 Rwy'n gyffredinol i'r ffordd yma. Mae'n ddweud y cysylltu i'r ffordd. Mae'r rydyn ni'n Christian Brindley. Mae'r cyfnodau sylwyddiant, cyfnodau cyfnodau sylwyddiant. Mae'r cyfnodau sylwyddiant yn cael eu gwneud eich wneud i'r ffordd o'r antivirus o'r eistedd yn cael eu gweld eich cyfnodau sylwyddiant, cyfnodau sylwyddiant a'r cyfnodau sylwyddiant. Mae'n cael eu ddweud o'r eistedd i'r iot, sydd y gallw'n dillunio. Mae'n cael eu bryd o'w'r hoffлин ar gyfer cael ei bobl o'n iawn arnyn nhw'n cael eu swllawdd, ddweud o rhan oherwydd y cyfnodau sylwyddiant. Mae'n cael eu ddweud o'r ffordd i'r ffordd o'r cyfnodau sylwyddiant o'i bobl o'r iot yn cael eu gweld ac mae'n cael eu ddweud o roedd yn cael eu ddweud o'r cyfnodau sylwyddiant o'r ddweud o'r arweithu fel y syniadau sylwyddiant is a service from Symantec. My background personally, I came from Verisign, that was my first exposure to the World of Security in 2000. So I've got a long history in PKI, which is why I'm here talking to you because PKI as we'll see is a critical part of what we're talking about today and now I work as a technical specialist for Symantec in the IoT world, so I cover all of those products we are talking about. Mm... Uh, you off to shut the door. Great, thank you. I don't have any initiative to do that. So, thank you very much. So, well I wanted to do start with... is give you a little background... on what I'm talking about and why we're doing this. And then look at the sort of details of technical details... or the specifications I'm talking about. And then just wrap up and we'll all go to lunch. So, basically what we're talking about today is a new standard... for security. ac iddyn nhw'n meddwl yn y bwysig o blaenau i'ch falch i tot i'ch ddeton, un iawn i'ch weld y gwéisiau oherwydd hefyd nhw'n meddwl. Fyddech chi'n gweithio Ffarriswain oedd am eich fath y bwysig i'ch falch, mewn rhai i adegi i i'ch meddwl a'i ddennodd sy'n meddwl. Byddwn ni mwyn fydd y gallwn meddwl ymddangos mi'n gweithio arru. Elin arall, nad oherwydd arbenniru ei gael ateb wedi oedlwn hefyd i'ch meddwl ydy'r gafodd broses. Fel y cyfnod gyda'i ddwylliant, yw'r intent ynwys i eluwyrgyffiad, ychydig innu'r cyfnod dweud, ydy'r cyfrifysgai rwy'r gafodd cartwyd. Yn symud sy'n eich cwmwyf yn iawn i'r glas yn cyflwyfyd y knowsid yn gweithio hwnnw, a chyfoddo'r edrych ar gmwyfyd. Felly yn gwybod i unrhyw o'n gweithio'r gafodd. Ac mae'r gwrth erbyn i'r ddigonwg gyda cymaintol i gael cymseriynau mwyaf, oes yn cael cael cyfrifydl ôl ef yn rheoli gyffredinol ar ddylch. Mae'r cyfrifydliad yn cwmno bod y ddigonwg yw'r cyfrif SNF. Yn cyfrifydd, mae'r cyfrifydd os yw'r cyfrif wneud ydych chi yn yn arfer. Felly, rydym wedi wneud i'r ddigonwg yw'r cyfrif, ac mae'n dweud yna'r cyfriflau. Over time, the industry has adopted a general approach to security in devices called a trusted execution environment. This is a general principle where we have a device, where we have what we call the normal world, which is running a lot of terminology coming up, by the way, and I might be using acronyms soon to save some time. On a device out there, whether it's a set-top box or other dedicated devices, it may be a shared platform, so obvious example is a personal mobile device that's running our applications on it. That device will have what we call a normal world, so I don't want to call it the insecure world, but the security level is kind of normal for untrusted applications. So this might be an Android platform, might be iOS, Windows Phone, you name it. We call this a rich execution environment, so a normal operating system. This is where your apps that you download from the App Store will reside, for example, or if you've got a lower level application running there that doesn't need all that security, it can run here happily. But if I have a mobile banking app or I have a mobile authenticator, so for example, I've got a mobile soft token for getting into my PayPal account and into my bank account and into my corporate network. So these are all kind of sensitive applications that are running on that device. We could run these in the normal world and the security is okay, particularly in iOS and some closed operating systems. But actually we want to have a higher level of assurance for certain applications. So we've come up with, as an industry, we've come up with a concept of a secure world in these devices, where we can run what we call trusted applications that are isolated from all those other applications, my iPlayer applications, my games and so on. They're set in a secure enclave on the device, usually protected by hardware from interference from applications that are running on the same device in the normal world. So we call this the trusted execution environment, which is effectively a separate operating system. It's secure, it's locked down and will not allow sharing between applications. So there's no opportunity for a piece of malware over this side to scrape memory, access, shared resources or otherwise interfere with the operation of these trusted applications. So I could have an application here, we call it a client application, which is like the overall application that I'm running. So this might be my mobile banking app, it might be my secure authenticator, but for the sensitive operations within that application we'll call out to the trusted world, the secure world, to the trusted application here to perform that sensitive operation. So we know that only this client application could do it and no other application can interfere with that module. So normally the trusted execution environment is provided by a vendor and they'll ship an SDK with it so