April 2021 Newsletter

Letter from GlobalPlatform’s Executive Director

Last month we welcomed members to GlobalPlatform’s  Spring Meetings  and also hosted an engaging IoT Device Secure Onboarding Solutions workshop that was attended by a wide array of delegates. If you would like to catch up on the workshop, you can do so here. You can also stream the two presentations delivered by our Technical Director at this year’s Embedded World on the event website here.

Looking ahead, on April 13-14 GlobalPlatform will host another virtual workshop, alongside an exciting line up of contributors who will explore the use of SEs in IoT through use cases and live demonstrations. Register for free here.

We are also happy to welcome two new members to our organization in Intel and Institute for Information Industry (III), who join as Observer and Public Entity members respectively.

‘SE for IoT’ Workshop: April 13-14

GlobalPlatform is hosting a free-to-attend virtual workshop to explore the use of secure element (SE) technologies in IoT, to enable end-to-end security privacy and convenience. The workshop will include  presentations and use cases from experts, to educate delegates on quickly and cost-effectively using SEs to solve their IoT implementation, business, security, regulatory and data protection challenges.

The agenda includes:

  • A welcome from GlobalPlatform and Oracle
  • An introduction to GlobalPlatform SEs.
  • Java Card overview
  • GlobalPlatform SEs for IoT
  • Using Java Card for IoT
  • Device attestation using Java Card
  • Onboarding technologies – DLOA and MUD files.
  • Device connectivity based on SIM application engine.
  • Multiple independent OS on tamper-resistant platform.
  • GSMA’s IoT SAFE – Robust and effective IoT security at scale.
  • Multi-cloud authentication and communication using Java Card.

We would like to thank our speakers, as well as Prime Sponsor Oracle and Supporting Sponsors STMicroelectronics and Able Device, for helping to make the workshop possible.   These sponsors are also staffing virtual demonstration booths throughout the workshop and an additional bonus demonstration day on 15 April.  You can register for private demonstrations and meetings directly from the workshop platform.

Additionally, we thank our association partners Eurosmart, Java Card Forum and Trusted Connectivity Alliance for supporting the workshop.

Registration is now live!

Register here

Insight Series: GlobalPlatform’s initiatives for a safer, simpler IoT

The latest installation of the GlobalPlatform insight series comes from our Board Chair, Stephanie El Rhomri who outlines our key initiatives for the year ahead.

This includes information about the evolution of SESIP, the IoTopia framework and our MUD file service. As well as the priorities of our TPS committee.

GlobalPlatform is working to enable collaboration in the device ecosystem to help stakeholders build, certify, deploy and manage their solutions with confidence in security and functionality.

Spring Meetings review

It was great to once again host members at our bi-annual meetings, where GlobalPlatform’s Technical Committees and Task Forces advanced their individual roadmaps and solidified plans for the remainder of the year.  We also  engaged members with discussions around how GlobalPlatform is continuing to drive standards for the benefit of our increasingly connected world.

Spring Meeting materials and presentations are available for review on the member website.

Stay tuned for more information and announcements about our Fall Meetings.

Watch our IoT Secure Device Onboarding Solutions workshop

On March 17, GlobalPlatform hosted a live workshop to discuss key considerations for IoT stakeholders when onboarding IoT devices to a service.   The workshop offered in depth insight into a number of onboarding solutions with a goal to identify features and functions that are common to all.

Involving live presentations  from our Technical Director, Gil Bernabeu, as well as contributors from Cisco, EmbeDD, Fraunhofer SIT, Infineon, Intel, NIST, Sandelman Software Works and UL, the workshop armed delegates with knowledge of how to successfully and securely onboard IoT devices.

If you missed any of the sessions, the workshop is now available on-demand through our member website.

CTF Workshop: call for contributions

In May, GlobalPlatform’s China Task Force (CTF) is planning a virtual workshop to benefit both Chinese and non-Chinese members.

The CTF is currently looking for contributions from speakers that are willing to share their experiences, views on industry trends, examples of common demands and pain points, and (non-promotional) demonstrations of technical solutions.

