Ensuring TEE security: common automated security testing

Christian DAMOUR, Head of Marketing – Security at FIME and Chair of the TEE Attack Expert Working Group

TStandardized security certification of trusted execution environment (TEE) products is a big step forward. Accredited labs can already perform thorough security evaluations and the process is set to be even quicker, as part of the security review is set to be automated.

Which Security tests are being automated?

Why Automate?

Read More

New extensions to GlobalPlatform’s TEE advance video security

By Petr Peterka, CTO, Verimatrix

The TEE (trusted execution environment) was first conceived as a way of protecting valuable data assets in all categories during transmission, but since then video has become ever more predominant across both fixed and mobile IP networks. The internet as a whole has become a major transport medium even for premium video content, raising new security threats, especially illicit content redistribution.

As a result the TEE has gained a lot of traction within the broadcasting and pay-TV community, providing insulation for key security assets as well as unencrypted content itself. The TEE’s development in turn is being shaped ever more by the changing nature of the threat landscape in pay TV. One factor changing that landscape has been the emergence of ultra HD (UHD) services, raising the stakes further by making content more valuable, and with ever increasing bandwidth, also easier to pirate.

Read More

Enhancing FIDO Solutions with TEE technology

Alexander Summerer, Technology Consultant, Mobile Security, G&D

FIDO is a new authentication scheme which offers the potential to revolutionize the user authentication in various networks towards online services. Today’s online authentication is a mess because most of the websites require a username and password from the user to grant access. Given the fact that a single user has today typically dozens of user accounts and uses these on a daily basis the user experience is heavily suffering. On the other hand online services are getting frequently hacked and passwords are getting compromised which is a major security concern.

However, the new FIDO scheme allows implementing online authentication securely and in a convenient way by introducing new user verification schemes like biometric verification e.g. the fingerprint of the end-user. Additionally, FIDO provides strong authentication by introducing two-factor authentication with tokens, cards or with the TEE. Since FIDO is standardized by the FIDO Alliance it can be easily integrated into online services and FIDO components from different vendors.

Read More

Attestation and TEE: Cybersecurity controls with privacy for cloud access

By Andy Ramsden, Product Marketing Director – Trustonic

The world of mobile payments is not unlike the political situation we are currently seeing in several high profile parts of the world. Three or more forces grappling over the same territory, sometimes working together and at other times pulling in totally different directions.

Consumers typically have strong relationships with their bank, their carrier and possibly also their smartphone vendor, all of whom are vying to sell their own brand of mobile wallet. However, consumers usually wish to pay with their preferred card from their preferred bank and don’t necessarily want multiple wallets cluttering their phone’s home screen.

Read More

Attestation and TEE: Cybersecurity controls with privacy for cloud access

By Steven Sprague, CEO – Rivetz Corp.

Mobile and Internet of Things are more than marketing terms, they represent a new model of network architecture: an architecture which is based on the identity of the device and its capabilities to create and consume secure information. Identity of the device is a start but will not be enough to assure the quality of the information.

Trusted Execution in modern processors provides for the isolated execution of code that can be measured and assured to provide a level of confidence in the data produced or consumed.

Read More

Ensuring TEE integrity: trusted application validation

By Christian DAMOUR, Head of Marketing – Security at FIME and Chair of the TEE Attack Expert Working Group

Standardized security certification of trusted execution environment (TEE) products is a big step forward, but is only half of the security story. We also need confirmation that trusted applications (TAs) running on top of a certified TEE can indeed be trusted. Here, a formal scheme is still lacking when the TEE is certified according to GlobalPlatform’s scheme for TEE security.

We are dealing with two types of TAs: security enforcing and non-security enforcing. Each requires the industry to take a different approach. This topic will be discussed in greater detail during my presentation at the TEE conference.

Read More

The wait is over. It’s TEE time.

By Jon Geater, CTO at Trustonic

We're now counting down to the 3rd annual TEE seminar and things are looking very promising for those of us wanting Trust-Enhanced Applications on our mobile devices.

