GlobalPlatform Helps Secure Element Ecosystem Demonstrate Security & Regulatory Compliance
Common Criteria-certified SE Protection Profile defines requirements for secure application management, and helps stakeholders compare products and meet regulatory mandates
November 29, 2021 – GlobalPlatform, the standard for secure digital services and devices, has certified its Secure Element (SE) Protection Profile (PP) with the international standard for computer security certification, Common Criteria (CC). The document is the latest update to GlobalPlatform’s Security Certification Program. It will make it quicker and easier for stakeholders across industries to validate and compare security features, protect applications and data against high-profile attacks and comply with evolving IoT and cybersecurity regulations.
Since 2000 GlobalPlatform has been the de-facto standard for secure element technologies. Today, there are over 50 billion GlobalPlatform-certified SEs in-market; equipping solutions like mobile phones, IoT devices, banking cards and eID documents, with a tamper-resistant hardware platform to securely host applications and store confidential data.
As the use of digital services continues to proliferate, the newly released PP will address the need for consistent and verifiable security. It offers a simple framework for:
- Security laboratories to evaluate the security of SE-based products, and validate conformance with security, regulatory and data protection mandates, such as the European Cybersecurity Act.
- Silicon and SE vendors to demonstrate their products are secure for use across devices and verticals including payment and identity cards, ePassports, smartphones and IoT devices.
- Device manufacturers to determine the trustworthiness of components, and select a solution with the required features to protect apps and digital services on their devices.
“Smart cards used to host one or just a few apps,” comments Gil Bernabeu, Technical Director of GlobalPlatform. “Now, SEs support multiple domains with many apps and increasingly innovative ways of connecting to them and using the secure services they offer. We need secure, confidential ways to remotely load and manage apps without them interfering with each other. Our specifications and Protection Profiles are the vehicle to enable this, fostering trust and collaboration across the industry, and ensuring the same stringent level of security across different deployment models.”
Thanks to a modular structure, the PP enables the evaluation of different SE use cases and form factors. This includes smart card SEs including payment, SIM cards or ID documents, to embedded SEs in smartphones and IoT devices, and also advanced uses cases available on integrated form factors which have emerged to address the security requirements of connected device designs.
To enable simple access to the secure services offered by SEs, like signature or user authentication for consumer payment and identity use cases, as well as Secure Boot or attestation for device-based use cases, GlobalPlatform has selected a security assurance level of EAL4+ augmented with ALC_DVS.2 (sufficiency of security measures) and AVA_VAN.5 (advanced methodical vulnerability analysis).
This assures stakeholders including Mobile Network Operators (MNOs), application developers, IoT cloud platforms and service providers that their critical assets loaded on a GlobalPlatform-certified SE are protected from complex attacks.
*NOTE TO EDITORS: A Secure Element (SE) is a tamper-resistant platform (usually a one chip secure microcontroller) capable of securely hosting applications and their confidential, cryptographic data. Tamper-resistance enables the highest level of protection available in today’s connected devices. SEs are used in smart cards, passports and ID cards, but also embedded in smartphones and IoT devices.
For further media information, please contact Fergus Straiton:
firstname.lastname@example.org / or on +44 (0) 113 350 1922
GlobalPlatform is a technical standards organization that enables the efficient launch and management of innovative, secure-by-design digital services and devices, which deliver end-to-end security, privacy, simplicity and convenience to users. It achieves this by providing standardized technologies and certifications that empower technology and service providers to develop, certify, deploy and manage digital services and devices in line with their business, security, regulatory and data protection needs. Key offerings include secure component specifications; the Device Trust Architecture for accessing secure services within a device; the IoTopia Framework for secure launch and management of connected devices; and the SESIP Methodology for IoT device certification.
GlobalPlatform technologies are used in billions of smart cards, smartphones, wearables and other connected and IoT devices to enable convenient and trusted digital services across market sectors, including healthcare, government and enterprise ID, payments, smart cities, industrial automation, smart home, telecoms, transportation, utilities, and OEMs.
GlobalPlatform standardized technologies and certifications are developed through effective industry-driven collaboration, led by multiple diverse member companies working in partnership with industry and regulatory bodies and other interested parties from around the world.