The GlobalPlatform Trusted Execution Environment Protection Profile is Officially Certified Against Common Criteria
Product vendors are now able to undertake formal security evaluations for TEE products
4 February 2015 – The Common Criteria portal has officially listed the GlobalPlatform Trusted Execution Environment (TEE) Protection Profile (PP) on its website, under the Trusted Computing category. This important milestone means that industries using TEE technology to deliver services such as premium content and mobile wallets, or enterprises and governments establishing secure mobility solutions, can now formally request that TEE products are certified against this security framework.
GlobalPlatform presented its TEE Protection Profile to Common Criteria for certification via Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI).
The GlobalPlatform TEE PP specifies the typical threats the hardware and software of the TEE – a secure area that resides in the main processor of a mobile device and ensures that sensitive data is stored, processed and protected in a secure environment – needs to withstand. It also details the security objectives that are to be met in order to counter these threats and the security functional requirements that a TEE will have to comply with. A security assurance level of EAL2+ has been selected; the focus is on vulnerabilities that are subject to widespread, software-based exploitation.
Vincent Strubel, spokesperson from ANSSI, comments: “It is important to remember that organizations expect all the services that they wish to deploy, especially those offering mobility of users and their access to sensitive information, to operate in a secure way. The TEE – regardless of manufacturer – must meet the requirements of a range of service providers from a variety of markets. Creating an international baseline for this technology is therefore important to bring clarity and consistency to this secure content environment and enable service providers to effectively manage risk. We were pleased to support GlobalPlatform in achieving Common Criteria certification for its TEE PP.”
With the GlobalPlatform TEE PP officially certified by Common Criteria, product vendors are now able to undertake formal security evaluation of their TEE products using laboratories licensed by supporting Certification Bodies (CB) to evaluate and certify that they meet the security requirements in the document. In addition to ANSSI, the TEE PP has received support from the Netherlands Common Criteria Scheme (NSCIB), with many other national certification schemes expected to follow shortly.
In addition to working with Common Criteria CBs, GlobalPlatform is extending its technical community collaboration to finalize its evaluation methodology. The industry body will launch a TEE security certification secretariat later this year, as well as announce GlobalPlatform security accredited laboratories.
Gil Bernabeu, GlobalPlatform’s Technical Director, adds: “We are delighted to receive this formal certificate for the GlobalPlatform TEE PP. As the standard for managing applications on secure chip technology, GlobalPlatform understands the importance of establishing a stable and scalable TEE ecosystem through testing and certification to support product interoperability and commercial efficiencies. To support all stakeholders within the TEE market and ensure products perform as required, GlobalPlatform has already established a functional testing environment. Advancing the security certification element enables us to offer a complete evaluation solution that will allow the community to effectively manage risk.”
The GlobalPlatform TEE PP defines the level of security required in a TEE. The document identifies the security needs of the TEE to support different market requirements by combining the standard security methodology outlined by Common Criteria, with the best practice specifications as defined by GlobalPlatform in relation to TEE architecture and interfaces. Download the GlobalPlatform Protection Profile.
Want to learn more about the TEE? View GlobalPlatform’s infographic.
For further media information, please contact Rob Peryer or Andrew Murgatroyd at iseepr: firstname.lastname@example.org / email@example.com or on + 44 (0) 1943 468007
Keep up to date with the latest news from GlobalPlatform:
- Follow on Twitter: http://bit.ly/wOiHFp
- Join us on LinkedIn: http://linkd.in/xjxsN5
- Subscribe to GlobalPlatformTV: http://bit.ly/1BzvLoa
Notes to editors:
GlobalPlatform is a registered trademark in the U.S. and other countries.
About the GlobalPlatform TEE protection profile:
The GlobalPlatform protection profile has been certified by ANSSI as EAL 2+ defined a specific level for TEE called AVA_TEE. This certification allows recognition as EAL2 in the CCRA (https://www.commoncriteriaportal.org/ccra/) and at EAL2+ in the SOG-IS (http://sogis.org/). The editor was Trusted Labs and the evaluation laboratory Thales.
About Common Criteria
Common Criteria is the international security certification standard (ISO15408) involving national certification bodies that work on a mutual agreement basis for the recognition of issued certificates. IT products and systems are evaluated to a universal standard and perform to a high and consistent standard.
GlobalPlatform is a cross industry, not-for-profit association which identifies, develops and publishes specifications which facilitate the secure and interoperable deployment and management of multiple embedded applications on secure chip technology. Its proven technical specifications are regarded as the international industry standard for building a trusted end-to-end solution which serves multiple actors and supports several business models.
The freely available specifications provide the foundation for market convergence and innovative new cross-sector partnerships. The technology has been adopted globally across finance, mobile/telecom, government, healthcare, retail and transit sectors. GlobalPlatform also supports an open compliance program ecosystem to ensure the long-term interoperability of secure chip technology.
As a member-driven association with cross-market representation from all world continents, GlobalPlatform membership is open to any organization operating within this landscape. Its 130+ members contribute to technical committees and market-led task forces. www.globalplatform.org