that developers can develop a trusted application module that will sit in that environment. So out there right now that one of the most common implementations of this is in hardware is the ARM trust zone enclave within the chip set and there are third party TE providers who will provide a secure OS to sit in that enclave and provide secure applications. So it's a more terminology. In order to deliver applications into this secure world we need to be able to do that when that device is in the field. Whether it's sitting on someone's television set, whether it's a mobile device to have in the pocket or whether it's a smart city or a smart meter out there, we need to be able to deliver this application in the field. For those of you here at the last talk, I thought it was an interesting talk, they emphasised the importance of being able to deliver updates over the air and manage that device. So we need a way to be able to deliver applications into this secure world and we can't allow anybody to because then we'll defeat the object of the whole ecosystem. So that's why we have what we call a trusted application manager which sits out there and manages the applications in that secure world on the device over the air. The last bit of terminology on the slide is a service provider. So when we talk about the service provider we mean the developer and publisher of the overall application. So for example the service provider may be a bank. I have a mobile banking application on my device, on my phone. So the service provider delivers the trusted application to be distributed by the trusted application manager. Then the trusted application manager will interact with the secure world on each device to deliver that application. So this is a general principle and approach that we've developed over time as an industry for secure applications on mobile and other devices. It's okay. At Symantec we have two factor authentication solutions. We deliver a mobile soft token so we're one of the consumers of this environment and we distribute that application, that mobile app via a trusted application manager into the secure world on end user devices. It works well. So what's the problem? So the problem is that this is a growing use case. As I said we have the initial use, yes. Great question. There is no standard. That's what we're talking about today is how do we actually take all these concepts and bake it into an actual standard? So hold that thought because that's exactly where we're going. So the challenge is, number one, there's no standard for this. So thank you for that. Number two, the kinds of devices we're seeing out there are expanding. We're all here this week to talk about IoT. So even before we thought about IoT these use cases were just growing and growing. Lots of different vendors involved. Lots of different hardware vendors, application developers, service providers. So basically we come to the point where it's almost unmanagable to have a shared device particularly like a mobile device which can handle all these different applications and service providers trying to deliver secure content onto these devices. Because of that lack of standards, we have providers like ARM producing secure enclaves on our devices. But we have no standard way of managing those applications on those devices. We just have the tool sets with no real framework that we can all share. So what we've done, and this comes onto the point of today's discussion, is to develop a standard for managing trusted applications on devices. So this is brand new-ish. We published this in July this year. It's currently an IETF draft, internet draft, and we're looking to what to do next with a standard. Do we push it through into an RFC? Do we take it to someone like Global Platform to bake into a standard? But it's all there, and it contains everything you need to implement a trusted application environment and a way to remotely manage those trusted applications over the wire. So basically taking everything we've seen so far in the industry and baking that into a standard that we can all share. So to do this, we formed an alliance called the Open Trust Protocol Alliance with four initial founding members who are semantic ourselves because we have the knowledge around the PKI that's important here, and we'll talk about that shortly. ARM, because they have all the knowledge of the chipset, the trust zone, technology and so on. A company called Solacia who provide secure platforms and already deployed this into set.boxes. And now we have about 13 members. So we're not really expanding that right at this stage because we're still looking at where we take that standard next to progress it. So anyone here from ARM or Interseed or Solacia? Good, so I can say what I like. So basically we base this on open standards, because we want to make sure that we're not reinventing the wheel, we're just developing a framework that you follow to make sure you're compliant with the standard. As I say, it's published in July. That expires in January next year. We may renew that, we may push it forward into a different standard organisation. Anyone here from a standard organisation who's interested in adopting this? Please come and see me. But yes, global platform is probably the primary candidate at the moment. So when we're looking at this standard, what were our design goals when we are trying to formalise this trusted application environment? So first and foremost, we don't want to make life difficult for people because that's the number one killer for any kind of open standard is to make it difficult. So we wanted to make it very simple. And I