Described are systems, methods, and computer readable medium for authenticating user device interactions with external entities. A secure communication session is established between an external device or application and a trusted execution environment. An authentication request is received from the external application or device at the trusted execution environment. A secure communication channel is established between the trusted execution environment and an input/output interface of the user authentication device. Input is received from a user assurance action related to the authentication request over the secure communication channel. Data is encrypted at a secure element of the user authentication device, and a response is transmitted including the encrypted data and an indicator of the user assurance action to the external application or device from the trusted execution environment in response to the authentication request via the secure communication session.