GlobalPlatform, the standard for secure digital services and devices, announces it will help device makers and certification bodies adopt the Security Evaluation Standard for IoT Platforms (SESIP) methodology. This work will bring consistency and trust to the IoT device security certification process, reducing complexity, costs and time to market for IoT stakeholders. An estimated 75.44 billion IoT products will be in the marketplace by 2025. These products are made up of multiple components, which are developed by multiple players, many of which are new to security. Managing security certification schemes SESIP addresses the scale and complexity of the IoT ecosystem with an optimised approach to security evaluation that is designed specifically for the IoT platforms and platform parts on which these products are based. With extensive experience in establishing and managing security certification schemes, GlobalPlatform will support certification bodies in setting up certification schemes based on the SESIP methodology and align them with laboratories to drive consistency in product evaluations and certifications across the IoT ecosystem. Device makers can work with GlobalPlatform to enhance the security of their devices and ensure readiness to achieve certification in line with any schemes using SESIP. Delivering an effective solution The methodology will standardise security certification for the IoT sector" “The volume and complexity of IoT products combined with varying regulations and certification frameworks make it challenging for IoT stakeholders to validate the security of their products in a cost-efficient way,” comments Kevin Gillick, Executive Director of GlobalPlatform. “As part of GlobalPlatform’s work to bring greater trust to the IoT ecosystem, we are pleased to support the implementation of SESIP. The methodology will standardise security certification for the IoT sector and give device makers and solution vendors the ability to demonstrate alignment with market requirements, use cases and regulations in an optimised way.” “SESIP addresses the compliance, security, privacy and scalability complexities of the IoT ecosystem with an evaluation approach that is mappable to other methodologies, reusable across IoT platforms and adaptable to the evolving needs of the IoT environment. This makes it an ideal foundation to deliver an effective solution for IoT device certification,” adds GlobalPlatform Technical Director, Gil Bernabeu.
GlobalPlatform has hailed its 20th year as a strategic milestone in its mission to create collaborative and open ecosystems in which stakeholders can efficiently deliver innovative digital services, while providing greater security, privacy, simplicity and convenience for users. Kevin Gillick, Executive Director of GlobalPlatform, comments: “Twenty years ago, we set out to create an environment for experts to develop the foundations for innovative digital services and devices. Billions of GlobalPlatform-compliant Secure Elements and Trusted Execution Environments are deployed around the world, protecting devices, data and services for identity, payments, telecoms, and transportation and we are now extending this experience with a comprehensive approach to IoT device security. It is fitting that our anniversary year should be pivotal for the organisation and wider industry.” Addressing the needs of the IoT ecosystem The organisation also appointed a Strategic Director to accelerate the association’s work on IoT security Building on GlobalPlatform’s previous work to secure the internet of things (IoT), the organisation launched IoTopia in October 2019. It proposes a common framework for standardising the design, certification, deployment and management of IoT devices. IoTopia device security will be testable and meet vertical and geographical market requirements by building upon four foundational pillars: Security by Design; Device Intent; Autonomous, Scalable, Secure Device Onboarding (SDO); and Device Lifecycle Management. The organisation also appointed a Strategic Director to accelerate the association’s work on IoT security. Chris Steck, Head of Standardisation, IoT & Industries at Cisco, is providing strategic guidance to the Board of Directors on GlobalPlatform’s IoT initiatives, the security requirements of cloud and edge devices and the use of GlobalPlatform technologies to bring trust to the IoT ecosystem. Security Evaluation Standard for IoT Platforms The GlobalPlatform Board has also been monitoring the rapid growth of the secure microcontroller unit (MCU) market. With IoT device manufacturers looking for ever greater security and a range of secure component choices, GlobalPlatform has taken the decision to begin standardisation work to support the integration of greater security within IoT MCUs. GlobalPlatform will also support the IoT device security certification ecosystem with the adoption of the Security Evaluation Standard for IoT Platforms (SESIP) methodology. The objective is to build consistency across IoT certification schemes (regional or vertical) to facilitate product evaluation and certificate recognition. The organisation will share further updates on these activities later this year. 2020 Board of Directors GlobalPlatform has announced its Board of Directors for fiscal year 2020. Five seats were open and after member voting, the following candidates have each been re-elected to serve a two-year term on the GlobalPlatform Board: Rob Coombs – Arm Stéphanie El Rhomri – FIME Rémi de Fouchier – Gemalto, a Thales company Sebastian Hans – Oracle Olivier Van Nieuwenhuyze – STMicroelectronics Secure, scalable and interoperable way Nils Gerhardt of G+D Mobile Security will continue as Chairman of the Board. Rob Coombs retains his position as Vice Chairman and Stéphanie El Rhomri will continue in her role as Treasurer and Secretary. “Through the expertise and collaboration of our members, board and strategic director, our work will enable the IoT ecosystem to evolve with trust and security at its core and assure that users can manage risk in-line with their needs” adds Kevin. “Our successes wouldn’t be possible without the commitment, vision and expertise of our membership. For 20 years we have solved technical and business challenges to ensure technologies deliver value in a secure, scalable and interoperable way.”
