The aim of the GlobalPlatform Device Committee is:
- To define an open security architecture for consumer and connected devices - the trusted execution environment (TEE) - enabling the development and deployment of security applications from multiple service providers including technical specifications compliance and security certification programs.
- To define on-device services necessary for the management of secure elements (SE) and secure interaction with SEs including the UICC, embedded SE and smart microSD including technical specifications compliance.
The Device Committee is currently chaired by Christophe Colas from Trustonic.
- To manage, prioritize, develop, maintain and evolve specifications for the TEE.
- To advance and maintain the GlobalPlatform TEE Specifications to develop suitable services for trusted applications including their administration.
- To define, develop and maintain specifications related to the interaction between the TEE and SE.
- To advance and maintain the GlobalPlatform TEE Compliance Program, to facilitate portability and interoperability of trusted application (TA) deployments on different TEE implementations.
- To define, develop and progress the GlobalPlatform TEE Security Certification Program, to facilitate the security evaluations of TEE implementations.
- To maintain and evolve specifications for the GlobalPlatform Secure Element Remote Application Management Specification facilitating the connection of trusted service managers (TSMs) to SEs.
- To maintain and evolve specifications for the GlobalPlatform Secure Element Access Control Specification enabling the control of communication between device applications and TAs to SEs and including the related compliance program.
- To liaise, collaborate and / or coordinate Device Committee activities with other relevant industry and standardization groups which perform similar / complementary activities.
- To work with GlobalPlatform's Task Forces and Card and Systems Committees to ensure the alignment of smart device technology within the context of the wider GlobalPlatform infrastructure.
- To participate in the development of educational and promotional materials and events related to technology developed in the Device Committee.
Beneficiaries of the Committee Include:
- Device and chipset manufacturers looking for a standardized way to provide a TEE.
- Service providers who will benefit from the protection of secure applications within a single, standardized and interoperable environment.
- Application developers wishing to create interoperable yet sensitive applications, while enjoying the added support provided by the GlobalPlatform community.
- Network and service operators wishing to offer customers additional trust through a secure environment which is interoperable between various device platforms.
- TSMs which want to manage TAs remotely. All of the above parties that have an interest in having SE management components within a device.
Achievements to Date
- The launch of an annual conference to promote the TEE and its benefits to the secure mobile services ecosystem, and encourage implementation within the marketplace.
- Release of the GlobalPlatform Secure Element Access Control Specification security mechanism, which prevents unauthorized applications residing in a mobile device communicating with an SE. The technical specification has been developed to ensure that legitimate secure mobile services are not denied access to the SE due to malicious third parties.
- Launch of the GlobalPlatform TEE Compliance Program. The certification of products to GlobalPlatform's TEE Specification Suite will promote confidence within the advancing secure mobile services landscape by establishing an agreed industry framework.
- Publication of the TEE SE API v1.0, which specifies the syntax and semantics of the TEE SE API. The document is suitable for software developers implementing TAs running inside the TEE which need to expose an externally visible interface to client applications.
- Development of the Trusted User Interface API Specification v1.0. The technical specification is intended to support software developers implementing TAs running inside the TEE which need to display sensitive information to the user or retrieve sensitive data from the user.
- Release of the TEE Protection Profile v1.0. The specification constitutes the reference for the Common Criteria evaluation of GlobalPlatform’s TEE, which enables mobile security services such as content protection, rights management, corporate policies and payment.
2014 Activities and Priorities:
- To continue the advancement of specifications to address the administration of the TEE.
- To maintain and evolve TEE Internal APIs to add features including trusted user interface, biometry, secure channel protocol support, access to SEs, debug and networking.
- To support the evolution of the GlobalPlatform TEE Compliance Program.
- To define the TEE role and requirement during device boot.
- To investigate and define as relevant a secure channel between the TEE and SE.
- To enhance the Secure Element Access Control Specifications with the support of trusted applications running in the TEE.
- To establish a TEE Security Certification Program, which will aim to drive ‘practical’ TEE security certifications with short time-to-market constraints.
- To maintain and update all GlobalPlatform Device Specifications as appropriate.
- To address the requirements of GlobalPlatform’s recently formed Premium Content Task Force, and ensure alignment on work priorities.
- To engage with mobile network operators and key players in the web ecosystem to confirm industry requirements, as well as continue to serve the needs of specific vertical markets such as premium content protection, financial services, enterprise and government.
Device Committee Working Groups:
TEE Specifications Working Group
To create and maintain documentation defining the TEE, while ensuring consistency in the specifications and services.
Device Compliance Working Group
- To ensure the long-term interoperability of GlobalPlatform’s Device Specifications by developing an open and thoroughly evaluated compliance ecosystem with test suites and qualified test tools.
- To test the functional behavior of a product against GlobalPlatform’s Device Specifications to achieve market interoperability and reduce ecosystem fragmentation.
TEE Security Working Group
- To define the level of security of the TEE technology for different market verticals addressed by GlobalPlatform and to ensure a security evaluation framework is in place.
TEE Roadmap Working Group
- To identify opportunities and strategic direction of GlobalPlatform's TEE Roadmap to meet market requirements.
Remote SE Administration Working Group
- To evolve as necessary the GlobalPlatform SE Remote Application Management Specification.
SE Access Control Working Group
- To standardize an SE access control concept based on policies. This concept is known as a GlobalPlatform Secure Element Access Control.
- To gather use cases and requirements for the GlobalPlatform Secure Element Access Control in devices.
- To define, maintain and evolve the architecture and interfaces for GlobalPlatform Secure Element Access Control in devices and on cards.
- To promote the GlobalPlatform Secure Element Access Control in the industry.
Trusted Computing Group (TCG) Working Group
- To share expertise and collaborate around mobile device industry standards, including technical requirements, specifications and use cases.
- To ensure alignment between security topics in regards to the TCG Trusted Platform Module Mobile (TPM Mobile) and GlobalPlatform's TEE Specifications.
- To update the TCG and GlobalPlatform joint white paper to reflect current market conditions, and develop an implementation guide for TPM Mobile.