December 2018 Newsletter

This document presents a Java Language API binding for the GlobalPlatform Open Mobile API Transport Layer that specifically targets the Android Platform from Android P onwards: https://developer.android.com/preview/. This document is intended to be read in conjunction with GlobalPlatform Open Mobile API v3.3, which contains detailed descriptions of expected API behavior. An Open Source implementation of this API forms part of the Android Platform from API Level 28 (Android P). The source code is available from https://android.googlesource.com.

This maintenance release of the three VPP fast track specifications contains errata and precisions regarding concepts and interfaces, network protocols, and firmware formats. To provide the full specification set, the ZIP file also contains the VPP – Network Protocol Extension for the OFL v1.0, which was not updated.

This specification defines a set of C APIs for the development of Trusted Applications (TAs) running inside a Trusted Execution Environment (TEE). For the purposes of this document a TEE is expected to meet the requirements defined in the GlobalPlatform TEE System Architecture specification, i.e. it is accessible from a Rich Execution Environment (REE) through the GlobalPlatform TEE Client API (described in the GlobalPlatform TEE Client API Specification) but is specifically protected against malicious attacks and only runs code trusted in integrity and authenticity.

While the TEE Internal Core API enables the execution of sensitive operations within a Trusted Application (TA) running in the Trusted Execution Environment (TEE), certain applications need to expose sensitive information to the user for validation or need to get sensitive information from the user. Entering a PIN and signing a document are examples of operations that need to be handled inside the TEE for the Trusted Application and not to rely on facilities in the Rich Execution Environment (REE).

As had been previously road mapped, this version of the specification passes ownership of the specification of the generic events and peripheral system over to the TEE Internal Core API v1.2 and will be published alongside or slightly after TEE Internal Core API 1.2.

This document specifies the GlobalPlatform TEE compatible realization of the OTPA v1.0 Open Trust Protocol (OTrP) and JSON encoding for OTrP messages.

This has been made available in order to solicit public comments. Please provide your comments to the specification by completing the comment form by Friday, 11 January 2019. Please send your comments to: tmf-otrp-review@globalplatform.org

This new version of the amendment, which comes with an updated API, adds the support for Privacy Sensitive Applications.

This document has been made available in order to solicit comments from the membership of GlobalPlatform. Please note that we expect all comments by Thursday, 27 December 2018.

This new specification defines interfaces for a Secure Element different from ISO/IEC 7816-3. It specifies how to transfer APDUs between a hosting device and a Secure Element using serial physical interfaces required by new use cases for the Internet of Things (IoT), and in the mobile and wearable industries.

This document has been made available in order to solicit comments from the membership of GlobalPlatform. Please note that we expect all comments by Friday, 18 January 2019.

This document assists service providers with the development of applications supporting interaction with third-party Broker Applications. A framework and an API are defined and the document provides suitable details on the usage of this framework in the context of the Consumer Device Cardholder Verification Method (CDCVM) use case.

This document has been made available in order to solicit comments from the membership of GlobalPlatform. Please note that we expect all comments by Wednesday, 2 January 2019.