Specifications
 
 
 
 
 
 

    Specifications  > Card

> Technical Overview
> Card
> Device
> Systems
> Under Public Review
> IP Disclaimers



Card Specifications

Below is a comprehensive list of GlobalPlatform's current technical documentation relating to the deployment and management of multiple embedded applications on secure chip technology. Please click on the individual document titles for further details.

Non-GlobalPlatform members wishing to purchase member documents, please visit our store.

To download files for free, please proceed to the License Agreement and Download pages.

  GlobalPlatform Card Specification v2.2.1
Published January 2011 - All errata and precisions published since the release of v2.2 have been incorporated into this specification. Additionally, relevant errata and precisions recorded during the development of the GlobalPlatform Card UICC Configuration v1.0 and v1.0.1 have been included in this version and the corresponding API.

The GlobalPlatform API Specifications (Java Card™ and MULTOS™) have been removed from this document and are now published separately on the GlobalPlatform website.

Items from GlobalPlatform Card Specification v2.2 Amendment A Confidential Card Content Management v1.0, sections 4.8 and 4.9 are applied to this revision.
Configurations
  GlobalPlatform UICC Configuration v1.0.1
Published January 2011 - This is an implementation guide for deploying GlobalPlatform Card Specification v2.2 within the mobile services sector and managing the secure delivery over-the-air of new services. It outlines the behavior of each and every actor involved in a UICC implementation, how they should be represented, and a summary of their role / responsibilities in a variety of business models.

Version 1.0.1 of this document contains errata and precisions based on feedback from the Card Compliance Working Group during both its advancement of the UICC Configuration compliance program and the related TestFests conducted during 2010.
  GlobalPlatform Card Secure Element Configuration v1.0
Published October 2012 - This document describes a specific implementation of the GlobalPlatform Card Specification for Secure Elements. A Secure Element (SE) is a tamper resistant component which is used in a device to provide the security, confidentiality, and multiple application environment required to support various business models. Such a Secure Element may exist in any form factor such as UICC, embedded SE, smartSD, smart microSD, etc. In this document, the term "card" is used to refer to such a Secure Element, whatever the form factor, in order to easily refer to all existing mechanisms defined in GlobalPlatform Card Specifications.
  GlobalPlatform Card Common Implementation Configuration v1.0
Published March 2014 - This document defines a configuration describing common implementation requirements of core features of the GlobalPlatform Card Specification.
  GlobalPlatform Card ID Configuration v1.0
Published December 2011 - This document describes a specific implementation of the GlobalPlatform Card Specification providing a suitable framework for card content management in the context of the ID market. A typical example would be the deployment of services by governmental organizations to their employees.
  Mapping Guidelines of Existing GlobalPlatform Card Specification v2.1.1 Implementations v1.0.1
Published January 2011 - This document provides implementation guidelines for mapping a card implementation based on the Card Specification v2.1.1 to a GlobalPlatform card compliant to v2.2. The guidelines define card configurations (i.e. subsets of Card Specification features) and describe implementations based on Java Card specifications.

Version 1.0.1 of this document contains errata and precisions developed during the advancement of the UICC Configuration v1.0.1.
  GlobalPlatform UICC Configuration - Contactless Extension
Published February 2012 - This document defines an extension of the GlobalPlatform UICC Configuration for UICCs equipped with contactless functionality. It specifies configuration requirements for implementing GlobalPlatform Card Specification Amendment C on the UICC. This document may define behaviors contradicting those described in UICC.
Supporting Documentation
  MULTOS(TM) API v1.0 for GlobalPlatform Card Specification v2.2.1
Published January 2011 - With the publication of GlobalPlatform Card Specification v2.2.1, GlobalPlatform API Specifications are now published in separate, individual documents, independent of the main Card Specification document. This initial release of GlobalPlatform on MULTOS(TM) document contains the content previously published as Annex A.2 of GlobalPlatform Card Specification v2.2 except for the following adjustments.

Sections 1.3 and 1.4 of this specification have been adjusted to contain terms, definitions and abbreviations for concepts used within this document.
  Java Card API and Export File for Card Specification v2.2.1 (org.globalplatform) v1.6
Published March 2014 -
  Card Contactless API and Export File for Card Specification v2.2.1 (org.globalplatform.contactless) v1.2
Published April 2013 -
Security Documents
  GlobalPlatform Card Composition Model v1.1
Published July 2012 - The objective of this document is to define a composition model for the security evaluation of composite products. A composite product is a secure element that consists of an open platform and one or more applications. The model relies on the recognition of existing security evaluation certificates and significant re-use of these certificates and evaluation activity results. The model specifically addresses the composition of products that are evaluated under the EMVCo and Common Criteria schemes.
  GlobalPlatform Card Composition Model FAQs v1.1
Published July 2012 - This document provides answers to frequently asked questions about the GlobalPlatform Composition Model.
  GlobalPlatform Card Composition Model Security Guidelines for Basic Applications v1.0
Published July 2012 - The GlobalPlatform Composition Model defines a composition model for the evaluation of composite products. A composite product consists of an open platform, one or more Sensitive Applications, and optionally one or more Basic Applications.

