Revolutionizing consumer authentication with the TEE

By Sebastien Taveau, Chief Technology Officer of Validity

At the 'GlobalPlatform Presents the Trusted Execution Environment (TEE): Next Generation Mobile Security for Today and Tomorrow' conference 2013, Sebastien Taveau explored how specifications from the FIDO Alliance can be combined with the TEE to revolutionize consumer biometrics. In this blog, he takes a look at how the TEE can be leveraged for authentication.

Firstly, what is FIDO Alliance?

FIDO stands for 'Fast IDentity Online' and is a not-for-profit organization working to address the lack of interoperability among strong authentication devices as well as the problems users face creating and remembering multiple usernames and passwords. The organization is looking to ensure security on mobile devices without compromising speed and convenience for consumers: something that can be achieved by aligning FIDO and GlobalPlatform Specifications.

So how does the work of FIDO Alliance and GlobalPlatform align?

For natural ID (fingerprint sensors, voice recognition and facial recognition), the authentication process is essentially divided into three stages:

  • 1. Extracting an 'image' (scanning the fingerprint or capturing a voice sample, for example).
  • 2. A reference 'template' stored on the device for comparison with the extracted 'image'.
  • 3. A match engine to process the comparison between the 'image' and the 'template'.

For government applications it was acceptable for all of this technology to be stored in one highly secured sensor as security is paramount and cost and size are a secondary factor. In contrast, for consumer devices cost and flexibility is key. This is where the TEE comes in.

The TEE is an ideal area within a mobile device to house the match engine and the associated processes required to authenticate the user. The increased security of this environment is able to protect the data and establish a buffer against the non-secure apps located in the rich operating system. This additional security will help to satisfy the needs of service providers in addition to keeping the costs low for handset developers.

FIDO Alliance and GlobalPlatform are beginning collaboration to standardize this aspect of the ecosystem. The FIDO 'client' defines how authentication is executed on the device, while the GlobalPlatform TEE offers the secure environment required to execute the authentication processes.

The combination of FIDO Specifications, GlobalPlatform's TEE and natural ID is applicable to any use case that needs to authenticate the user. For example, unlocking a phone or gaining access to a sensitive application such as mobile banking or a mobile wallet. These technologies are already enabling strong, cost effective and convenient authentication in consumer devices and will only get more effective as time goes on.



Welcome coffee, lunch and the cocktail reception are included in the below fees.

GlobalPlatform Members

  • Members can send up to 3 employees to the event for free.
  • US$99 (700 CNY) for each additional member.


Registration fee is:

(2100 CNY)

A TEE instructor-led training session is available 13-14 September. The course, given in English language, is open to both GlobalPlatform members and non-members. It is designed to improve knowledge of the TEE specifications, efficient implementation, and effective use a TEE environment.  Learn more


Quick Links
Connect With Us

Become a member of GlobalPlatform. Influence the future direction of TEE Specifications, learn and discuss mobile security best practice solutions, enhance your global positioning within the TEE ecosystem. Join now.

Privacy / Use Policy | Copyright © 2018 GlobalPlatform. All Rights Reserved