Innovation and Evangelisation, research and develop strategic program management, operational and financial plans, emerging technologies, ecosystems awareness, work in international and multicultural environment, software development team management, product marketing definition, standardisation works, production systems optimisation, leadership and mentoring.
GlobalPlatform, the provider for secure digital services and devices, RISC-V International, a global non-profit consortium, announce the signing of a memorandum of understanding (MoU). Collaboration between the two organisations will help accelerate the development of open standards for the hardware design of embedded components in connected devices for the Internet of Things (IoT). This includes processors embedded with Trusted Execution Environment (TEEs), which are witnessing significant growth. In 2019, GlobalPlatform reported a 50 percent year-on-year increase in the number of GlobalPlatform-compliant TEEs being shipped. Aligning specifications and exchanging information on known hardware vulnerabilities and the required functionalities to overcome them, will enable GlobalPlatform and RISC-V to update each organisation’s their respective technical documents and frameworks to address the evolving security needs of the IoT ecosystem. Short to mid-term examples are expected to include a focus on application programming interfaces (APIs) for the TEE, as well as microcontroller (MCU) protection profiles and the appropriate security extensions. Leap forward in enabling secure hardware development “A key objective of RISC-V is to bring the industry together and enable a new era of collaborative, open source hardware development,” says Calista Redmond, CEO of RISC-V International. “Bringing the major open source hardware and security standardisation organisations together represents a sizable leap forward in enabling secure hardware development. We look forward to working with GlobalPlatform to bring real benefits to the ecosystem.” Secure components that deliver multiple security and privacy benefits Gil Bernabeu, Technical Director at GlobalPlatform, adds, “GlobalPlatform has established strong collaborative relationships with key industry partners across the world and we are pleased to count RISC-V among them.” “Standardised hardware security provides a trusted platform for innovation. Secure components that deliver multiple security and privacy benefits are increasingly being used for more advanced IoT use cases, like healthtech, connected cars and homes, and Industry 4.0. As the IoT ecosystem expands, we look forward to working with RISC-V to align our technical documents and meet the needs of device makers, enabling innovative, secure solutions to be more quickly and cost effectively brought to market.” GlobalPlatform and RISC-V International RISC-V International was founded to build an open, collaborative community of software and hardware innovators based on the RISC-V instruction set architecture (ISA). RISC-V International, a non-profit organisation controlled by its members, directs the future development and drives the adoption of the RISC-V ISA. Members of RISC-V have access to and participate in the development of the RISC-V ISA specification and extensions as well as related hardware and software. GlobalPlatform has accelerated its work to standardise the design, certification, deployment and management of IoT devices in recent years. Its existing work to standardise and certify secure components, alongside APIs to secure devices from the root of trust to the cloud, has been built upon with the announcement of recent new initiatives. In October the organisation unveiled IoTopia, a framework to better secure and manage IoT devices, and more recently GlobalPlatform announced its support for Security Evaluation Standard for IoT Platforms (SESIP) methodology.
GlobalPlatform, the standard for secure digital services and devices, announces it will help device makers and certification bodies adopt the Security Evaluation Standard for IoT Platforms (SESIP) methodology. This work will bring consistency and trust to the IoT device security certification process, reducing complexity, costs and time to market for IoT stakeholders. An estimated 75.44 billion IoT products will be in the marketplace by 2025. These products are made up of multiple components, which are developed by multiple players, many of which are new to security. Managing security certification schemes SESIP addresses the scale and complexity of the IoT ecosystem with an optimised approach to security evaluation that is designed specifically for the IoT platforms and platform parts on which these products are based. With extensive experience in establishing and managing security certification schemes, GlobalPlatform will support certification bodies in setting up certification schemes based on the SESIP methodology and align them with laboratories to drive consistency in product evaluations and certifications across the IoT ecosystem. Device makers can work with GlobalPlatform to enhance the security of their devices and ensure readiness to achieve certification in line with any schemes using SESIP. Delivering an effective solution The methodology will standardise security certification for the IoT sector" “The volume and complexity of IoT products combined with varying regulations and certification frameworks make it challenging for IoT stakeholders to validate the security of their products in a cost-efficient way,” comments Kevin Gillick, Executive Director of GlobalPlatform. “As part of GlobalPlatform’s work to bring greater trust to the IoT ecosystem, we are pleased to support the implementation of SESIP. The methodology will standardise security certification for the IoT sector and give device makers and solution vendors the ability to demonstrate alignment with market requirements, use cases and regulations in an optimised way.” “SESIP addresses the compliance, security, privacy and scalability complexities of the IoT ecosystem with an evaluation approach that is mappable to other methodologies, reusable across IoT platforms and adaptable to the evolving needs of the IoT environment. This makes it an ideal foundation to deliver an effective solution for IoT device certification,” adds GlobalPlatform Technical Director, Gil Bernabeu.