This document proposes a minimal set of guidelines for Basic Applications, intended to protect Sensitive Applications, other applications, and the platform.
  Card Specification - ISO Framework v1.0
Published March 2014 - This document proposes a framework based on the GlobalPlatform Card Specification that is compliant with ISO specifications ISO/IEC 7816-13, ISO/IEC 7816-4, ISO/IEC 24727-2 and INCITS 504. In this specification, card content operations are protected by the Secure Channel Protocol '03' as defined in GPCS Amendment D. Further precisions on the usage of this protocol are given in this document.

This specification describes the ISO Security Domain (ISO-SD), which is a specific implementation of Security Domain that is compatible with the latest ISO specifications. In particular, an ISO-SD shall support an alternative set of commands, compatible with ISO 7816-13, giving access to card content management, Secure Channel initiation, and personalization functions.
  Requirements for NFC Mobile: Management of Multiple Contactless Secure Elements v2.0
Published December 2013 - This requirements document describes requirements for managing multiple contactless SEs. It is intended primarily for producing related specifications, by GlobalPlatform as well as for consideration by other organizations, e.g. ETSI TC SCP, NFC Forum, GSMA, EMVCo, and SD Association.
  Confidential Card Content Management – GlobalPlatform Card Specification v2.2 - Amendment A v1.0.1
Published January 2011 - Version 1.0.1 of this document incorporates the contents of ‘Errata and Precisions for GlobalPlatform Card Specification Amendment A v1.0' as well as errata and precisions made during the development of the UICC Configuration v1.0 and v1.0.1.

The contents of sections 4.8 and 4.9 are now integrated into GlobalPlatform Card Specification v2.2.1.
  GlobalPlatform Card Remote Application Management over HTTP Card Specification v2.2 – Amendment B v1.1.2
Published May 2014 - This document defines a mechanism for an Application Provider to perform Remote Application Management (RAM) according to ETSI TS 102 226 using the HTTP protocol (RFC 2616) and PSK TLS security Over-The-Air. A third party communication network may be used if the Application Provider has no OTA capability. This third party shall not be able to access clear text of any confidential data and code belonging to the Application Provider.
  Card Contactless Services Card Specification v2.2 - Amendment C v1.1
Published April 2013 - This document defines an extension of the GlobalPlatform Card Specification v2.2 to significantly advance the management of multiple contactless applications within a secure element – such as a SIM, secure memory card / embedded secure element in a mobile device or a simple contactless card. It defines mechanisms, parameters, and interfaces to set-up and maintain the configuration of contactless applications by the card issuer, application providers and the end user.
  Secure Channel Protocol 03 – GlobalPlatform Card Specification v2.2 - Amendment D
Published September 2009 - This document creates the first step of the migration of the GlobalPlatform secure framework to AES by defining a new secure channel protocol associated with a new mechanism to generate session keys and the extension of the Put KEY. This specification allows GlobalPlatform cards to be compliant to the cryptographic strength required by FIPS 201 and NIST 800-57 and also 2010 mandate of SP 800-78.
  Security Upgrade for Card Content Management - GlobalPlatform Card Specification v2.2 - Amendment E
Published December 2011 - The security in the Card Specification [GPCS] and amendments A, B, C, and D is based on several cryptographic primitives. The purpose of this amendment is to expand those specifications to include new cryptographic schemes based on Elliptic Curve Cryptography (ECC) and upgraded cryptographic schemes for RSA.
  Alternative Card framework
GlobalPlatform Card Networked Framework v1.0
Published September 2009 - This specification is based on the same security architecture as defined by GlobalPlatform Card Specification v2.2. It introduces new concepts that will enable the administration of a new generation of GlobalPlatform cards which can utilize TCP/IP communications, support web applications similar to those found on IT servers, and offers an execution environment with concurrent application execution. The application programming interface (API) proposed is based on Java Card™ 3 Connected Edition Runtime Environment.
Supporting Documentation
  HTML Java Card 3.0 API and ASN.1 Command for GlobalPlatform Card Networked Framework v1.0
Published September 2009 - This material contains the application programming interface (API) required for developing Java Card applets for GlobalPlatform Card Networked Framework v1.0 cards, and ASN.1 description of card commands. This ensures interoperability and portability of applications across different cards from different suppliers.

 

Visit the Compliance Pages for further details regarding the GlobalPlatform Compliance Program for Card Specification to support the GlobalPlatform Configuration.

