Trusted Execution Environment

A Trusted Execution Environment (TEE) is a secure area that resides in the application
processor of an electronic device. To help visualize, think of a TEE as somewhat like a
bank vault. A strong door protects the vault itself (hardware isolation) and within the
vault, safety deposit boxes with individual locks and keys (software and cryptographic
isolation) provide further protection.
Separated by hardware from the main operating system, a TEE ensures the secure
storage and processing of sensitive data and trusted applications. It protects the integrity
and confidentiality of key resources, such as the user interface and service provider
assets. A TEE manages and executes trusted applications built in by device makers as
well as trusted applications installed as people demand them. Trusted applications
running in a TEE have access to the full power of a device's main processor and
memory, while hardware isolation protects these from user installed apps running in a
main operating system. Software and cryptographic isolation inside the TEE protect the
trusted applications contained within from each other.
Device and chip makers use TEEs to build platforms that have trust built in from the
start, while service and content providers rely on integral trust to start launching
innovative services and new business opportunities.

To understand more fully, it is useful to put the TEE in the context of the overall security infrastructure of a mobile
device.
There are three mobile environments which make up the security framework within a mobile phone. Each has a
different task:
Rich Operating System (Rich OS): An environment created for versatility and richness where device
applications, such as Android, Symbian OS, and Windows Phone for example, are executed. It is open
to third party download after the device is manufactured. Security is a concern here but is secondary to
other issues.

Trusted Execution Environment (TEE): Made up of software and hardware, the TEE offers a level of
protection against software attacks, generated in the Rich OS environment. It assists in the control of
access rights and houses sensitive applications, which need to be isolated from the Rich OS. For
example, the TEE is the ideal environment for content providers offering a video for a limited period of
time that need to keep their premium content (e.g. HD video) secure so that it cannot be shared for free.

Secure Element (SE): The SE is comprised of software and tamper resistant hardware. It allows high
levels of security and can even work in tandem with the TEE. The SE is mandatory for hosting proximity
payment applications or official electronic signatures where the highest level of security is required. The
TEE may also offer a trusted user interface to securely transmit a personal identification number (PIN),
which is required in order to make high value transactions. It also filters access to applications stored
directly on the SE.


The TEE is an isolated environment that runs in parallel with the Rich OS, providing security services to the rich
environment. More secure than the Rich OS but not as secure as the SE, it offers a level of security sufficient for
a significant number of applications. The TEE therefore offers a secure 'middle ground' between the high
protection of the SE and the low protection of the Rich OS.
The TEE is now an essential part of the mobile ecosystem. It offers security and protection for all aspects of the
mobile device handset, Rich OS and SE and satisfies the needs of the major players.
Service providers, mobile network operators (MNO), operating system (OS) and application developers, device
manufacturers, platform providers and silicon vendors are all key stakeholders and, therefore, have a vested
interest in seeing security implemented to a carefully developed and documented standard.

Use cases for TEE :
1. Protection of device itself, making sure that the device will continue to operate and provide best
user experience.
2. Content protection - not only protecting the assets of the user but also protect the data that belongs
to somebody else which should not get stolen.
3. Enterprise use cases - access to corporate network, corporate data, VPN etc.
4. Mobile financial services - mobile banking, ticketing, e-banking etc.

Who created the TEE and when?
Handset manufacturers or chip manufacturer have developed versions of this technology in the past years and
included them in their devices as a part of their proprietary solution. Application developers therefore have to deal
with the complexity of creating and securely evaluating different versions of each application in order to conform
to the different sets of specifications and security levels drawn up by each, individual proprietary solution.
Since GlobalPlatform is handset and Rich OS agnostic, it is well placed to bring forward a methodology for the
TEE that can be embraced by all suppliers and reside comfortably alongside each of their rich OS environments.
Interoperability in both functionality and security will be enhanced by the standardization of the TEE. This will
simplify app development and deployment for all concerned.

Why has it been created / what business and commercial requirements does it meet?
There are two central reasons why the TEE exists;
More mobile services are emerging that require a greater level of security.
With an increased number of users, there is a greater need for protection from malware / viruses.
Applications with higher security requirements, and therefore heightened ramifications if compromised,
require more protection than can be offered by software solutions alone.
Content protection, corporate environments, connectivity and the rise of mobile financial services all require
increased levels of security. The TEE isolates secure applications and keeps them away from any malware which
might be downloaded inadvertently. This makes the TEE a key environment for devices moving forward.
In terms of business and commercial benefits, the TEE is central to the requirements of the key players. Mobile
manufacturers need to have a TEE environment present to satisfy the business requirements of different content
providers. MNOs want the TEE, since it will enable them to offer more and higher value services to customers,
facilitating increased revenues. Content providers want the TEE to ensure that their product remains secure and
can be deployed to numerous platforms in a common manner.
Additionally, payment service providers do not want to have to develop different versions of the same application
in order to satisfy the needs of different proprietary TEE environments. E.g. if the ecosystem is not standardized,
payment service providers will have to be certified and support different applications and processes. This is time
consuming, costly and counterintuitive to the goal of creating a mass market for application deployment.