don't know how many ITF drafts or RFCs you read, but this is relatively short. And I wouldn't say it's a good read, but it's actually readable. So you can actually, particularly the first section, this introduction and overview is actually a pretty good, clear, concise summary of everything I'm talking about today. So if you do nothing else, and you're interested, then you can read the RFC, sorry, the internet draft, and just Google for open trust protocol, or OTRP, ITF, and you'll get there. We'll be showing the URL as well. But basically this is a relatively simple standard to understand. We talk about arm trust zone a lot, because that's our sort of first demonstration that we model this on, and very suitable for IoT, because there's so many ARM chipsets out there. It's kind of one of the number one choices for device chipsets in the IoT world and mobile world. So it's a good model to use, but actually it's not tied to any particular hardware vendor or any particular trusted execution environment. In fact, it doesn't even have to be hardware protected. But that's the best practice. So basically we're agnostic in terms of any kind of vendor or technology. And also, this free word is important, as well as complexity. The other thing that will kill a standard is to make it expensive. So we don't want to monetize a standard or license it or anything. It's a true open standard. And wherever we push this standard, we'll be in that same principle to make sure it has wide adoption. And as I say, we're looking at rather than reinventing the wheel, we're looking at existing technology tool sets and standards out there. So it incorporates a number of other open standards, such as PKI, JSON web services, and so on, to make sure that developers and service providers have all the tool sets already and don't have to have a quick ramp up to understand and implement. So within this ecosystem, some more acronyms for you, some of which I've already covered. We'll have a service provider. So this is your bank, your security vendor, your content provider, your healthcare provider, who are publishing an application onto the device, whether that's a smart meter, whether it's a mobile device, whether it's a dedicated IoT thing. But they're the initial driver providing the service. And they'll use, again, going back to the technology, the terminology that's already out there. They'll deliver a trusted application to a trusted service manager for trusted application management. So it's an SP to a TAM to a TSM. And they will host and manage that application to push it out to devices. So within the device, we have a trusted execution environment, just as we saw before, that's provided by a number of vendors. And then we'll have a chip set provider and firmware, such as an arm partner, will provide the actual device where it sits with a secure enclave. This is the new bit, which is baked into our standard, which is to have a certificate authority to establish mutual trust between all these parties. And that certificate authority again, not tied into any particular vendor. It's just open standards based. You can have one vendor, multiple vendors in there, multiple CAs, run your own, et cetera. So the model we have looks very much like the slide we saw before. So we have again, we have our device with a secure world and a normal world. We've kind of formalised the terminology here. So in the normal world, we have a client application that's provided by the service provider. This client application will then look on the device to see if it's got all the trusted application modules it needs to operate. And to acquire them, it'll connect to the trusted application manager registered for that service provider, and request the trusted application modules. And the trusted application manager will then talk back to the client application to request access to the secure world to query whether the applications are there. We'll talk a little more about that process, but basically that request will be routed through something called an OTRP agent, which is defined in our standard, which sits in the normal world and acts as a bridge between the normal world and the secure world. So it's just relaying messages through, not touching them, not even understanding them because they're encrypted. They can then be handled by the trusted execution environment. So we can manage trusted applications through the TAM. So the service provider is providing these trusted applications digitally signed by a certificate from a certificate authority. So the certificate authority is key here, which is why I'm standing here today because we run these managed PKI services. And so what we'll do is we'll actually attest to the identity of each party. So we'll certify the service provider so that definitely is HSBC and we'll issue them with a certificate to sign their trusted applications. We'll certify the trusted application manager as a provider for this service provider to make sure that we know who they are and we can trust them. And by the way, this and this entity might be the same, so HSBC might have their own distribution service. And then we'll issue a certificate to the issue of the trusted execution environment and the trusted firmware on the device so that we trust everything here. There's a lot of trust here. And we'll actually make sure that this device has a unique certificate in it so that we know that the application manager knows exactly which device it's talking to. So basically the way all these entities know each other and trust each other is through the use of PKI. Very much in the old world, I say old world, current