Philip Hoyer, Director of
Strategic Innovation, HIDGlobal and Chair of GlobalPlatform’s Identity
In our latest industry interview, Philip Hoyer explains the reasons behind the decision
to establish an Identity Task
Force (ITF), the role that it will play in communicating GlobalPlatform’s place in the
ecosystem and why he thinks new players in the internet of things (IoT) need to adopt
1. What is the role of GlobalPlatform’s recently formed Identity Task Force
The ITF has taken on and broadened the role of the former GlobalPlatform
Government Task Force.
Governments tend to drive the more stringent requirements around identity and
security. GlobalPlatform has good relationships, particularly in the US with the
Department of Defense and other agencies post 9/11 around the FIPS 201 PIV (Personal
Identity Verification) program. Many of these schemes are deployed on chip card
technology based on GlobalPlatform specifications; they want to have a secure lifecycle,
for example to securely update certificates in the field. And that is what GlobalPlatform is
very good at. In addition, governments do not want to be locked into specific vendors.
Their demand was to find a way to standardize the interaction between them and chip
card issuers and that is what GlobalPlatform is all about.
Recently, however, GlobalPlatform members acknowledged that many government
requirements and use cases were also applicable to identity programs outside of the
government realm, specifically identity programs in the enterprise and consumer space.
As a consequence, the charter of the Government Task Force was expanded to embrace
identity across all sectors.
2. Why has GlobalPlatform specifically decided to create this group
We realized that there are a number of trends happening right now in the identity
market. The first is that consumers are putting more and more personal information on
mobile devices – not just keys but also identities such as drivers licenses. The second is
the move of things we value and their related services into the cloud. As a result access
to these resources and services requires an identity proportionally as strong as the
value of the resources. The third is that these identities can be used in the internet-of-
things (IoT). Looking at these trends, GlobalPlatform realized that by expanding the
charter of the group we would essentially create the right place to discuss how we can
best support this market. This activity had a lot of parallels with the existing Government
Task Force, therefore we decided to create a new group that could tackle a wider scope
3. How can GlobalPlatform’s Specifications for the Secure Element (SE)
and Trusted Execution Environment (TEE) be leveraged for the identity market?
Different industries require different levels of assurance. Looking at the level of
breaches that have happened recently on a global scale, it’s clear that no-one should
rely on a weak form of identity these days. What GlobalPlatform provides with its
specifications is the ability to manage and provision a dedicated identity application that
is scheme agnostic and highly secure. Stakeholders can then rely on all the building
blocks that have been created over the years by GlobalPlatform for the banking and
telecoms industries to store identities or keys in a format that has desirable security
There are many aspects to this, however, therefore I recommend interested parties
read our Mobile ID White Paper ‘Realization of Mobile Identity Solutions by GlobalPlatform
Technologies’. The paper focuses on mobile, however, it also provides broader
information about how GlobalPlatform technologies can be used in the identity space.
4. The ITF charter has grown since its original focus on the Government
sector to now include identity use cases in the enterprise and consumer space as well.
Under the new charter, has the focus on the Government sector expanded and, if so,
Yes it has. This reflects current changes in technology. As consumers increasingly
use mobile devices to make their daily lives easier, governments too are interested in
offering more choices in the way they manage and deliver services on those devices.
Governments want to offer these services without sacrificing security and hence need
strong identities to secure them.
Also, GlobalPlatform is working with government agencies to determine how we can
leverage GlobalPlatform secure components interacting with the mobile device. At
present, we are focusing on Bluetooth Smart (also known as Bluetooth Low Energy), as
an ubiquitous proximity technology for mobile devices to communicate with each other.
We are therefore working to see if there is a way to satisfy the stringent security
requirements of governments, maybe with a dedicated Bluetooth identity device or by
leveraging GlobalPlatform technologies over this new protocol.
5. The ITF has evolved from the Government Task Force (GTF), will the
new group continue to develop work items such as the Privacy Framework that were
driven by the GTF and why?
The privacy framework continues to be an area that we will work on to advance and
evolve to support the changing industry requirements.
Privacy is of upmost importance, especially in a hyper connected world full of smart
devices with multiple sensors. GlobalPlatform is uniquely positioned in that it has a set of
components, technologies and specifications that allow a secure and privacy-enabled
world to happen. More and more parties are understanding the strength of what
GlobalPlatform has to offer and are even in some instances setting the use of Secure
Component (Secure Element and / or Trusted Execution Environment) as a requirement
for privacy-sensitive smart infrastructure such as Smart Meters in Germany.
Hence GlobalPlatform believes that there is still a lot of work to be done to educate
people about its specifications and define how they can be leveraged for a more secure
privacy enabled smart world.
6. What are the next steps for the group?
Firstly we are continuing our strong engagement with governments to ensure we
understand their ever evolving requirements and agree on the areas that GlobalPlatform
should focus its activity.
The ITF will also be engaging with industry groups to develop an understanding of
identity use cases in the IoT. We will also focus on investigating the concept of derived
credentials, which allows identities derived from an existing breeder credential (e.g. an
existing electronic driver’s license or identity card) to be securely used and trusted on
7. How can members get involved?
All GlobalPlatform Members, regardless of their membership level, may sign up to
participate in the organization’s many task forces, including the Identity Task Force.
They can do this by simply joining the group via the member only website. They will
then be automatically notified of all upcoming conference calls and face-to-face
meetings being planned by the participants of that group.
To participate in GlobalPlatform's identity discussions please visit