ARM seeks help in refining mobile security API

"There are different kinds of applications where a TPM might fit or the OMA approach might fit," said Mark Buer, a director of engineering in Broadcom's security group. The company has not yet released any mobile security hardware but is evaluating use of both ARM's TrustZone and the TPM hardware for handsets, he added.

"Each API serves slightly different purposes," said Phelan of ARM.

"They are not operating at the same level of the software stack," said Bolignano of Trusted Logic. "Overall, the APIs need to be complementary and compatible," he added.

Fragmentation in security software is already creating headaches in areas such as digital rights management, said Motorola's Bennett. "There are three different DRM schemes that are all popular, each with their own legal and implementation issues. So, it's not as easy as people might think to make a music phone." Bennett said.

A security expert from Freescale Semiconductor said he had been briefed on ARM's API plan but was taking a wait-and-see approach. "I still want to see how this fits in with other standards," said Asaf Ashkenazi, a lead architect in Freescale's wireless group.

Freescale is heavily involved in the Open Mobile Terminal Platform, a carrier-led effort which is not attempting to set an API. Freescale is also actively engaged with OMA, he added.

Separately, a group of financial services companies have defined the Small Terminal Interoperability Platform specification as a mobile security standard that handles at least part of the job ARM's API tries to address.