The first seminar was all about the design of the technology: what is it? How do we build it? What standards should we use?

Read More

Utilizing multi-TEE trusted application management for securing the IoT

By Chris Edwards, CTO of Intercede

It’s clear that mobile and IoT devices need to be protected from scalable software attacks.  Vendors and OEMs have responded to these growing threats by building in hardware security features that can provide the basis for integrity and confidentiality in systems.  However it has been challenging for service providers to access and make use of this hardware-based security to deliver and protect valuable services due to device fragmentation.

With smart phones becoming ubiquitous, they are the natural choice of client platform from which to perform identity, credential and trust relationship management for IoT entities. The risks posed by phone theft, loss or damage must be taken into consideration though, so it is vital that the full lifecycle of the devices themselves and the smartphones and credentials used to manage and protect them are fully considered.

Read More

Leveraging a TEE for Enhanced Software-Based Revenue Security

By Petr Peterka, CTO, Verimatrix

Ensuring revenue security can be quite a complex undertaking for global pay-TV operators. However, leveraging a variety of hardware security methods – including the use of a Trusted Execution Environment (TEE) – can support the fundamental requirements of any security strategy: durability and renewability.

Durability is the ability to control access or visibility into intellectual property or sensitive information such as cryptographic keys or security algorithms. The TEE allows for this durability as well as the ability for powerful and sophisticated security techniques to be performed on a capable and flexible processor.

Read More

GlobalPlatform TEE Blog: Getting Serious About Mobile Security

By Stephanie El Rhomri, NFC & Payment Vendors Business Line Manager at FIME and Chair of the GlobalPlatform Device Compliance Program Work Group

Although mobile handsets today host multiple applications, many of these are non-sensitive; the personal or financial impact of any corruption to an individual would be minimal. As the mobile services marketplace starts to witness the deployment of an increasing amount of 'secure' applications - such as identity, mobile wallets or corporate applications that operate and are executed within the device - the consequences of a malicious party hacking an individual's smartphone to source personal or corporate data could be serious.

Simple OS updates of one component do not provide sufficient security to protect these applications. Instead, a clearly defined and universally agreed 'root of trust' is needed. A 'root of trust' is created when a set of functions are trusted by all parties engaged in the delivery of the mobile service to maintain the integrity of the service and privacy of the consumer's data. The TEE is fundamental within the root of trust, as we will see in many of the presentations delivered at GlobalPlatform's TEE conference.

Read More

Smart Cards, TEEs and Derived Credentials

By Francisco Corella, Pomcor

Smart cards and mobile devices can both be used to carry cryptographic credentials. Smart cards are time-tested vehicles, which provide the benefits of low cost and widely deployed infrastructures. Mobile devices, on the other hand, are emerging vehicles that promise new benefits such as built-in network connections, a built-in user interface, and the rich functionality provided by mobile apps.

Read More

Building modern E-commerce with Bitcoin and TEE

By Steven Sprague, CEO, Rivetz.

The world continues to have major challenges to provide a simple and safe environment for consumers to shop. Over the last 20 years, since the early days of online commerce, we have only seen evolutionary changes from the mail order catalogue orders. Confirmed shipping address and voyeurism of all our shopping habits are not keeping up with the level of fraud and types of products that are now part of our everyday online shopping environment. Many people view e-commerce as simply better authentication, but more is required.

Anyone who has been to lunch in Paris is familiar with the payment terminal being presented at the table for the user to pay with their smart card. That terminal is more than just a smart card reader with a printer. It is part of the EMV security and assurance system with secure display and secure pin entry that cannot be compromised. The terminal equipment has provided a secure point of sale experience for millions of lunches but the terminal is not present for e-commerce. Even with a fancy EMV card the user has to type in their credit card into the web page with all the associated risks and costs.

