March 2022 Newsletter

Letter from GlobalPlatform’s Executive Director

I was excited to attended Mobile World Congress Barcelona alongside our Technical Director Gil Bernabeu. We engaged with leaders from the mobile ecosystem on how trends across 5G, cybersecurity, robotics and massive IoT will impact our industry, and the ways in which GlobalPlatform is helping stakeholders to navigate them.

One key initiative we continue to drive forward is IoT security certification, and I would like to remind you that our workshop in Austin, Texas is fast approaching on April 14. Co-located with the GlobalPlatform spring meetings, the workshop will showcase how the Security Evaluation Standard for IoT platforms (SESIP) methodology can address specific business and technical needs by reducing complexity in IoT security evaluation. View the latest agenda and register to attend here. If you are joining virtual please use the code SESIPVirtual2022.

Finally, there is still time to sign up to be one of GlobalPlatform’s certified SESIP lab trainers. If you’d like to learn more about becoming qualified to lead sessions in our new training program on the SESIP methodology for labs, please get in touch with me at ana.lattibeaudiere@globalplatform.org.

SESIP’s Role in the IoT Ecosystem: View the Agenda & Register

Taking place on April 14, the workshop will share real life examples of how SESIP is addressing key issues of scale and complexity in the security evaluation of IoT devices.

Alongside keynotes from NIST, SGS Brightsight, STMicroelectronics and Winbond, the workshop will feature live presentations, panels and use cases by speakers from Amazon, Microsoft, NXP, IoXT, PSA Certified and more, offering insight into how SESIP:

Reduces complexity, cost and time-to-market for IoT stakeholders by offering a methodology that’s mappable to other evaluation methodologies, and compliant with standards and regulations.
Facilitates device certification, by composition of certified parts, and reuse of certification across different evaluations.
Aligns with other standards like EN 303 645, IEC 62443 or NIST8259, to support IoT product manufacturers to comply with specific security requirements and regulations.
Can be adopted by labs to help build consistency across IoT certification schemes (regional or vertical) and maximise the value of SESIP.

Visit the website for the latest updates and to book your ticket. If you are joining virtual please use the code SESIPVirtual2022.

Learn more

SESIP Applicability for EN 303 645 White Paper

The SESIP methodology makes it easier for developers and labs to demonstrate conformance to other industry standards, by providing a scalable, time and cost-effective approach to security evaluation.

GlobalPlatform’s latest White Paper explores how SESIP maps to the requirements of the ETSI EN 303 645 standard ‘Cyber Security for Consumer Internet of Things’. It explains how the SESIP methodology can be used to support IoT vendors integrating those IoT platform components into their connected devices.

Read here

MCU Protection Profile: Simplify IoT Security & Certification

GlobalPlatform has published a new protection profile for Microcontroller Units (MCUs). This document is the latest update to GlobalPlatform’s security certification programme. It defines a set of security objectives and requirements for an MCU to answer to a specific level of protection and robustness.

This evolution of the protection profile will address the need for consistent and verifiable security. It offers a simple framework for labs, vendors and manufacturers build, certify and launch secure technologies and services.

Read here

Unlocking IoT Benefits with Industry Standards – Mobile Century

IoT connectivity is transforming the world around us. Yet as devices become more ingrained in our daily lives, security threats are rising and there are a growing myriad of regulations and requirements to answer to. Who should be responsible for IoT security?

Our article on Mobile Century looks at some of the key challenges facing the IoT ecosystem today and discusses how to overcome them.

GlobalPlatform’s MUD File Service

GlobalPlatform’s Manufacturer Usage Description (MUD) File Service aims to simplify and secure IoT device network onboarding and management, to facilitate convenient and secure device connectivity.

Manufacturers can use the free service to publish, in a unique location, the MUD file library associated with their products. Publication in the MUD File Service simplifies the access and consumption of MUD files from networks hosting these devices. Enabling manufacturers to share the intent, capabilities and requirements of their devices in this way eases onboarding and network management, and helps network managers manage the rapidly growing number, and types, of IoT devices in their environments safely and efficiently.

Learn more

Technical Documents

New Document Releases

GlobalPlatform Card API

This maintenance release does not introduce any modification of the API itself but does provide a complementary item: the Java Card export file in format version 2.3 as defined since release 3.1 of the Java Card specifications. This may be used with tools from the Java Card 3.1 Development Kit to perform additional security checks on applications.

Download

GlobalPlatform Technology SE Fingerprint Biometrics API Requirements v1.0

This document describes requirements for a Biometric Payment Card (BPC), which is a smart card into which fingerprint biometrics have been integrated. This involves connecting a fingerprint sensor to the Secure Element (SE) on the card, either directly or with an MCU for processing of the sensor data as an intermediary.

Download

Specifications Under Review

Speaking Engagements

The Need for IoT Security Standardization and Certification Roundtable

GlobalPlatform’s Technical Director, Gil Bernabeu, will join the speaker line-up for this virtual event to deliver the presentation “GlobalPlatform Standards: Helping Device Manufacturers Realise IoT Market Promises”. Join Gil on April 8 at 10:20 CET.

Find out more

EU Cybersecurity Act Conference

Join GlobalPlatform Board member, Olivier Van Nieuwnhuyze, for the presentation ‘Security Levels: Mapping Misalignment with Industry & Understanding the Impact’ on May 24 at 14:00 CET.

GlobalPlatform to speak at Embedded World 2022

Hear from GlobalPlatform Board Member, Jeremy O’Donoghue, at 14:15 CET on June 23 delivering the talk ‘Device APIs to Root of Trust: An Open-source Implementation Building Chains of Trust Between IoT Device Makers and Digital Services’.

Membership Offers

Visit the member website to view discount codes for each event

GlobalPlatform members will receive a 20% discount on registration.

GlobalPlatform members will receive a $150 discount on conference passes.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Newsletters

March 2022 Newsletter

Letter from GlobalPlatform’s Executive Director

GlobalPlatform Card API

GlobalPlatform Technology SE Fingerprint Biometrics API Requirements v1.0

Hey There!