March 2022 Newsletter

Letter from GlobalPlatform’s Executive Director

I was excited to attended Mobile World Congress Barcelona alongside our Technical Director Gil Bernabeu. We engaged with leaders from the mobile ecosystem on how trends across 5G, cybersecurity, robotics and massive IoT will impact our industry, and the ways in which GlobalPlatform is helping stakeholders to navigate them.

One key initiative we continue to drive forward is IoT security certification, and I would like to remind you that our workshop in Austin, Texas is fast approaching on April 14. Co-located with the GlobalPlatform spring meetings, the workshop will showcase how the Security Evaluation Standard for IoT platforms (SESIP) methodology can address specific business and technical needs by reducing complexity in IoT security evaluation. View the latest agenda and register to attend here. If you are joining virtual please use the code SESIPVirtual2022.

Finally, there is still time to sign up to be one of GlobalPlatform’s certified SESIP lab trainers. If you’d like to learn more about becoming qualified to lead sessions in our new training program on the SESIP methodology for labs, please get in touch with me at ana.lattibeaudiere@globalplatform.org.

SESIP’s Role in the IoT Ecosystem: View the Agenda & Register

Taking place on April 14, the workshop will share real life examples of how SESIP is addressing key issues of scale and complexity in the security evaluation of IoT devices.

Alongside keynotes from NIST, SGS Brightsight, STMicroelectronics and Winbond, the workshop will feature live presentations, panels and use cases by speakers from Amazon, Microsoft, NXP, IoXT, PSA Certified and more, offering insight into how SESIP:

  • Reduces complexity, cost and time-to-market for IoT stakeholders by offering a methodology that’s mappable to other evaluation methodologies, and compliant with standards and regulations.
  • Facilitates device certification, by composition of certified parts, and reuse of certification across different evaluations.
  • Aligns with other standards like EN 303 645, IEC 62443 or NIST8259, to support IoT product manufacturers to comply with specific security requirements and regulations.
  • Can be adopted by labs to help build consistency across IoT certification schemes (regional or vertical) and maximise the value of SESIP.

Visit the website for the latest updates and to book your ticket. If you are joining virtual please use the code SESIPVirtual2022.

Learn more

SESIP Applicability for EN 303 645 White Paper

The SESIP methodology makes it easier for developers and labs to demonstrate conformance to other industry standards, by providing a scalable, time and cost-effective approach to security evaluation.

GlobalPlatform’s latest White Paper explores how SESIP maps to the requirements of the ETSI EN 303 645 standard ‘Cyber Security for Consumer Internet of Things’. It explains how the SESIP methodology can be used to support IoT vendors integrating those IoT platform components into their connected devices.

MCU Protection Profile: Simplify IoT Security & Certification

GlobalPlatform has published a new protection profile for Microcontroller Units (MCUs). This document is the latest update to GlobalPlatform’s security certification programme. It defines a set of security objectives and requirements for an MCU to answer to a specific level of protection and robustness.

This evolution of the protection profile will address the need for consistent and verifiable security. It offers a simple framework for labs, vendors and manufacturers build, certify and launch secure technologies and services.

Unlocking IoT Benefits with Industry Standards – Mobile Century

IoT connectivity is transforming the world around us. Yet as devices become more ingrained in our daily lives, security threats are rising and there are a growing myriad of regulations and requirements to answer to. Who should be responsible for IoT security?

Our article on Mobile Century looks at some of the key challenges facing the IoT ecosystem today and discusses how to overcome them.

GlobalPlatform’s MUD File Service

GlobalPlatform’s Manufacturer Usage Description (MUD) File Service aims to simplify and secure IoT device network onboarding and management, to facilitate convenient and secure device connectivity.

Manufacturers can use the free service to publish, in a unique location, the MUD file library associated with their products. Publication in the MUD File Service simplifies the access and consumption of MUD files from networks hosting these devices. Enabling manufacturers to share the intent, capabilities and requirements of their devices in this way eases onboarding and network management, and helps network managers manage the rapidly growing number, and types, of IoT devices in their environments safely and efficiently.

Technical Documents

New Document Releases

This maintenance release does not introduce any modification of the API itself but does provide a complementary item: the Java Card export file in format version 2.3 as defined since release 3.1 of the Java Card specifications. This may be used with tools from the Java Card 3.1 Development Kit to perform additional security checks on applications.

Download

This document describes requirements for a Biometric Payment Card (BPC), which is a smart card into which fingerprint biometrics have been integrated. This involves connecting a fingerprint sensor to the Secure Element (SE) on the card, either directly or with an MCU for processing of the sensor data as an intermediary.

Download

Specifications Under Review

Speaking Engagements

The Need for IoT Security Standardization and Certification Roundtable

GlobalPlatform’s Technical Director, Gil Bernabeu, will join the speaker line-up for this virtual event to deliver the presentation “GlobalPlatform Standards: Helping Device Manufacturers Realise IoT Market Promises”. Join Gil on April 8 at 10:20 CET.

Find out more

EU Cybersecurity Act Conference

Join GlobalPlatform Board member, Olivier Van Nieuwnhuyze, for the presentation ‘Security Levels: Mapping Misalignment with Industry & Understanding the Impact’ on May 24 at 14:00 CET.

Register

GlobalPlatform to speak at Embedded World 2022

Hear from GlobalPlatform Board Member, Jeremy O’Donoghue, at 14:15 CET on June 23 delivering the talk ‘Device APIs to Root of Trust: An Open-source Implementation Building Chains of Trust Between IoT Device Makers and Digital Services’.

Register
Membership Offers

For archived newsletters

GlobalPlatform
Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.

GOOGLE CHROME
FIREFOX
MICROSOFT EDGE