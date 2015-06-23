GlobalPlatform Secures Biometric Authentication & Enriches Trusted User Interaction

May 2018 by Marc Jacob

GlobalPlatform has extended the functionality of its Trusted User Interface (Trusted UI) APIs. Service providers and application developers now have a direct path to provide users with a richer and safer authentication experience and, importantly, to offer trusted biometric authentication that is secured in the hardware of the device’s Trusted Execution Environment (TEE).

A Trusted UI is a specific mode in which the user interface of a device is controlled solely by the TEE – an isolated area in the main processor of a smartphone (or any connected device) that ensures sensitive data is stored, processed and protected in a trusted environment. The Trusted UI ensures that malware running in the device cannot tamper with displayed messages, capture secret information displayed to the user and intercept PINs or passwords entered by the user, as in a “PIN on Glass” scenario. It also, prevents malware from running transactions without explicit user consent.

The TUI Extension: TEE Biometrics API and the TEE Trusted User Interface Low-level API open up more functionality and options for the configuration of authentication screens and other trusted interactions, in addition to the secure integration of biometric authentication into apps.

The final step to integrate biometrics into the TEE specifications will be the publication of a new module for the TEE Protection Profile. This will enable products to be certified as meeting the requirements of the specifications by the GlobalPlatform TEE Certification Scheme.