Trustonic’s Trusted Execution Environment (TEE) technology has officially made its way through the EMVCo’s mobile payment certification process. In plain terms, that means that any mobile payment apps that choose to adopt Trustonic’s security services can do so knowing that they will be compliant with the EMVCo’s strict mobile payments regulations.
According to Trustonic, its environment is the first hardware-backed TEE solution to complete the software-based evaluation process. The TEE ensures that any sensitive personal information is processed and stored in an isolated (and secure) area of the processor on a mobile device.
To that end, Trustonic’s Trusted User Interface hides information like PIN inputs and app logins from a device’s operating system, providing an additional layer of security that persists even if the rest of the device has been compromised.
“Hardware-backed TEE technology can protect apps even if attackers have root privileges on the device,” explained Riscure Director of Mobile Payments Tim Hartog. “This is a key enabler for using smartphones as acceptance devices.” Riscure is the independent testing facility that carried out the EMVCo evaluation.
The certification comes shortly after Trustonic announced that its technology would be used to secure a new smart medical device from OPTOLANE. EMVCo, meanwhile, recently formed the Web Payments Security Interest Group in collaboration with W3C and the FIDO Alliance.