Hardware Protected Confirmation

Leveraging the “Trusted Execution Environment” for security-critical mobile applications: Hardware Protected Confirmation (HPC) can be applied to a wide range of security critical operations.


  • Lead school School of Engineering and Computer Science
  • Institute Institute for Cybersecurity & Engineering (ICE)
  • Research unit ICE / FinTech Security Group
  • Funding organisation Innosuisse
  • Duration (planned) 01.08.2022 - 31.01.2024
  • Project management Prof. Dr. Benjamin Fehrensen
  • Head of project Prof. Dr. Benjamin Fehrensen
  • Project staff Dr. Alain Hiltgen | Project Co-head from UBS
  • Partner UBS Business Solutions AG
    AdNovum Informatik AG
    Swiss Association for SWIFT & Financial Standards (SASFS)
  • Keywords Android Protected Confirmation, Trusted User Interface, Trusted Execution Environment


Digitalization of our society is an ongoing trend. Digital processes and online services have invaded a major portion of our everyday organizational, social and economic activities. Next to digitalization, we see a strong trend of “going mobile” together with an increasing demand for remote confirmations triggered by home office practices as socialized through the pandemic.

Financial institutions and others are striving to leverage the rich capabilities of smart phones for their services. Compared to “classical web services”, smart phones open up a whole universe of new functionalities, we could only dream of some years ago: Smart phones can be used (a) as scanners for reading invoices, (b) as virtual Credit Cards or (c) as strong multi-factor authentication devices combining biometrics with other factors.

Therefore, smart phones are becoming more than just an interface to digital services. They are transforming to essential integrated building blocks of digitalization: Smart phones are used as badges, car keys, NFC-enabled Credit Cards or Payment Terminals such as POS (Point of Sales), all components that needed expensive dedicated hardware in the past. While industry jumped on the new building blocks to enrich their digital offering, some of the most protective security features of modern smart phones are only very seldom leveraged as they miss standardized interface calls.

This project incubated with UBS Next is an innovation project supported by Innosuisse.

Hardware Protected Confirmation
Smart phones are becoming more than just an interface to digital services. They are transforming to essential integrated building blocks of digitalisation.

Course of action

Modern smart phones have all it needs to build highly secure systems. Most smart phones ship with advanced security chips that build upon a “Trusted Execution Environment” (TEE). The TEE allows them to shield sensitive information and control functions from the "Regular Execution Environment" (REE) / normal operating system (OS) exposed to malware operating on an infected device. Even if the REE is compromised, the TEE and its protected components stay safe. This technology in conjunction with direct control over biometric sensors allows to build very sound security solutions. With all components integrated in one device, this eventually comes with hardware-level protection and a maximum of user convenience.

We aim to open up the ubiquitous platform of mobile devices for “real security businesses”. International regulations such as the "Payment Service Directive" (PSD2) in Europe, the “Guidelines on Internet Banking and Technology Risk Management” from the Monetary Authority of Singapore (MAS), as well as EMV Security Standards and Swiss and EU Digital Signature laws all require strong multi-factor customer authentication (SCA) and secure confirmations for good reasons. But applications of this technology are by no means limited to the banking sector only.

Looking ahead

Hardware Protected Confirmation (HPC) can be applied to a wide range of security critical operations such as “authentication”, “authentication with linking”, “transaction confirmation” (such as EMV «3DS confirmation»), “shareholder voting”, “medical device steering”, “access un-locking”, “electronic signing” and many more.

To make “HPC” available on a broader scale we need an easy-to-use standardized API call like "Android Protected Confirmation", specified and currently implemented only by Google. The API call must be available on the majority of smart phones to cover for interesting large-user-base use cases. Therefore, we want to lay a foundation for establishing “HPC” as a broadly requested and widely supported standard functionality of modern smart phones. The necessary hardware is already widely available in such smartphones (see ARM TrustZoneand ARM trusted Firmware). There are standards such as “Trusted User Interface”3 defining the necessary requirements. Moreover, over the past couple of years, we have seen a steady increase in the understanding for such Trusted User Interfaces (TUI) as well as for Hardware Key Stores (such as Secure Element SE) and their benefits.

This research project shall pave the way in the development of a market-ready common API for making “Hardware Protected Confirmation” available on a large scale – preferable as common API for mobile devices.

1  Arm - Silicon IP Security
2 The Trusted Firmware-A project 
3 GlobalPlattform - Trusted User Interface API