GlobalPlatform Expands Root of Trust Requirements and Definitions for IoT and Connected Computing
Industry body details how to establish a Root of Trust using secure components to ensure secure mobile service delivery
November 16, 2016 – GlobalPlatform has published Root of Trust Definitions and Requirements to enable original equipment manufacturers (OEMs) and service providers (SPs) to create, implement and use a Root of Trust (RoT) to protect their devices and services.
The document provides a detailed technical framework, explaining how GlobalPlatform technology implements two key concepts that are integral to securing the delivery of digital services, regardless of sector:
- Root of Trust (RoT) – A computing engine and its code, data and keys that is as small as possible and offers secure services to other code (like the operating system and applications) hosted in a device. GlobalPlatform Trusted Execution Environments and Secure Elements already fulfill this function in billions of connected devices like smartphones, set-top- boxes and IoT devices.
- Chain of Trust – The ability to bind a service to one or more ROTs to offer value added services.
Representatives from the internet of things (IoT) and connected computing industries have worked with GlobalPlatform to develop the technical document as the number and sensitivity of services available through connected devices is growing rapidly.
“Until now, GlobalPlatform secure components have not been presented as meeting RoT requirements, but the functionality has always been present,” comments Gil Bernabeu, Technical Director of GlobalPlatform. “This means that device makers and SPs have been unable to use GlobalPlatform SEs or TEEs as a security baseline for RoT services. For the first time, this document outlines how to use GlobalPlatform technology to create RoTs that answer the latest needs of increasingly complex markets and address the presence of numerous stakeholders and devices.
“RoT is an important security concept, but the real value for SPs and OEMs lies in the establishment of Chains of Trust to securely connect services with secure components and/or the device RoT. As billions of devices are being connected to one another the security services offered by secure components are essential to facilitate the protection of information and devices from malicious attacks, and brands from irreparable damage in the wake of hacking.”
Several extensions to the functionality of RoTs are included in the requirements document. Firstly, GlobalPlatform supports the process to securely transfer the ownership of a secure component in a multi- stakeholder environment. This is required when a Secure Element manufacturer passes administration ownership of the component to a device manufacturer or car manufacturer, for example. Additionally, with more than one secure component now present in many devices, the combination of multiple ROTs has also been defined.
The document – Root of Trust Definitions and Requirements – is available to download now.
Interested to follow or get involved with GlobalPlatform’s RoT and Chain of Trust activity? Check out the website.
Keep up to date with the latest news from GlobalPlatform:
- Follow on Twitter: http://bit.ly/wOiHFp
- Subscribe on YouTube: http://bit.ly/1BzvLoa
- Join us on LinkedIn: http://linkd.in/xjxsN5
Notes to editors:
GlobalPlatform defines and develops specifications to facilitate the secure deployment and management of multiple embedded applications on secure chip technology. Its standardized infrastructure empowers service providers to develop services once and deploy across different markets, devices and channels. GlobalPlatform’s security and privacy parameters enable dynamic combinations of secure and non-secure services from multiple providers on the same device, providing a foundation for market convergence and innovative new cross-sector partnerships.
GlobalPlatform is the international industry standard for trusted end-to-end secure deployment and management solutions. The technology’s widespread global adoption across finance, mobile/telecom, government, healthcare, retail and transit sectors delivers cost and time-to-market efficiencies to all. GlobalPlatform supports the long-term interoperability and scalability of application deployment and management through its secure chip technology open compliance program.
GlobalPlatform defines a TEE as a secure area in the main processor in a smartphone, or any connected device. It ensures sensitive data is stored, processed, and protected in an isolated and trusted environment.
As a non-profit, member-driven association, GlobalPlatform has cross-market representation from all continents. 120+ members contribute to technical committees and market-led task forces. For more information on GlobalPlatform membership visit www.globalplatform.org