GlobalPlatform | Trusted User Interface Made Simple
Why is there a growing demand for increased security on mobile devices?
Mobile devices are vulnerable to a variety of software attacks. As secure services such as near field communication (NFC) payment applications and mobile wallets become increasingly popular on smartphones, tablets etc. there is a need for greater and more interactive security that will allow an individual to authenticate themselves to those services / or to those applications.
The trusted execution environment (TEE) is a secure area that resides in the main processor of a mobile device and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE offers the safe execution of authorized security software, known as ‘trusted applications’ enabling it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights. The TEE is an ideal environment to host mobile wallet and payment applications as it offers more security than the rich operating system and more functionality than a secure element (SE). View our made simple guide on the TEE to find out more.
GlobalPlatform’s work to standardize the TEE supports the needs of smart device stakeholders, such as smartphone and tablet application developers, and device manufacturers, by bringing clarity and interoperability to the marketplace. This reduces product time to market.
What market need is the trusted user interface addressing?
Many sensitive use cases such as bill payment, money transfer, purchasing products / services or document signature validation, require some form of interaction with the end user, meaning that sensitive information needs to be ‘exposed’ in the rich operating system (rich OS) to the user for validation.
For example, if an end user makes a payment using a mobile wallet or payment application, the service provider needs to be reassured that the correct end user has accepted the transaction (i.e. it is not a hacker, virus or Trojan). It is also important for the end user to be assured that ‘what you see, is exactly what you sign’ i.e. the transaction has not been modified by a hacker, virus or Trojan and is being performed in a secure environment.
How does the trusted user interface work?
A ‘trusted user interface’ (trusted UI) is defined as a specific mode in which a mobile device is controlled by the TEE, enabling it to check that the information displayed on the screen comes from an approved trusted application (TA) and is isolated from the rich OS. The trusted UI enables the information to be securely configured by the end user and securely controlled by the TEE by verifying the user interface of a mobile device. When a user makes a transaction, a summary of the transaction is displayed in a new window by the TEE, ensuring that any non-secure applications stored in the rich OS environment cannot tamper with the payment details. The end user is able to sign exactly what is shown on the screen and authenticate themselves by entering a PIN or password. As this authentication is carried out in the TEE, the activity is isolated within the handset and protected from unauthorized viewing.
Once an end user has entered a PIN on the trusted UI to authenticate themselves to the service or application, the trusted UI ensures that there is a protected mode in which only a specific TA is able to exchange information with the keyboard and screen. I.e. a $1 transaction entered into a keyboard = a $1 transaction in the secure area of the mobile device.
What is GlobalPlatform’s role?
In August 2013 GlobalPlatform released its Trusted User Interface API v1.0. This specification is targeted at a TEE running within a smartphone or tablet which has at least one touchscreen, screen or keyboard and is wired and integral to the device. The document offers support to software developers implementing trusted applications running inside the TEE which need to display sensitive information to the user or retrieve sensitive data from the user. It is also intended for implementers of the trusted UI in the TEE itself.
What are GlobalPlatform’s next steps?
When an end user launches a website on an internet browser, the universally recognized padlock symbol indicates to the user that the website is secure and trusted. GlobalPlatform is taking steps to promote and mandate the use of a security indicator on a trusted user interface. This will reassure an end user that a user interface is a ‘trusted UI’ i.e. the screen is controlled by the TEE and isolated from the rich OS. The association is mandating the global use of a personalized security indicator on every trusted UI. A security indicator can comprise of one or both of the following:
- A hardware controlled security indicator such as an LED light or other physical element. A piece of personal information only known by the end user (such as a specific vibration, image or personal question). It is important that this information is not accessible by the rich OS.
The inclusion of a security indicator on all trusted UI’s should offer additional reassurance to end users and service providers when authenticating a transaction. It is GlobalPlatform’s aim that by communicating with and educating end users on the use of a security indicator and security features of a TEE, this will support increased adoption of TEE technology and proliferation of trusted applications on a global scale.
If you would like any further information on the trusted UI or would like to get involved, please contact firstname.lastname@example.org.