GlobalPlatform Secures Biometric Authentication & Enriches Trusted User Interaction
Extends Trusted User Interface APIs to support developers in authenticating users in-app
01 May 2018 – GlobalPlatform, the standard for secure digital services and devices, has extended the functionality of its Trusted User Interface (Trusted UI) APIs. Service providers and application developers now have a direct path to provide users with a richer and safer authentication experience and, importantly, to offer trusted biometric authentication that is secured in the hardware of the device’s Trusted Execution Environment (TEE).
“Sensitive digital services like banking, payments, document signing and access control require strong user authentication and user consent, and to do this users must interact with their device,” comments Gil Bernabeu, Technical Director of GlobalPlatform. “Our work in collaboration with FIDO Alliance and IFAA on the Trusted UI moves away from PINs and passwords processed in the vulnerable device OS, to a world where all sensitive user interactions are secured in the hardware of the TEE. These new APIs enable trusted applications to leverage the device’s biometric sensors, while staying fully isolated from the device OS, and trusted user interactions to be fully configured to the specific needs of each digital service.”
A Trusted UI is a specific mode in which the user interface of a device is controlled solely by the TEE – an isolated area in the main processor of a smartphone (or any connected device) that ensures sensitive data is stored, processed and protected in a trusted environment. The Trusted UI ensures that malware running in the device cannot tamper with displayed messages, capture secret information displayed to the user and intercept PINs or passwords entered by the user, as in a “PIN on Glass” scenario. It also, prevents malware from running transactions without explicit user consent.
The TUI Extension: TEE Biometrics API and the TEE Trusted User Interface Low-level API open up more functionality and options for the configuration of authentication screens and other trusted interactions, in addition to the secure integration of biometric authentication into apps.
“This is a big step forward for the TEE specifications,” adds Gil. “The market is demanding stronger authentication and biometric technology has come to the fore as it supports security and convenience. But insecure biometrics will not be tolerated by service providers and consumers. This is why the TEE is so important. It is the only technology that brings trust to the device user interface and, as such, is fundamental to the future of secure digital services and strong user authentication.”
The final step to integrate biometrics into the TEE specifications will be the publication of a new module for the TEE Protection Profile. This will enable products to be certified as meeting the requirements of the specifications by the GlobalPlatform TEE Certification Scheme.
To download the specification without charge, visit the GlobalPlatform Device Specifications webpages.
To learn more about the work of GlobalPlatform, sign up to and read the latest GlobalPlatform Newsletter.
For further media information, please contact Rebekah Chapman or Erin Lovett at iseepr: firstname.lastname@example.org / email@example.com or on +44 (0) 113 350 1922
To unsubscribe from future GlobalPlatform news, please reply ‘unsubscribe’ to this email.
Keep up to date with the latest news from GlobalPlatform:
Notes to editors:
GlobalPlatform is a non-profit industry association driven by over 100 member companies. Members share a common goal to develop GlobalPlatform’s specifications, which are today highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.
GlobalPlatform protects digital services by standardizing and certifying a security hardware/firmware combination, known as a secure component, which acts as an on-device trust anchor. This facilitates collaboration between service providers and device manufacturers, empowering them to ensure the right level of security within all devices to protect against threats.
GlobalPlatform specifications also standardize the secure management of digital services and devices once deployed in the field. Altogether, GlobalPlatform enables convenient and secure digital service delivery to end users, while supporting privacy, regardless of market sector or device type. Devices secured by GlobalPlatform include connected cars, set top boxes, smart cards, smartphones, tablets, wearables, and other Internet-of-Things (IoT) devices.
The technology’s widespread global adoption delivers cost and time-to-market efficiencies to all. Market sectors adopting GlobalPlatform technology include automotive, healthcare, government and enterprise ID, payments, premium content, smart cities, smart home, telecoms, transportation, and utilities.
GlobalPlatform’s legacy of successful technical specification development is thanks to two decades of energetic and effective industry collaboration. Members influence the organization’s output through participation in technical committees, working groups and strategic task forces. GlobalPlatform technology is developed in collaboration with numerous standards bodies and regional organizations across the world, to ensure continual relevance and timeliness. For more information visit www.globalplatform.org.