Research Report on Interoperability of Heterogeneous Trusted Execution Environments in Financial Privacy Computing

UnionPay Co., Ltd. led the "Financial Industry Privacy Computing Interconnection Technology Research Report," released on May 6 by the Beijing FinTech Industry Alliance. The sub‑project "TEE Interconnection" was headed by Ant Group and Industrial and Commercial Bank of China, with participation from more than 20 organizations, including Huawei, Shanghai Pudong Development Bank, and others.

Heterogeneous TEE interconnection refers to using a unified remote attestation scheme to achieve mutual recognition and data exchange across different TEE architectures, enabling joint computation. After nearly four months of work, the team produced a core "Unified Remote Attestation Process" interface and completed interoperability verification for five mainstream TEE solutions.

In the digital era, data is a strategic resource, and China emphasizes building a foundational data system and fostering a data‑factor market.

Privacy computing, a fast‑growing technology balancing data circulation and security, is in a global R&D phase. Various companies and institutions are entering the market, each promoting different technical approaches.

Trusted Execution Environment (TEE) is a leading privacy‑computing technology that relies on hardware roots of trust, offering high security and reliability. Its performance and scalability have led to widespread adoption in government, finance, telecom, and other sectors.

Although many TEE solutions have emerged domestically and internationally, the diversity creates interoperability challenges. Mixed‑use of heterogeneous TEEs forms “islands,” hindering data flow and joint computation, especially in data‑intensive financial services.

Achieving interconnection among heterogeneous TEEs allows enterprises to reuse existing resources or quickly adopt new ones, reducing transformation costs, improving efficiency, and facilitating smoother data‑factor circulation.

The proposed TEE interconnection solution builds on Ant Group’s self‑developed "Unified Attestation" process, abstracting remote attestation, secure channel establishment, and application interoperability to hide differences among TEE implementations. This enables seamless internal migration of applications across TEEs and external business interconnection between heterogeneous TEEs.

The solution successfully linked Ant Group’s self‑developed HyperEnclave domestic TEE with other TEE solutions. HyperEnclave decouples the trust root from CPU manufacturers, fitting domestic scenarios, and its trust root is built on third‑party national financial information security infrastructure.

HyperEnclave has passed certification by the Beijing National FinTech Certification Center, with its security formally verified, becoming the first domestically developed, financial‑grade TEE system.

Going forward, Ant Group will continue exploring full‑system TEE interconnection, standardizing secure channel creation and data encapsulation, integrating higher‑level algorithm and management interconnections, and combining with other privacy‑computing approaches. The TEE interconnection interface will be open‑sourced to serve more enterprises and developers, promoting a thriving privacy‑computing ecosystem.