Specifications
 
 
 
 
 
 

    Specifications  > Device

> Technical Overview
> Card
> Device
> Systems
> Under Public Review
> IP Disclaimers



Device Specifications

Below is a comprehensive list of GlobalPlatform's technical documents, relating to the deployment and management of multiple embedded applications on secure chip devices. Please click the individual document titles for further details.

Non-GlobalPlatform members wishing to purchase the GPD/STIP Specification v2.3 Test Plan, please visit our store.

To download files for free, please proceed to the license agreement and download pages.


Trusted Execution Environment (TEE)
  TEE System Architecture v1.0 | GPD_SPE_009
Published December 2011 - This document explains the hardware and software architectures behind the TEE. It introduces the security concepts involved and finally it explains some concepts relevant to the TEE functional availability in a device.

TEE API Specifications
  TEE Client API Specification v1.0 | GPD_SPE_007
Published July 2010 - This document defines the communication between applications running in a rich operating environment and the applications residing in the Trusted Execution Environment (TEE).
Supporting Documentation
  TEE Client API Specification v1.0 Errata and Precisions v2.0 | GPD_EPR_028
Published April 2014 - This document includes all the Errata and Precisions that have been released for TEE Client API Specification v1.0.
  TEE Internal Core API Specification v1.1 | GPD_SPE_010
Published July 2014 - This specification defines a set of C APIs for the development of Trusted Applications (TAs) running inside a Trusted Execution Environment (TEE).
  TEE Internal API Specification v1.0 | GPD_SPE_010
Published December 2011 - This specification defines a set of C APIs for the development of Trusted Applications (TAs) running inside a Trusted Execution Environment (TEE). For the purposes of this document a TEE is expected to meet the requirements defined in the GlobalPlatform TEE System Architecture specification.
Supporting Documentation
  TEE Internal API Specification v1.0 Errata and Precisions v1.0 | GPD_EPR_017
Published April 2013 - This document includes all the Errata and Precisions that have been released for TEE Internal API Specification v1.0.
  TEE Internal API Specification v1.0 Errata and Precisions v3.0 | GPD_EPR_017
Published February 2014 - This document includes all the Errata and Precisions that have been released for TEE Internal API Specification v1.0.
  TEE Secure Element API Specification v1.1 | GPD_SPE_024
Published September 2015 - This document is suitable for software developers implementing Trusted Applications running inside the Trusted Execution Environment (TEE) which need to expose an externally visible interface to Client Applications. This document is also intended for implementers of the TEE itself, its Trusted OS, Trusted Core Framework, the TEE APIs, and the communications infrastructure required to access Trusted Applications.
  TEE Sockets API Specification v1.0 | GPD_SPE_100
Published July 2015 - This is a suite of specifications that provide standards to enable a Trusted Application to directly make use of internet protocol interfaces, rather than send packets to a client application for internet transfer.
  Trusted User Interface API Specification v1.0 | GPD_SPE_020
Published June 2013 - This document is intended to support software developers implementing Trusted Applications running inside the TEE which need to display sensitive information to the user or retrieve sensitive data from the user. This document is also intended for implementers of the Trusted User Interface in the TEE itself.
  TEE TA Debug Specification v1.0 | GPD_SPE_025
Published February 2014 - This document specifies the GlobalPlatform Trusted Execution Environment (TEE) Debug interfaces and protocols.

TEE Protection Profile
  TEE Protection Profile v1.2 | GPD_SPE_021
Published January 2015 - GlobalPlatform Device Committee. It constitutes the reference for the Common Criteria (CC) evaluation of GlobalPlatform Trusted Execution Environment (TEE), which aim at enabling mobile security services such as content protection, rights management, corporate policies, payment, etc.

TEE Compliance Profile
  TEE Initial Configuration Test Suite 1.1.0.1
This configuration combines the functional testing of TEE client API and TEE internal core API

Secure Element Management
 
  Secure Element Remote Application Management v1.0.1 | GPD_SPE_008
Published November 2015 - This document defines a single administration protocol over HTTPs to perform remote management of applications residing on any type of Secure Element in a Device through an Admin Agent located either in the Device or in the Secure Element itself.