GlobalPlatform, the standard for secure digital services and devices, alongside prime sponsor Oracle and supporting sponsors STMicroelectronics and Able Device, is hosting a free technical workshop in Nuremberg on Thursday February 27, 2020. The full day workshop will educate delegates on the value of Secure Elements (SEs) to secure and enrich the deployment of Internet of Things (IoT) devices. Workshop on Secure Elements (SE) The workshop offers project managers, security experts, product suppliers, technical consultants, developers and systems integrators an opportunity to gain insight into why SEs can add value to IoT devices and how they can be quickly and cost effectively integrated to offer Root of Trust services. Beginning with an overview of the SE itself and the latest SE technologies for IoT, the workshop will be focused on use cases and demonstrations which expose key IoT security and implementation challenges and how the SE can be used to solve them. Integration of connected devices into our everyday lives emphasizes the need for standardised security platforms" “The increasing integration of connected devices into our everyday lives emphasizes the need for standardised security platforms on which innovation can thrive,” comments GlobalPlatform Executive Director Kevin Gillick. “The free technical workshop is an unparalleled opportunity for anyone involved in the deployment and management of IoT devices. Delegates will gain first-hand insight into the technologies themselves and be exposed to real use cases for how the SE can solve IoT security implementation challenges for any device.” SE technology and use in IoT devices The workshop will be presented by GlobalPlatform Technical Director, Gil Bernabeu, alongside Oracle’s Senior Director of Java card, Calinel Pasteanu. The opening two sessions will include an introduction to SE technology and its uses in IoT. Oracle will offer an in-depth overview of how Java Card technology, as an open and standards-based application engine, delivers security and connectivity services to suppliers of IoT devices and solutions. The final session will focus on use cases for multi-cloud authentication and secure communication using Java Card, onboarding technologies, attestation and chip to cloud data protection. For many of these cases, a demonstration and / or source code explanation will be shared. The workshop is scheduled at a time and location that will be convenient for those attending Embedded World.
