TPM and TEE are partnering not competing, GlobalPlatform boss reports

Gil Bernabeu of GlobalPlatform

As the line between mobile devices and computers becomes increasingly blurred, security architectures from two previously separate worlds are also converging. GlobalPlatform’s secure components – the Secure Element (SE) and Trusted Execution Environment (TEE) – are becoming de facto in mobile devices and the Trusted Computing Group’s (TCG) Trusted Platform Module (TPM) is widely deployed across the computing ecosystem.

GlobalPlatform’s technical director, Gil Bernabeu, is often asked whether the two technologies compete, if there is crossover and even if one will kill the other. Here, he explains why it is not a question of competition, but one of fruitful collaboration between GlobalPlatform and TCG and the two technologies.

Why are GlobalPlatform and TCG working together?

A. GlobalPlatform and TCG share a common philosophy. Every device must have a trust anchor at its core to build Chains of Trust and offer secure services. Based on this common approach, TCG and GlobalPlatform have standardised different secure services to support the deployment of use cases for different industries.

This shared viewpoint enables the organisations to come together to identify points of alignment and key areas of specialisation. For example, TCG develops a range of important services specific to the PC industry which are not a focus for GlobalPlatform.

What is the benefit of this collaboration?

A. I think I can use one example. The TEE’s ability to host and execute third party apps and services in its protected environment is key. Because of this, GlobalPlatform and TCG ensure that specific services defined by TCG can be loaded and managed inside a GlobalPlatform secure component, such as a TEE.

We have published different documents to explain how this can be achieved. This offers a solution to device makers seeking to encrypt the hard disc – a popular service in the Trusted Platform Module community – allowing them to load and anchor this encryption service within a TEE.

What might this convergence look like in the future?

A. Well, multiple markets are now connecting things and the demand for more security is growing. The market for both technologies looks bright and multiple routes for collaboration are in front of us.

For example, the IoT (Internet of Things) world needs connectivity via 3/4/5G. Because SE technology is embedded in SIMs (Subscriber Identity Modules) and eSIMs I expect the TPM use case to be delivered using a GlobalPlatform SE. Additionally, “always connected” PCs may want to authenticate to a network using a SE with a SIM function, perform a NFC transaction with a banking application or a strong authentication with FIDO. All using the same SE.

As a result, device manufacturers, alongside many other stakeholders, stand to benefit from the combined efforts of GlobalPlatform and TCG.

Click here for more information about TEE and SE technologies.

The author of this blog is Gil Bernabeu, technical director, GlobalPlatform

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

Recent Articles

Spike in use of cloud-based security to protect corporate data

Posted on: July 1, 2020

A new survey of UK security practitioners by Exabeam shows a marked increase in the adoption of cloud-based security tools compared to an earlier study carried out in March prior to the COVID-19 lockdown. The latest data shows 88% of recent respondents said the accelerated move to the cloud was driven by the need to

Read more

Telcos must be cautiously aggressive to ‘Roar out of Recession’

Posted on: June 30, 2020

As we approach four months since essentially the entire world went on lockdown, telcos have gone through a very mixed experience.

Read more