This new version introduces support for Chinese SM cryptographic algorithms and deprecates usage of the DES algorithm and usage of the RSA algorithm with 1024-bit keys. SCP02, already previously deprecated, is fully removed. SCP10 is removed but a reference is provided to new Amendment L which describes a newer version of SCP10. Support for the MULTOS™ technology is deprecated. A few mechanisms previously described in Amendments (e.g., Cumulative Deletion, Cumulative Granted Memory, Token Identifier Deny Lists, SD Self Deletion, Personalization interface) are moved back to this version of the specification and will be removed from future versions of such Amendments. Key loading and audit commands (resp. STORE DATA and GET DATA) are evolved for higher flexibility, and the concept of “Key Purpose” is introduced while the “Key Usage Qualifier” is deprecated. For Memory Resource Management, support for volatile memory is deprecated. Support for Reserved Memory is deprecated for both volatile and persistent memory.

This document introduces an extension to the GlobalPlatform Card Specification aimed at offering an API for essential cryptographic functionalities such as authentication protocols and secure data management. The Cryptographic Service Provider (CSP) outlined in this extension aims to assist application developers by providing well-implemented high-level cryptography, thereby minimizing reliance on platform-specific security recommendations. Additionally, it streamlines the certification process for Applications by eliminating the need for composite certification, allowing certification irrespective of the underlying platform, while maintaining security standards equivalent to Common Criteria EAL4+ AVA_VAN.5 for the combination of the Application and the CSP [EU5G].