Snapdragon Blog

Snapdragon 835: Focus on robust mobile security

Feb 16, 2017

Qualcomm products mentioned within this post are offered by Qualcomm Technologies, Inc. and/or its subsidiaries.

There’s no denying that our mobile devices have made our lives easier and more convenient. They’re where we’ve chosen to consolidate much of our lives — both personal and professional. It’s all in there: precious photos, not-to-be-missed meetings and events, private memos, confidential financial information. So it’s no surprise, then, that the prospect of losing that device, or having someone get their hands on what’s stored inside, sends chills down our spines.

As power users, we recognize the importance of good mobile security, but even we can take it for granted. We trust that manufacturers will integrate sufficiently powerful security mechanisms capable of keeping our information safe if our phone is lost, stolen, or hacked. But with our increasing reliance on our devices, ‘sufficiently powerful’ is no longer good enough.

That’s why, when developing the Qualcomm Snapdragon 835 processor, engineers made sure to approach security from the bottom up. With an integrated approach that pairs the security features built natively into the hardware with advanced software, user identification, and attestation capabilities, the Snapdragon 835 is crafted to deliver truly remarkable protection.

Security from the bottom up

Built into the Snapdragon 835 is Qualcomm Haven, an advanced security framework designed to protect users’ data from the inside out. Developed with mobile payments and banking in mind, Qualcomm Haven layers stringent security features atop one another using a combination of hardware, software, and biometric sensors. The result is a device engineered to defend against malware, identity replication, or theft.

At the hardware level, engineers worked to ensure that the chip’s awesome tech — from its DSP and front- and rear-facing cameras to the CPU — contributes to a more complete security platform. Take fingerprint identification, which has quickly become one of the primary user identification methods for mobile devices. It’s quick, easy to use, and proprietary to the user. This hasn’t deterred determined hackers, however. For this reason, Qualcomm Haven manages the data on the processor itself, requiring the authenticator code to run in a security-rich environment — a two-step process that’s used to thwart threats from malicious, remote attackers.

Authentication through biometrics

It’s not just how the hardware is used. The Snapdragon 835’s powerful processing capabilities allow OEMs to develop more rigorous security applications. This includes the use of a biometric sensor, which are increasingly being used in authentication.

Iris scanning, for example, is highly effective because the iris has greater entropy, making it more unique to an individual than a fingerprint for identification purposes. This added layer of authentication requires a secure second camera with an IR sensor, which is supported in the Snapdragon 835. Also, the Snapdragon 835’s secure camera implementation is designed to isolate the biometric data — in this case an iris scan — within the processor hardware making it even more difficult for rogue software or threats to access it.

Device identification

Qualcomm Technologies’ brand of robust security requires more than just lockdown hardware. Much of the security features supported by the Snapdragon 835 comes from its powerful software. This includes support for device attestation, an advanced set of algorithms and processes that can validate the device.

At its most abstract level, device attestation uses a secure boot, app protection, and data tokens to create a powerful link between the software, operating system, and underlying hardware, helping ensure the threat of remote access or duplication is reduced. It runs at different levels, performing integrity checks on a wide array of data, including device ID, software versions, location and time, and app and OS behavior.

By incorporating authentication and protection at every level — for the device and its owner — power users can more safely and intuitively enjoy the awesome every day and next-gen experiences this powerful processor can deliver.

Stay tuned for the next in-depth tech explainer on the Snapdragon 835 processor’s key components — machine learning — and read up on our previous deep dives into battery, immersive AR and VR, photos and video, and connectivity experiences, all of which combine with these security enhancements to make the Snapdragon 835 processor groundbreaking.

And sign up for our Snapdragon newsletter to be among the first to get the latest Snapdragon news.

Get full Snapdragon 835 specs and download the product brief

Qualcomm Snapdragon and Qualcomm Haven are products of Qualcomm Technologies, Inc.

Kristin Wyman

Senior Marketing Manager

More articles from this author

About this author

Related News


Qualcomm releases whitepaper detailing pointer authentication on ARMv8.3

ARM recently announced ARMv8.3-A, the 2016 additions to the ARMv8-A architecture. These additions include pointer authentication instructions: “a mechanism for enhanced security associated with pointer authentication.” It is very exciting to see the technology, refined and expanded through discussions and contributions from ARM and its partners, making it into the architecture as the new pointer authentication instructions.

The pointer authentication scheme added to the ARMv8 architecture is a software security primitive that makes it much harder for an attacker to modify protected pointers in memory without being detected. In a new Qualcomm whitepaper, we describe the pointer authentication mechanism including the design criteria, provide a security analysis, and discuss the implementation of certain software security countermeasures such as stack protection and control flow integrity using the pointer authentication primitives.

These new instructions provide a way for quickly verifying the integrity of pointers and data in memory. In addition to the use cases described in the whitepaper, we expect these primitives to pave way to new techniques and opportunities to improve the memory safety of programs and runtime environments.

Jan 10, 2017


Snapdragon 820 first to receive hardware security certification

Mobile device security is a hot topic these days as users are doing a lot more with their smartphones in terms of payments, bank transactions, and secure messages. Industries and individuals alike want to know how to keep their data safe and their personal information private when using mobile devices. At Qualcomm Technologies, we’re dedicated to working with all users to help protect their data, which is why we’re excited to announce that our flagship Qualcomm Snapdragon 820 processor is the first mobile system-on-a-chip (SoC) to receive FIPS 140-2 Level 2 HW certification, a feat any military or government affiliate would likely salute.

What is FIPS 140-2 Level 2?

Cryptographic modules are responsible for cryptographic functions, such as encryption, digital signatures, and authentication methods. Information protected by the cryptographic module, including passwords, personal biometric information, mobile payments, and secure communications, is well guarded.

While FIPS 140-2 Level 1 certification focuses on a standard level of compliance, Level 2 concentrates on a tougher authentication implementation and physical protection of the plaintext cryptographic keys and critical security parameters within the module. To meet the requirement, modules need to have tamper-evident seals or pick-resistant locks that are designed to prevent clever hackers from stealing information.

These additional mechanisms are engineered to support an increased level of security that is needed for important and valuable personal data on a device. Data that began with the protection of simple passwords is now expanding to include protection of things like an individual’s fingerprint or iris.

What this means for smartphone manufacturers and buyers

The U.S. FIPS Level 2 HW certification is an important component for OEMs that hope to achieve the global Common Criteria EAL2 and higher certification. Incorporating a module with multiple levels of FIPS 140-2 certification also enables OEMs to qualify for additional business opportunities, including government contracts that need to standardize purchases across numerous branches, automobile contracts that want to enhance overall security practices, and healthcare devices.

The certification will also help customers recognize products based on a higher level of security. And for end users, obtaining advanced security features is as easy as checking to see if a mobile device has the Snapdragon 820 processor.

Jun 20, 2016