Using a Trusted Execution Environment (TEE) to Protect Host Card Emulation Solutions
HCE enables mobile applications to offer secure payment card and authentication solutions without the need for a payment card to be physically present. HCE is the architecture that provides a virtual representation of payment cards using only software. Before HCE, payment cards had to be physically present for a transaction to be carried out using the in-built Secure Element (SE).
However, with this flexibility comes the risk of attack. Smartphones are vulnerable because their operating systems are rich in functionality but are not always designed with advanced security in mind. Therefore, users can unintentionally compromise their smartphones by accessing untrusted sources through internet browsing, downloading malware, or connecting to insecure Wi-Fi networks.
Secure Elements Versus Trusted Execution Environments
A Secure Element (SE) is efficient in protecting data but only at a limited scale. An SE has limited memory and computational capabilities−a major drawback given increased demand for processing power and high-performance user experience, especially during biometric authentication. An SE is also unable to communicate with a user through a Trusted User Interface (TUI) for secure PIN and biometric authentication.
The Trusted Execution Environment (TEE) is a hardware-isolated environment designed to keep data and processes secure by separating them from the main operating system. TEEs are built into the majority of modern smartphones; for example, Trustonic’s TEE is integrated into 2 billion devices during manufacture.
In comparison to an SE, the TEE offers better performance, memory and processing power. And, because the TEE is a hardware-isolated environment, it can deliver high-performance security and computational power, without the need for another chip to be integrated in the system.