By Michael Lu, VP Sales, China, Trustonic
After a busy day hearing from the industry’s trusted execution environment (TEE) experts at GlobalPlatform’s TEE Seminar in Beijing, I’m back to business as usual. Amid the varied use cases, new deployments and vast potential for the TEE to provide security for digital services and devices, there were several stand-out themes and important takeaways for organisations involved in delivering digital services.
- It’s official – TEE is no longer an emerging technology. The advancements and adoption of connected devices have brought new security challenges to the table for device manufacturers, and also for service providers who need to protect their applications. This has given the TEE its chance to shine, demonstrating its ability to enable digital security and user privacy across a range of devices, including smartphones, wearables, set top boxes, tablets, connected cars and other IoT devices.
A key development in this area was Imagination Technologies’ announcement that it is now enabling the TEE on its MIPS CPU family. The TEE has been utilised on application processors for many years, but its continued acceptance and adoption by different processors demonstrates its value for device and application security.
- Nowhere is TEE’s maturity more visible than in China. Seven out of ten products that comply with GlobalPlatform’s TEE configurations are produced by companies based in China and there’s a good reason for that. TEE is not only a recognised technology in China, it’s a ubiquitous one. Nearly all mobile payments in the region, particularly those that utilise biometric authentication, are secured using the TEE – including big names like Alipay and WeChat Pay. As China is the manufacturing hub for so many devices that benefit from embedded government-level security, such as smartphones and wearables, it is no wonder the TEE has already been adopted so widely.
- Adoption rates vary between vertical markets. While using TEEs to secure mobile payments is not yet as ubiquitous internationally as it is in China, adoption levels are still high – products like Samsung Pay, which uses TEE, are used around the world every day. And adoption is growing rapidly.
At the Seminar, it was clear that the two key sectors where TEE is poised for significant adoption are connected automotive and premium content protection.
Premium content protection – Although the TEE has long been deployed in set top boxes, it is clear to many in the industry that its wider use in digital rights management is inevitable. This was reinforced by ChinaDRM, which highlighted that this is now an industry standard in China. We see the combination of over-the-air (OTA) management and the GlobalPlatform TEE Management Framework (TMF) allow provisioning that would enable ChinaDRM to be widely adopted. As such, ChinaDRM is predicted to be the next killer application for TEE on mobile devices in China.
Connected car security – Internationally, though, the next wave of adoption will come from the automotive sector. As vehicles’ capabilities increase, systems are becoming more connected, and are increasingly controlled by mobile devices, which means security is of utmost importance. A common use case is the use of a smartphone as a key. This would require the customer to pair their smartphone with the car and set up the security options, which will most likely be biometric. For example, the customer would need the ability to create temporary keys for when the car was in the garage or with a valet. All these functions need isolated processing to ensure the gold standard of security that will be demanded by end-users. Inside the car itself, we’ll see telematic and entertainment systems with TEE being increasingly deployed by manufacturers in the automotive space, driven by technology vendors adopting TEE technology in their offerings.
- Certification is crucial. Thorough, independent security evaluation is the only way to implement a globally interoperable ecosystem of connected devices, as it ensures a consistent and appropriate level of security. Certification allows device manufacturers to demonstrate that their product is of the highest security standard. It also means that service providers can trust the devices their applications are hosted on and the entire industry can rely on certification as an effective way to manage risk in the market. There are now three labs accredited to certify TEE products (and raring to go!) with four more pre-accredited. Four of these labs were in attendance, highlighting the importance of this event to the TEE ecosystem.
It was an extremely busy and productive day for us, one full of valuable insights. Where do you think the TEE will grow the most in the next five years? Let us know @trustonic.