Security Task Force
- Jon Geater, Chief Technology Officer at Trustonic and Chair of GlobalPlatform's
Security Task Force
Jon Geater explains the reasons behind the decision to establish a Security Task
Force, the role that it will play in communicating GlobalPlatform's place in the ecosystem
and why he thinks security should be 'transparent'.
- What is the role of GlobalPlatform's Security Task Force?
Our work is about bringing GlobalPlatform's spectrum of specifications together in a
way that best defends real assets from real threats in real devices and systems. The
group won’t be creating any new technology, but will instead focus on defining specific
industry use cases in order to tailor the best combination of GlobalPlatform Specifications
to address the unique threats that each use case faces in the real world.
Our immediate priorities are to develop white papers to communicate
GlobalPlatform’s role in the security ecosystem and to host workshops with industry
representatives to explore the management of secure and non-secure applications on
mobile devices. In order to achieve our goals, the group will facilitate discussions
regarding security requirements for devices incorporating secure chip technology and
actively contribute to industry efforts to streamline security certification.
- Why has GlobalPlatform created the group?
GlobalPlatform has been involved in security for a long time. As more entities,
companies and people are interested and engaged with the development of security
standards and solutions, the association has identified an opportunity to make security
services more sophisticated and refined for the services that really matter to users.
Over the last few years, more and more valuable information is being deployed to
mobile devices and we are using that information in new and different ways.
Protecting this data has become an increasingly complex challenge, one that requires
a systematic and coordinated approach to curate security solutions that do not impair
user experience. Delivering and ensuring security and user experience in the same
implementation is no mean feat and that is why we have launched a dedicated Security
- What are the guiding principles behind GlobalPlatform's approach to
Firstly, remembering at all times that functionality is primary; security should be there
to preserve reliability and enhance functionality, never to compromise it. With this in
mind, a far more innovative and finessed solution is achievable when specifications are
combined to answer the specific questions posed by an implementation, rather than
using an unnecessarily high level of security. Security is not about making something
bigger or stronger. These concepts are comforting but are meaningless on their own:
security is far more contextual than that.
If security is to be usable, though, it must be transparent (in that the user does not
realize it is there). For it to be transparent, it must be designed into the system from the
start. For it to be designed in, it must be tailored for the specific use cases it is
protecting. And to tailor the security to a use case, that use case must be understood.
We are therefore listening to the requirements of the outside world and working to
make storing and accessing sensitive information on devices easier through appropriate
security. For example, leveraging the security that exists within secure chip technology to
reduce the number of keystrokes needed to complete an e-commerce purchase, while
maintaining the same or better level of security, will bring benefits to everyone.
- What are the next steps for the group?
Looking to the next few years, we will see the Trusted Execution Environment (TEE)
come to the fore as a part of the mobile device security infrastructure. While not yet a
household name, TEEs are already in the handsets of millions of consumers around the
world. It may seem disappointing that such an innovative technology is hidden in the
shadows but GlobalPlatform can be proud that it is effortlessly and quietly working to
provide a seamless level of appropriate and usable security.
This work is never complete, however. GlobalPlatform is constantly developing its
specifications. We recognize that we are stronger together so we call on the ecosystem
to come forward and contribute to our work in this area as we continue our journey to
curate the security ecosystem.
- How can GlobalPlatform Members get involved?
With the group just kicking off, there is a real opportunity for players from both the
developer and user sides of the ecosystem to come forward, get involved from the
ground-up and shape the future of GlobalPlatform's security work and, as a
consequence, the marketplace. Members can sign up to participate via the member website.
To participate in GlobalPlatform's security discussions please visit