GlobalPlatform

Last updated

GlobalPlatform is a not-for-profit technical standards organization and certification body that provides standards and certifications for trusted digital services. [1] GlobalPlatform has been the main standardization body for Trusted Execution Environments from 2012 onwards. [2] GlobalPlatform also manages certification programs for secure component technologies. [3]

Contents

Overview

GlobalPlatform was initially founded to help overcome payment challenges with ID-entabled smart cards, as proprietary implementations were restricting innovation. GlobalPlatform standardized the development, deployment, and management of applications on Secure Elements (SE) including SIMs, embedded SEs, and integrated SEs. [4] [5] This included Trusted Execution Environments (TEE). [6] It has since launched a number of security-related standards and certifications, such as Trusted Platform Services. [7]

In 2019, GlobalPlatform IoTopia initiative, a range of Internet of Things security protocols. [8] [9] The Security Evaluation Standard for IoT Platforms (SESIP) is a methodology for IoT device makers. [10]

Technologies

Secure Element - GlobalPlatform standardizes a range of stand-alone, embedded, and integrated SE and secure microcontroller (MCU) technologies. [11]

Trusted execution environment - It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. [12]

Trusted Platform Services (TPS) APIs – simplifying device and application security by easing access to secure services and attestation mechanisms offered by Roots of Trust embedded in secure components and devices. [7]

SESIP

The Security Evaluation Standard for IoT Platforms (SESIP) methodology enables device makers and certification bodies to manage their own IoT device certification schemes while optimizing certification reuse. [10]

GlobalPlatform also supports IoT device makers and certification bodies to adopt the Security Evaluation Standard for IoT Platforms (SESIP) Methodology. Methodology enables multiple IoT ecosystems to establish their own IoT device security certification schemes, allow recognition of evaluation results across IoT markets, and the onboarding of experienced labs to those SESIP-based schemes. [10]

Related Research Articles

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification. It is currently in version 3.1 revision 5.

ARM is a family of reduced instruction set computer (RISC) architectures for computer processors, configured for various environments. Arm Ltd. develops the architecture and licenses it to other companies, who design their own products that implement one or more of those architectures, including system on a chip (SoC) and system on module (SoM) designs, that incorporate different components such as memory, interfaces, and radios. It also designs cores that implement these instruction set architectures and licenses these designs to many companies that incorporate those core designs into their own products.

Near-field communication Radio communication established between devices by bringing them into proximity

Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection through a simple setup that can be used to bootstrap more-capable wireless connections.

Verifone is an American multinational corporation headquartered in Coral Springs, Florida, that provides technology for electronic payment transactions and value-added services at the point-of-sale. Verifone sells merchant-operated, consumer-facing and self-service payment systems to the financial, retail, hospitality, petroleum, government and healthcare industries. The company's products consist of POS electronic payment devices that run its own operating systems, security and encryption software, and certified payment software, and that are designed for both consumer-facing and unattended environments.

Trusted Platform Module Standard for secure cryptoprocessors

Trusted Platform Module is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard.

IT security standards Technology standards and techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization

IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

EEMBC, the Embedded Microprocessor Benchmark Consortium, is a non-profit, member-funded organization formed in 1997, focused on the creation of standard benchmarks for the hardware and software used in embedded systems. The goal of its members is to make EEMBC benchmarks an industry standard for evaluating the capabilities of embedded processors, compilers, and the associated embedded system implementations, according to objective, clearly defined, application-based criteria. EEMBC members may contribute to the development of benchmarks, vote at various stages before public distribution, and accelerate testing of their platforms through early access to benchmarks and associated specifications.

PikeOS

PikeOS is a commercial, hard real-time operating system (RTOS) that offers a separation kernel based hypervisor with multiple logical partition types for many other operating systems (OS), each called a GuestOS, and applications. It enables users to build certifiable smart devices for the Internet of things (IoT) according to the high quality, safety and security standards of different industries. For safety and security critical real-time applications on controller-based systems without memory management unit (MMU) but with memory protection unit (MPU) PikeOS for MPU is available.

The Internet of things (IoT) describes physical objects that are embedded with sensors, processing ability, software, and other technologies that connect and exchange data with other devices and systems over the Internet or other communications networks.

GlobalSign is a WebTrust-certified certificate authority (CAs) and provider of Identity Services. As of January 2015, Globalsign was the 4th largest certificate authority in the world according to the Netcraft survey.

Silicon Labs Global technology company

Silicon Laboratories, Inc. is a fabless global technology company that designs and manufactures semiconductors, other silicon devices and software, which it sells to electronics design engineers and manufacturers in Internet of Things (IoT) infrastructure worldwide.