world, where I'm a user, I go to my bank site, I trust the banking applications I've got with Green Bar. That's all because of PKI trust, where a certificate authority has attested that this is, in my case, a noise bank. We're applying that same principle in this world where everyone trusts what we call the trust anchor, this certificate authority, or multiple certificate authorities, so that we know who we're talking to. So let's have a look at the spec itself. So basically what we're enabling is an open framework for managing applications and keys on a device over the air, which as we said before is vital in IoT to be able to talk to devices out in the field. It's not good enough anymore just to burn an application into device, ship it, and never see it again. We've got to be able to update this device and update the applications on this device. So as I say, the entities evolved, the service provider, the town and the tea. We are using open trust protocol, mainly between the application management side and the trust execution environment on the device. The other entities are important, but the focus of the standard is on this interaction, to be able to manage trusted applications over the wire. So within the standard, we define how entities trust each other, so which entities trust which entity and how. We define the messaging that flows backwards and forwards for managing trusted applications on those devices, how do I install them, remove them, query them, et cetera. We define that agent that I mentioned before. If you remember, that's the bit that just relays messages from one side of the device, the normal world to the secure world. We'll basically define all the algorithms and artifacts that we're using, so basically supporting standards that we're using in our standard for application management. So far, and it's quite technical, we're all engineers, I guess. So basically, if we look at the certificates and keys and so on, this is my field particularly because I'm into PKI. So on the device itself, so on my mobile device, my smart meter, whatever, we have two pairs of certificates to identify the device and the firmware running on the device. Because it's important, if I'm delivering a secure application down to a device, let's say I'm delivering my mobile app, I want to be sure that that's delivered into the secure environment. There's no point in doing this if there's a way for someone to say, I'm a secure device, and we just deliver the application into it without really knowing that's true. So we need to know that the device is running trusted firmware in that secure side. We need to be sure it's running trusted OS, the TEE, trusted execution environment on top of that firmware. And we need to know that this is the user's device and not another device. So for all those reasons, we need to have certificates burnt into the device before we ship it. I'm a trusted application manager. We need to configure a certificate and key into that. This is very much like a website. So if you've got an e-commerce website, has a SSL certificate on it, then it's similar in that way because we're going to connect from here to here to query and manage trusted applications. So this has to attest to its identity. So there's a certificate there. We give the service provider a certificate to sign their trusted applications so that we know that they're secure. And as a CA, we've got our own route and issuing certificates that are the trust anchors for this whole ecosystem that will have them there. So basically, these are the keys we issue. Also, that's a concept of an anonymous key, a derived key. So in IoT, as you know, privacy is always concerned. So I want to be sure that only the people I trust will know no information about my device. So you may think that the device information is not very important and not very sensitive because it's just about the device. But we need to be sure that best practice and security terms is to make sure that each party only knows the information they need to know. Anything beyond that is a potential exposure of privacy. Sorry. EPID. What's that? Right. It's not part of the standard. So we're kind of focused on the particular, particularly on the trusted application management within the device here. But I'll look that up because it's not actually part of the standard. Okay. Okay. Okay. So, you know, this, we actually generate this derived key. I'll talk about the stages. We generate the derived key as part of the, as part of the creating a domain on the TEE. But I don't believe we mandate the way that's derived. So a good question. Again, we're really sort of trying to be agnostic as to particular technologies and vendors wherever we can. So thank you for the questions. So basically, this means that we have a derived key that's generated one time for each service provider on the device and delivered to the service provider in case they need to encrypt content to us, for example, personal data that's wrapped into the application delivered to the device. So that's an anonymous public key that's generated in real time. And then finally, in terms of certificates, we have the trust anchors. So just as I have a trusted root certification authority in my browser, we need to deliver that into the device. So we'll ship the device with the trusted certificate authorities. But we also have a way of updating those CAs through this process as well. But the roots are burnt into the device. And the management of those roots is outside the spec of what we're doing. It's down to the OEM provider of the device to manage the sort of rollover and change of those roots. In the case