Secure Enclave
A hardware-isolated chip inside modern smartphones and computers that stores cryptographic keys and biometric data, isolated from the main processor so malware cannot extract them.
Also known as: trusted execution environment, TEE, secure element
Last reviewed: 10 June 2026
A secure enclave is a dedicated hardware component with its own processor, memory, and storage, physically and cryptographically isolated from the main application processor. Sensitive data stored in the enclave — such as the private keys for passkeys, payment credentials, and biometric templates — cannot be read by software running on the main OS, even if that software is malicious and has administrative privileges.
Apple's Secure Enclave, ARM's TrustZone, and equivalent features in Android devices underpin the security model of modern mobile payments and passkeys. When you use Face ID or fingerprint to authenticate a payment, the comparison happens inside the enclave; the biometric data never leaves it. The private cryptographic key for a passkey is generated inside the enclave and cannot be exported.
For consumers, the practical significance is that modern smartphones have materially better security properties for authentication than older devices or low-cost hardware that lacks dedicated secure elements. The security model described for passkeys and biometric payments relies on the presence of this hardware, which is why security guidance recommends using these features rather than typed passwords or SMS codes where possible.