Secure digital service delivery: the current challenge
Every day, consumers and organizations across the globe engage with a rapidly growing volume of secure services using an increasing number and diversity of consumer devices and Internet-of-Things (IoT) products, such as smartphones, tablets, set top boxes and smart cards used for payment and ID for example.
As a result, we live in a world where digital service delivery is becoming ever more prevalent. Many global industries, including payments, transportation, healthcare, government, enterprise ID / authentication and premium content, have been transformed by this revolution in secure service delivery over the past decade. Digital service delivery channels are offering service providers additional and / or alternative routes to market. They can offer an enhanced and more convenient end-user experience while delivering time and cost savings, together with other benefits, to service providers.
When launching a secure digital service, service providers must select the right platform for their deployment. Risk management is undoubtedly a key concern with secure services, such as payments, ID/access, premium content, government services or subscription-based services. Yet absolute confidence in the security of service provision must be coupled with an ability to deliver an uninhibited user experience. Deployments must also be scalable and flexible enough to accommodate future business requirements. Time-to-market is another key commercial factor.
Regardless of industry, secure service providers have one goal: to deploy their service, simply and securely, across any devices used by its customers. They want a solution which they can roll out across multiple service delivery channels, which supports a variety of business models and which offers convenience – possibly even control – to the end user. From a usability perspective, the service must perform as intended, every single time without fail, across not only a variety of device types, but across many makes and models of the same device type from different manufacturers and across different service delivery channels.
And, since the service provider’s commercial interests are not static, they may also want to ensure that they have flexibility and freedom in the future to deploy more than one secure service onto any product / device and via any service delivery channel in any given market sector.
So how does the service provider approach development, given the challenges outlined?
Secure digital service delivery: the solution
In a world without standards, a service provider must develop their application many times over to ensure compatibility with different security architectures and APIs to access secure services offered on the device. In this scenario, significant resources would be needed to keep pace with technology updates and replacements, and the development cycle would become cost prohibitive, endless, and in many cases unsustainable.
In contrast, GlobalPlatform offers a standardized infrastructure and APIs for the management of applications on secure chip technology, which are compatible with all connected devices. Service providers can develop their service just once and deploy it across all GlobalPlatform compliant device platforms, regardless of the selected delivery channel.
Service providers can be confident that services deployed on GlobalPlatform-compliant products will behave correctly across all devices, all the time, creating a consistent and reliable user experience. GlobalPlatform also eliminates compatibility and scalability issues, allowing service providers to focus on strategy, rather than constant redevelopment.
Trusted endpoints: the secure component
Security is at the heart of the GlobalPlatform infrastructure; GlobalPlatform provides a trusted foundation upon which to build effective risk management programs. Its infrastructure can offer assurances on specified levels of security, no matter which device or channel is used for service delivery.
Consider that service providers deploy their services using a back end server which is under their control. As such, they can guarantee the security level associated with that endpoint of their deployment. By using GlobalPlatform technology, those same service providers are empowered to establish a second trusted and secure endpoint, in the form of a secure component located in an end user’s device. By using a second trusted endpoint, which is based on secure chip technology, the service provider can be confident that the deployment benefits from end-to-end security.
GlobalPlatform currently defines two secure component options: a Secure Element (SE) and a Trusted Execution Environment (TEE). When a service provider deploys their service into a secure component within a device, they benefit from a trusted ‘anchor’ within that device. This allows them to manage risk associated with their service effectively and confidently.
In addition to protecting service providers and consumers from external hackers, a secure component prevents competing service providers, or even the consumer, from accessing sensitive application information. Each service provider is allowed to load secret keys into the SE to protect its own applications, ensuring that application’s integrity and security even when deployed on a platform alongside services from other providers.
The shift from traditional to digital service delivery channels has resulted in the development of a sophisticated technical ecosystem. Service providers now have to exchange data with other actors in the ecosystem to get their services into the hands of the end-user. GlobalPlatform plays a critical part in this process. GlobalPlatform Messaging technology standardizes messaging between actors in the value chain, so they are understand what data and formats are required to load, or provision, a service into a secure component. GlobalPlatform Messaging Specifications define the language used by different actors across the ecosystem to create and deploy all elements related to digital service delivery.
So why should you choose GlobalPlatform as the foundation of your secure chip service deployment? The answer is simple:
With GlobalPlatform, service providers benefit from end-to-end deployment security and have full control over the service delivery channels through which they choose to engage end users. It also allows them to quickly bring to market convenient and secure digital services; both today and in the future.
Watch a video which demonstrates how service providers can benefit from GlobalPlatform's open and standardized infrastructure and APIs for managing applications on secure chip technology.