GlobalPlatform, the standard for secure digital services and devices, announces the launch of IoTopia, a comprehensive framework for IoT security. Building on GlobalPlatform’s previous work to secure the IoT, IoTopia proposes a common framework for standardising the design, certification, deployment and management of IoT devices. IoTopia device security will be testable and meet vertical and geographical market requirements by building upon the following four foundational pillars: Security by Design: capabilities and features that go beyond best practice and define how secure components and APIs can be used with existing secure by design standards. Device Intent: IoTopia leverages IETF’s manufacturer usage descriptions (MUD) and uniform resource identifier (URI) to effectively manage device permissions and access on networks. Autonomous, Scalable, Secure Device Onboarding (SDO): IoTopia will offer an open, standards-based secure onboarding process to streamline network administration. Device Lifecycle Management: a range of features and capabilities to manage devices throughout their entire lifecycle, including updates and maintenance to services, in line with international regulations. Standardised end-point and network security These are serious security concerns that need to be addressed to realize the market potential of IoT" “The IoT ecosystem needs to get serious about cybersecurity. Many of today’s connected objects do more than simply provide information at your fingertips – they make use of sensitive data, gather information and even impact the physical world, in many cases in critical ways,” comments Kevin Gillick, GlobalPlatform Executive Director. “In light of this, there is a need for ubiquitous and standardised end-point and network security to prevent devices from becoming an entry point into a network or a platform for attacks. These are serious security concerns that need to be addressed to realize the market potential of IoT – which is why we have launched IoTopia.” The use of proven, internationally deployed GlobalPlatform technologies to bring trust to the IoT ecosystem will also ensure that compliance with the baseline requires low to no additional costs for device makers. Flexible security blueprint “IoTopia will provide a detailed but executable framework that is standards-based, industry-wide and able to evolve as security capabilities and requirements change,” adds Russ Gyurek, GlobalPlatform IoTopia Committee Chair. This offers the flexible security blueprint that is needed for device makers to build secure devices" “Importantly, IoTopia is bringing together global and regional guidelines and requirements to help device manufacturers build products and services that satisfy regulatory mandates. This offers the flexible security blueprint that is needed for device makers to build secure devices without having to become cybersecurity companies or experts.” Security for IoT devices and services Kevin adds: “GlobalPlatform has a long history of successful standardisation and certification work, which is already adding value to the IoT ecosystem. Our membership stretches across the entire IoT value chain, perfectly placed to go beyond simply defining best practice and help the market to actually implement security for IoT devices and services.” To witness the public launch of IoTopia and hear perspectives on IoT security challenges from GSMA, NIST and ENISA, join GlobalPlatform at IoT Solutions World Congress on Wednesday, October 30th from 12:05-12:50.
Given the increasing need for internet of things (IoT) device security and trust, GlobalPlatform, the standard for secure digital services and devices, has appointed a Strategic Director with significant expertise in IoT development and deployment. Chris Steck, Head of Standardisation, IoT & Industries at Cisco, a full member of GlobalPlatform, will work to accelerate the organisation’s work on IoT security. He will provide strategic guidance to the Board of Directors on GlobalPlatform’s IoT initiatives, the security requirements of edge and fog devices, and the use of GlobalPlatform technologies to bring trust to the IoT ecosystem. Ensuring mutual awareness and cooperation GlobalPlatform has a history of successful component and device standardisation, which can benefit IoT security"Chris will also assist GlobalPlatform in its ongoing liaison activities with other IoT industry consortia, ensuring mutual awareness and cooperation on the development of open standards and an interoperable technical infrastructure for IoT devices and services. “GlobalPlatform has a long history of successful component and device standardisation, which can benefit IoT security,” comments Chris. “The problem of security is just too big for any one company to solve alone. The GlobalPlatform membership is perfectly placed to go beyond simply defining best practice and help the market to actually implement security. I look forward to collaborating with the Board, committees and task forces to further align the strategic direction of the organisation with the requirements of the IoT ecosystem.” Defining and executing strategic priorities One of Chris’s first responsibilities is to establish an initiative within the organisation to focus on IoT security and trust“The connected device landscape is expanding rapidly but many devices are not secure enough to protect against threats and attacks,” adds Kevin Gillick, Executive Director at GlobalPlatform. “Considering the sensitive nature of the data being gathered and exchanged between many connected devices, the lack of standardised security poses a significant risk. As we accelerate our work to standardise the design, certification, deployment and management of IoT devices, Chris will play a vital role in helping the Board to define and execute its strategic priorities in line with global industry requirements.” One of Chris’s first responsibilities is to establish an initiative within the organisation to focus on IoT security and trust.