Previous and Archived Versions of Card Documentation

Below is a comprehensive list of GlobalPlatform's previous and archived technical documents relating to smart cards. Please click on the individual document titles for further details.

  GlobalPlatform Card Specification v2.2.1 - Archived Supporting Documents
Supporting Documentation
  Java Card API and Export File for Card Specification v2.2.1 (org.globalplatform) v1.5
Published January 2011 -
  Java Card Contactless API and Export File for Card Specification v2.2.1 (org.globalplatform.contactless) v1.0
Published January 2011 -
  Java Card Contactless API and Export File for Card Specification v2.2.1 (org.globalplatform.contactless) v1.1
Published February 2012 -
  GlobalPlatform Card Composition Model v1.0
Published January 2011 - The objective of this document is to define a composition model for the security evaluation of composite products. A composite product is a secure element that consists of an open platform and one or more applications. The model relies on the recognition of existing security evaluation certificates and significant re-use of these certificates and evaluation activity results. The model specifically addresses the composition of products that are evaluated under the EMVCo and Common Criteria schemes.
  GlobalPlatform Card Specification v2.2
Published March 2006 - This is the latest GlobalPlatform Card Specification. It is central to all GlobalPlatform card technology activity, and is core to the technical documents outlined in this section. Of interest to card and application developers, it defines card components, command sets, transaction sequences and interfaces. The technology also supports dynamic post-issuance card management, which facilitates the addition and modification of applications. This specification is hardware, operating system, vendor and application neutral, enabling it to be applicable to any type of deployment and industry.
Configurations
  GlobalPlatform UICC Configuration
Published October 2008 - This is an implementation guide for deploying GlobalPlatform Card Specification v2.2 and the Confidential Card Content Management Amendment A on Java Card within the mobile services sector, and managing the secure delivery over-the-air of new services. It details UICC deployment design choices which supports a variety of business models and will facilitate the deployment of contactless services, including contactless and mobile TV applications. A table of contents for this document is available to view here.
  Mapping Guidelines of Existing GlobalPlatform Card Specification v2.1.1 Implementations
Published February 2007 - This is an implementation guide for deploying GlobalPlatform Card Specification v2.2 on Java Card with the properties and behavior of Card Specification v2.1.1. This is relevant to parties that have existing deployments based on GlobalPlatform Card Specification v2.1.1, and require a controlled transition to the latest card specification. A table of contents for this document is available to view here.
Supporting Documentation
  Release Notes for GlobalPlatform Card Specification v2.2
Published March 2006 - This document provides detailed information regarding the additional functionality and enhancements offered by GlobalPlatform Card Specification v2.2 compared with the previous version – GlobalPlatform Card Specification v2.1.1.
  Errata and Precisions for GlobalPlatform Card Specification v2.2 - v0.3
Published January 2009 - This document provides errata and precisions for the Card Specification v2.2.
  Java Card API and Java Card Export File for GlobalPlatform Card Specification v2.2 - v1.1
Published March 2006 - This material contains the application programming interface (API) required for developing Java Card applets for GlobalPlatform Card Specification v2.2 cards. This will ensure interoperability and portability of applications across different cards from different suppliers, and offers full backward compatibility with GlobalPlatform Card Specification v2.1.1 API and Java Card export file v 1.0.
  Java Card API and Java Card Export File for GlobalPlatform Card Specification v2.2 - v1.2
Published October 2007 - This material contains the application programming interface (API) required for developing Java Card applets for GlobalPlatform Card Specification v2.2 cards which also incorporate Confidential Card Content Management Amendment A. This ensures interoperability and portability of applications across different cards from different suppliers, and offers full backward compatibility with GlobalPlatform Card Specification v2.1.1 API and export file v1.1, HTML Java Card API and Java Card export file v2.2 - v1.1.
  Java Card API and Java Card Export File for GlobalPlatform Card Specification v2.2 - v1.3
Published June 2009 - This material contains the application programming interface (API) required for developing Java Card applets for GlobalPlatform Card Specification v2.2 compliant cards which also incorporate the Confidential Card Content Management Amendment A and Remote Application Management over HTTP Amendment B. This ensures interoperability and portability of applications across different cards from different suppliers, and offers full backward compatibility with GlobalPlatform Card Specification v2.1.1 API with Java Card export file v1.2.
  Java Card API and Java Card Export File for GlobalPlatform Card Specification v2.2 - v1.4
Published June 2010 - This material contains the application programming interface (API) required for developing Java Card applets for GlobalPlatform Card Specification v2.2 compliant cards which also incorporate the Confidential Card Content Management Amendment A, Remote Application Management over HTTP Amendment B, and the contactless extensions from Amendment C. This ensures interoperability and portability of applications across different cards from different suppliers, and offers full backward compatibility with GlobalPlatform Card Specification v2.1.1 API with Java Card export file v1.3.
  GlobalPlatform Card Specification v2.2 FAQs –v1.0
Published February 2009 - Document detailing GlobalPlatform Card Specification v2.2 frequently asked questions.
  GlobalPlatform Card Specification v2.1.1
Published March 2003 - Please note that GlobalPlatform Card Specification v2.2 is the latest version of the card specification.

