The TEE Internal Core API ([TEE Core API]) offers the possibility to execute all sensitive operations within a Trusted Application (TA) running in the Trusted Execution Environment (TEE). However, certain applications need to verify the presence of a known user and sometimes to request a conscious gesture to confirm validation or acceptance of information or a transaction. To be trustworthy, these verification operations need to be handled inside the TEE and not to rely on facilities in the Rich Execution Environment (REE); hence the requirement to implement the Biometric Sensor as part of a Trusted User Interface, with its driver amongst the Trusted OS Components. The Biometrics API will be implemented as part of the TEE, and all data will be processed and stored protected by the TEE.
This document defines and specifies:
- The discovery and identification of all biometric capabilities.
- The use of biometric functionality supported by hardware, entirely protected inside the TEE.
This specification is to be used by Trusted Application developers relying on biometric recognition for authentication of the user and confirmation of user acceptance.