GlobalPlatform, the standard for secure digital services and devices, will host free-to-attend technical workshops in Shenzhen, China on 24th and 25th September. Both workshops will focus on device security and the deployment and use of secure devices. The agendas on both days are identical and will investigate key GlobalPlatform technologies and provide participants with opportunities to interact with subject matter experts. Presentations will explore Root of Trust and secure component technologies – including Secure Element (SE) and Trusted Execution Environment (TEE) – functional and security certification, privacy, authentication, attestation and much more. Providing security architecture “Everyday devices are taking on increasingly significant roles in our personal and professional lives.” comments Kevin Gillick, Executive Director of GlobalPlatform. “With sensitive data being accessed and managed in these devices, there are a range of security considerations that must be addressed. We as an industry must collaborate to provide security architecture that supports the delivery of digital services in both industrial and consumer use cases. To that end, we look forward to welcoming delegates to share insights on the latest specifications and frameworks. Shenzhen has been carefully chosen as the location for the technical workshops.” continues Kevin. “Due to the high number of device manufacturers headquartered in the area, it was a clear choice to bring the workshops to the heart of China’s IoT device manufacturing industry.” The workshops are open to members and non-members and will be particularly useful for program / project managers, security experts, product suppliers, technical consultants and systems integrators. In addition, real-time translation services are available for attendees.
GlobalPlatform, the standard for secure digital services and devices, will bring its device security workshop to Washington DC on Thursday June 6, 2019. The day will demonstrate how GlobalPlatform specifications serve as a framework to build a secure connected world and are relevant to those involved in the development, deployment and use of trustworthy devices, with emphasis on their use in the government sector. Enterprise ID and IoT technologies Delegates joining the free workshop will gain an understanding of GlobalPlatform’s collaboration with key players within the ecosystem, including industry partners, government agencies and solution providers. In addition, delegates will learn about the nuanced cybersecurity requirements of key use cases such as IoT and enterprise ID. The expert speakers will explore how key GlobalPlatform technologies and frameworks – including Root of Trust, Device Trust Architecture and secure components – can be used to safeguard these increasingly connected ecosystems but also to drive awareness to device manufacturers starting their journey to the cyber world. We look forward to welcoming delegates involved with government device development and deployment" “As everyday devices take on increasingly significant roles in our personal and business lives, we as an industry must ensure they are up to the task,” comments Kevin Gillick, Executive Director of GlobalPlatform. “With sensitive personal, business and government data being accessed and managed on these devices, a security-by-design mindset is essential. And the technology is already available to make this a reality. We therefore look forward to welcoming delegates involved with government device development and deployment, or with interest in device security, to join us in Washington DC in June.” G+D Mobile Security The workshop – GlobalPlatform: A Framework to Build a Secure Connected World – will be hosted by G+D Mobile Security, the day after the Secure Technology Alliance’s ‘Securing Federal Identity’ conference. It is open to representatives of member and non-member organisations – including program / project managers, security experts, product suppliers, technical consultants and systems integrators – and seating is limited.
GlobalPlatform, the standard for secure digital services and devices, has published the world’s first open specifications to facilitate the standardisation of integrated secure elements. Chip, device and firmware developers now have a standardised way to load and manage firmware – combining the secure operating system (OS), applications and data – in a secure and isolated area of a device’s System on Chip (SoC). Existing Secure Elements (SEs) – such as SIMs, smart cards, smart microSDs and USB tokens – are stand-alone tamper-resistant hardware platforms, developed as different form factors for different use cases. They are capable of securely hosting multiple applications and their confidential and cryptographic data, addressing the requirements of different business implementations and market needs. The ability to integrate a tamper-resistant hardware platform in a SoC offers a new universal form factor to host and execute secure digital services, while supporting the high level of security and tamper-resistance achieved by today’s Secure Elements. Standardised mechanism to re-load data Integration of a tamper-resistant platform is a recent feature of SoC technology, which brings new opportunities and challenges"“Integration of a tamper-resistant platform is a recent feature of SoC technology, which brings new opportunities and challenges,” comments Gil Bernabeu, Technical Director at GlobalPlatform. “For example, with these new SoCs, data in the secure memory may not remain when the device is