Secure Technology Alliance Provides Education on Trusted Execution Environment and EMVCo Payment Account Reference

Secure Technology Alliance Provides Education on Trusted Execution Environment and EMVCo Payment Account Reference

Princeton Junction, N.J., April 25, 2018 – In alignment with its expanded mission, the Secure Technology Alliance has released two new resources today that provide high-level overviews on the Trusted Execution Environment (TEE) and EMVCo Payment Account Reference (PAR). Last March, the Alliance expanded its mission to security technologies used in applications where security is top of mind. Today, the organization is pushing full-speed ahead to provide educational resources on new and emerging approaches addressing security in the payments, identity and access markets.

A High-Level Overview of the Trusted Execution Environment

The expansion of the internet, mobile computing and the proliferation of connected devices have led to increased opportunities for data and identity theft. As a result, the need for stronger security measures, like the TEE, that protect how sensitive data are processed and stored is greater than ever. Today, the Secure Technology Alliance has announced a new white paper that provides developers and the mobile community with a primer on how TEE works and what use cases are emerging with TEE architectures.

The white paper, “Trusted Execution Environment (TEE) 101: A Primer,” can be downloaded at https://www.securetechalliance.org/publications-trusted-execution-environment-101-a-primer/.

“TEE is becoming more common in various electronic devices, including personal computing, mobile and IoT-connected devices,” said Randy Vanderhoof, executive director of the Secure Technology Alliance. “While security is a top concern, so is usability, especially as in-device payment transactions, mobile identity and authentication, and media streaming become more popular. This white paper provides a foundation for developers looking to better understand and utilize the TEE.”

This primer focuses on GlobalPlatform-based TEE models for mobile devices, which combine the power of hardware with a software-based solution, and:

  • Describes the TEE architecture and approach for implementing security
  • Discusses the respective roles of the rich OS, secure element and TEE
  • Provides use cases and implementation considerations and challenges for mobile payments, mobile identity, the Internet of Things and content protection

This white paper was developed by the Secure Technology Alliance Mobile Council. Participants included: Discover Financial Services; First Data; GlobalPlatform; JPMorgan Chase; Mastercard; MIPS; Thales e-Security; and Trustonic.

A Primer on the EMVCo Payment Account Reference

The Alliance has also released a second resource today to provide a high-level overview of EMVCo’s PAR and its use cases for merchants, acquirers, issuers, service providers and other stakeholders.

“While payment tokenization has improved the security of the payments ecosystem, it creates challenges for products and services that rely on the PAN to identify a customer’s account, such as loyalty and rewards accounts. The PAR was created by EMVCo to address these challenges,” Vanderhoof said. “This white paper released today will help payments executives to better understand PAR and how it can be leveraged to enhance the security of processing payments across card-present and card-not-present channels.”

It is expected that many next generation payment devices will leverage payment tokenization. The PAR was designed to play an important role in providing the ability to link multiple payment tokens with a PAN. The Secure Technology Alliance recommends all payments industry stakeholders become familiar with the PAR and assess how it can solve current challenges and support future requirements.

The white paper, “EMVCo Payment Account Reference (PAR): A Primer,” can be downloaded at https://www.securetechalliance.org/publications-emvco-payment-account-reference-a-primer/.

This white paper:

  • Provides a high-level overview of the PAR and its use cases for merchants, acquirers, issuers, service providers and other stakeholders
  • Explains what the PAR is and why it is important
  • Describes how PAR data can be accessed and how it can be leveraged in certain non-payment use cases
  • Identifies the impact that PAR may have on key stakeholders

The white paper was developed by the Secure Technology Alliance Payments Council. Participants included: American Express; Capital One; CPI Card Group; First Data; JPMorgan Chase; Mastercard; Metropolitan Transportation Authority (MTA); Rambus; TSYS; and Visa.

About the Secure Technology Alliance

The Secure Technology Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption and widespread application of secure solutions, including smart cards, embedded chip technology, and related hardware and software across a variety of markets including authentication, commerce and Internet of Things (IoT).

The Secure Technology Alliance, formerly known as the Smart Card Alliance, invests heavily in education on the appropriate uses of secure technologies to enable privacy and data protection. The Secure Technology Alliance delivers on its mission through training, research, publications, industry outreach and open forums for end users and industry stakeholders in payments, mobile, healthcare, identity and access, transportation, and the IoT in the U.S. and Latin America.

For more information, please visit www.securetechalliance.org.

Contact

Adrian Loth
Montner Tech PR
203-226-9290
[email protected]