Made Simple: How GlobalPlatform Supports the Internet-of-
What is the internet of things?
The internet of things (IoT) refers to ‘uniquely identifiable objects and
their virtual representations in an internet like structure.’ Put simply, the IoT, often
referred to as machine-to-machine (M2M) communications, refers to the increased trend
for devices to be connected to the internet. For example, many of today’s automobiles,
medical devices and home technologies contain devices that perform measurements
(sensors) that are capable of gathering information and devices that perform
measurements (actuators) capable of impacting the physical world. Specific examples
- Smart meters that measure utility consumption
- Control and monitoring systems in utility networks (gas, water, electricity, etc.)
- Industrial metering appliances that measure physical and chemical quantities
- Building and home automation systems that measure and control indoor
- Asset and cargo tracking systems
- Medical sensors for remote diagnostics
- Weather and traffic monitoring
- Vending machines
As the number of these connected devices increases, it will be possible to deliver
entirely new services to consumers.
What are the security concerns for the IoT?
As IoT devices are often used in the context of critical infrastructure or potentially
dangerous systems, such as transportation systems and medical devices with
associated security issues, the concerns about security and privacy for the IoT are
The specific privacy issues stem from the fact that the technology is interacting
with the physical world around us and can therefore potentially expose private data and /
or impact the world we live in. Unattended devices, such as electricity meters, that can
broadcast personal data without our awareness, are in particular need of protection from
Just as consumers will want to ensure that their personal and usage data are not
misused; stakeholders – including device manufacturers, service providers, service
subscribers, network providers and others – will want to ensure that their data is
protected and that services are securely delivered.
What key principles must be addressed for the IoT to be successful?
GlobalPlatform identifies several important principles that must be addressed if the
IoT market is to fully evolve:
- IoT devices must support a multi-actor environment that allows for different
security and access settings for each stakeholder.
- Each service provider should be able to remotely manage its own security
parameters or appoint an authorized party to act on its behalf.
- It must be possible to add services or service providers to a device after it is
deployed in the field; similarly, a service subscriber must be able to change service
- Critically, all security measures must be sufficiently robust and flexible to
support a device’s deployed lifetime, which in some instances may exceed twenty
How can GlobalPlatform Specifications help?
GlobalPlatform’s prospective role in the IoT standardization landscape is as a
provider of open standard technical specifications that improve the interoperability and
security of these connected devices. GlobalPlatform Specifications offer several features
that, if properly leveraged, address the privacy and security concerns in the IoT market:
- The Secure
Element (SE), a separate chip hardened against physical and logical attacks, enables
secure hosting of applications for various stakeholders. GlobalPlatform conservatively
estimates that a total of 17.7 billion SEs based on GlobalPlatform Specifications were
deployed between 2010 and 2015. Additionally, GlobalPlatform’s latest initiative with the
GSMA to standardize remote provisioning of profiles to embedded SEs supports the
expansion of the M2M ecosystem through cost savings, operational flexibility and
- The security domain (SD) stores cryptographic content for a stakeholder on the SE
and provides mechanisms to manage such content and establish secure communications
with external entities.
- The Trusted Execution
Environment (TEE) is a secure area residing on a mobile device that ensures that
sensitive data is safely stored, processed, and protected in an isolated, trusted
environment on that device.
- The Root of Trust (RoT) can be leveraged to offer trusted services to the device
operating system. It can also act as a trust anchor for applications by providing a secure
environment to implement applications for specific business requirements.
The association has published a white paper, which examines how GlobalPlatform
Specifications can address the key privacy and security concerns for the deployment of
IoT and M2M devices.
The white paper, entitled: ‘Leveraging GlobalPlatform
to Improve Security and Privacy in the Internet of Things’will be of
particular value to professionals in industries such as healthcare, automotive,
wearable devices and energy, that are interested in the use of embedded technologies
for new forms of secure communication and data transmission. The document offers use
cases for these markets, introducing the function of IoT devices and explains how
vulnerabilities in security and privacy can be resolved.
What are the next steps?
As the IoT is still in its relative infancy, the existing proprietary solutions are
sufficient for today’s environment. As the number of devices grows however, so does
the number of security and privacy concerns, which could present a real danger to the
general public and critical infrastructures.
Open standards are necessary to ensure interoperability between the connected
devices as the IoT develops and as a means of ensuring that these devices are as secure
as possible. GlobalPlatform will continue to evaluate its existing specifications and
engage industry participants to ensure that the needs of the IoT market are met.
To drive this activity, GlobalPlatform has established a dedicated Internet of Things
Task Force. The task force, which is open to all members of GlobalPlatform, convenes to
discuss new business requirements for network-capable objects and to identify how
GlobalPlatform technology can progress to meet these advancements. The association is
also soliciting feedback from the industry on how it can best contribute to the IoT
market. All comments or questions can be submitted to firstname.lastname@example.org.
To find out more about the IoT, including use cases which define the role of
GlobalPlatform Specifications, read the ‘Leveraging GlobalPlatform to Improve Security and Privacy in the Internet-of-