GlobalPlatform Simplifies Implementation of Standardized IoT Device Security
New configuration helps device manufacturers to protect constrained devices from hackers and malware
September 26, 2018 – GlobalPlatform, the standard for secure digital services and devices, has published a configuration that simplifies the implementation of Secure Element (SE) specifications for the protection of internet of things (IoT) devices.
“At the moment some of the IoT sector are not taking security seriously enough,” explains Gil Bernabeu, Technical Director, GlobalPlatform. “Recent attacks demonstrate that any device can be attacked or infected with malware. Devices can then be used for DDoS attacks or to mine end user data, or even exploited to share their source code and other intellectual property. All of this can have significant reputational and financial impact on brands. This is why security needs to be foundational, considered at the start of the design phase.”
The GlobalPlatform Compact IoT Configuration v1.0 answers IoT-specific market requirements by giving service providers and device manufacturers the means to interact seamlessly when deploying secure digital services across constrained IoT devices. The use of standardized secure components makes the mass marketing of secure digital services possible, while bringing time and cost efficiencies to stakeholders within the ecosystem and enabling new business models. SEs can form the keystone for constrained IoT devices - balancing the flexibility of GlobalPlatform specifications, that cover a range of connectivity options including LoRaWAN™ and HTTPS, with the restrictions of low-end IoT devices using m-class processors.
This entry-level configuration enables manufacturers to identify the best solution for devices with limited operating environments by providing the subset of specifications that they need to develop and deploy IoT devices and services. The configuration supports root of trust (RoT) device identity, the protection of critical assets, state-of-the-art AES cryptography for device management and authentication, allowing automatic enrolment to online cloud services.
100% of SEs embedded in mobile devices are GlobalPlatform compliant. This shows that the SE configuration is perfectly fit-for-purpose for the mobile world, and GlobalPlatform expects the Compact IoT Configuration to achieve similar market penetration.
“The next step for GlobalPlatform is to publish new interfaces that connect the SE to the rest of the platform and support the latest industry protocols” Gil continues. “This, along with a new standard for connecting embedded SEs to the device bus, will further enhance the integration of SEs into IoT devices and bring greater protection for services and IP.”
All documents are available to download from the GlobalPlatform website.
Become a member to get involved in the maintenance and advancement of the GlobalPlatform specifications and configurations.
Keep up to date with the latest news from GlobalPlatform:
- Follow on Twitter: https://bit.ly/wOiHFp
- Join us on LinkedIn: https://linkd.in/xjxsN5
- Subscribe on YouTube: https://www.youtube.com/user/GlobalPlatformTV
Notes to editors:
GlobalPlatform is a non-profit industry association driven by over 100 member companies. Members share a common goal to develop GlobalPlatform’s specifications, which are today highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.
GlobalPlatform protects digital services by standardizing and certifying a security hardware/firmware combination, known as a secure component, which acts as an on-device trust anchor. This facilitates collaboration between service providers and device manufacturers, empowering them to ensure the right level of security within all devices to protect against threats.
GlobalPlatform specifications also standardize the secure management of digital services and devices once deployed in the field. Altogether, GlobalPlatform enables convenient and secure digital service delivery to end users, while supporting privacy, regardless of market sector or device type. Devices secured by GlobalPlatform include connected cars, set top boxes, smart cards, smartphones, tablets, wearables, and other internet-of-things (IoT) devices.
The technology’s widespread global adoption delivers cost and time-to-market efficiencies to all. Market sectors adopting GlobalPlatform technology include automotive, healthcare, government and enterprise ID, payments, premium content, smart cities, smart home, telecoms, transportation, and utilities.
GlobalPlatform’s legacy of successful technical specification development is thanks to two decades of energetic and effective industry collaboration. Members influence the organization’s output through participation in technical committees, working groups and strategic task forces. GlobalPlatform technology is developed in collaboration with numerous standards bodies and regional organizations across the world, to ensure continual relevance and timeliness. For more information visit www.globalplatform.org.