May Newsletter – SESIP, SAM and Hybrid Crypto

Letter from GlobalPlatform’s Executive Director

If you missed our SESIP workshop in Austin last month, you can still catch up on the insights shared by our expert speakers. Our latest blog provides a summary of all keynotes, case studies and panel sessions to help you learn more about the discussions we had on safeguarding the future of connected ecosystems. Presentations from the day are also available to download via the blog’s web page.

If you want to learn even more about SESIP, Secured Applications for Mobile, how GlobalPlatform is supporting MNOs and other key considerations from throughout the ecosystem, we’ll soon be releasing a series of video interviews with a number of industry leaders. In these interviews, we’ll explore the key trends for stakeholders throughout the value chain, looking into key topics from a number of different use cases and verticals.

If you’d like to hear more from GlobalPlatform, then don’t miss our upcoming presentations at the EU Cybersecurity Act Conference (May 24) and at Embedded World 2022 (June 23). You can learn more about these talks below.

 

SESIP Workshop Insights Blog

Last month, stakeholders from throughout the IoT ecosystem convened in Austin, Texas for our Secure Evaluation Standard for IoT Platforms (SESIP) workshop. This day of keynotes, case studies and panel sessions featured leading experts discussing the importance of collaboration between security schemes to safeguard the future of connected ecosystems.

Our latest blog explores the key topics and trends that emerged from the discussions at this workshop. It looks into each session to summarize the highlights and key takeaways from the day. Each of the speaker presentations from the workshop are also available for download.

Learn more

BLOG: Hybrid Crypto - Anticipating the Break of Asymmetric Crypto

In this blog, Beatrice Peirani, Chair of the GlobalPlatform Crypto Sub-Task Force, introduces the concept of ‘hybrid crypto’, and explains why this approach is a necessity to protect our digital lives in a post-quantum world.

Beatrice also provides an update on how GlobalPlatform is helping connected industries mitigate the quantum-computing threat and align with various initiatives from other Standards Development Organisations (SDOs) including NIST.

White Paper: SESIP Applicability for ETSI EN 303 645

With IoT cybersecurity threats becoming an increasing concern, steps are being taken to ensure the implementation of the necessary security provisions. Regulations such as ETSI EN 303 645 are becoming ever more widely referenced in IoT product development.

Read our white paper to explore how the Secure Evaluation Standard for IoT Platforms (SESIP) methodology maps to the requirements of ETSI EN 303 645 and provides a scalable approach to assessment that helps laboratories and developers demonstrate the conformance of their product.

GlobalPlatform MCU Protection Profile Helps Simplify IoT Security and Certification

To help manufacturers build, certify and launch secure technologies quicker and easier, GlobalPlatform has enhanced its protection profile for Microcontroller Units (MCUs). This update helps solution providers account for risks by defining the security levels required by a digital service. This supports devices that needs a Root of Trust and secure environment to protect critical assets.

This update is part of GlobalPlatform’s Security Certification Program – our commitment to creating trust throughout the connected device ecosystem by assisting with the management of various security requirements and initiatives.

Welcome New Member Fortress Information Security

I’m pleased to announce GlobalPlatform has welcomed another new member this month. Fortress Information Security LLC provides cyber risk management solutions for mission critical infrastructure and supply chains.

GlobalPlatform is driven by its members, which represent diverse companies and industries from across the globe, who come together with a common goal to shape the future of secure, innovative solutions.

Technical Documents

New Document Releases

This document includes all the errata and precisions that have been released for Secure Element Access Control v1.1.

Download

This update of GlobalPlatform Card Specification Amendment J: Broker Interface contains one bug fix related to a misalignment between the specification and the API plus a new CDCVM request method. It comes with an update to the Broker API.

Download

Specifications Under Review

This update includes new functionality and extensions to enable TLS 1.3 client mode as well as a better operating mode support for TLS key establishment beyond the original Pre-Shared Keys (PSKs).

This document has been made available for public review. Please provide comments by Friday May 20, 2022.

Download

This protection profile defines the security requirements for FIDO2 SE Authenticators that are implemented as security chips with a FIDO2 application running on top of a SE platform conformant with GlobalPlatform SE Protection Profile.

This document has been made available for member review. Please provide comments by Friday May 27, 2022.

Download

GlobalPlatform Technology TPS Keystore API v0.0.0.15 has undergone a major revision. This specification defines a TPS Keystore API protocol for communicating with a TPS Keystore.

This document has been made available for member review. Please provide comments by Friday May 27, 2022.

Download

This specification defines the TPS Client API, a communications API for connecting TPS Clients with TPS Services where the TPS Client connecting to a TPS Service can be either an application or another TPS Service.

This document has been made available for member review. Please provide comments by Friday May 27, 2022.

Download

This new specification, GlobalPlatform Card Specification Amendment K: Secure Channel Protocol 04, provides a generalization of the Secure Channel Protocol 03. It allows the use of other block ciphers than AES and other modes for encryption and MACing, including AEAD modes. It is a first step towards crypto agility which is relevant for introducing quantum safe crypto algorithms.

Due to additional updates, the document is submitted for a 2nd Member Review. Please provide comments by Friday May 27, 2022.

Download

This white paper explores the current industry approach to platform and component security, and the device and application security these assurances enable, as well as the security levels and certification programs already widely adopted in the global technology industry.

This document has been made available for member review. Please provide comments by Monday May 30, 2022.

Download
Speaking Engagements

EU Cybersecurity Act Conference

On May 24 at 14:00 CET, GlobalPlatform Board member, Olivier Van Nieuwnhuyze is delivering the presentation ‘Security Levels: Mapping Misalignment with Industry & Understanding the Impact’.

Register

GlobalPlatform to speak at Embedded World 2022

Join GlobalPlatform for our presentation “Device APIs to Root of Trust: An Open-source Implementation Building Chains of Trust Between IoT Device Makers and Digital Services”. Board member Jeremy O’Donoghue will be delivering the talk at 14:15 CET on June 23.

Register

Bringing TEE benefits to the IoT

Catch up on Gil Bernabeu’s presentation from RISC-V Summit on demand now. Watch the presentation to learn how GlobalPlatform is extending its TEE solutions to bring trust to digital services as new IoT use cases unfold.

Watch the video
Membership Offers

For archived newsletters

GlobalPlatform
Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.

GOOGLE CHROME
FIREFOX
MICROSOFT EDGE