switched off, so a standardised mechanism is needed to securely re-load the sensitive data when the device restarts. In parallel, the tamper-resistant platform in a SoC must meet the required security levels and offer the same security services as today’s SEs to provide standardised services to service providers.” To overcome these challenges, GlobalPlatform has published two freely-available documents: Open Firmware Loader (OFL) – standardises how firmware can be loaded and managed in the tamper-resistant hardware platform. Virtual Primary Platform (VPP) – defines the security services running on the tamper-resistant platform, called a Virtual Primary Platform (VPP). The VPP creates a standardised ‘virtual’ version of the hardware platform that allows developers to build secure solutions and deploy them across variety of products. Offering high level of protection GlobalPlatform has decades of experience in standardising the functionality and security of OSs to offer interoperability and a high level of protection"“The market came to us because of our long history of SE and application management,” adds Kevin Gillick, Executive Director at GlobalPlatform. “GlobalPlatform has decades of experience in standardising the functionality and security of OSs to offer interoperability and a high level of protection. “To achieve a similar level of security for integrated secure elements as that offered by existing Secure Elements, we have relied on the expertise and contributions of our members and are now engaging with other industry bodies such as ETSI for deployment in the telecommunication industry as an evolution of SIM cards. “We believe that this technology will bring value to both manufacturers and service providers, creating new opportunities for device connectivity like 5G and NB-IoT, device design and secure service management.”
GlobalPlatform, the standard for secure digital services and devices, announces its Board of Directors for fiscal year 2019. Six Board seats were open and after a close election, the following individuals were re-elected to serve a further two-year term: Consecutive years Nils Gerhardt – Group VP and Head of Product and Project Management, Production IT and Professional Services for the Region Americas, Giesecke + Devrient Mobile Security. Marc Kekicheff – Vice President of Chip Innovation, Visa Inc. Eikazu Niwano – NTT Research Professor, Secure Platform Laboratories, NTT Corporation. Jeremy O’Donoghue – Principal Engineer / Manager, Qualcomm Inc. Christophe Colas – SVP Products, Trustonic. Mark Lipford – Director Global Standards & Ecosystem Development, Sprint. Nils Gerhardt has also been elected Chairman of the Board after serving as Vice Chairman for three consecutive years. Rob Coombs, Director of IoT Device IP at Arm, will serve as Vice Chairman and Stephanie El Rhomri, Vice President of Services at FIME, who joined the GlobalPlatform Board of Directors in 2015, will continue in her role as Secretary and Treasurer. Prevent attacks Quality, security and privacy need to be of the highest priority for all involved in the development, deployment and management of digital services and devices" Nils comments: “Quality, security and privacy need to be of the highest priority for all involved in the development, deployment and management of digital services and devices, especially in fast growing markets like IoT, connected cars, digital identities and industry 4.0. Standardised, foundational security is fundamental to prevent attacks on networks, devices, data and intellectual property (IP).” “But security should not restrict innovation and time to market, which is why we work at GlobalPlatform to create specifications, such as the Device Trust Architecture (DTA) framework, that support the development of open, collaborative and fast-moving ecosystems. I look forward to working with my fellow Board colleagues, all GlobalPlatform members as well as our industry and media partners to promote greater security, privacy, simplicity and convenience for the evolving markets and their consumers.” Security requirements Kevin Gillick, GlobalPlatform Executive Director, adds: “GlobalPlatform’s legacy of successful technical specification development has been made possible by strong leadership and cross-industry collaboration. As the industry evolves, the Board works to ensure that the technology specifications remain interoperable and ahead of the curve.” In 2019, GlobalPlatform will continue to work towards meeting the security requirements of the digital service and device ecosystem" “As discussed at our annual seminar, ‘Security in Our Connected World’, everyone is looking for the holy grail - a secure system that will do everything, is easy-to-use and, ideally, free. Although the industry has not reached that point yet, there is certainly commitment to getting there. In 2019, GlobalPlatform will continue to work towards meeting the security requirements of the digital service and device ecosystem, with a focus on the DTA framework.” Offering secure services DTA is a security framework which shows how GlobalPlatform’s standardised secure component technology can be used to build a Chain of Trust to protect devices and digital services. It does this by offering secure services, implemented within a secure component, which can be used at each level of a Chain of Trust: from the boot mechanism, to the device operating system and up to the application layer. It enables seamless interaction between stakeholders when deploying secure digital services, regardless of market or device type.