GlobalPlatform, the standard for secure digital services and devices, publishes a new specification that simplifies the communication between embedded Secure Elements (eSEs) and connected devices. The specification now supports the serial communication interfaces – Serial Peripheral Interface (SPI) and Inter-Integrated Circuit (I2C) – that are widely deployed in smartphones, wearables and other internet of things (IoT) devices. Biometrics matching on SE The standardisation of the communication between eSEs and devices brings interoperability and flexibility to device manufacturers, comments Gil Bernabeu, Technical Director of GlobalPlatform: “The growing use of embedded SEs is driving usage of physical interfaces such as SPI or I2C. The APDU Transport spec helps device manufacturers to configure the device’s internal communication bus in advance, embed SEs into connected devices and optimise usage of their chosen protocols. This work will help to use eSE powered secure services to create more secure devices across all sectors globally.” The specification allows the transfer of commands between the device and eSE. This enables eSEs to offer additional value and uses cases to devices, such as device attestation, secure storage, biometrics matching on SE, and many more. It also supports the update of the secure services at any point in a device’s life cycle.
GlobalPlatform, the standard for secure digital services and devices, alongside prime sponsor Oracle and supporting sponsors STMicroelectronics and Able Device, is hosting a free technical workshop in Nuremberg on Thursday February 27, 2020. The full day workshop will educate delegates on the value of Secure Elements (SEs) to secure and enrich the deployment of Internet of Things (IoT) devices. Workshop on Secure Elements (SE) The workshop offers project managers, security experts, product suppliers, technical consultants, developers and systems integrators an opportunity to gain insight into why SEs can add value to IoT devices and how they can be quickly and cost effectively integrated to offer Root of Trust services. Beginning with an overview of the SE itself and the latest SE technologies for IoT, the workshop will be focused on use cases and demonstrations which expose key IoT security and implementation challenges and how the SE can be used to solve them. Integration of connected devices into our everyday lives emphasizes the need for standardised security platforms" “The increasing integration of connected devices into our everyday lives emphasizes the need for standardised security platforms on which innovation can thrive,” comments GlobalPlatform Executive Director Kevin Gillick. “The free technical workshop is an unparalleled opportunity for anyone involved in the deployment and management of IoT devices. Delegates will gain first-hand insight into the technologies themselves and be exposed to real use cases for how the SE can solve IoT security implementation challenges for any device.” SE technology and use in IoT devices The workshop will be presented by GlobalPlatform Technical Director, Gil Bernabeu, alongside Oracle’s Senior Director of Java card, Calinel Pasteanu. The opening two sessions will include an introduction to SE technology and its uses in IoT. Oracle will offer an in-depth overview of how Java Card technology, as an open and standards-based application engine, delivers security and connectivity services to suppliers of IoT devices and solutions. The final session will focus on use cases for multi-cloud authentication and secure communication using Java Card, onboarding technologies, attestation and chip to cloud data protection. For many of these cases, a demonstration and / or source code explanation will be shared. The workshop is scheduled at a time and location that will be convenient for those attending Embedded World.
