PORTLAND, Ore. — Apple's iPhone and Microsoft CE-based devices are upping the ante for security software in embedded systems, according to experts presenting at the Cellular Telecommunications and Internet Association (CTIA) Wireless conference next month (April 1-3, 2008, Las Vegas, Nev.)
Embedded security software has become essential to these open-system-based mobile devices, as they grapple with traditional security in addition to new concerns, such as providing a safe execution environment for third-party applications. Once handled by in-house programmers, mobile-device makers are now turning to security software companies to provide these multi-level safety nets for personal data, digital rights management and authentication tasks.
“We are increasingly signing up mobile-device makers–and flash memory devices makers, too–who, until now, did their own security software,” said Gal Salomon, chief executive officer of Discretix Inc. (San Mateo, Calif.) “Devices like Apple's iPhone, and, to a certain extent, Microsoft's CE, have redefined the whole market, since they use an open operating system where third parties can develop applications on what used to just be a telephone with a closed, real-time operating system.”
At CTIA Wireless, Discretix will be displaying its secure software environment running on Texas Instruments OMAP application processors. Discretix claims a 32 percent market share in embedded security software, and according to Gartner-Dataquest is in second place behind Safenet Inc. (Belcamp, Maryland). Discretix–which was founded in 2000 and is backed by $30 million in venture capital from Accel Partners (London) and Sequoia Capital (Menlo Park, Calif.)–provides embedded security solutions for device makers and chip-set makers, including Infineon, Motorola, NXP, Renesas Technology, SanDisk, Sony Ericsson, Spansion and Texas Instruments.
The Discretix business model includes both intellectual property (IP) licensing of security hardware acceleration blocks to chip set makers, as well as providing embedded security software to mobile-device manufacturers on a royalty-per-unit basis.
“We prefer to sell software to device makers, but we don't always have the opportunity, because hardware-based security is always better security, especially since most devices do not have the MIPS [million instructions per second] to provide their own security, and thus require a security coprocessor,” said Salomon.
Besides security software for embedded systems that must manage copy-protected content, Discretix, Safenet and others, such as Mocana Corp. (San Francisco), are now being asked by mobile-device makers to supply safe operating environments in addition to all the bits and pieces necessary to secure that transactions can be safely handled by open-system mobile devices.
“When a new application is written for a device like the iPhone, it has to run in a secure execution environment that does not affect the phone or other applications,” said Salomon. “We are now being asked to provide these secure execution environments, as well as provide the algorithms to deal with all the different sorts of multimedia content that different applications use.”
As a result, security software vendors are experiencing a transition from closed real-time operating systems to open operating systems, which is driving an increasing thirst in mobile device makers to include more advanced forms of security. Security software is also penetrating the flash memory device market, according to Salomon, because flash cards are now being used as authentication devices, complete with biometric fingerprint readers, which can, for instance, securely transport a person's medical records.
At the CTIA Wireless conference, the expanding role of security software in mobile devices will be discussed in a track titled: “Addressing Network Security in the Era of Open Access & Fully Functional Mobile Multimedia Devices,” which will take place Wed. April 2, at 4 p.m. in the Las Vegas Convention Center.