Workshop Overview

On Friday, 27 September 2019, GlobalPlatform is hosting an open workshop on key GlobalPlatform technologies, which will provide participants an opportunity to interact with subject matter experts.

This free-to-attend workshop takes place in Tokyo, Japan, and is open to GlobalPlatform members and non-members.

The workshop will offer both technical and business oriented content, providing market and business context for the need to secure our connected world.

Who should attend:

All those interested in device security, including program / project managers, security experts, product suppliers and technical consultants, as well as systems integrators involved with deployment and use of secure devices.

We also welcome business delegates who wish to expand their understanding of security and certification for safeguarding increasingly connected ecosystems.  The workshop is open to both GlobalPlatform members and non-members.

Sponsorship Opportunities

We are pleased to now offer sponsorship opportunities for this workshop.  Sponsorship is intended to help you reach key audiences including security experts, product suppliers, technical consultants and systems integrators.  To learn more and view the different packages available, please refer to the Technical Workshop Sponsorship Kit.

Workshop Agenda

GlobalPlatform Technical Workshop

9:00 AM – 5:00 PM

9:00 – 10:15 GlobalPlatform Organizational Structure

This brief presentation will offer insight into the market-based rationale behind recent organizational changes that had an impact on the SE, TEE and TPS Committees.


  • Kevin Gillick, Executive Director, GlobalPlatform

What is a Root of Trust (RoT) and why I need one?

This session will explore the value of the RoT and its role in providing shielded storage for confidential device information such as keys and passwords, making it hard for attackers. The session will also explain how a Chain of Trust is established to provide security from the RoT to the service provider.


  • TBD

How to get your product functionally certified – a step by step path

GlobalPlatform’s work to develop and maintain a certification program allows stakeholders to verify product adherence to the association’s technical specifications and market-specific configurations. During this session, device manufacturers will learn how to get a product functionally certified.


  • Gil Bernabeu, Technical Director, GlobalPlatform

10:15 – 10:30 Morning Break

10:30 – 12:00 GlobalPlatform Secure Element (SE) Committee Topics

Privacy enabled contactless applications

In February 2017, GlobalPlatform published the Privacy Framework, which specifies a generic environment for privacy sensitive applications, where sensitive information is only disclosed once the external party sufficiently authenticates. The next version of the Contactless Extension will include this framework, so that privacy sensitive applications can be used on the contactless interface of a mobile device.

The Broker interface for card holder authentication, including biometrics

The broker interface provides a generic on-card interface to forward information about the authentication level of the card holder. In the next version, this interface will be extended with biometric authentication mechanisms like fingerprint.

New ways for a confidential key agreement

Current mechanisms for a confidential key agreement for a second party require a secure channel being set up by the first party, typically the card issuer. The new Scenario 4 for Confidential Card Content Management will add a key agreement protocol which does not require such a secure channel and thus enables a simpler setup for new parties.

Endorsing Integrated Secure Element (iSE)

Chipsets are offering new tamper-resistant secure processors, and GlobalPlatform has started to integrate this new host for SE technology. This session will explore the Open Firmware Loader (OFL) and the Virtual Primary Platform (VPP) and how these specifications are used by ETSI in the Smart Secure Platform (SSP) to provide a standardized environment for designing secure operating systems targeting iSEs and a standardized loading and switching mechanism for such OSs.


  • Gil Bernabeu, Technical Director, GlobalPlatform

Enabling testing of embedded Secure Elements

Once a Secure Element is integrated with other chips, be it in one package or on a PCB, it can no longer be tested using a card reader. A new open source project will define a generic test mechanism based on a TCP socket for interfacing such secure elements to test systems.


  • Gil Bernabeu, Technical Director, GlobalPlatform

12:00 – 1:00 Lunch Break

1:00 – 2:00 GlobalPlatform Trusted Execution Environment (TEE) Committee Topics


GlobalPlatform is pleased to announce the new profile of the TEE Management Framework (TMF): the Open Trust Protocol (OTrP).  This session will provide the background information related to remote management on TEEs, the history of OTrP, high level details of the TMF-OTrP profile and a summary of the state of the overall Trusted Management Framework.

TA Portability Tools

In the continuing effort to bring the advantages of TEE trust to a wider audience, GlobalPlatform members which care about Trusted Application (TA) portability are now working on a generalized TA build environment. This will enable those who develop and deploy TAs to ease the integration of TA SDK from compliant TEE providers, and so TAs will be more automatically buildable for supported TEEs from those providers. This work has the potential to be integrated into an Application Store like systems for seamless TA deployment.

Updates on TEE-related Protection Profiles

GlobalPlatform continuously invests in the schemes for security certifications to align with technology development. This session will give the latest status of the Protection Profiles related to technology created in the TEE Committee around Biometry, Secure Media Path and Trusted User Interface (TUI).


  • Christophe Colas, TEE Committee Chair, GlobalPlatform

2:00 – 3:00 GlobalPlatform Trusted Platform Services (TPS) Committee Topics

Rising to the IoT Security Challenge: The Trusted Platform Services (TPS) Vision

GlobalPlatform created the Trusted Platform Services Committee to enable services to more easily benefit from the security capabilities offered by Secure Components. We show how GlobalPlatform technology can be used to establish trust relationships between system nodes and present the work we have done to expose this to services in a component-agnostic and cloud service-friendly manner.

The session will show how TPS Services are built:

  • For TEE-based systems, the Trusted Management Framework (TMF) and Open Transport Protocol (OTrP) Specifications
  • For SE-based systems, the Secure Element Management Service (SEMS), DSEM, Open Mobile API, Secure Element Access Control, Device Access Control and Bluetooth Smart Secure Connector Specifications

EAT: A Framework for Entity Attestation

Entity Attestation provides fresh and verifiable information about a device to relying parties so that they can tell good devices from bad (e.g. detecting devices that have been rooted, cloned are running under emulation). This first session on Entity Attestation will examine a selection of use-cases and show how an Entity Attestation Token can be used to provide end-to-end trust.

