GlobalPlatform Launches Device Application Security Management Specification
14 May, 2007 – GlobalPlatform, the international smart card specification organization, has launched a Device Application Security Management (DASM) Specification, which will facilitate dynamic pre and post issuance application download to GPD/STIP* terminals.
Prior to the installation of an application onto a terminal in a GPD/STIP environment, the application has to be packaged securely in a way that ensures it is authorized by the device owner and compatible with the device. This involves the exchange of information between a number of actors representing the application provider and the issuer. The new GlobalPlatform DASM Specification eases this process by addressing three key issues:
- The DASM Specification defines the individual roles and responsibilities of each actor in this process and specifies what information needs to be shared.
- The specification outlines how information is exchanged between actors, enabling them to communicate in a common language.
- Through Protection Domain definition, the DASM Specification allows the management of application rights and capabilities on the terminal itself, ensuring that issuers and third-party application providers have exclusive control over their own applications in a multi-application scenario.
The DASM Specification is designed as a suite of documents which provide a full standardized solution for provisioning applications in GPD/STIP devices: the DASM Concepts and Description Document Specification is the first document available. The GlobalPlatform Device Committee is finalizing the two others, namely the DASM Key and Certificate Management Specifications and the DASM Provisioning Specifications.
Gil Bernabeu, Technical Director at GlobalPlatform and Technical Advisor for the Standardization and Technology Department at Gemalto, comments: “The new DASM Specification from GlobalPlatform will benefit both application providers and issuers, by defining a standardized process for application provisioning which can be used in any GPD/STIP terminal. It will also bring conformity to the exchanges between all actors in the process, resulting in a faster and more efficient application download process, thereby easing deployment of applications in the GPD/STIP environment.”
The new DASM Specification is now available for public download at www.globalplatform.org.
*GPD/STIP – definition
STIP technology provides open standards for use on smart card accepting terminals. GPD refers to the GlobalPlatform Device Framework which is based on STIP technology.
GlobalPlatform is the global leader in smart card infrastructure development and its proven, technical specifications for cards, devices and systems are known as the standard for smart card infrastructure. GlobalPlatform is a member driven association with cross-industry representation from all world continents. For more information about GlobalPlatform, visit: www.globalplatform.org