GlobalPlatform Card Specification v2.1.1 is still widely deployed and is core to the technical documents outlined in this section. Of interest to card and application developers, it defines card components, command sets, transaction sequences and interfaces. The technology also supports dynamic post-issuance card management, which facilitates the addition and modification of applications. This specification is hardware, operating system, vendor and application neutral, enabling it to be applicable to any type of deployment and industry.
Supporting Documentation
  Formal Model of GlobalPlatform Card Specification v2.1.1
Published November 2004 - This document provides an abstract reference implementation for the Card Specification v2.1.1, which is defined using the formal logic of the abstract B language. This formal model has been developed by the EVEREST project team at the French Institute for Research in Computer Science and Automation (INRIA). It has successfully passed formal proof tests. In the eventual case of a discrepancy with the Card Specification v2.1.1, the specification should prevail.
  Java Card Export File for GlobalPlatform Card Specification v2.1.1 – v1.0
Published March 2003 - Contains the application programming interface (API) required for developing Java Card applets for GlobalPlatform v2.1 or v2.1.1 cards, ensuring the interoperability and portability of applications across different cards from different suppliers.
  Guidelines for Developing Java Card Applications on GlobalPlatform Cards - v1.0
Published December 2002 - This document provides guidelines for developing Java Card applications for GlobalPlatform cards. It contains sample code (java and class) presented in the guide for both the deprecated (2.0) application programming interface (API) and the 2.1 API.
  Errata and Precisions List for GlobalPlatform Card Specification v2.1.1 – v1.3
Published December 2004 - This document provides errata and precisions for GlobalPlatform Card Specification v2.1.1 – v1.3.
Security Documents
  Card Security Requirements Specification v1.0
Published March 2003 - Document defining all the security requirements applicable to GlobalPlatform cards, from the card and application management components to the underlying platform. This most current version applies to GlobalPlatform Card Specification v2.1.1.
  Smart Card Security Target Guidelines v1.0
Published December 2005 - These guidelines complement the Card Security Requirements Specification and the Java Card System Protection Profile document in order to assist in security target creation. This most current version applies to GlobalPlatform Card Specification v2.1.1.
  Amendment A to GlobalPlatform Card Specification v2.1.1
Published March 2004 - This document provides optional features, such as an extension to support application data format and data encryption management in the STORE DATA command, a pseudo-random generation algorithm for the Secure Channel Protocol '02' and data element alignment with ETSI Smart Card Platform.
  Contactless Services – GlobalPlatform Card Specification v 2.2 - Amendment C v1.0.1
Published February 2012 - This document defines an extension of the GlobalPlatform Card Specification v2.2 to significantly advance the management of multiple contactless applications within a secure element – such as a SIM, secure memory card / embedded secure element in a mobile device or a simple contactless card. It defines mechanisms, parameters, and interfaces to set-up and maintain the configuration of contactless applications by the card issuer, application providers and the end user.
  GlobalPlatform Card Specification v2.1
Published June 2001 - Please note that GlobalPlatform Card Specification v2.2 is the latest version of the card specification.

This document defines card components, command sets, transaction sequences and interfaces. The technology also supports dynamic post-issuance card management, which facilitates the addition and modification of applications. This specification is hardware, operating system, vendor and application neutral, enabling it to be applicable to any type of deployment and industry.
Supporting Documentation
  GlobalPlatform Card Specification 2.1.1 Release Notes – June 2003
Published June 2003 - Details the differences between GlobalPlatform Card Specification v2.1.1 and GlobalPlatform Card Specification v2.1.
  Java Card Export File for GlobalPlatform Card Specification v2.1
Published March 2002 - This document contains the application programming interface (API) required for developing Java Card applets for GlobalPlatform Card Specification v2.1 cards, ensuring interoperability and portability of applications across different cards from different suppliers.
  GlobalPlatform Card Specification v2.0.1
Published April 2000 - Please note that GlobalPlatform Card Specification v2.2 is the latest version of the card specification.

This specification defines card components, command sets, transaction sequences and interfaces. The technology also supports dynamic post-issuance card management, which facilitates the addition and modification of applications. This specification is hardware, operating system, vendor and application neutral, enabling it to be applicable to any type of deployment and industry.
  Remote Application Management over HTTP – GlobalPlatform Card Specification v 2.2 - Amendment B v1.1.1
Published March 2012 - This document defines a mechanism for an application provider to perform remote application management (RAM) of its applets – such as loading, installing and personalization - using the HTTP protocol and PSK TLS over-the-air security.