GlobalPlatform, the standard for secure digital services and devices, has published the world’s first open specifications to facilitate the standardisation of integrated secure elements. Chip, device and firmware developers now have a standardised way to load and manage firmware – combining the secure operating system (OS), applications and data – in a secure and isolated area of a device’s System on Chip (SoC). Existing Secure Elements (SEs) – such as SIMs, smart cards, smart microSDs and USB tokens – are stand-alone tamper-resistant hardware platforms, developed as different form factors for different use cases. They are capable of securely hosting multiple applications and their confidential and cryptographic data, addressing the requirements of different business implementations and market needs. The ability to integrate a tamper-resistant hardware platform in a SoC offers a new universal form factor to host and execute secure digital services, while supporting the high level of security and tamper-resistance achieved by today’s Secure Elements. Standardised mechanism to re-load data Integration of a tamper-resistant platform is a recent feature of SoC technology, which brings new opportunities and challenges"“Integration of a tamper-resistant platform is a recent feature of SoC technology, which brings new opportunities and challenges,” comments Gil Bernabeu, Technical Director at GlobalPlatform. “For example, with these new SoCs, data in the secure memory may not remain when the device is switched off, so a standardised mechanism is needed to securely re-load the sensitive data when the device restarts. In parallel, the tamper-resistant platform in a SoC must meet the required security levels and offer the same security services as today’s SEs to provide standardised services to service providers.” To overcome these challenges, GlobalPlatform has published two freely-available documents: Open Firmware Loader (OFL) – standardises how firmware can be loaded and managed in the tamper-resistant hardware platform. Virtual Primary Platform (VPP) – defines the security services running on the tamper-resistant platform, called a Virtual Primary Platform (VPP). The VPP creates a standardised ‘virtual’ version of the hardware platform that allows developers to build secure solutions and deploy them across variety of products. Offering high level of protection GlobalPlatform has decades of experience in standardising the functionality and security of OSs to offer interoperability and a high level of protection"“The market came to us because of our long history of SE and application management,” adds Kevin Gillick, Executive Director at GlobalPlatform. “GlobalPlatform has decades of experience in standardising the functionality and security of OSs to offer interoperability and a high level of protection. “To achieve a similar level of security for integrated secure elements as that offered by existing Secure Elements, we have relied on the expertise and contributions of our members and are now engaging with other industry bodies such as ETSI for deployment in the telecommunication industry as an evolution of SIM cards. “We believe that this technology will bring value to both manufacturers and service providers, creating new opportunities for device connectivity like 5G and NB-IoT, device design and secure service management.”
GlobalPlatform, the standard for secure digital services and devices, has reported a 25 percent increase in the number of Trusted Execution Environment (TEE)-enabled processors being shipped quarterly, year-on-year. At this rate, it is expected some 10 billion devices will feature TEE-enabled processors by the end of 2018. “The TEE is not a new concept, and standardisation of the technology has been driven by our organisation to support mass market deployment,” explains GlobalPlatform’s Technical Director, Gil Bernabeu. “The fragmentation caused by the deployment of proprietary TEEs makes life hard for app and service developers as they need to launch and maintain multiple versions of their apps and evaluate the security of each TEE platform. “This is resource intensive and unsustainable. Our specifications and certification program give device manufacturers a standardised way to embed security that meets the needs of service providers; app developers assurance that services will be protected from attacks; and end users confidence that their data is safe.” Balancing user experience with security The TEE isolates trusted applications, keeping them away from any malware in the device OS and separate from other apps stored in the TEEEnterprise IT environments, delivery of premium multimedia content, mobile payments, the internet of things, enterprise and government identification programs and more seek to balance user experience with security. The TEE isolates trusted applications, keeping