Implementation Guide for Deploying GlobalPlatform Technology on a Secure Element is Published
31 October 2012 – GlobalPlatform, the organization which standardizes the management of applications on secure chip technology, has released an implementation guide which details how its technology can be deployed on a secure element (SE). The document will be of particular interest to parties working to advance secure application management on embedded SEs and smart microSD cards.
An SE is a tamper-resistant platform – typically a one chip secure microcontroller – capable of securely hosting applications and their confidential and cryptographic data in accordance with the rules defined by a set of well-identified trusted authorities. The technology has evolved from existing secure chip technology to meet the needs of the mobile world. With multiple applications now being stored and their processes executed in the same mobile device, the SE is becoming a central component of the mobile services landscape. There are three different form factors of SE: Universal Integrated Circuit Card (UICC); embedded SE; and smart microSD card.
The GlobalPlatform SE Configuration explains how GlobalPlatform Card Specification v2.2 can be implemented on an SE, specifically addressing the needs for card manufacturers and application developers working with embedded SEs and smart mircoSD cards. GlobalPlatform has previously published the UICC Configuration which focuses solely on this form factor.
This latest configuration outlines the behavior of each and every actor involved in an embedded SE or smart microSD card implementation, how they should be represented, and a summary of their role and responsibilities in a variety of business models.
Gil Bernabeu, GlobalPlatform Technical Director, comments: “The publication of this document is significant. GlobalPlatform has been working to standardize all three SE form factors to provide service providers and application developers with confidence when creating their products. Broader development and deployment reduces costs and time to market. With standardization and interoperability across the marketplace, developers will only need to make one application, where they once needed to create three.”
The SE Configuration incorporates all the latest additions to GlobalPlatform’s Card Specification v2.2. This includes enabling service providers to confidentially and independently manage their applications remotely while using a third party’s infrastructure. It also applies new cryptographic schemes based on Elliptic Curve Cryptography (ECC) and up-to-date RSA algorithms and keys.
“Our alignment with the SD Association, which was announced in 2011, and other industry associations has been essential to create a document that addresses the specific technical needs of this market,” explains Gil. “The expertise and time contribution of our membership has also been fundamental in achieving a final, adaptable and market-ready implementation guide.”
Gil highlights that the selection of an SE is a business choice that will be made by the service provider or end user. GlobalPlatform’s concern lies with how SEs will manage applications. He adds: “Authentication, identification, signatures and PIN management are all central to the deployment of mobile value added services and all require a protected environment to operate securely. Taking a payment application as an example, it is important that the user’s credentials do not become visible. The tamper resistant security of the SE is ideal for this task.”
GlobalPlatform is currently working to advance its SE compliance program to incorporate the latest SE Configuration. The program was endorsed earlier this year by EMVCo – the EMV® standards body collectively owned by American Express, JCB, MasterCard and Visa.