Device Specifications
Below is a comprehensive list of GlobalPlatform's technical documents, relating to the
deployment and management of multiple embedded applications on secure chip devices.
Please click the individual document titles for further details.
Non-GlobalPlatform members wishing to purchase the GPD/STIP Specification v2.3
Test Plan, please visit our store.
To download files for free, please proceed to the license agreement and download pages.
Trusted Execution Environment (TEE)  TEE System Architecture v1.0 | GPD_SPE_009 Published December 2011 - This document explains the hardware and software architectures behind the TEE. It introduces the security concepts involved and finally it explains some concepts relevant to the TEE functional availability in a device. TEE API Specifications TEE Client API Specification v1.0 | GPD_SPE_007 Published July 2010 - This document defines the communication
between applications running in a rich operating
environment and the applications residing in the
Trusted Execution Environment (TEE). Supporting Documentation TEE Client API Specification v1.0 Errata and Precisions v2.0 | GPD_EPR_028 Published April 2014 - This document includes all the Errata and Precisions that have been released for TEE Client API Specification v1.0. TEE Internal Core API Specification v.1.1.1 | GPD_SPE_010  Published June 2016 - This specification defines a set of C APIs for the
development of Trusted Applications (TAs)
running inside a Trusted Execution Environment
(TEE). For the purposes of this document a TEE
is expected to meet the requirements defined in
the GlobalPlatform TEE System Architecture [Sys
Arch] specification, i.e. it is accessible from a
Rich Execution Environment (REE) through the
GlobalPlatform TEE Client API (described in
GlobalPlatform TEE Client API Specification
[Client API]) but is specifically protected against
malicious attacks and only runs code trusted in
integrity and authenticity. TEE Internal API Specification v1.0 | GPD_SPE_010 Published December 2011 - This specification defines a set of C APIs for the development of Trusted Applications (TAs) running inside a Trusted Execution Environment (TEE). For the purposes of this document a TEE is expected to meet the requirements defined in the GlobalPlatform TEE System Architecture specification. Supporting Documentation TEE Internal API Specification v1.0 Errata and Precisions v1.0 | GPD_EPR_017 Published April 2013 - This document includes all the Errata and Precisions that have been released for TEE Internal API
Specification v1.0. TEE Internal API Specification v1.0 Errata and Precisions v3.0 | GPD_EPR_017 Published February 2014 - This document includes all the Errata and Precisions that have been released for TEE Internal API Specification v1.0. TEE Secure Element API Specification v1.1 | GPD_SPE_024 Published September 2015 - This document is suitable for software developers implementing Trusted Applications running inside the Trusted Execution Environment (TEE) which need to expose an externally visible interface to Client Applications.
This document is also intended for implementers of the TEE itself, its Trusted OS, Trusted Core Framework, the TEE APIs, and the communications infrastructure required to access Trusted Applications. TEE Sockets API Specification v1.0 | GPD_SPE_100 Published July 2015 - This is a suite of specifications that provide standards to enable a Trusted Application to directly make use of internet protocol interfaces, rather than send packets to a client application for internet transfer. Trusted User Interface API Specification v1.0 | GPD_SPE_020 Published June 2013 - This document is intended to support software developers implementing Trusted Applications running inside the TEE which need to display sensitive information to the user or retrieve sensitive data from the user. This document is also intended for implementers of the Trusted User Interface in the TEE itself. TEE TA Debug Specification v.1.0.1 | GPD_SPE_025 Published June 2016 - This document specifies the GlobalPlatform
Trusted Execution Environment (TEE)
Debug interfaces and protocols. This version
specifies:
- The syntax and semantics of the TA Post
Mortem Reporting (PMR) client interface,
i.e. local commands, and data structures
transported through the TEE Client API to
report the Panic state of a TA to a Client
Application.
- The syntax and semantics of the Debug Log
Message (DLM) client interface, i.e. local
commands, and data structures transported
through the TEE Client API to transfer
debug printf()-type messages to a display or
logging tool.
- The syntax and semantics of the DLM internal
interface, i.e. local commands, and
data structures available to a TEE TA to make use
of the DLM service. TEE Protection Profile TEE Protection Profile v1.2 | GPD_SPE_021 Published January 2015 - GlobalPlatform Device Committee. It
constitutes the reference for the Common
Criteria (CC) evaluation of
GlobalPlatform Trusted Execution
Environment (TEE), which aim at enabling
mobile security services such as content
protection, rights management, corporate
policies, payment, etc. TEE Compliance Profile TEE Initial Configuration Test Suite 1.1 This configuration combines the
functional testing of TEE client API
and TEE internal core API
Secure Element Management Secure Element Remote Application Management v1.0.1 | GPD_SPE_008 Published November 2015 - This document defines a single administration protocol over HTTPs to perform remote management of applications residing on any type of Secure Element in a Device through an Admin Agent located either in the Device or in the Secure Element itself.
