GlobalPlatform Finalizes Device Application Security Management (DASM) Specification
New specification eases application deployment in a multi-actor terminal environment
23 APRIL, 2008 – GlobalPlatform, the international smart card specification organization, has finalized its Device Application Security Management (DASM) Specification for terminals, including mobile phone handsets and EFT-POS devices, based of GlobalPlatform device technology*. This specification defines how multiple actors within a device environment – such as issuers and third party application providers – can safely and confidentially exchange and manage secure data when dynamically downloading applications either pre or post issuance.
The DASM Specification is a suite of three documents. The first – the DASM Concepts and Descriptions Specification – was launched in May 2007 and defines the roles and responsibilities of different actors and specifies the data that needs to be shared in the application download process. The final two documents, which have just been published on the GlobalPlatform website, are:
- The DASM Key and Certificate Management Specification – This document details the keys, signature scheme and certificate infrastructure that must be applied to ensure that all actors active within the device environment are verified as trustworthy.
- The DASM Provisioning Specification – This document specifies the data format required to install an application and set up a security configuration on GlobalPlatform systems.
Gil Bernabeu, Technical Director at GlobalPlatform and Technical Advisor for the Standardization and Technology Department at Gemalto, comments: “The launch of these final two documents in the DASM Specification completes the first phase in GlobalPlatform’s development of a full standardized solution for provisioning applications in multi-actor GPD/STIP device environments. The main beneficiaries of this specification will be device owners and application providers who wish to download applications to a terminal, while retaining exclusive control over their own secure applications in a multi-application scenario.”
All three documents of the DASM Specification are now available for public download at www.globalplatform.org.
For further media information on GlobalPlatform, please contact Lee’ann Kaufman / Georgina D’Arcy at iseepr: firstname.lastname@example.org
+44 (0) 1943 468007
*GPD/STIP – definition
STIP is an abbreviation of Small Terminal Interoperability Platform. GPD is an abbreviation of GlobalPlatform Device. The STIP Specifications became the GPD/STIP Specifications in 2003 when the STIP Consortium transferred its intellectual property assets to GlobalPlatform. The current GPD/STIP technology provides open standards for use on smart card accepting terminals.
GlobalPlatform is the global leader in smart card infrastructure development and its proven, technical specifications for cards, devices and systems are known as the standard for smart card infrastructure. GlobalPlatform is a member driven association with cross-industry representation from all world continents. For more information about GlobalPlatform, visit: www.globalplatform.org.