of the TAM, it's like a website. So I can just configure the appropriate roots into my application manager and change those at will. So in the same terms of the architecture, the way it works is the client app. So this is the service provider app that sits in the normal world. So the lower level security app, the lower level part of the app sits in the security world. And just upon when it's first fired up, it'll just connect out to the TAM to say, are these applications installed? And if not, please could you do so. And we'll look at the flow for that. But then when the TAM needs to check back, it'll first connect back to the client app saying, here's the OTRP command that I want you to pass through, through the agent up into the secure world, so that the trust execution environment can respond to that request. So in terms of the scope, we as a PKI provider have various ways of delivering certificates into devices and into the service providers and so on. And in terms of trusted firmware, we have various ways of assigning data, for example, within a device. But these are outside the scope of our open trust protocol. What we're really focused on is the interaction between the application manager and the trust execution environment on the device. So rooting through the client application first that's sitting in the normal world, which then passes that request to the OTRP agent, that then passes it through to the secure world and the trusted execution environment on the device. So fairly tight part, but a crucial part in terms of security. So we actually provide the, in the standard for the agent, we have an agent API that we define. So this is very simple. Basically, take this message and pass it on. And then we define the, maybe it's a loose cable. So then we define the messages to flow over that tunnel, which is the bulk of the messages. So just to give you an idea, this is the agent API. Pretty simple. Basically process this message. And then we just have that can throw an exception, which is basically an error code. So it doesn't get much simpler than that. As I say, that's very high level, but that's really all we're looking for is just a framework in this standard. Okay. So here's the complete set of OTRP operations. Again, these are all in the standard if you want to have a look at them. But having a bit of trouble here might switch over to the other device. Let's have a look. Okay. It keeps everyone on the toes, I guess. So that's good. So the first thing we'll do when a client application requests for a trusted application to be installed onto the device is we'll need to know the current state of the device. So and we have a get device state command for this. So basically, this is passed through to the trusted execution environment, and that will respond with basically all the security domains that are on this device, basically have a security domain per service provider where the trusted application sit. And within those domains, all the trusted applications that are installed that belong to this service provider. So that basically gives you the starting point to understand what's on the device already. Once you've done that, let's say this is the first time that you've talked to the device. There'll be no domains at all. This is kind of distracting. I'll get a video guy in a minute if this carries on. So basically the first time you do it, there'll be no domain for that particular service provider. So you need to create a domain. So this is like a logical partition within the device. And for a particular service provider so that we're not, I think it may be over that way, but thank you. So we're not having separate partitions for each provider. So my HSBC trusted applications won't be able to interfere in any way with my mobile authenticator or my healthcare app. We can then update that domain and we can remove it. We can only remove a security domain when we've removed all the trusted applications that go with it. So the applications themselves, once I created a domain, I can then insert the applications into it. So I can install an application, I can update it as a new version and I can delete it. That's it. So that's all the operations within OTRP because that's everything you need for trusted application management. It's an open standard so basically it's basically taken everything out there and baked into a new open standard. So the question was how does this differ from the global platform standards? The global platform doesn't quite reach out to all these aspects of trusted application management. It defines some things, so it'll define the T interaction, but not the end-to-end provisioning of applications management and not the trust between those applications. So if we just look at a flow here, this is a typical flow. So basically the client app will first, that sits in the normal world, will go to the trusted application manager. So we use TSM and TAM kind of interchangeably in the standard to request for installation of a TA. So the application manager will then connect straight through, through the client app, through that OTRP agent to the trusted execution environment to request information about it. So the trusted execution environment will come back with status information containing what's the trusted firmware, what's the TE, what are the security domains and what applications are installed in those domains. So if there's no domain for this service provider right now, we'll send a create SD command, again, back through the client app, back through the OTRP agent to the execution environment, and we'll create a new security domain. When we've got the