Linaro

Linaro is an engineering organization that works on free and open-source software such as the Linux kernel, the GNU Compiler Collection (GCC), power management, graphics and multimedia interfaces for the ARM family of instruction sets and implementations thereof as well as for the Heterogeneous System Architecture (HSA). The company provides a collaborative engineering forum for companies to share engineering resource and funding to solve common problems on ARM software.

A trusted service manager (TSM) is a role in a near field communication ecosystem. It acts as a neutral broker that sets up business agreements and technical connections with mobile network operators, phone manufacturers or other entities controlling the secure element on mobile phones. The trusted service manager enables service providers to distribute and manage their contactless applications remotely by allowing access to the secure element in NFC-enabled handsets.

CISC Semiconductor GmbH defines itself as “design and consulting service company for industries developing embedded microelectronic systems with extremely short Time-To-Market cycles.” The company started in 1999, working on solutions for the semiconductor industry, but soon expanded its field towards the automotive branch and further extended business towards the radio frequency technology (RFID) sector in 2003. Since then, CISC gained significant experience and expertise in RFID, developing an own business segment and highly sensitive measurement equipment to test and verify RFID systems for different industries. Representatives of CISC Semiconductor are actively working on and contributing to worldwide standardization of future technologies like RFID, in different standardization organizations. This effort brings CISC into the position of being a leader in research and development, and thus being able to be “one step ahead of innovation”. As of 2011 CISC Semiconductor is in a globally leading standardization position for RFID testing by providing the convener of ISO/IEC JTC1 WG4/SG6 on “RFID performance and conformance test methods“, as well as GS1 EPCglobal co-chairs for performance and conformance tests.

CIPURSE is an open security standard for transit fare collection systems. It makes use of smart card technologies and additional security measures.

Samsung Knox is a proprietary security and management framework pre-installed on most Samsung mobile devices. Its primary purpose is to provide organizations with a toolset for managing work devices, such as employee mobile phones or interactive kiosks. Knox provides more granular control over the standard work profile to manage capabilities found only on Samsung devices.

A trusted execution environment (TEE) is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).

Enhanced Privacy ID (EPID) is Intel Corporation's recommended algorithm for attestation of a trusted system while preserving privacy. It has been incorporated in several Intel chipsets since 2008 and Intel processors since 2011. At RSAC 2016 Intel disclosed that it has shipped over 2.4B EPID keys since 2008. EPID complies with international standards ISO/IEC 20008 / 20009, and the Trusted Computing Group (TCG) TPM 2.0 for authentication. Intel contributed EPID intellectual property to ISO/IEC under RAND-Z terms. Intel is recommending that EPID become the standard across the industry for use in authentication of devices in the Internet of Things (IoT) and in December 2014 announced that it was licensing the technology to third-party chip makers to broadly enable its use.

WebUSB is a JavaScript application programming interface (API) specification for securely providing access to USB devices from web pages.

PSA Certified

PSA Certified is a security certification scheme for Internet of Things (IoT) hardware, software and devices. It was created by seven stakeholder companies as part of a global partnership. The security scheme was created by Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure, TrustCB and UL.

References

  1. "GlobalPlatform Evolves TEE Security Certification to Simplify Creation of Secure Devices". Electronic Engineering Journal. May 18, 2021.
  2. Kincaid, Jason (February 15, 2010). "The Wholesale Applications Community Sounds Like a Disaster in the Making". TechCrunch.
  3. Manners, David (May 19, 2021). "GlobalPlatform expands Trusted Execution Environment". Electronics Weekly.
  4. Tarnovich, Steve (March 15, 2015). "ams and ST team up to secure NFC mobile payments". EDN.
  5. Merian, Lucas. "Dual-identity smartphones could bridge BYOD private, corporate divide". Computerworld.
  6. "GlobalPlatform launches Trusted Execution Environment client API specification". Finextra. July 26, 2010.
  7. 1 2 "安全認證為後疫情時代把關IoT裝置安全". EE Times. August 29, 2019.
  8. Turley, Jim (March 24, 2020). "Setting Sensible Standards for IoT". Electronic Engineering Journal.
  9. "Landmark IoT Security Summit Gathers Industry Cybersecurity Experts and Leaders to Build Cross-Sector Guidelines for Securing Connected Devices". Associated Press. March 21, 2019.
  10. 1 2 3 Dehad, Nitin. "Crypto Quantique Opens IoT Security Platform to Multiple RoTs". EE Times.
  11. Tarnovich, Steve (March 15, 2015). "ams and ST team up to secure NFC mobile payments". EDN.
  12. "Trusted Execution Environment, millions of users have one, do you have yours?". Poulpita. 2014-02-18. Archived from the original on 2021-01-27. Retrieved 2017-05-17.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.