Building the foundation of digital security for 20+ years
GlobalPlatform is a consensus-driven technical standards organization. Its members are focused on enabling the efficient launch and management of innovative, secure-by-design digital services and devices, which deliver end-to-end security, privacy, simplicity interoperability and convenience to users.
Our Mission? To empower stakeholders across industries with standardized technologies and certifications for trusted digital services and devices that address their business, security, regulatory and data protection needs.
Tens of billions of GlobalPlatform-certified SEs and TEEs are used in devices across market sectors, including payments, mobile, connectivity and IoT.
A forum to solve technical & security challenges
Banking and identity were the first industries to adopt GlobalPlatform standards. This was quickly followed by the mobile industry and has since expanded to encapsulate numerous other connected industries.
With the digitalization of our world continuing to introduce new requirements, GlobalPlatform is working with its members and industry partners to improve understanding of how secure components can be used to address specific markets and use cases.
Standardization of secure component technologies has been the core of our work.
Secure components are a combination of hardware, firmware and a root of trust. To answer industry requirements, GlobalPlatform defined the Secure Elements (SE - a tamper resistant environment, removable, embedded or integrated) and Trusted Execution Environments (TEE - an isolated execution environment in the main chip of the device). Most SIM cards, credit cards, identity cards, ePassports, smartphones and more use GlobalPlatform’s technologies.
GlobalPlatform also creates device specifications, with associated open-source program code, that define a universal language to access secure services provided by GlobalPlatform SEs & TEEs through Trusted Platform Services (TPS) APIs. These APIs are optimized for IoT and built with an attestation-by-design mindset. The aim is to make it easier for service providers and application developers, in different market sectors, to link together the strong security technology offered by secure components in their products and create an attestable Chain of Trust (from the Root of Trust (RoT) to the application or the cloud).
Certification & Qualification
Companies can confirm products adhere with GlobalPlatform technical specifications, market-specific configurations and security levels through the functional and security certification programs offered by its ISO 17065 accredited certification body (number 5486.01).
Other organizations such as GSMA and OSIA are using GlobalPlatform to support their certification programs.
GlobalPlatform also works together with the IoT ecosystem to simplify the security evaluation of connected devices through the Security Evaluation Standard for IoT Platforms (SESIP) Methodology. With SESIP, reuse and composition of certified device components optimize the effort of vendors and laboratories to adhere with worldwide regulations and standards.
Get involved & bring your requirements!
Addressing the long-term needs of companies and European governments engaged in eID deployments, and identifying use cases where GlobalPlatform technologies can deliver the highest levels of security and interoperability
Secured Application for Mobile (SAM)
Supporting impacted stakeholders with the introduction of GSMA’s SAM specification, which defines a capability allowing mobile device users to manage a wide range of secured applications within the eUICC of their device.
Security Evaluation Standard for IoT Platforms (SESIP)
Driving adoption and recognition of the SESIP methodology, to promote consistency across IoT certification schemes and lower the cost and complexity of IoT security evaluation.
Evaluating and providing recommendations on the cryptographic mechanisms used in GlobalPlatform technology, to ensure high levels of security as cryptography trends and technologies evolve. Includes guidance on the migration to PQC and integration of new algorithms by NIST.
Working with the automotive industry to address new security standards, like SAE J3101, UNECE WP29 and ISO 21434, which emphasize the need for cybersecurity to be prioritized throughout the entire lifecycle of a vehicle.
Open Source Program
Enabling the open source implementation of TPS APIs to reduce the complexity of device connectivity and onboarding for device manufacturers in industrial and consumer IoT markets.
Check out our Annual Report
Receive the latest news