GlobalPlatform has launched a Trusted Execution Environment (TEE) Client Application Programming Interface (API) Specification. The technical document further advances GlobalPlatform’s infrastructure to support mobile devices, which manage applications containing sensitive data in a trusted manner.
The TEE is a secure area that resides in the main processor of the phone and guarantees that sensitive data is stored, processed and protected in a trusted environment. With the ability to work independently or complementary to a secure element and the standard handset applications, one of the key appeals of the TEE is its capability to create a ‘trusted user interface’. For example, the mobile payment application can display payment information in a trusted window of the mobile device screen and the end-user can input a PIN to accept the wireless transaction using the mobile key pad, in the same trusted window.
GlobalPlatform’s TEE Client API Specification defines the communication between applications running in a rich operating environment, typically on top of a smartphone operating system, and the applications residing in the TEE. The specification will establish communication interoperability and support the migration of sensitive services into the TEE, enabling an application to become isolated and easier to control and secure.
Christophe Colas, Chair of GlobalPlatform’s Device Committee, comments: “Downloading applications directly onto a wireless device – such as a mobile phone – is increasing in popularity yet it is raising the end user’s risks towards privacy and theft of sensitive or valuable data. Phones are vulnerable to viruses and malware, and we are not fully aware of the impact such unknown threats will have on a mobile handset. GlobalPlatform supports the use of the TEE as a foundation that will facilitate the deployment of sensitive applications such as digital content protection as well as access to enterprise applications and mobile financial services on a device, while protecting against malicious attacks.
“In addition to launching the specification, we have formed the TEE Road Map Working Group as part of the Device Committee. As well as defining the internal TEE API, the group will generate a white paper explaining the role, definition and value of the TEE, and a road map to facilitate the production of the different versions of the APIs. The specification is a new step to promote the interoperability of the TEE, and with the creation of the working group we will continue to dedicate resources to support this technology in achieving its potential.”