GlobalPlatform made simple guide: Amendment A - Confidential Card Content
What does GlobalPlatform Card
Specification v2.2 Amendment A do?
As more and more secure applications are loaded, personalized and managed on mobile
devices to deliver convenient services to end-users, it is important that a service
provider (such as a bank, transit operator or government body) can securely manage and
take responsibility for its applications. This ensures that the service provider retains
accountability for the sensitive information and the responsibility for managing the
Prior to the release of Amendment A, the service provider had to rely on a Secure Element (SE) issuer
– such as a SIM/UICC managed by a mobile network operator (MNO) – and its
infrastructure for loading, personalizing and managing the secure keys and application.
Alternatively, to get full independence, the service provider would have needed to invest
in an infrastructure that reached the SE (such as SIM-over-the-air (OTA) platform,
open-air-interface (OAI) platform or electronic funds at point-of-sale (EFT/POS)
infrastructure) which can be highly expensive if the deployment is implemented across
Amendment A provides an alternative solution. It enables the service provider to
confidentially and independently manage their application on a GlobalPlatform compliant
secure chip remotely – while using a third party's infrastructure.
Also, this amendment offers a new mechanism to load primary keys into the secure
area (security domain) of the service provider. This confidential key loading uses a third
party actor that ensures separation between the service provider and the infrastructure
How does the technology work?
The technical document explains how a SE issuer can create 'space' in the SE – which
might be a SIM/UICC, micro SD or embedded SE – for a service provider and then
authorize them to control this area.
The service provider can use a third party actor to confidentially load its first keys
and take ownership of the recently created area. After using a third party network, the
service provider will be able to confidentially install and personalize applications
securely. The technology has been designed to ease the reuse of the management
scripts regardless of the remote network used.
Who benefits from this technology?
As a cross industry specifications body, GlobalPlatform developed the technology to be
transferable across any market where multiple service providers require control of their
application but are operating without the necessary industry infrastructure.
It therefore significantly benefits:
- Service providers such as banks / payment providers or transit
operators wanting to deliver mobile services including payments and e-tickets exclusive
of a mobile infrastructure.
- SE issuers, for example MNOs, which need to
establish a neutral infrastructure capable of allowing approved service providers to
manage their applications OTA on an end-user's UICC, micro SD or embedded SE.
- And finally, trusted service managers (TSMs), which are
independent and trusted third parties that facilitate the provisioning and secure
management of mobile contactless services for various service providers across
different SE form factors.
Why is GlobalPlatform promoting Amendment A so assertively?
GlobalPlatform works with the industry to understand its long-term secure application
management needs. Amendment A to Card Specification v2.2 is built on a GlobalPlatform
framework for card content management that is already available, proven and deployed
and therefore provides a simple solution for service providers deploying applications on
smart cards to transition to mobile services. GlobalPlatform is actively promoting
Amendment A to help reduce development time and cost for service providers.
The implementation of this amendment with the extended flexibility to manage OTA
SEs, offers greater security with new scenarios thanks to third party services for key
GlobalPlatform Card Specification v2.2 Amendment A – Confidential Card
Content Management was created in close collaboration with GSMA and the European
Telecommunications Standardisation Institute (ETSI). The technical document is available
royalty-free from www.globalplatform.org.