This maintenance release mainly provides clarifications on the scope of the specification and of the protocol (and its links with the Amendment B of the GlobalPlatform Card Specification), on the notion of administration session, and on the specificities linked to the location of the Admin Agent as an application in a device.
  Secure Element Access Control v1.0 | GPD_SPE_013
Published May 2012 - The Secure Element access control, defined in this specification, is used in addition to existing protection mechanisms (such as permissions or security OS policy limiting access to sensitive APIs). The access control is designed to prevent unauthorized access to resources in the Secure Elements and typically to prevent denial of services attacks (PIN blocking, selection of non multi-selectable applets, etc.). This access control mechanism is transparent to client applications running in the device and is enforced within the device operating system itself. This document specifies how the access policy is stored in the Secure Element, and how it can be accessed and applied by the device.
Supporting Documentation
  Test Plan of the Secure Element Access Control Compliance Device Test Suite v1.1.0 | GPD_TEN_043
Published December 2014 - The purpose of this document is to describe the tests that are necessary to prove that a product is compliant with SEAC (Secure Element Access Control).
  Secure Element Access Control v1.1 | GPD_SPE_013
Published October 2014 - The Secure Element access control, defined in this specification, is used in addition to existing protection mechanisms (such as permissions or security OS policy limiting access to sensitive APIs). The access control is designed to prevent unauthorized access to resources in the Secure Elements and typically to prevent denial of services attacks (PIN blocking, selection of non multi-selectable applets, etc.). This access control mechanism is transparent to client applications running in the device and is enforced within the device operating system itself. This document specifies how the access policy is stored in the Secure Element, and how it can be accessed and applied by the device.
Supporting Documentation
  GlobalPlatform Device Technology Secure Element Access Control v1.1 Errata and Precisions v1.0 | GPD_EPR_054
Published September 2015 - This document includes all the Errata and Precisions that have been released for Secure Element Access Control v1.1.

 

Archived Device Documentation

Below is a comprehensive list of GlobalPlatform's archived technical documents relating to smart card acceptance devices. Please click the individual document titles for further details.


Trusted Execution Environment (TEE)
TEE API Specifications
  TEE Client API Specification v1.0 Errata and Precisions v1.0 | GPD_EPR_028
Published October 2013 - This document includes all the Errata and Precisions that have been released for TEE Client API Specification v1.0.
  TEE Internal API Specification v1.0 Errata and Precisions v2.0 | GPD_EPR_017
Published October 2013 - This document includes all the Errata and Precisions that have been released for TEE Internal API Specification v1.0.
  TEE Secure Element API Specification v1.0 | GPD_SPE_024
Published August 2013 - This document specifies the syntax and semantics of the TEE Secure Element API. It is suitable for software developers implementing Trusted Applications running inside the Trusted Execution Environment (TEE) which need to expose an externally visible interface to Client Applications.
Supporting Documentation
  TEE Secure Element API Specification v1.0 Errata and Precisions v1.0 | GPD_EPR_030
Published June 2014 - This document includes all the Errata and Precisions that have been released for TEE Secure Element API Specification v1.0.

TEE Protection Profile
  TEE Protection Profile v1.0 | GPD_SPE_021
Published August 2013 - This Protection Profile has been developed by the Security Working Group of the GlobalPlatform Device Committee. It constitutes the reference for the Common Criteria evaluation of GlobalPlatform Trusted Execution Environment (TEE), which aim at enabling mobile security services such as content protection, rights management, corporate policies, payment, etc.
  Secure Element Access Control Compliance Device Test Suite v1.0.6
  Test Plan of the Secure Element Access Control Compliance Device Test Suite v1.0.6 | GPD_TEN_043
Published June 2014 - The purpose of this document is to describe the tests that are necessary to prove that a product is compliant with SEAC (Secure Element Access Control).
  Device-Terminal Specification v1.5
Published November 1999 - This document has been replaced by the Device API v2.0 - published October 2002.
  Device Application Security Management (DASM) Specification
Published 2007 - This download contains all the archived documents for Device Application Security Management (DASM) Specification
  GPD/STIP Specification
Published 2008 - This download contains all the archived documents for STIP Specification