GlobalPlatform, the standard for secure digital services and devices, has reported a 25 percent increase in the number of Trusted Execution Environment (TEE)-enabled processors being shipped quarterly, year-on-year. At this rate, it is expected some 10 billion devices will feature TEE-enabled processors by the end of 2018. “The TEE is not a new concept, and standardisation of the technology has been driven by our organisation to support mass market deployment,” explains GlobalPlatform’s Technical Director, Gil Bernabeu. “The fragmentation caused by the deployment of proprietary TEEs makes life hard for app and service developers as they need to launch and maintain multiple versions of their apps and evaluate the security of each TEE platform. “This is resource intensive and unsustainable. Our specifications and certification program give device manufacturers a standardised way to embed security that meets the needs of service providers; app developers assurance that services will be protected from attacks; and end users confidence that their data is safe.” Balancing user experience with security The TEE isolates trusted applications, keeping them away from any malware in the device OS and separate from other apps stored in the TEEEnterprise IT environments, delivery of premium multimedia content, mobile payments, the internet of things, enterprise and government identification programs and more seek to balance user experience with security. The TEE isolates trusted applications, keeping them away from any malware in the device OS and separate from other apps stored in the TEE. Because of this, the TEE is an essential environment within all devices as the secure services market evolves. By 2025, the installed base of IoT devices will be over 75.4B devices. GlobalPlatform technology is implemented across a wide range of markets globally, including payments, telecoms, transportation, automotive, smart cities, smart home, utilities, healthcare, premium content, government, and enterprise ID. Protected devices include connected cars, set top boxes, smartphones, tablets, wearables, and other IoT devices. To enable device manufacturers to proactively market their products as meeting the needs of digital service providers, GlobalPlatform manages functional and security certification programs for TEEs. These objectively illustrate that a device manufacturer’s GlobalPlatform-based secure component and digital service management capabilities are interoperable and meet required security levels, providing reassurance that it will protect digital services and enable them to perform as intended in the field. Ensuring appropriate level of security Device manufacturers and service providers must work together to ensure suitable security is the foundation of end-user services"“Device manufacturers and service providers must work together to ensure suitable security is the foundation of end-user services,” adds Kevin Gillick, Executive Director of GlobalPlatform. “GlobalPlatform technology empowers stakeholders to interact seamlessly when deploying digital services, regardless of industry, sector or device type. This resulting collaboration makes mass marketing of digital services possible, while ensuring the appropriate level of security and supporting privacy requirements.” Last month, GlobalPlatform announced it had conservatively calculated that more than 5.5 billion Secure Elements (SEs) deployed in 2017 were based on its specifications, an increase of over 1.5 billion from the previous year. Additionally, over the last three years, in excess of 1 billion SEs were embedded within mobile devices, 100% of which were based on GlobalPlatform technology.
GlobalPlatform has qualified the test benches TS 102 694-2 (SWP) and ETSI TS 102 695-2 (HCI), which are now available for COMPRION’s card test tools Spectro 2 and Spectro TP. Network operators can demand GlobalPlatform certification from their card suppliers for quality reasons. Kevin Gillick, Executive Director of GlobalPlatform, comments: “We are delighted that COMPRION has received GlobalPlatform qualification for its SWP/HCI card tests. The GlobalPlatform Compliance Program evaluates the functional behavior of a product against the requirements outlined by GlobalPlatform Configurations and associated specifications. This promotes market interoperability and ensures that products perform as expected once live in the field. “ GlobalPlatform – an industry association of secure chip issuers, vendors, industry groups, public entities, and technology suppliers – develops and publishes specifications that promote the secure and interoperable deployment and management of multiple applications on secure chip technology. SWP and HCI are protocols used for Near Field Communication (NFC) as the interface between the SIM card as the Secure Element and the Contactless Frontend (CLF) chip.