Jump to content

Trusted execution environment

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Tech Dir (talk | contribs) at 14:01, 26 May 2014 (See also). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The TEE is a secure area that resides in the main processor of a smart phone (or any mobile device) and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as 'trusted applications', enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights. How does it align / fit with the secure application ecosystem today and in the future?

To understand more fully, it is useful to put the TEE in the context of the overall security infrastructure of a mobile device.

There are three mobile environments which make up the security framework within a mobile phone. Each has a different task: 

   Rich Operating System (Rich OS): An environment created for versatility and richness where device applications, such as Android, Symbian OS, and Windows Phone for example, are executed. It is open to third party download after the device is manufactured. Security is a concern here but is secondary to other issues.

   Trusted Execution Environment (TEE): Made up of software and hardware, the TEE offers a level of protection against software attacks, generated in the Rich OS environment. It assists in the control of access rights and houses sensitive applications, which need to be isolated from the Rich OS. For example, the TEE is the ideal environment for content providers offering a video for a limited period of time that need to keep their premium content (e.g. HD video) secure so that it cannot be shared for free.

   Secure Element (SE): The SE is comprised of software and tamper resistant hardware. It allows high levels of security and can even work in tandem with the TEE. The SE is mandatory for hosting proximity payment applications or official electronic signatures where the highest level of security is required. The TEE may also offer a trusted user interface to securely transmit a personal identification number (PIN), which is required in order to make high value transactions. It also filters access to applications stored directly on the SE.

See also

Video

April 2014 - Listen to Kevin Gillick, Executive Director of GlobalPlatform, deliver a presentation at RSA USA on Mobile Security  : here

December 11 - Watch industry experts provide an insight into the Trusted Execution Environment (TEE) here

White paper

TCG white paper on TPM MOBILE with Trusted Execution Environment for Comprehensive Mobile Device Security

Retrieved from "https://en.wikipedia.org/w/index.php?title=Trusted_execution_environment&oldid=610206716"