Trusted Execution Environment
A Trusted Execution Environment (TEE) is a secure area that resides in the application processor of an electronic device. To help visualize, think of a TEE as somewhat like a bank vault. A strong door protects the vault itself (hardware isolation) and within the vault, safety deposit boxes with individual locks and keys (software and cryptographic isolation) provide further protection.
Separated by hardware from the main operating system, a TEE ensures the secure storage and processing of sensitive data and trusted applications. It protects the integrity and confidentiality of key resources, such as the user interface and service provider assets. A TEE manages and executes trusted applications built in by device makers as well as trusted applications installed as people demand them. Trusted applications running in a TEE have access to the full power of a device's main processor and memory, while hardware isolation protects these from user installed apps running in a main operating system. Software and cryptographic isolation inside the TEE protect the trusted applications contained within from each other.
Device and chip makers use TEEs to build platforms that have trust built in from the start, while service and content providers rely on integral trust to start launching innovative services and new business opportunities.