3:00 – 3:15    Afternoon coffee

3:15 – 4:15 GlobalPlatform Trusted Platform Services (TPS) Committee Topics (continued)

Verification Frameworks: How to Trust the Entity Attestation Token 

Continuing from the previous session, we will look at the role of the verifier in establishing trust using the Entity Attestation Token. Several different verifier models will be examined to demonstrate how they enable an end-to-end trust model for services.

A Scalable Keystore for IoT 

The ability to store, manage and use cryptographic keys is fundamental to many aspects of system security. Today, many devices use software-based cryptography with keys protected by the device OS kernel. We present a simple to use keystore for IoT use-cases that allows application developers to benefit from the considerable security upgrade that can be provided by protecting keys using Secure Components.

The TPS Client API

The Trusted Platform Services Committee is developing an application framework for Secure Components that provides a portable, consistent and simple to use API for services exposed by Secure Components. This session discusses the architecture of the TPS Client API and provides examples of how the exposed services can be used by Application Developers, both on the Device and in the Cloud.


  • Jeremy O’Donoghue, TPS Committee Chair, GlobalPlatform

4:15 – 4:45 Secure Certification and Level of Security

GlobalPlatform will introduce the Security Certification program and current schemes for SE and TEE. We will also share how GlobalPlatform plans to build a complete offering based on different levels of security.


  • Gil Bernabeu, Technical Director, GlobalPlatform

4:45 – 5:00 Wrap-up


Delegates attending GlobalPlatform’s technical workshop will learn from some of the industry’s foremost experts on securing digital services and devices.

Speakers you will hear from include:

As Executive Director of GlobalPlatform, Mr. Gillick is responsible for driving awareness and accelerating adoption of the GlobalPlatform Specifications within worldwide markets. Mr. Gillick coordinates and manages the organization’s strategic planning and oversees all marketing and business development initiatives within key vertical market sectors. He works closely with GlobalPlatform’s Technical Director, all three of the organization’s technical committees – Secure Element (SE), Trusted Execution Environment (TEE) and Trusted Platform Services (TPS) – and the GlobalPlatform Task Forces. Mr. Gillick is directly responsible to the Board of Directors and the GlobalPlatform membership.

Prior to his appointment to a full-time role within GlobalPlatform, Mr. Gillick held various marketing and business development at a range of multi-national technology (or technology-based) corporations.

Mr. Gillick has served as GlobalPlatform’s full-time Executive Director since 2006.

Mr. Bernabeu is the Technical Advisor for the Standardization and Technology Department at Gemalto. In this role, he supports Gemalto’s marketing and product groups to deploy trusted and convenient digital services.

Mr. Bernabeu was elected as GlobalPlatform’s Technical Director in 2005. His main role is to drive forward the development of GlobalPlatform’s specifications to deploy secure services. Mr. Bernabeu also acts as GlobalPlatform’s central technical liaison point, coordinating the efforts of the organization’s three technical committees – Secure Element (SE), Trusted Execution Environment (TEE) and Trusted Platform Services (TPS) – and the GlobalPlatform Task Forces with external partners.

Mr. Colas is currently SVP Products at Trustonic. In this role, he is responsible for managing the overall portfolio of Trustonic products focused particularly around application protection. Mr. Colas has participated in the development of several software architectures including Visa Open Platform Terminal Framework which has since transferred to GlobalPlatform.

Mr. Colas has been involved with GlobalPlatform since its inception, and was elected to serve as the association’s Device (now TEE) Committee Chair in 2009. He has also served as a GlobalPlatform Board Director since 2015.

Mr. O’Donoghue currently serves as a Principal Engineer / Manager at Qualcomm, working within the Secure Systems Group. He is responsible for architecture and development of software focussed around secure platforms and NFC. In previous roles at Qualcomm, he was the lead security architect and software lead for an NFC CLF development, and has worked extensively on telephony aspects of both Android and Windows-based mobile systems. Mr. O’Donoghue was also an early participant in developing the GSMA NFC Handset Requirements and Testbook.

Mr. O’Donoghue joined the GlobalPlatform Board of Directors in 2016.


We wish to give special thanks to our workshop sponsors who have joined together to make your day with us possible.

Trustonic is a venture formed in 2012 by blue chip leaders in the semiconductor industry (ARM) and digital security (Gemalto) to enable optimum security on all smart connected devices and associated services and applications. Trustonic pioneered the adoption of advanced Trusted Execution Environment (TEE) security technology into the world’s leading mobile devices, such as those from Samsung, vivo, OPPO, Xiaomi, LG, Meizu and Gionee, and has working solutions today underpinning Samsung Knox, Samsung Pay, Alipay and Symantec VIP.

Today more than one billion devices integrate the Trustonic Secured Platforms (TSP), and in 2017 Trustonic became the first vendor globally to achieve Common Criteria security certification for a Trusted Execution Environment (TEE)* device security product.

Travel & Venue

Friday, 27 September 2019
Pullman Tokyo Tamachi
Tokyo, Japan

Hotel & Event Location

Pullman Tokyo Tamachi

3-1-21 Shibaura, Minato-Ku
Tokyo 108-8566 – Japan

Hotel Website

Limited Seating

Seating for this workshop is limited. In order to avoid disappointment, please register now.

As seating is limited, we politely request you inform the GlobalPlatform Secretariat should you be unable to attend after registering.

To register for the Workshop

Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.