How SOTER Secures Mobile Biometric Authentication with TEE and Key Chains

What is SOTER

Today, biometric authentication has moved from Hollywood movies into everyday life, with fingerprint recognition leading the way since the iPhone 4s introduced it in 2011. Both iOS and Android devices now heavily rely on fingerprints for unlocking, payments, and app authorizations, and Android 6.0 (Marshmallow) added official fingerprint APIs and enhanced key management.

However, there is no unified biometric standard across manufacturers. Although iOS and Android provide client‑side APIs that return a verification result, the result can be forged if the device is rooted or jail‑broken, and network interception can tamper with data during transmission.

To address these issues, developers would otherwise need to implement separate solutions for each vendor, which is inefficient and unrealistic.

Leveraging its strong ecosystem, Tencent collaborated with phone, chipset, and TrustZone vendors to implement a secure fingerprint payment flow in WeChat, and abstracted the entire process into a complete biometric standard called SOTER.

Benefits of SOTER

SOTER, named after the Greek god of safety, adds a security‑hardening layer on top of existing system interfaces. Its advantages include:

1. Third‑party apps do not need to access the secure domain directly; they call a business‑agnostic Trusted Execution Environment (TEE) application (TA), reducing development difficulty and adaptation cost.

2. For Android, SOTER unifies the FingerprintManager and KeyStore interfaces, providing consistent APIs and strengthening security on insecure Android devices.

3. Third‑party apps gain flexibility to perform secondary verification of authentication results.

4. Even in untrusted external environments, secure authorization remains possible.

By simplifying the complex chain between manufacturers and developers, SOTER enables various apps to quickly and safely use biometric capabilities, delivering a fast and secure user experience.

Why SOTER Can Achieve This

Understanding Trusted Execution Environment (TEE) is essential. TEE is an isolated secure area independent of the phone’s operating system. In the SOTER standard, all key generation, data signing, fingerprint verification, and sensitive data transmission occur within the TEE. Device root keys are burned into hardware during manufacturing, forming a trusted root for derived keys. All participating manufacturers embed hardware TEE and pass Tencent’s security platform and WeChat Pay security team verification.

Device Root Key

The Device Root Key (Attestation Key, ATTK) is the core of SOTER. For Android devices, ATTK is burned into the device before shipment and has the following properties:

RSA‑2048 format, currently unbreakable.

Generated inside the device; no external entity can obtain the private key.

Stored in the device’s TEE secure storage (RPMB), with no known cracking method.

The public key is securely transmitted to the SOTER Key Management Server (TAM) via an authenticated HTTPS interface before the device leaves the factory.

Each device has a unique ATTK, so a leak of one key does not affect others.

The security of the device root key underpins SOTER’s overall protection, and the WeChat team continuously monitors supported devices.

Key Trust Chain

The trust chain model is illustrated below:

Figure 1: Key Trust Chain

The diagram shows a top‑down trust relationship and a bottom‑up derivation relationship. The derivation and verification process is shown in Figure 2:

Figure 2: Key Derivation and Verification Process

Specific steps:

1. The root‑key provider requests the device to generate the device root key before shipment.

2. The device generates the root key inside a TA and stores the private key in secure storage; the public key is exported to the provider.

3. The provider transmits the public key to the key‑public provider (e.g., WeChat public interface) via a trusted backend; upon verification, it is stored.

4. For higher‑level keys (level 2‑n), the client (device) requests the key‑generation TA to create the key.

5. After generation, the private key is stored in secure storage.

6. The public key, signed with the upper‑level key, is exported and sent to the public‑key provider or application backend for verification and storage.

The device root key’s public‑key provider is TAM; other level keys are managed by the application backend, which can retrieve a device’s ATTK public key via a unified backend API.

Besides ATTK, the App Secure Key (ASK) is a secondary key generated per app at startup, and the Authentication Key (Auth Key) is a business‑level key generated per business (e.g., payment, login). Auth Key usage requires user biometric authorization.

User authorizes with biometric data and signs the request.

After keys are prepared, the app can request biometric authorization at the appropriate moment (e.g., during payment), obtain a signed authorization token, and send it to the backend for verification. Upon successful verification, the backend can check additional information (such as fingerprint ID) and return the final authorization result.

Application Scenarios of SOTER

Beyond WeChat Pay, SOTER can be used for:

Biometric unlocking or login, eliminating the need for passwords and enabling fast multi‑account switching.

Replacing transaction passwords, simplifying online transaction flows and improving success rates.

Supplementing traditional password authentication with biometric verification, reducing reliance on SMS codes and cutting costs.

More scenarios await discovery.

How to Use SOTER

SOTER can be implemented in two ways:

Third‑party apps follow sample code or embed the WeChat‑provided SDK to complete the full SOTER flow.

Official account apps call the provided JSAPI interface for direct trusted biometric verification.

Follow the WeCooper official WeChat account for detailed interface documentation.

Goal of SOTER

The aim is to advance biometric technology across the industry, build a comprehensive biometric authentication ecosystem, and realize a smarter, more secure daily life through collaborative effort.