domain, we can then send the application through. So we can send an install TA with the encrypted binary, so the application for that module, along with the personal data, if appropriate, and we can encrypt that with that derived key end-to-end. So I won't read out all these, but the standard defines which algorithms we use. So which JSON signing algorithms we use for JSON web signing, which encryption algorithms are currently supported. So 128 and 256 encryption with SHA-2 and SHA-512 hashing. Algorithms signed for signing, and then we define how we actually express this in our JSON web call. So each call is the command plus request or response, as we'll see here. So for example, create SD request, create security domain response. We'll have a payload, which is the unsigned request, and then we'll have a signature to verify its authenticity. So here's an example. This is a get device state. So we build the request as an unsigned request. So this is a get service state TBS to be signed request. We'll have a version transaction ID and so on. Because we're using PKI, we want to be able to validate the certificate because you never know, we may need to revoke the certificate for some reason for this service provider, for this TAM, or even this device. So we need to attach validation data. So it's tricky to have your traditional way of validating the certificate. So if I go to amazon.com, then my browser will do a revocation check on amazon.com's web service certificate by going to the issuer of that certificate and requesting whether the certificate's been revoked. So you can imagine what would happen in the IoT world if we did this. There'd be just billions and billions of devices just hitting certificate authorities all the time. So to help in this situation, and of course there may be no direct route from the device out to the internet or the provider. So to overcome this, we have stapling, ACSP stapling. So all this is that before I sign the request, I know I'm going to sign it with my certificate and then send it so that then the T, for example, will look at it and validate it. So I'll actually get revocation information to attach to that request. So we will actually get an OCSP, an online certificate status protocol response from the CA to say that the certificate I'm using to signing is definitely still valid, hasn't been revoked. Attach it to the request and then put the signature on it. So basically take that request, encode it in base 64 in the payload, and then attach a signature using JSON web signature. And then the response will come back again. Everything's signed. So the response is a, this is the to be signed response. And will then have that signed and come back to the validation of the other end. So this is a commercial break for OTRP. But basically I just want to wrap up with just a summary of what we're trying to do here. Again, we're trying to standardize with open standards to help everyone in the industry adopt this. We obviously have a vested interest as semantic because we provide certificate authorities as a service. But this standard is very much not tied into that. It's basically using PGI from your own certificate authority that you run in house. That could be from any third party, CA, government, et cetera. It's not actually tied into any particular vendor. The good thing is because we're green field, we don't have to go to all those providers that are already baked into devices as we would do in the browser world. We're completely free to do this ourselves. So basically the way we're doing it with PGI makes it highly scalable because you just have those trust anchors so everyone knows each other without having to pre-register. We're really trying to free up service providers for delivering new services and applications to go with them without having to reinvent the wheel every time or use proprietary technology that may go away. They can actually focus on the function of those apps and so on. Just about survived the video through that. So thank you very much. I know it's lunchtime in a minute. Are there any more questions? So good intelligent questions so far? Yes. So chat with the back first, I think, sorry. So my semantic opinion is that blockchains are not the best approach because we're a PGI provider that kind of competes in technologies. My personal approach is that we should never be complacent about PGI. There are some concerns there. What's having the future with quantum cryptography and so on. But I think right now blockchain is interesting, but it has some challenges around implementation. Also, this idea of distributed ledgers could introduce complexity and connectivity issues. So it's interesting, but if you're looking at what can we do right now, what's proven and has lots of tool sets and open source to support it, PGI seems the best candidate. We take the point that there are other technologies in town. Sorry, you had a question. Do you have any T? Yes. So certainly there are T providers that have something similar out there, but slightly proprietary. So we use T providers for our own. I mentioned we deliver secure mobile apps already, trusted apps through third party T vendors. But this is this standard was published in July. So it's early days. We have a lot of interest and we have some T providers. We have Salacia intercedar looking at this. So it's growing. But it's early days so far. Yeah. Thank you. Right, yes. Sir, let's say this is all put into production. Yes. So what happens then? So okay, the worst that can happen is that you can you can deliver. Applications into the device, but they have to be trusted applications. So so you don't