Several leading technology security experts have collaborated to create the Open Trust Protocol (OTrP) to combine a secure architecture with trusted code management, using technologies proven in large scale banking and sensitive data applications on mass-market devices such as smartphones and tablets.
The companies, including ARM, Intercede, Solacia and Symantec worked together to assess the security challenges of connecting billions of devices across multiple sectors; including industrial, home, health services and transportation.
They concluded that any system could be compromised unless a system-level root of trust was established.
OTrP is a high level management protocol designed to bring system-level root trust to devices, using secure architecture and trusted code management to protect mobile computing devices from malicious attack.
The protocol paves the way for an open interoperable standard to enable the management of trusted software without the need for a centralized database by reusing the established security architecture of e-commerce. The management protocol is used with Public Key Infrastructure (PKI) and Certificate Authority-based trust architectures, enabling service providers, app developers and OEMs to use their own keys to authenticate and manage trusted software and assets.
Other members of the OTrP Joint Stakeholder Agreement are: Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix.
“In an internet-connected world, it is imperative to establish trust between all devices and service providers,” said Marc Canel, vice president of security systems, ARM. “Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”
The protocol is available for download from the IETF website today for prototyping and testing.