GlobalPlatform | Trusted User Interface Made Simple
Why is there a growing demand for increased security on mobile devices?
Mobile devices are vulnerable to a variety of software attacks. As secure services such
as near field communication (NFC) payment applications and mobile wallets become
increasingly popular on smartphones, tablets etc. there is a need for greater and more
interactive security that will allow an individual to authenticate themselves to those
services / or to those applications.
The Trusted Execution Environment (TEE) is a secure area that resides in the main
processor of a mobile device and ensures that sensitive data is stored, processed and
protected in a trusted environment. The TEE offers the safe execution of authorized
security software, known as ‘trusted applications’ enabling it to provide end-to-end
security by enforcing protection, confidentiality, integrity and data access rights. The
TEE is an ideal environment to host mobile wallet and payment applications as it offers
more security than the rich operating system and more functionality than a Secure
Element (SE). View our made simple guide on the
TEE to find out more.
GlobalPlatform’s work to standardize the TEE supports the needs of smart device
stakeholders, such as smartphone and tablet application developers, and device
manufacturers, by bringing clarity and interoperability to the marketplace. This reduces
product time to market.
What market need is the trusted user interface addressing?
Many sensitive use cases such as bill payment, money transfer, purchasing products /
services or document signature validation, require some form of interaction with the end
user, meaning that sensitive information needs to be ‘exposed’ in the rich operating
system (rich OS) to the user for validation.
For example, if an end user makes a payment using a mobile wallet or payment
application, the service provider needs to be reassured that the correct end user has
accepted the transaction (i.e. it is not a hacker, virus or Trojan). It is also important for
the end user to be assured that ‘what you see, is exactly what you sign’ i.e. the
transaction has not been modified by a hacker, virus or Trojan and is being performed in
a secure environment.
How does the trusted user interface work?
A ‘trusted user interface’ (trusted UI) is defined as a specific mode in which a mobile
device is controlled by the TEE, enabling it to check that the information displayed on the
screen comes from an approved trusted application (TA) and is isolated from the rich
OS. The trusted UI enables the information to be securely configured by the end user
and securely controlled by the TEE by verifying the user interface of a mobile device.
When a user makes a transaction, a summary of the transaction is displayed in a new
window by the TEE, ensuring that any non-secure applications stored in the rich OS
environment cannot tamper with the payment details. The end user is able to sign
exactly what is shown on the screen and authenticate themselves by entering a PIN or
password. As this authentication is carried out in the TEE, the activity is isolated within
the handset and protected from unauthorized viewing.
Once an end user has entered a PIN on the trusted UI to authenticate themselves to
the service or application, the trusted UI ensures that there is a protected mode in which
only a specific TA is able to exchange information with the keyboard and screen. I.e. a $1
transaction entered into a keyboard = a $1 transaction in the secure area of the mobile
What is GlobalPlatform’s role?
In August 2013 GlobalPlatform released its Trusted User Interface
API v1.0. This specification is targeted at a TEE running within a smartphone or
tablet which has at least one touchscreen, screen or keyboard and is wired and integral
to the device. The document offers support to software developers implementing trusted
applications running inside the TEE which need to display sensitive information to the
user or retrieve sensitive data from the user. It is also intended for implementers of the
trusted UI in the TEE itself.
What are GlobalPlatform’s next steps?
When an end user launches a website on an internet browser, the universally
recognized padlock symbol indicates to the user that the website is secure and trusted.
GlobalPlatform is taking steps to promote and mandate the use of a security indicator on
a trusted user interface. This will reassure an end user that a user interface is a
‘trusted UI’ i.e. the screen is controlled by the TEE and isolated from the rich
OS. The association is mandating the global use of a personalized security indicator on
every trusted UI. A security indicator can comprise of one or both of the following:
- A hardware controlled security indicator such as an LED light or other physical
element. A piece of personal information only known by the end user (such as a specific
vibration, image or personal question). It is important that this information is not
accessible by the rich OS.
The inclusion of a security indicator on all trusted UI’s should offer additional
reassurance to end users and service providers when authenticating a transaction. It is
GlobalPlatform’s aim that by communicating with and educating end users on the use of
a security indicator and security features of a TEE, this will support increased adoption of
TEE technology and proliferation of trusted applications on a global scale.
If you would like any further information on the trusted UI or would like to get
involved, please contact firstname.lastname@example.org.