GlobalPlatform extends Trusted UI API functionality


GlobalPlatform, the standard for secure digital services and devices, has extended the functionality of its Trusted User Interface (Trusted UI) APIs. According to the organisation, service providers and application developers now have a direct path to provide users with a richer and safer authentication experience and, importantly, to offer trusted biometric authentication that is secured in the hardware of the device’s Trusted Execution Environment (TEE).

“Sensitive digital services such as banking, payments, document signing and access control require strong user authentication and user consent, and to do this users must interact with their device,” says Gil Bernabeu, technical director, GlobalPlatform. “Our work in collaboration with FIDO Alliance and IFAA on the Trusted UI moves away from PINs and passwords processed in the vulnerable device OS, to a world where all sensitive user interactions are secured in the hardware of the TEE. These new APIs enable trusted applications to leverage the device’s biometric sensors, while staying fully isolated from the device OS, and trusted user interactions to be fully configured to the specific needs of each digital service.”

GlobalPlatform says: “A Trusted UI is a specific mode in which the user interface of a device is controlled solely by the TEE – an isolated area in the main processor of a smartphone (or any connected device) that ensures sensitive data is stored, processed and protected in a trusted environment. The Trusted UI ensures that malware running in the device cannot tamper with displayed messages, capture secret information displayed to the user and intercept PINs or passwords entered by the user, as in a ‘PIN on Glass’ scenario. It also prevents malware from running transactions without explicit user consent.”

It adds: “The TUI Extension: TEE Biometrics APIand the TEETrusted User Interface Low-level APIopen up more functionality and options for the configuration of authentication screens and other trusted interactions, in addition to the secure integration of biometric authentication into apps.”

“This is a big step forward for the TEE specifications,” says Mr Bernabeu. “The market is demanding stronger authentication and biometric technology has come to the fore as it supports security and convenience. But insecure biometrics will not be tolerated by service providers and consumers. This is why the TEE is so important. It is the only technology that brings trust to the device user interface and, as such, is fundamental to the future of secure digital services and strong user authentication.”

The final step to integrate biometrics into the TEE specifications will be the publication of a new module for the TEE Protection Profile. This will enable products to be certified as meeting the requirements of the specifications by the GlobalPlatform TEE Certification Scheme.

Related articles

Subscribe to our free newsletter
Follow us on Twitter
Join us on LinkedIn

GlobalPlatform extends Trusted UI API functionality
GlobalPlatform extends Trusted UI API functionality

Latest Features & Interviews

Interview: Experian on biometrics and digital ID

In this interview, Planet Biometrics caught up with Mike Gross, Head of Global Fraud & ID Production Innovation at Experian, to hear his views on the evolution of identity in 2020 and beyond.

Interview: HID on CID

HID VP & Managing Director Jessica Westerouen van Meeteren told Security Document World about how the firm is addressing CID trends.

SDW 2018 Interview: secunet on EES

In this interview, Frank Steffens, Principal in the Homeland Security division of Germany’s secunet tells us about their approach to the biometric Entry/Exit System (EES) planned in Europe.

More articles >>
Share |