Alliance Activities : Publications : Trusted Execution Environment 101: A Primer

Trusted Execution Environment 101: A Primer

Publication Date: April 2018

Widespread data breaches have made it very important to harden security measures when sensitive data are being processed and stored.  This is resulting in an evolution of tokenization and enhanced device security mechanisms in personal computing and connected devices technologies.  As in-device payment transactions, mobile identity and authentication, corporate applications and media streaming become more popular, transaction speed and faster time to market are of utmost importance.  The wide variety of other connected devices also require security to protect sensitive data.

These challenges encourage exploration of alternate forms of device security for fast, cost-efficient, and convenient solutions.  This white paper describes the Trusted Execution Environment (TEE) as a candidate for a mobile security solution that supports a wide range of use cases, such as payment apps, content protection, corporate applications, and loyalty.  While various TEE models are emerging, this white paper focuses on GlobalPlatform-based TEE models for mobile devices, which combine the power of hardware with a software-based solution.

When built using GlobalPlatform standards, the TEE offers scalability and an easily deployable solution for any device that supports the TEE architecture.  In the mobile space in particular, the TEE provides a simple and quick-to-market solution across all devices that support the technology to providers willing to develop, deploy, and manage trusted applications independently from the hardware manufacturers.  Using the TEE imposes no additional limitations on speed, memory, or computing power.  The TEE relies on the device’s main application processor and the device’s native memory space.

TEE is achieving a foothold in various electronic devices, including personal computing, mobile, and IoT-connected devices.  While secure elements (SEs) continue to make sense for certain use cases, TEEs can work independently as well as with SEs to enhance processing abilities.  Used alone, TEE is a prime contender for use cases where security is of high importance, such as Host Card Emulation (HCE)-based payments, mobile wallets, mobile POS, content protection, and connected devices.  And while TEE is maturing, the next generation of mobile security can leverage TEE-based solutions to protect devices from multiple threats and vulnerabilities.

Though there are challenges in creating a scalable TEE eco-system, many of these challenges can be overcome by participation in industry standardization efforts from industry players such as chip manufacturers, device manufacturers and TEE solution providers.

About this White Paper

This white paper was developed by the Secure Technology Alliance Mobile Council to provide an educational resource on the TEE and relevant use cases.  Secure Technology Alliance participants involved in the development of this white paper included:  Cubic Transportation Systems; Discover Financial Services; First Data; GlobalPlatform; HID Global; JPMorgan Chase; Mastercard; MIPS; Thales e-Security; Trustonic; and Visa.