Read More

Why You Should Attend GlobalPlatform's Dedicated TEE Conference

By Kevin Gillick, Executive Director, GlobalPlatform

Before we delve into why you should attend 'GlobalPlatform Presents the TEE: Next Generation Mobile Security for Today and Tomorrow' it is important to firstly understand why GlobalPlatform is hosting this event.

With a growing number of applications requiring additional security to be downloaded onto mobile devices and as the mobile services landscape continues to grow, there is demand from the industry for the ecosystem to evolve in a standardized manner to ensure scalability, speed up production time to market and reduce development costs. GlobalPlatform is taking steps to standardize the technology through the publication of industry specifications and the creation of a security certification program that qualifies the security level of a given TEE implementation. This promotes confidence and interoperability while offering assurances to application and software developers, chipset and device manufacturers that a TEE product will perform in line with GlobalPlatform standards.

Read More

Mcommerce and the TEE: A perfect match?

By Neil Garner, Chief Executive and Founder, Proxama

Mobile commerce (mcommerce) is growing, and not just in the traditional sense of using a mobile device to go online and make a purchase. Today, mcommerce incorporates a vast range of financial services including mobile wallets, peer-to-peer payments, contactless payments and using a mobile device as a point of sale (POS) terminal.

As mcommerce evolves and new stakeholders engage in the market, there is a need for stronger, more standardized security on the mobile device. We must remember that mobile phones were never designed for the range of services they offer today. The technology that enables these services such as near field communication (NFC), secure elements (SE) and the trusted execution environment (TEE), needs to be deployed to ensure the device is secure and that a consumer can carry out any financial transaction in a safe and trusted environment.

Read More

Revolutionizing consumer authentication with the TEE

By Sebastien Taveau, Chief Technology Officer of Validity

At the 'GlobalPlatform Presents the Trusted Execution Environment (TEE): Next Generation Mobile Security for Today and Tomorrow' conference 2013, Sebastien Taveau explored how specifications from the FIDO Alliance can be combined with the TEE to revolutionize consumer biometrics. In this blog, he takes a look at how the TEE can be leveraged for authentication.

Firstly, what is FIDO Alliance?

FIDO stands for 'Fast IDentity Online' and is a not-for-profit organization working to address the lack of interoperability among strong authentication devices as well as the problems users face creating and remembering multiple usernames and passwords. The organization is looking to ensure security on mobile devices without compromising speed and convenience for consumers: something that can be achieved by aligning FIDO and GlobalPlatform Specifications.

Read More

KEVIN GILLICK – Governments Under Attack


It’s no secret that government agencies are a prime target for hackers and malicious attacks that cause wide-scale disruption. And the threat is increasing. Today, we are seeing a dramatic increase in the number of organized hacks happening at a state level as cyber criminals try to crack into countries’ online assets. One initiative which is growing in popularity and compounding the security threat landscape for governments is bring your own device (BYOD).

The growth of BYOD is in response to a worldwide government effort to increase responsiveness and efficiency. Allowing employees to use their own devices can increase productivity through enabling government networks to be accessed on the move. The security level offered by these devices, however, is becoming a real and critical concern for government agencies globally as they strive to ensure data is appropriately protected.

Read More


Welcome coffee, lunch and the cocktail reception are included in the below fees.

GlobalPlatform Members

  • Members can send up to 3 employees to the event for free.
  • US$99 (700 CNY) for each additional member.


Registration fee is:

(2100 CNY)

A TEE instructor-led training session is available 13-14 September. The course, given in English language, is open to both GlobalPlatform members and non-members. It is designed to improve knowledge of the TEE specifications, efficient implementation, and effective use a TEE environment.  Learn more


Quick Links
Connect With Us

Become a member of GlobalPlatform. Influence the future direction of TEE Specifications, learn and discuss mobile security best practice solutions, enhance your global positioning within the TEE ecosystem. Join now.

Privacy / Use Policy | Copyright © 2018 GlobalPlatform. All Rights Reserved