Imagination’s OmniShield proposed as next-generation SoC security approach

May 26, 2015 // By Graham Prophet
Changing use models in connected devices necessitate a new approach to ensure security for OEM products and operator services, says Imagination Technologies, introducing its OmniShield technology designed to provide scalable and secure solutions for protection of next-generation SoCs.

With OmniShield-ready hardware and software IP, Imagination says it is ensuring that customers’ SoCs and OEMs’ products are designed for security, reliability and dynamic software management, as use models and services evolve across a wide range of connected devices.

Connected products such as Internet of Things (IoT), gateway routers, IPTVs, mobile devices and automotive systems must increasingly be designed to support numerous unique applications, various content sources, and in-the-field software updates from service providers and operators, all while ensuring privacy and data protection. With these multiple applications and associated data co-existing on the same SoC, each must be kept secure both from external attacks and also from each other.

For example, set-top boxes must now protect not only broadcast content, but also over-the-top (OTT) streaming video and third party applications. In automotive, communications is becoming tightly coupled with smartphones, bringing third party services into the automotive infrastructure. And in supporting emerging applications such as self-parking and autonomous driving, it is critical to ensure ultra-safe operation to meet ADAS requirements.

Today’s embedded security approaches are, Imagination continues, CPU centric, binary (one secure zone / one non-secure zone) and are complicated to implement. These solutions won’t scale to address the sophisticated types of applications and services being enabled by next-generation connected devices and the cloud.

Imagination presents OmniShield as a scalable security technology that ensures that applications that need to be secure are effectively and reliably isolated from each other as well as protected from non-secure applications, while still meeting required levels of functionality, performance, cost, and power consumption. OmniShield goes beyond a binary approach to create multiple secure domains, where each secure/non-secure application/operating system can operate independently in its own separate environment. For example, secure processes such as DRM (digital rights managment) and payment systems can coexist with non-secure processes such as gaming and web browsing.

This multi-domain separation-based architecture not only ensures security and reliability, but also eases development and