It’s no secret that more users, including those in the workplace, rely on their mobile phones, tablets, PDAs, and similar mobile devices to get work done.

Likewise, nobody argues that these devices are totally secure. There are many software-based security approaches and vendor solutions for the many bits and pieces of the mobile ecosystem, but mobile device hardware itself has remained vulnerable to a variety of attacks.

The TPM 2.0 Mobile Reference Architecture defines a solution for these hardware security issues. This new specification defines the interoperable implementation of a TPM 2.0 in a protected environment in mobile devices and describes various implementation approaches for hardware-based security.

In view of the constraints on typical mobile devices – space, cost, power, size, etc. –, this new TPM 2.0 Mobile Reference Architecture supports both firmware and discrete chip approaches to providing a hardware root of trust.

For more info about a variety of TPM-based security solutions see the TCG website. In a nutshell, the TPM technology supports multifactor authentication, platform integrity, remote attestation, encryption, and secure storage of keys and certificates.

In contrast to servers and PCs, mobile devices have unique performance requirements, Network operators, service providers, and application providers also have unique requirements for effective support of mobile devices.  The TPM 2.0 Mobile Reference Architecture accommodates these mobile requirements and offers developers:

• Robust embedded device integrity and device identity: provides users, operators and services, as well as enterprise administrators, high assurance that devices are in the intended state of integrity and are who they claim to be.

• Remote attestation: provides third parties, such as service providers, with remote assurance that includes privacy protection of the device integrity state.

• Cryptographic services: supports a secure environment for trusted applications.

• Secure storage: provides users and administrators with protected storage of credentials, keys, and other sensitive data.

To ensure that the TPM 2.0 Mobile Reference Architecture meets the needs of not only security specialists but also mobile device manufacturers, service providers, and others in the mobile ecosystem, TCG worked closely with relevant mobile standards bodies.  These included GlobalPlatform for support of the Trusted Execution Environment, Mobey Forum for support of secure financial transactions, and several other standards organizations focused on the security requirements for mobile device applications.

To support the new TPM 2.0 Mobile Reference Architecture, TCG has also released the TPM 2.0 Mobile Command Response Buffer Interface that defines an interface between a TPM and software. The TPM 2.0 Mobile CRB design is intended to support a variety of hardware implementation options: it is possible to write a driver that can interact with a TPM whether it is implemented as a discrete component or in as firmware in a Protected Environment.

For additional information regarding the TPM 2.0 Mobile Architecture, please see the accompaningFrequently Asked Questions.