This maintenance release mainly provides clarifications on the scope of the specification and of the protocol (and its links with the Amendment B of the GlobalPlatform Card Specification), on the notion of administration session, and on the specificities linked to the location of the Admin Agent as an application in a device.
Secure Element Access Control v1.0 | GPD_SPE_013 Published May 2012 - The Secure Element access control, defined in this specification, is used in addition to existing protection mechanisms (such as permissions or security OS policy limiting access to sensitive APIs). The access control is designed to prevent unauthorized access to resources in the Secure Elements and typically to prevent denial of services attacks (PIN blocking, selection of non multi-selectable applets, etc.).
This access control mechanism is transparent to client applications running in the device and is enforced within the device operating system itself. This document specifies how the access policy is stored in the Secure Element, and how it can be accessed and applied by the device. Supporting Documentation Test Plan of the Secure Element Access Control Compliance Device Test Suite v1.1.0 | GPD_TEN_043 Published December 2014 - The purpose of this document is to describe the tests that are necessary to prove that a product is compliant
with SEAC (Secure Element Access Control). Secure Element Access Control v1.1 | GPD_SPE_013 Published October 2014 - The Secure Element access control, defined in this specification, is used in addition to existing protection mechanisms (such as permissions or security OS policy limiting access to sensitive APIs). The access control is designed to prevent unauthorized access to resources in the Secure Elements and typically to prevent denial of services attacks (PIN blocking, selection of non multi-selectable applets, etc.). This access control mechanism is transparent to client applications running in the device and is enforced within the device operating system itself. This document specifies how the access policy is stored in the Secure Element, and how it can be accessed and applied by the device. Supporting Documentation GlobalPlatform Device Technology Secure Element Access Control v1.1 Errata and Precisions v1.0 | GPD_EPR_054 Published September 2015 - This document includes all the Errata and Precisions that have been released for Secure Element Access Control v1.1. Archived Device DocumentationBelow is a comprehensive list of GlobalPlatform's archived technical documents relating to smart card acceptance devices. Please click the individual document titles for further details. TEE Internal Core API Specification v1.1 | GPD_SPE_010 Published July 2014 - This specification defines a set of C
APIs for the development of Trusted
Applications (TAs) running inside a
Trusted Execution Environment (TEE). TEE TA Debug Specification v1.0 | GPD_SPE_025 Published February 2014 - This document specifies the GlobalPlatform
Trusted Execution Environment (TEE) Debug
interfaces and protocols.
Trusted Execution Environment (TEE) TEE API Specifications TEE Client API Specification v1.0 Errata and Precisions v1.0 | GPD_EPR_028 Published October 2013 - This document includes all the Errata and Precisions that have been released for TEE Client API Specification v1.0. TEE Internal API Specification v1.0 Errata and Precisions v2.0 | GPD_EPR_017 Published October 2013 - This document includes all the Errata and Precisions that have been released for TEE Internal API Specification v1.0. TEE Secure Element API Specification v1.0 | GPD_SPE_024 Published August 2013 - This document specifies the syntax and semantics of the TEE Secure Element API. It is suitable for software developers implementing Trusted Applications running inside the Trusted Execution Environment (TEE) which need to expose an externally visible interface to Client Applications. Supporting Documentation TEE Secure Element API Specification v1.0 Errata and Precisions v1.0 | GPD_EPR_030 Published June 2014 - This document includes all the Errata and Precisions that have been released for TEE Secure Element API Specification v1.0. TEE Protection Profile TEE Protection Profile v1.0 | GPD_SPE_021 Published August 2013 - This Protection Profile has been developed by the Security Working Group of the GlobalPlatform Device Committee. It constitutes the reference for the Common Criteria evaluation of GlobalPlatform Trusted Execution Environment (TEE), which aim at enabling mobile security services such as content protection, rights management, corporate policies, payment, etc. Secure Element Access Control Compliance Device Test Suite v1.0.6 Test Plan of the Secure Element Access Control Compliance Device Test Suite v1.0.6 | GPD_TEN_043 Published June 2014 - The purpose of this document is to describe the tests that are necessary to prove that a product is compliant with SEAC (Secure Element Access Control). Device-Terminal Specification v1.5 Published November 1999 - This document has been replaced by the Device API v2.0 - published October 2002. Device Application Security Management (DASM) Specification Published 2007 - This download contains all the archived documents for Device Application Security Management (DASM) Specification GPD/STIP Specification Published 2008 - This download contains all the archived documents for STIP Specification
|
