The new Trusted Execution Environment specification will enable a trusted window to be created on a mobile phone’s screen so that consumers can enter their PIN securely on their own phone, rather than on a retailer’s POS terminal.
GlobalPlatform has introduced a new specification designed to enable a secure trusted environment to be integrated into a mobile phone’s main processor.
The new Trusted Execution Environment (TEE) Client Application Programming Interface (API) Specification defines the way in which communications should be handled between applications running in a rich operating environment — typically on top of a smartphone operating system — and applications residing in the TEE. It can be configured to work either in conjunction with an NFC secure element or independently of a secure element and is designed to enable a wide range of sensitive information to be stored, processed and protected on the phone’s main processor.
For payments applications, for instance, it will enable solutions to be developed that permit consumers to enter their PIN on their NFC phone rather than on a point-of-sale device. Here, a trusted user interface would be created that can be used by a mobile payment application to display payment information in a ‘trusted window’ on the mobile device’s screen. The consumer would then be able to input their PIN using their phone’s keypad without compromising security.
Following on from the development of the TEE Client API Specification, GlobalPlatform has now established a TEE Road Map Working Group which plans to produce a white paper explaining the role, definition and value of the TEE plus a road map to facilitate the production of different versions of the APIs. “The specification is a new step to promote the interoperability of the TEE, and with the creation of the working group we will continue to dedicate resources to support this technology in achieving its potential,” explains Christophe Colas, chair of GlobalPlatform’s Device Committee.