them away from any malware in the device OS and separate from other apps stored in the TEE. Because of this, the TEE is an essential environment within all devices as the secure services market evolves. By 2025, the installed base of IoT devices will be over 75.4B devices. GlobalPlatform technology is implemented across a wide range of markets globally, including payments, telecoms, transportation, automotive, smart cities, smart home, utilities, healthcare, premium content, government, and enterprise ID. Protected devices include connected cars, set top boxes, smartphones, tablets, wearables, and other IoT devices. To enable device manufacturers to proactively market their products as meeting the needs of digital service providers, GlobalPlatform manages functional and security certification programs for TEEs. These objectively illustrate that a device manufacturer’s GlobalPlatform-based secure component and digital service management capabilities are interoperable and meet required security levels, providing reassurance that it will protect digital services and enable them to perform as intended in the field. Ensuring appropriate level of security Device manufacturers and service providers must work together to ensure suitable security is the foundation of end-user services"“Device manufacturers and service providers must work together to ensure suitable security is the foundation of end-user services,” adds Kevin Gillick, Executive Director of GlobalPlatform. “GlobalPlatform technology empowers stakeholders to interact seamlessly when deploying digital services, regardless of industry, sector or device type. This resulting collaboration makes mass marketing of digital services possible, while ensuring the appropriate level of security and supporting privacy requirements.” Last month, GlobalPlatform announced it had conservatively calculated that more than 5.5 billion Secure Elements (SEs) deployed in 2017 were based on its specifications, an increase of over 1.5 billion from the previous year. Additionally, over the last three years, in excess of 1 billion SEs were embedded within mobile devices, 100% of which were based on GlobalPlatform technology.
GlobalPlatform, the standard for secure digital services and devices, has released version 2.3.1 of its Card/Secure Element (SE) Specification. The release supports the latest extensions of GlobalPlatform technology following widespread deployments in consumer and machine-to-machine (M2M) devices. 100% of the 1 billion SEs embedded in smartphones in the last three years are GlobalPlatform-certified and more than 5.5 billion GlobalPlatform-certified SEs were produced in 2017. Amendment I – the SE Management Service – and an extension to Amendment F – the Secure Channel Protocol 11 – enable important changes to the deployment of applications and digital services to SEs. Reducing service provider’s server load These amendments allow service providers to create and load a single package into an app store for multiple end-users to download"“Secure apps and services now need to be provisioned to thousands, if not millions of SEs,” comments Gil Bernabeu, Technical Director of GlobalPlatform. “Previously, service providers have connected to each SE to perform functions like the installation of a security domain, or to load and personalise applets. This can take time and requires a constant connection." “These amendments allow service providers to create and load a single package into an app store for multiple end-users to download. This not only simplifies life for service providers and reduces load on their servers, it makes secure apps more readily available to end-users.” Simplified secure applet updates Amendment H – the Executable Load File Upgrade simplifies and streamlines the process of updating personalised applets on a SE. The traditional approach requires the old software to be deleted before the new one can be installed and re-personalised. Amendment H securely stores the personalised information and installs the new program code before automatically re-personalising the applet. Amendment H – the Executable Load File Upgrade simplifies and streamlines the process of updating personalised applets on a SE “The adoption and deployment of specifications in the real-world bring opportunities into focus and these enhancements bring a range of benefits to device makers, service providers and end-users. Much of this work enables the ecosystem to interact and collaborate more efficiently when deploying and managing digital services, regardless of the device type or use case. And all of this is achieved while maintaining security and privacy,” adds Gil. GlobalPlatform’s next priority will be the publication of its Secure Element Configuration for Authentication Devices to simplify the deployment of SEs within tailormade authentication devices and peripherals.
