The aim of the GlobalPlatform Device Committee is:
- To define an open security architecture for consumer and connected devices - the trusted execution environment (TEE) - enabling the development and deployment of security applications from multiple service providers.
- To define on-device services necessary for the management of secure elements (SE) and secure interaction with SEs including the UICC, embedded SE and smart micro SD.
The Device Committee is currently chaired by Christophe Colas from Trustonic.
- To develop, maintain and evolve specifications for the TEE.
- To advance and maintain the GlobalPlatform TEE Compliance Program, to facilitate interoperability with trusted application deployments within TEEs.
- To define, develop and progress the GlobalPlatform TEE Security Certification Program, to facilitate the security ranking of TEE implementations.
- To maintain and evolve specifications for the GlobalPlatform Secure Element Remote Application ManagementSpecification facilitating the connection of Trusted Service Managers (TSMs) to SEs.
- To maintain and evolve specifications for the GlobalPlatform Secure Element Access Control Specification enabling the control of communication between device applications to SEs.
- To reach out to and liaise with other relevant industry and standardization groups and identify new business requirements and opportunities for progressing joint working initiatives.
- To work with GlobalPlatform's Task Forces and Card and Systems Committees to ensure the alignment of smart device technology within the context of the wider GlobalPlatform infrastructure.
- To maintain the legacy GlobalPlatform Device/STIP Specifications and GlobalPlatform Device and Application Security Management (DASM) Specification as well as related supporting documents and tools, while retaining backwards compatibility with earlier technology releases.
Beneficiaries of the Committee Include:
- Device and chipset manufacturers looking for a standardized way to provide a TEE.
- Service providers who will benefit from the protection of secure applications within a single, standardized and interoperable environment.
- Application developers wishing to create interoperable yet sensitive applications, while enjoying the added support provided by the GlobalPlatform community.
- Network and service operators wishing to offer customers additional trust through a secure environment which is interoperable between various device platforms.
- TSMs which want to manage trusted applications remotely. All of the above parties that have an interest in having SE management components within a device.
Achievements in 2012
- Host of two Mobile Security Seminars to promote standardization efforts within the TEE space, which took place in Tokyo and Beijing.
- Release of the GlobalPlatform Secure Element Access Control Specification security mechanism, which prevents unauthorized applications residing in a mobile device communicating with an SE. The technical specification has been developed to ensure that legitimate secure mobile services are not denied access to the SE due to malicious third parties.
- Launch of the GlobalPlatform TEE Compliance Program. The certification of products to GlobalPlatform's TEE Specification Suite will promote confidence within the advancing secure mobile services landscape by establishing an agreed industry framework.
2013 Activities and Priorities:
- To continue the advancement of specifications to address the administration of the TEE.
- To maintain and evolve TEE Internal APIs to add features including trusted user interface, access to SEs, debug and networking.
- To support the evolution of the GlobalPlatform TEE Compliance Program.
- To progress GlobalPlatform TEE Security Certification, a program which will enable independent entities to validate TEE security levels. The scheme – entitled the TEE Protection Profile – will be based on the Common Criteria Security Standards, and will guide the minimum security requirements for a TEE offering a baseline of platform security.
- To define the TEE role and requirement during device boot.
- To investigate and define as relevant a secure channel between the TEE and SE.
- To enhance the Secure Element Access Control Specifications with the support of trusted applications running in the TEE.
- To launch an annual event that will promote the TEE and its benefits to the secure mobile services ecosystem and promote implementation within the marketplace.
- To maintain and update all GlobalPlatform Device Specifications as appropriate.
Device Committee Working Groups:
TEE Specifications Working Group
- To define and advance GlobalPlatform's TEE core technology developments and market offering including APIs and TEE administration.
TEE Compliance Working Group
- To facilitate interoperability between TEEs.
TEE Security Working Group
- To ensure there is a method to evaluate the security of TEEs by closing the certification gap with a pragmatic approach.
TEE Roadmap Working Group
- To identify opportunities and strategic direction of GlobalPlatform's TEE Roadmap to meet market requirements.
SE Remote Application Management Working Group
- To evolve as necessary the GlobalPlatform SE Remote Application Management Specification.
SE Access Control Working Group
- To design security mechanisms to control and standardize the manner in which the access control policy is stored and read in an SE.
- To define an access control policy at a device level (e.g. on an Android device).
Trusted Computing Group (TCG) Working Group
- To share expertise and collaborate around mobile device industry standards, including technical requirements, specifications and use cases.
- To ensure alignment between security topics in regards to the TCG Trusted Platform Module Mobile (TPM Mobile) and GlobalPlatform's TEE Specifications.