GlobalPlatform, the organization which standardizes the management of applications on secure chip technology, has published a white paper, which introduces the Trusted Execution Environment (TEE) and examines its role in addressing an increasing number of security concerns within the expanding mobile services market.

The Trusted Execution Environment is a secure area of the main processor in a smart phone (or any connected device) which ensures that sensitive data is stored, processed and protected in an isolated, trusted environment.

An introduction to the Trusted Execution Environment for mobile services security

Industry interest in the Trusted Execution Environment is gaining momentum, as it addresses the needs of most applications by offering a higher level of security than a Rich OS, without the constraints associated with the secure element (SE).

The white paper introduces the Trusted Execution Environment and its general security characteristics, before progressing through the key security concerns and perspectives of various actors and markets.

The paper illustrates particular use cases, offering an understanding of how a TEE lays to rest major concerns within those use cases. In particular, the TEE’s role in the following implementation examples is examined: mobile payments, enterprise (bring-your-own-device), content protection and government eID solutions.

“As mobile and consumer markets for connected devices mature and expand, an increasing number of security concerns demand attention,” explains Kevin Gillick, Executive Director of GlobalPlatform.

“Yet while it’s in the interest of all actors in the mobile services value chain to protect applications on many levels, a balance has to be struck to ensure that security doesn’t compromise the end-user experience or the relative ‘openness’ of the device environment which offers commercial opportunities to so many stakeholders. This need to balance security and openness is a key challenge faced by the mobile services industry today.

“The TEE offers a solution which addresses many security concerns without imposing an undue burden on applications,” concludes Gillick. “This white paper will help audiences understand why this is the case and outlines its relevance for many use cases.”