Leveraging a TEE for Enhanced Software-Based Revenue Security

By Petr Peterka, CTO, Verimatrix

Ensuring revenue security can be quite a complex undertaking for global pay-TV operators. However, leveraging a variety of hardware security methods – including the use of a Trusted Execution Environment (TEE) – can support the fundamental requirements of any security strategy: durability and renewability.

Durability is the ability to control access or visibility into intellectual property or sensitive information such as cryptographic keys or security algorithms. The TEE allows for this durability as well as the ability for powerful and sophisticated security techniques to be performed on a capable and flexible processor.

As with any cryptosystem, the security may become antiquated or even compromised at any time. The reality of these threats demands the capability of renewability, which is made possible by a securely downloadable software module. This allows the security clients to be rapidly updated in the field with constantly evolving security technology, and also allows the security vendor to rapidly respond to a potential breach. In most cases, the breach can be either mitigated or eliminated with an update to the software running in the TEE (i.e. the Trusted Application (TA)).

Such an approach offers operators many benefits. For example, each operator receives a customized TEE, which mitigates risk in the event of a breach or hack. If the same cryptosystem is shipped to all operators, one hack or breach can impact all devices. The TA can modify the keys, or algorithms or the key management protocol even slightly for each operator, enabling cryptographic separation or diversity for each operation.

However, TrustZone is not without challenges, including the logistics, the ecosystem and the cost. With such a vast ecosystem required to ensure robust revenue security, multiple parties are responsible for security – not just one vendor. No one company owns security from end-to-end. With so many different players, one simple error can impact the entire security infrastructure. In addition, there is no certification program to guarantee a level of robustness.

Even with these challenges in mind, it is worth exploring the role of the TEE as part of a robust revenue security strategy. In my session this week at GlobalPlatform's TEE Seminar, I will explore how software running in a TEE can facilitate a clear path to constantly upgrading the security of the device clients while maintaining the constant ability for rapid response in the event of a malicious breach. I hope to see you in Santa Clara!


Welcome coffee, lunch and the cocktail reception are included in the below fees.

GlobalPlatform Members

  • Members can send up to 3 employees to the event for free.
  • US$99 (700 CNY) for each additional member.


Registration fee is:

(2100 CNY)

A TEE instructor-led training session is available 13-14 September. The course, given in English language, is open to both GlobalPlatform members and non-members. It is designed to improve knowledge of the TEE specifications, efficient implementation, and effective use a TEE environment.  Learn more


Quick Links
Connect With Us

Become a member of GlobalPlatform. Influence the future direction of TEE Specifications, learn and discuss mobile security best practice solutions, enhance your global positioning within the TEE ecosystem. Join now.

Privacy / Use Policy | Copyright © 2018 GlobalPlatform. All Rights Reserved