The aim of the GlobalPlatform Device Committee is:
- To define an open security architecture for consumer and connected devices based on a trusted execution environment (TEE) - enabling the development and deployment of security applications from multiple service providers including technical specifications compliance and security certification programs.
- To define on-device services necessary for the management of secure elements (SE) and secure interaction with SEs including the UICC, embedded SE and smart microSD.
- To define a compliance program that helps handset manufacturers and speeds up the integration of GlobalPlatform device technologies.
- To support the GlobalPlatform TEE Security Evaluation Secretariat in driving the TEE Security Certification Scheme.
The Device Committee is chaired by Christophe Colas from Trustonic. 55 member companies participate.
- To manage, prioritize, develop, maintain and evolve specifications for the TEE.
- To advance and maintain the GlobalPlatform TEE Specifications to develop suitable services for trusted applications including their administration.
- To define, develop and maintain specifications related to the interaction between the TEE and SE.
- To advance and maintain the GlobalPlatform Device Compliance Program, to facilitate interoperability of device technologies on different handset implementations.
- To progress the work of the GlobalPlatform TEE Security Certification Scheme, to facilitate the security evaluations of TEE implementations.
- To maintain and evolve specifications for the GlobalPlatform Secure Element Remote Application Management Specification facilitating the connection of trusted service managers (TSMs) to SEs.
- To maintain and evolve specifications for the GlobalPlatform Secure Element Access Control Specification enabling the control of communication between device applications and trusted applications (TAs) to SEs and including the related compliance program.
Beneficiaries of the Committee Include:
- Device and chipset manufacturers looking for a standardized way to provide a TEE.
- Device manufacturers looking to implement and test device technology as defined in GlobalPlatform Specifications.
- Service providers who will benefit from the protection of secure applications within a single, standardized and interoperable environment.
- Application developers wishing to create interoperable yet sensitive applications, while enjoying the added support provided by the GlobalPlatform community.
- Service providers wishing to offer customers additional trust through a secure environment which is interoperable between various device platforms.
- TSMs that want to manage TAs remotely. All of the above parties that have an interest in having SE management components within a device.
Device Committee activities and achievements
2016 Activities and Priorities:
- To drive the activity of the TEE Security Certification Scheme and promote the value of the TEE Protection Profile to chipset manufacturers / OEMs, service providers and security laboratories.
- To update aspects of the TEE Specification including the TEE System Architecture and Trusted User Interface with the support of biometrics.
- To update the TEE Management Framework, including the Symmetric Security Layer and the Asymmetric Security Layer.
- To collaborate with GSMA and Google on Secure Element Access Control (SEAC) 2.0 requirements and specification.
- To support the evolution of the GlobalPlatform Device Compliance Program in collaboration with GSMA and Global Certification Forum (GCF).
- To develop new requirements for Secure Element Remote Administration (SERAM).
- To further work on new SE APIs.
- To define the TEE role and requirement during device boot.
- To investigate and define how the collaboration between the TEE and SE can improve the security of a device.
- To support a TEE Security Evaluation Program, which will aim to drive ‘practical’ TEE security certifications with short time-to-market constraints.
- To address the requirements of GlobalPlatform’s Premium Content Task Force, and ensure alignment on work priorities.
- To engage with mobile network operators and key players in the web ecosystem to confirm industry requirements, as well as continue to serve the needs of specific use cases including premium content protection, identity, authentication and payment services.
- To host TEE seminars and workshops globally to communicate the value proposition of the technology (exact dates and locations TBC).
Achievements to Date
- Launched the GlobalPlatform TEE Security Evaluation Secretariat and TEE Security Certification Scheme to facilitate the security evaluations of TEE implementations.
- Launched two new working groups, the WebAPIs WG (an open source group) and the Secure Component BLE Connector WG.
- Published TEE Sockets API Specification v1.0 | GPD_SPE_100, a suite of specifications that provide standards to enable a Trusted Application to directly make use of internet protocol interfaces, rather than send packets to a client application for internet transfer.
- Published TEE Secure Element API Specification v1.1 | GPD_SPE_024, aimed at software developers implementing Trusted Applications running inside the Trusted Execution Environment (TEE) which need to expose an externally visible interface to Client Applications.
- Published The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market, a white paper that acts as a high-level introduction to the Trusted Execution Environment.
- Published a new revision of the specification for Secure Element Access Control (SEAC). GlobalPlatform Device Technology Secure Element Access Control v1.1 Errata and Precisions v1.0.
- Published a new Secure Element Remote Administration (SERAM) specification.
Device Committee Working Groups
TEE Specifications Working Group
- To create and maintain documentation defining the TEE, while ensuring consistency in the specifications and services.
Device Compliance Working Group
- To ensure the long-term interoperability of GlobalPlatform’s Device Specifications by developing an open and thoroughly evaluated compliance ecosystem with test suites and qualified test tools.
- To test the functional behavior of a product against GlobalPlatform’s Device Specifications to achieve market interoperability and reduce ecosystem fragmentation.
TEE Security Working Group
- To define the level of security of the TEE technology for different market verticals and use cases addressed by GlobalPlatform and to ensure a security evaluation framework is in place.
- To publish and maintain the TEE Protection Profile.
TEE Roadmap Working Group
- To identify opportunities and strategic direction of GlobalPlatform's TEE Roadmap to meet market requirements.
SE Remote Administration Working Group
- To evolve as necessary the GlobalPlatform technologies to remotely manage applications in a SE hosted on a device.
SE Access Control Working Group
- To standardize a SE Access Control concept based on policies.
- To define, maintain and evolve the architecture and interfaces for GlobalPlatform SEAC in devices and on SEs.
Trusted Computing Group (TCG) Working Group
- To share expertise and collaborate around mobile device industry standards, including technical requirements, specifications and use cases.
- To ensure alignment between security topics in regards to the TCG Trusted Platform Module Mobile (TPM Mobile) and GlobalPlatform's TEE Specifications.
Web APIs Working Group
- To standardize open source documentation defining web application access to services hosted in a TEE, or SE.
- To collaborate with open source organizations such as W3C.
Secure Component BLE Connector Working Group
- To standardize a protocol to access secure services hosted in a device via the Bluetooth protocol.
- To collaborate with the Bluetooth community.
For further details or to get involved in this activity, please visit the member only website or contact firstname.lastname@example.org.