GlobalPlatform and the TEE

The trusted execution environment (TEE) is a secure area of the main processor of a connected device and ensures that sensitive data is stored, processed and protected in an isolated trusted environment. The TEE’s ability to offer safe execution of authorized security software, known as ‘trusted applications’, enables it to provide end-to-end security by protected execution of authenticated code, confidentiality, authenticity, privacy, system integrity and data access rights.

The TEE offers a level of protection against software attacks, generated in the rich operating system (rich OS) environment. It assists in the control of access rights and houses sensitive applications, which need to be isolated from the rich OS.

Due to the ‘security barrier’ created by the TEE, it can help the near field communication industry achieve three objectives:

  1. Protect the ‘trusted applications’ it is hosting against some software attacks that are generated in the rich OS environment.
  2. Isolate each ‘trusted application’ from one another, protecting against illicit access to resource, memory or data, so that a corrupted ‘trusted application’ cannot compromise the security of other applications.
  3. Protect access to ‘trusted applications’ and sensitive data. This could include, for example, premium movies downloaded to an individual’s mobile device that should not be circulated or duplicated.

GlobalPlatform and its members recognize the need for standards to be developed in parallel with the evolution of a new ecosystem. This collaborative development of the TEE will provide greater certainty and lower the cost of progress for the industry by removing barriers caused by interoperability issues.

GlobalPlatform has already worked to standardize the management of applications on SEs and also has extensive experience in the TEE through the development and delivery of a number of specifications:

  1. TEE Client API Specification v1.0 – enables communication between applications running in a rich OS and trusted applications residing in the TEE.
  2. TEE Internal Core API Specification v1.1 – enables trusted applications within a TEE to perform the general operations of a security application, such as cryptography, secure storage, communication and general tasks, such as timekeeping and memory management.
  3. TEE Secure Element API Specification v1.0 – allows trusted applications to directly communicate with a SE, rather than through a client application.
  4. Trusted User Interface API Specification v1.0 – allows a trusted application to securely display text and graphics, and ask the user to perform an action ranging from navigation to entry of an associated PIN – or Password-backed ID.
  5. TEE Systems Architecture v1.0 – explains the hardware and software architectures behind the TEE.
  6. TEE Internal API Specification v1.0 – specifies how to develop trusted applications.
  7. TEE Protection Profile v1.2 – facilitates the Common Criteria evaluation of TEEs.
  8. TEE TA Debug Specification v1.0 – enables the debugging of GlobalPlatform compliant TEEs.


All TEE specifications can be downloaded free of charge from the GlobalPlatform Device Specifications webpages.

GlobalPlatform has also launched a TEE Certification Scheme that evaluates the security level of a given TEE implementation. To drive this initiative, GlobalPlatform has also launched a TEE Security Evaluation Secretariat to manage the scheme. Under the scheme, providers of TEE products will be able to submit their products to the new GlobalPlatform secretariat for independent evaluation of their conformance to the organization’s TEE Protection Profile.

For a more detailed look at the TEE, be sure to read our ‘Made Simple’ guide.




Sept. 20th, 22nd, and 29th - Pre hackathon webinars

October 7 - Opening Ceremonies: welcome, introduction to technologies, hackathon platform demo, idea pitches and team formation.

October 8-9 - Hackathon

October 13 - Annual TEE Conference

  • The top three will have the opportunity to present their applications to a 200 member delegation of the connected device industry's key stakeholders like Visa, Ericcson and ARM, as well as TEE experts, solution developers, software vendors, device manufacturers and mobile network operators from around the world!
  • All hackathon participants who would like to attend the conference will receive a code to register at no cost.


Grand Prize Sponsor

Platform Sponsor

Privacy / Use Policy | Copyright © 2016 GlobalPlatform. All Rights Reserved