If you are interested in discussing any of the above relating to IoT security and certification, please send your speaker proposal (the title of your presentation and a brief synopses) to myself, kevin_gilllick@globalplatform.org, by Friday, 16 April.

Technical Documents

New Document Releases

A minor version release of the GlobalPlatform Device Internal Core API, with additions and bug fixes applied and showing all non-trivial changes since v1.2.1.

This document has been made available for public and member download.

Download

This document lists the security functions that should be considered during the evaluation of a Secure Element (SE) product that is based on the GlobalPlatform (GP) Card Specification. It addresses GlobalPlatform configurations and amendments to ensure the security scope, and the different claimed configurations, match a predefined list of security features.

This document has been made available for public and member download.

Download

Specifications Under Review

This document is the SESIP Profile for Secure MCUs and MPUs, designed for the security evaluation of MCUs and MPUs using the SESIP methodology.

This document has been made available to solicit comments from the GlobalPlatform membership. Please provide comments by Wednesday April 14, 2021.

Download

These recommendations define the GlobalPlatform technology usage of the cryptographic strengths for the management of a secure component and associated content. They also share the targeted security strengths for future GlobalPlatform specifications. This is the first revision of the document published in February 2019 by the Security Task Force, and focuses mainly on TLS 1.3 updates.

This document has been made available to solicit comments from the GlobalPlatform membership. Please provide comments by Wednesday April 14, 2021.

Download

The Virtual Primary Platform (VPP) encapsulates a technology dependent part of a Tamper Resistant Element (TRE) named the primary platform, offering the lowest level of virtualization of critical resources via an API for managing firmware. The VPP specifications define an interface management system that facilitates communication between VPP apps, the VPP itself, the other components present within the device, and the outside world.

GlobalPlatform is updating its existing VPP specifications to include corrections and clarifications, as well as changes resulting from requests and discussions with ETSI TC SCP.

It is the first out of the four VPP specifications that GlobalPlatform is updating, and making available for public review. Please provide comments by Friday April 23, 2021.

Download

This document specifies the VPP Firmware Format, which enables the primary platform maker to reach the needed interoperability with other firmware makers as defined in the open firmware loader (OFL).

It is the second out of the four VPP specifications that GlobalPlatform is updating, and making available for public review. Please provide comments by Friday April 23, 2021.

Download

This document specifies a logical interface that enables operations on the VPP Firmware Loader of the primary platform of the integrated Tamper Resistant Element (TRE) within a system on chip.

It is the third out of the four VPP specifications that GlobalPlatform is updating, and making available for public review. Please provide comments by Friday April 23, 2021.

Download

This document outlines the requirements, virtualization process and interfaces associated with VPP.

It is the fourth of the four VPP specifications that GlobalPlatform is updating, and making available for public review. Please provide comments by Friday April 23, 2021.

Download

This second version of the SESIP methodology integrates two main additions: information about composition possibilities in the core document, plus guidelines in a new annex, and introduction of the concepts of SESIP Profiles and SESIP mappings.

This document has been made available for public review. Please provide comments by Friday May 7, 2021.

Download
Speaking Engagements

ETSI Quantum Safe Cryptography Technical Event

Our Security Task Force Chair, Olivier Van Nieuwenhuyze, joined ETSI’s virtual event for a talk on ‘Crypto-agility and the Migration to Quantum-Safe Cryptography.’ If you missed the presentation,  registered attendees can stream content on-demand via the event website.

Watch on-demand

EU Cybersecurity Act Conference

Last month our Technical Director, Gil Bernabeu, joined the virtual panel ‘Consumer IoT: Building a European Scheme’ to discuss how a European cybersecurity certification framework could harmonize the development of trusted solutions that protect consumer devices from evolving threats.

Watch on-demand

Embedded IoT World

Join GlobalPlatform’s Strategic Director of IoT Security, Chris Steck, on Wednesday, April 28 from 16:10 – 16:40 PST for the virtual presentation ‘Building IoTopia – GlobalPlatform’s initiative to standardize security for IoT devices & services.’

Learn more and register
Membership Offers

For archived newsletters

GlobalPlatform
Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.

GOOGLE CHROME
FIREFOX
MICROSOFT EDGE