On March 10, 2021, Alibaba Cloud IoT Trusted Execution Environment (Link TEE) obtained the mobile financial technology service certification certificate issued by Beijing Zhongjin Guosheng Certification Co., Ltd. Link TEE used NXP i.MX6QP Soc as the hardware carrier to carry out this time Certification evaluation, certification is based on JR∕T 0156-2017 "Technical Specification for Trusted Environment for Mobile Terminal Payments" issued by the People's Bank of China. Currently, Link TEE is the only IoT product operating in China that has passed this certification.
The "Technical Specification for Trusted Environment for Mobile Terminal Payments" stipulates the overall framework of the trusted environment in the mobile payment field, trusted execution environment, communication security, data security, and client payment applications for payment terminals. The design, development, testing and evaluation of related products of payment terminals such as smart POS terminals shall be implemented with reference to this specification. Link TEE's certification of this standard also represents the safety and leadership of its product capabilities in the financial field.
Link TEE is independently developed by Alibaba Cloud. Based on IoT chip-level security isolation technology, it provides a trusted computing software framework for terminals to ensure the security of core data assets on the device. It supports multiple processor architectures such as ARM Trustzone and T-Head, and coexists with the common operating system (Linux/RTOS, etc.) on the device, providing a hardware-level safe and isolated operating environment for applications running on the MCU. Inside the trusted execution environment, safe and sensitive information is stored, including but not limited to keys, safe applications, and sensitive data.
At the same time, Link TEE passed the GlobalPlatform TEE full-configuration safety certification in 2019, becoming the world's first product to pass the certification. It supports 130+ security APIs and can resist 14 software and hardware attack methods. It has small code, fast running speed, and security level. Higher advantage. Supports secure startup, secure storage, secure debugging, secure upgrades, etc., to protect firmware, applications, and various secure assets, support the expansion of secure applications, and meet the unique security needs of users. In terms of resource occupation, Link TEE has been deeply optimized. The static space is less than 32K and the dynamic space is less than 8K. It also supports low-power power management and further module tailoring, which is suitable for low-cost, low-power IoT application scenarios. .
Cheng Liang, a senior security expert at Alibaba Cloud Intelligence, said that by using trusted execution environment technology, it is possible to quickly improve the software and hardware security protection capabilities of smart terminals, improve the security level of the terminal system, effectively prevent the leakage of sensitive payment information and security risks, and improve the quality of financial services and The level of inclusiveness meets the needs of safe and healthy development in the financial sector.