GlobalPlatform Updates TEE Initial Configuration and Launches Compliance and Security Test Suites
Further enhances TEE security, compliance and interoperability
12 August 2016 – GlobalPlatform has published updates to its Trusted Execution Environment (TEE) Initial Configuration v1.1 and Test Suite v2.0 for functional compliance and in parallel has launched a Security Test Suite. Together these will enhance TEE interoperability and security and make it easier for TEE vendors to ensure compliance against GlobalPlatform’s Device Specification.
The TEE is a secure area of the main processor in a smart phone (or any connected device) that ensures sensitive data is stored, processed and protected in an isolated, trusted environment. The technology offers protection against software attacks, assists in the control of access rights and houses sensitive applications.
The Initial Configuration v1.1 and accompanying functional compliance Test Suite v2.0 have been updated in response to the latest feedback from the TEE testing and compliance ecosystem which is working on live implementations. The updated TEE Initial Configuration v1.1 describes common implementation requirements of core features of the GlobalPlatform Device Specification. It includes refinements to features including the internal core and the client specification.
The functional compliance Test Suite v2.0 sets the basis for a minimum but mandatory level of interoperability. This new test suite and its associated qualified test tools have been tested in both Android and Linux environments to extend the scope of the TEE qualification, to support new types of device and to enhance interoperability.
The parallel launch of the new TEE Security Test Suite enables vendors to confirm the security of their TEE products as measured against the organization’s TEE Protection Profile, through independent security evaluation. It provides a defined set of tests that detect product vulnerabilities and it also incorporates a module that automates testing, thus accelerating and simplifying the testing process for security laboratories and reducing the time required to achieve certification. This enables vendors to carry out security testing during development, allowing them to use the same qualified test tools to automate both security and compliance testing.
These activities emphasize both security and compliance as part of GlobalPlatform’s drive to ensure a standardized level of security for embedded applications on secure chip technology. This is particularly important in use sectors such as Internet of Things, premium content protection and in particular mobile authentication, where the TEE is able to manage both user and back office authentication.
“The standardized TEE is key in meeting the market’s need for greater device security. Feedback from live implementations is invaluable to enhance the specifications and streamline the testing process. GlobalPlatform’s goal is to accelerate the deployment of certified TEE products and promote a globally interoperable, secure connected device ecosystem, which enables service providers to confidently and effectively manage risk.” said Gil Bernabeu, Technical Director of GlobalPlatform.
“The testing of the functional compliance TEE Test Suite v2.0 and its associated test tools in the Linux environment is particularly important because it promotes the deployment of certified TEE products into the Internet of Things market where Linux is widely used,” Bernabeu added.
Visit the GlobalPlatform website to view the full list of qualified laboratories for TEE testing and certification.
For further media information, please contact Rob Peryer or David Amos at iseepr:firstname.lastname@example.org / email@example.com or on + 44 (0) 1943 468007
Keep up to date with the latest news from GlobalPlatform:
- Follow on Twitter: http://bit.ly/wOiHFp
- Subscribe on YouTube: https://www.youtub e.com/user/GlobalPlatformTV
- Join us on LinkedIn: http://linkd.in/xjxsN5
Notes to editors:
GlobalPlatform defines and develops specifications to facilitate the secure deployment and management of multiple embedded applications on secure chip technology. Its standardized infrastructure empowers service providers to develop services once and deploy across different markets, devices and channels. GlobalPlatform’s security and privacy parameters enable dynamic combinations of secure and non-secure services from multiple providers on the same device, providing a foundation for market convergence and innovative new cross-sector partnerships.
GlobalPlatform is the international industry standard for trusted end-to-end secure deployment and management solutions. The technology’s widespread global adoption across finance, mobile/telecom, government, premium content, automotive, healthcare, retail and transit sectors delivers cost and time-to-market efficiencies to all. GlobalPlatform supports the long-term interoperability and scalability of application deployment and management through its secure chip technology open compliance program.
As a non-profit, member-driven association, GlobalPlatform has cross-market representation from all continents. 120+ members contribute to technical committees and market-led task forces. For more information on GlobalPlatform membership visit www.globalplatform.org