This document specifies a security mechanism, which can be used in the context of the TEE Management Framework for the realization of the Security Layer (see TEE Management Framework (GPD_SPE_120) section 7.2). This mechanism is based on asymmetric cryptography aiming to provide Perfect Forward Secrecy as defined in Canetti and Krawczyk [CK01]. Once the session keys have been derived, the secure channel follows the same pattern as Symmetric Cryptography Security Layer (GPD_SPE_121). It is intended that an implementation that offers both Security Layers will be able to reuse code.