Application-to-application Mutual Trust with Identity Attestation


Infocomm - Security & Privacy
Infocomm - Mobility
Show more >


As applications evolve to become more complex and collaborative, there is an increasing need for applications to cross-communicate with one another and have some means of establishing mutual trust in order to perform their individual functions. This is especially relevant to applications that depend on other applications for user authentication, payment, and secure data transfer for trusted data storage or processing. As some of these applications may operate in untrusted environments, such as unsecured IoT devices or compromised mobile devices, an application would have to determine if the other application is what it claims to be, has not been tampered with (both statically and dynamically), and can communicate over a trusted communication channel, before trust can be established.

This technology offer provides an application-based secure element bounded within the application which can provide attestation to the app’s identity and integrity, thereby enabling mutual trust. This technology can be use in a variety of applications, including mobile applications, server-side applications, or even applications running within robots or IoT devices.


To ensure an application’s identity and integrity, this technology embeds a secure element into the application. With this isolated secure element, trust can be established between an application communicating with another application in the same device or across different devices. This can then be used to create a trusted communication channel between servers and/or applications.

Application-to-application mutual trust can occur in a variety of combinations and depending on the actual use case, trust may be an application trusting another application (one-sided) or both applications trusting each other (mutual). The following one-sided/mutual configurations are supported by this technology:

  • Application-to-application (within device)
  • Application-to-application (cross device)
  • Application-to-secure element (within device/cross device)
  • Application-to-server
  • Server-to-server


This technology enables individuals, banks, enterprises and government entities to establish inter-application authenticity and enables the storage of sensitive or confidential personal and corporate data, including credentials, private keys, tokens, and purchase or transaction data. Potential applications also include:

  • Securing IoT devices, payment wallets
  • Digital Identity
  • Secure messaging
  • Mobile and Remote Access cybersecurity
  • Digital asset security (user authentication, securing data-at-rest and data-in-transit)
  • Banking, Financial Service and Insurance (BFSI) application security

Unique Value Proposition

  • Embedded secure element - similar in performance to a hardware security token (never gets lost)
  • Secured by banking-grade cryptographic algorithms
  • Isolated environment ensures tamper-free operation even if physical device is compromised
  • IMDA accredited, EAL3+ certified, FIPS 140-2 validated
  • Enables applications which are trusted, secure and scalable
  • Supports Zero-Trust strategy: "Never Trust, Always Verify"
Wearable Sensing and Haptics Technology for Virtual Reality (VR)
Next-Gen Flood Detection with Environmental Location Intelligence
Middleware for Non-Intrusive Integration of Equipment in Manufacturing Environment
Autonomous Wheelchair
High Fidelity Tele-Operation
Overall Equipment Effectiveness Index for Productivity Improvement of Legacy Equipment
Millimeter Wave Antenna Technology for Ultra-Low Profile Radar Module
Privacy Friendly Indoor Living Body Localization Using IoT Microwave MIMO Radar
Private Mobile Network to Enable Drone, Unmanned Platforms and Industry 4.0 Applications
3-in-1 Asset Tracker - BLE/Wi-fi/GPS Indoor and Outdoor applications