GlobalPlatform, the standard for secure digital services and devices, publishes a configuration that simplifies the implementation of Secure Element (SE) specifications for the protection of internet of things (IoT) devices. “At the moment some of the IoT sector are not taking security seriously enough,” explains Gil Bernabeu, Technical Director, GlobalPlatform. “Recent attacks demonstrate that any device can be attacked or infected with malware. Devices can then be used for DDoS attacks or to mine end user data, or even exploited to share their source code and other intellectual property. All of this can have significant reputational and financial impact on brands. This is why security needs to be foundational, considered at the start of the design phase.” Secure digital services The GlobalPlatform Compact IoT Configuration v1.0 answers IoT-specific market requirements by giving service providers and device manufacturers the means to interact seamlessly when deploying secure digital services across constrained IoT devices. The use of standardised secure components makes the mass marketing of secure digital services possible, while bringing time and cost efficiencies to stakeholders within the ecosystem and enabling new business models. SEs can form the keystone for constrained IoT devices - balancing the flexibility of GlobalPlatform specifications, that cover a range of connectivity options including LoRaWAN and HTTPS, with the restrictions of low-end IoT devices using m-class processors. The configuration supports root of trust (RoT) device identity, the protection of critical assets, state-of-the-art AES cryptography for device management This entry-level configuration enables manufacturers to identify the best solution for devices with limited operating environments by providing the subset of specifications that they need to develop and deploy IoT devices and services. The configuration supports root of trust (RoT) device identity, the protection of critical assets, state-of-the-art AES cryptography for device management and authentication, allowing automatic enrolment to online cloud services. Publish new interfaces 100% of SEs embedded in mobile devices are GlobalPlatform compliant. This shows that the SE configuration is perfectly fit-for-purpose for the mobile world, and GlobalPlatform expects the Compact IoT Configuration to achieve similar market penetration. “The next step for GlobalPlatform is to publish new interfaces that connect the SE to the rest of the platform and support the latest industry protocols” Gil continues. “This, along with a new standard for connecting embedded SEs to the device bus, will further enhance the integration of SEs into IoT devices and bring greater protection for services and IP.”
GlobalPlatform, the standard for secure digital services and devices, has published two configurations to simplify and expedite the implementation of its Trusted Execution Environment Management Framework (TMF). The configurations offer guidance on the specific parts of the framework that need to be implemented to remotely manage Trusted Execution Environments (TEEs) and their trusted applications (TAs) on particular device types. “The original TMF specification is extensive, covering a wide range of use cases and business models, from basic IoT devices to rich-featured devices like smartphones,” comments Gil Bernabeu, Technical Director of GlobalPlatform. “To help manufacturers of IoT devices - like automotive equipment, gateways, and industrial devices and appliances - we have developed two configurations to define a minimum subset of remote functions that allow a consistent level of management. This will dramatically reduce the time needed to implement TEE application management on those devices.” Single purpose and rich-featured IoT devices The configurations and framework will be used by service providers, application developers, device manufacturers and TEE implementers The two configurations address the needs of different use cases: Single purpose IoT devices that fulfil simple use cases like sensors for smart homes, buildings and cities. They are often controlled by a single entity, manage a single application and contain one security domain and therefore need fewer management commands. Rich-featured IoT devices like gateways, automotive in-vehicle infotainment (IVI) systems and smartphones. They require a richer management framework, that enables numerous service providers’ applications to be isolated within their own security domains in the same TEE. The configurations and framework will be used by service providers, application developers, device manufacturers and TEE implementers. They enable TEE users to securely install, update and personalise trusted applications on a TEE once it is active, providing clear and practical direction into the management requirements of trusted applications. Better clarity and stability to on-device security The ongoing standardisation of TEE management brings significant value and flexibility to those providing trusted services on connected devices" “The ongoing standardisation of TEE management brings significant value and flexibility to those providing trusted services on connected devices. This work is bringing greater interoperability to the management of trusted applications across devices, streamlining deployments and bringing greater clarity and stability to on-device security. With the IoT world developing at pace, these configurations will be invaluable to the deployment of foundational security without impacting the pace of innovation,” adds Gil. GlobalPlatform will examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), and also delve into their associated business and technical use cases to explore more deeply the need for security in the connected world at their 6th annual seminar on September 19 in Beijing, China.