Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Supporting the use of the Trusted Execution Environment (TEE)
Kevin Gillick Executive Director, GlobalPlatform SCA 2012 Payments Summit 9 February 2012 Salt Lake City, Utah, USA
GlobalPlatform Positioning
Across several market sectors and in converging sectors
GlobalPlatform is the standard for managing applications on secure chip technology
Trusted Execution
Environment
Secure Element
AND
What is a TEE?
• TEE provides hardware-based isolation from rich operating systems (OS) such as Android, Windows Phone and Symbian
• TEE runs on the main device chipset
• TEE has privileged access to device resources (user interface, crypto accelerators, secure elements…).
3
Hardware Platform
Rich OS Application Environment
Rich OS
Trusted Execution Environment
Trusted CoreEnvironment
GlobalPlatformTEEInternalAPI
TrustedFunctions
Payment Corporate
Client Applications
TrustedApplication
DRM
TrustedApplication
Payment
TrustedApplicationCorporate
HW Secure Resources
GlobalPlatformTEE Internal
TEE Kernel
APIGlobalPlatform TEE Client API
Open to malware and rooting / jail breaking
Isolation of sensitive assets
Why do we need a TEE?
4
• More mobile services are emerging that require a greater level of security • With more users, there is a greater need for protection from malware / viruses
TEE Use Cases
5
Content Protection
• IP streaming
• DRM…
• Key protection
• Content protection
Mobile Financial Services
• mBanking
• Online payment…
• User authentication
• Transaction validation
Corporate
• Secure networking
• Secure email
• User authentication
• Data encryption
TEE Standardization Principles
• Create a standardized ecosystem for the service provider, enabling them to develop and deploy across markets and across platforms
• Offer standard interfaces that can be used across devices and when devices are changed
• Technology agnostic
• Resistant to local and remote attacks
6