Latest GlobalPlatform Specification Delivers Security and Time-to-Market Benefits to the Trusted Service Manager Ecosystem
23 November 2015 – A new technology release from GlobalPlatform, which defines standardized security levels that can be selected by trusted service managers (TSMs) when communicating with other servers utilizing web services, will result in simpler and quicker implementations across the TSM ecosystem.
GlobalPlatform has published version 1.1 of its ‘Web Services Profile for GlobalPlatform Messaging’ Specification, which defines how two servers can communicate in a standardized manner using web services technology. A key update is the inclusion of four clearly defined security levels, ranging from ‘entry level’ through to ‘high level’. These security levels outline how a message should be sent between servers and specify the security architecture that should be implemented at each level to ensure confidentiality and integrity are maintained.
As the security levels are pre-defined by GlobalPlatform, an actor in the TSM ecosystem is able to review the four options and select the level that aligns with their existing business model. Specifically, the lowest security level (entry level) can be used in pilots or trials that only require a basic level of security; this enables these projects to be deployed quickly and more efficiently. Conversely, the high level of security can be used for projects where it is crucial that the data being communicated is kept secure during every stage of the process.
“Web services technology is traditionally perceived as difficult and time consuming to implement,” comments Gil Bernabeu, Technical Director of GlobalPlatform. “By clearly defining the security levels and providing a number of pre-determined options that align with the TSM ecosystem’s existing business models, our aim was to reduce the scope for misinterpretation. This streamlines implementation time and facilitates interoperability. Within version 1.1, we have also clarified a number of the policies included in the original specification; this was based on feedback from the industry for clearer direction on ambiguous areas of the document.”
The ‘Web Services Profile for GlobalPlatform Messaging’ Specification was originally published in 2011 and was developed based on standards from OASIS – a consortium that drives the development, convergence and adoption of open standards for the global information society – and the World Wide Web Consortium (W3C) – an international community developing web standards. GlobalPlatform has integrated the following OASIS Specifications: WS-Security and WS-Security Policy. The SOAP and WS-Addressing specifications offered by W3C have also been integrated. The pervasiveness of OASIS, W3C, and related WS* standards in current IT infrastructure products allows GlobalPlatform systems and solutions to leverage industry standard components and tools to ease integration.
Relevant to TSM implementers, mobile network operators and service providers, the ‘Web Services Profile for GlobalPlatform Messaging’, specifically addresses the requirements of GlobalPlatform’s recently published ‘System Messaging Specification for the Management of Mobile NFC-Services v1.2’. This document defines the roles of actors in the near field communication (NFC) landscape and the common language used between them to facilitate communication.
The ‘Web Services Profile for GlobalPlatform Messaging’ Specification is free to downloadfrom the GlobalPlatform website.
For further media information, please contact Kirsty Blackburn or Andrew Murgatroyd at iseepr: firstname.lastname@example.org / email@example.com or on + 44 (0) 1943 468007
Keep up to date with the latest news from GlobalPlatform:
- Follow on Twitter: https://bit.ly/wOiHFp
- Subscribe on YouTube: https://www.youtube.com/user/GlobalPlatformTV
- Join us on LinkedIn: https://linkd.in/xjxsN5
Notes to editors:
GlobalPlatform defines and develops specifications to facilitate the secure deployment and management of multiple embedded applications on secure chip technology. Its standardized infrastructure empowers service providers to develop services once and deploy across different markets, devices and channels. GlobalPlatform’s security and privacy parameters enable dynamic combinations of secure and non-secure services from multiple providers on the same device, providing a foundation for market convergence and innovative new cross-sector partnerships.
GlobalPlatform is the international industry standard for trusted end-to-end secure deployment and management solutions. The technology’s widespread global adoption across finance, mobile/telecom, government, premium content, automotive, healthcare, retail and transit sectors delivers cost and time-to-market efficiencies to all. GlobalPlatform supports the long-term interoperability and scalability of application deployment and management through its secure chip technology open compliance program.
As a non-profit, member-driven association, GlobalPlatform has cross-market representation from all continents. 130+ members contribute to technical committees and market-led task forces. For more information on GlobalPlatform membership visit www.globalplatform.org