ARM, said: ""In an internet-connected world it is imperative to establish trust between all devices and service providers. Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.""

OTrP is described as a high level management protocol that works with security solutions such as ARM TrustZone-based trusted execution environments that are designed to protect mobile computing devices from malicious attack.

OTrP is available from the IETF web site as an IETF informational for prototyping and testing, and its developers say they plan for it to be further developed by a standards defining organization that can encourage its mass adoption as an interoperable standard.

The developers says the protocol paves the way for an open interoperable standard to enable the management of trusted software without the need for a centralized database by reusing the established security architecture of e-commerce.

'The management protocol is used with public key infrastructure (PKI) and certificate authority-based trust architectures, enabling service providers, app developers and OEMs to use their own keys to authenticate and manage trusted software and assets. OTrP is a high level and simple protocol that can be easily added to existing trusted execution environments or to microcontroller-based platforms capable of RSA cryptography.'