have a huge exposure there because but but you can the main the main risk is privacy. So it means that a fake trusted application manager can find out information and talk talk to devices and get all the information from that device about what's installed on it. So you know, and and remove remove applications on a device. So so it's more of a nuisance and privacy issue. In terms of security, they won't be able to compromise their credentials, for example, or get into the bank accounts. But be bad news. But you'd revoke the certificate as soon as you've found that breach. And then, you know, everything will stop. But yeah, it could do. Yeah, so hopefully not. But but yeah, I mean, it's a good question. Because when we think about security, we always have to think about why we're doing it. You know, what what's what what would happen if we didn't. And so it would be more sort of nuisance, I think, than actual breach. It'd be like, yeah, removing applications, which would denial of service would be the main issue and some privacy concerns. Trusted application, I mean, let's say that I'm a provider. I'm a startup bank. Yes. And then I want my trusted application. How do I do that? How do I get all that put it into the TSM? Right. So the question is, if I'm a service provider, what's the process for getting my application into the TSM and into the device? So so first thing I develop the application, I sign it with a trusted certificate that's trusted within this ecosystem. So that's where the CA comes in. And I deliver that to the TSM. We don't define how that happens. But it could be just a just a another REST API or whatever it may be, or even just a portal that I uploaded into. Yeah, but in terms of OTRP, I have to sign the module with a trusted certificate from the CA within that OTRP ecosystem. Yes. Yes. So as a certificate authority, you attest to the identity of that, of that organization. Yeah. So so to get the application signed, they need a certificate that's protected, and that's protected in hardware is best practice. So we have good ways of not compromising certificates. We can actually host the application signing service within a vendor, such as Symantec. But but in terms of, you know, rogue, rogue publishers, you'll only trust the service provider as a publisher. So basically, the service provider has to match the identifier for that domain. No, we try not to involve the user at all, because so it's a good point. And it's a debate about code signing in general, is that we as Symantec, for example, you know, we're not the only code signing certificate issue in the world. But we will make sure that you are acme.com. We will not make sure that you are good programmers, or that even, you know, you have a good history in secure applications. We make sure you are who you say you are. But that's that's tied in to the service provider. So typically, if I bank with HSBC, I'll download my HSBC app. And that will own the domain. So basically, that's how it's tied together. If I download another app, then that from a different service provider who's not so great, then they'll have their own, their own partition in my, in my secure world. So they won't be able to interfere with HSBC. And they won't be able to talk to the HSBC app. So, you know, it's well, that's kind of enforced by the service provider partitioning in the device. Yeah, if that makes sense. But we can talk about that more. So, so the, do you mean the sort of application sitting in the normal world, like an Android device? Or do you? Yeah, it is. Yes. But the, but remember that the, the client application has to be registered to the trusted application. And they're from the same service provider. So, so that that's actually not defined with an OTRP. But there is there is a secure link between the client application and the trusted application. So you can't install a bit of malware that can then just query the trusted application. And within the secure world, there is partitioning between secure service providers because so, so, well, that is not implemented at the trust zone level, but, but partitioning is implemented in OTRP because we have a secure domain within the T per service provider. And they can't, they can't talk to each other. Yes at the back. We're not married to the particular hardware or even hardware or software or, or virtual hardware. I know there's some sort of virtual teas out there. So we don't, we don't really care about the actual implementation. But when we're, when we built the standards, we were using the trust zone hardware implementation as a, as a reference model. So we've had some questions about the lower level ARM chipsets, for example. And, you know, we don't, we're really looking at a chipset that can support a T of any kind. As long as it has one, then we can support it. Typically it's in hardware. And in fact, that the, for example, for ARM, the trust zone support is actually creeping down the ladder of their devices. So the lower and lower end devices are now supporting trust zone. But, but this is really aimed at devices that can support that. If you've got something that's, you know, really low power without a hardware enclave, then this may not be appropriate. But, but that's, that's, that's a shrinking subset of the devices out there. So it's a little bit over time. So I'll, I'll, I'll wrap it up there. But thank you very much for the questions. And sorry about the, the blinking screen. Hope that didn't freak you out too much. And, and yeah, just feel free to catch up with me outside if, if, if you've got any more questions or, or anything you want to talk about. So thank you.