Unprecedented Standards of On-Card Security with Launch of Card Security Requirements Specification

12 May 2003 – A revolutionary new Specification, announced by GlobalPlatform today, will raise world-wide security standards for smart cards, by defining security rules for the card in correlation with risk management decisions, security policies derived from those decisions and card configuration options supporting those policies.

The new GlobalPlatform Card Security Requirements Specification presents a semi-formal security specification for the entire card’s platform, including the card’s operating system and runtime environment (such as Java Card), in addition to the GlobalPlatform card and application management functionality. This ‘inclusive’ and systematic nature of the Specification results in a totally secure card environment, regardless of the required security level of individual applications loaded onto it.

Jerry Johnson, Chairman of GlobalPlatform and President /CEO of Datacard Group, comments: "The GlobalPlatform Card Security Requirements Specification clarifies security requirements for Issuers and card manufacturers alike, allowing each party to make informed choices regarding security policies and raising the standards of global smart card security to an unparalleled level.

"This standard will ultimately facilitate the global deployment of secure applications by ensuring that the security standards of the card platform matches, or exceeds, that of any application running on it.

"I am very pleased to report this progress on behalf of GlobalPlatform, as this rationale for security rules and policies marks a significant milestone in the organization’s development."

Functionality

The GlobalPlatform Card Security Requirements Specification explains the security architecture of GlobalPlatform cards and facilitates the development of security design documents. It simplifies and expedites the security evaluation process for GlobalPlatform card products, by providing guidelines for Security Target developers, i.e. according to Common Criteria Methodology (ISO 15408).

The Specification also provides guidelines for Issuers selecting card configuration options for their GlobalPlatform cards. This allows Issuers to undertake better risk evaluations and define, with increased confidence, their own consistent set of security rules, selecting accordingly the most appropriate GlobalPlatform card configuration.

Availability

The GlobalPlatform Card Security Requirements Specification, is available for free and immediate download from the GlobalPlatform public website, www.globalplatform.com

For further information on the Card Security Requirements Specification, please visitwww.globalplatform.org or contact the Secretariat: secretariat@globalplatform.org.

To arrange an interview with a GlobalPlatform spokesperson or for further media information, please contact Lee’ann Connell or Sarah Bayne at Sinclair Mason on Tel: + 44 (0) 113 237 0777 or e-mail: leeannc@sinclairmason.com or sarahb@sinclairmason.com

GlobalPlatform PR contact at CardTech/SecurTech 2003: Lee’ann Connell, Tel: +44 (0) 7802 487 624

About GlobalPlatform:

GlobalPlatform is the only cross-industry forum focused on the development, management and promotion of specifications for smart cards, devices and systems. With support from its global member organizations, GlobalPlatform promotes a standard framework facilitating the implementation of smart card programs in any industry around the world. GlobalPlatform allows flexibility in the choice of technologies and vendors through an emphasis on open standards for cards, terminals and support infrastructure.

GlobalPlatform totals fifty-six members from across Europe, USA, Australia, Japan and Korea, including issuers, manufacturers, and vendors of multiple application smart cards, such as American Express, Datacard Group, MasterCard International, Oberthur, Proton World, Schlumberger, Sun Microsystems, Thales and Visa International, as well as several government bodies.