Editor's Note: With the development of mobile payment technology and the application of the promotion, intelligent terminal and mobile payment security is more and more can not be ignored. In view of the security problems faced by the industry in the intelligent terminal, in recent years, at home and abroad began to carry out in-depth research and discussion, and put forward some solutions, namely Trusted Execution Environment (Trusted Execution Environment), referred to as TEE. Subsequently, CUP also after years of research and experiment on TEE, and further put forward a more fit industry development and multi-party cooperation needs TEEI trusted platform and can be equipped with the N3 TEE trusted operating system. At present, China UnionPay is working with domestic well-known mobile phone manufacturers, has launched a support for TA cross-platform deployment of N3 TEE mobile phone; will further joint mobile phone manufacturers and fingerprint manufacturers, to carry out TEE in fingerprint authentication, financial services and other applications. This issue, we invited the China UnionPay Electronic Payment Research Institute Li Dingzhou teacher, to analyze the TEE technology and N3 TEE knowledge.

Overview

With the 3G network and intelligent terminals (such as mobile phones, smart TV, etc.) the rapid development of consumer electronics products more and more intelligent, mobile applications and the number of more and more. The current mobile applications are no longer limited to the basic functions of intelligent terminals and entertainment functions of the expansion, it involves the field gradually expanded to all walks of life, such as financial payment industry, content copyright protection industry. The application of these industries requires a higher overall security level.

But now the intelligent terminal security, it is difficult to meet the above requirements, mainly because:

Insufficient operating system security

As the current intelligent terminal operating system itself is not from the security point of view design, coupled with the huge complexity of the system and frequent upgrades update, resulting in the current security solutions (such as firewalls, viruses, etc.) can not put an end to viruses, Trojans Malicious program intrusion, making the security of mobile terminals can not be a fundamental comprehensive guarantee.

Operating system malicious attacks increased rapidly

With the increase in the number of applications, malware, virus attacks and the number of species is even more geometric growth. According to reports, from May 2013 found the first intelligent terminal Trojan samples, as of the end of November has been found around 500 samples, all for smart phone system, of which about 20% also comes with "fishing" Web site interface, the rapid increase in these malicious software for mobile security is a big challenge in terms of security.

Therefore, for mobile payment, defense of malicious software / viruses, security of intelligent terminal security is not only the most important, or the key to its future take off the key. And in terms of the security of the intelligent terminal, it can no longer rely solely on application-based solutions to provide protection, but need to further provide based on the terminal hardware-level security solutions to strengthen the protection.

TEE technology development

In view of the security problems faced by the existing intelligent terminals, in recent years, at home and abroad began to conduct in-depth research on intelligent terminal security, and put forward some solutions:

1, OMTP (Open Mobile Terminal Platform) Working Group in 2006, the first proposed a two-system solution: that is, in the same intelligent terminal, in addition to multimedia operating system and then provide a separate safe operating system , This isolated security operating system running on isolated hardware is used to specifically handle sensitive information to ensure the security of the information, which is called TEE.

2, based on the OMTP program, ARM (the world's largest processor provider of embedded processors, their processor architecture accounts for more than 95% of the mobile phone market share) in 2006 put forward a hardware virtualization technology TrustZone and its Related hardware implementation program. In the same period, Intel has also proposed a similar dual hardware-based technology solutions.

3, Visa, MasterCard and other international banking card organization led the International Organization for Standardization GlobalPlatform (the world's leading smart card multi-application management standards organization, referred to as GP) from 2011 onwards drafted the development of relevant TEE standard standards, is expected within 2014 Develop and publish all specifications. In addition, the GP organization also combined with some companies to jointly develop a trusted operating system based on the GP TEE standard.

4, in the GP TEE research background, Oracle has also started on the TEE research work, and named Java TEE. Java TEE is Oracle's own TEE based on its own Javacard virtual machine technology, which will support a trusted application based on the Java language. Oracle Java TEE currently does not have any specification to publish.

At present, TEE-based products are mainly used in the North American market DRM (Digital Rights Management digital rights management) areas. In the financial sector, Visa, MasterCard and other bank card organizations have also begun based on TEE technology (based on the GP standard platform) to develop mobile POS, mobile wallet and other related applications. In addition, support TEE technology, intelligent terminals have begun to appear in the global mobile phone market, such as Samsung Galaxy SIII, Note2 and HTC One X and so on. (Source: Bank Card Testing Center)