Blog

GlobalPlatform TEE Blog: Getting Serious About Mobile Security


By Stephanie El Rhomri, NFC & Payment Vendors Business Line Manager at FIME and Chair of the GlobalPlatform Device Compliance Program Work Group




Although mobile handsets today host multiple applications, many of these are non-sensitive; the personal or financial impact of any corruption to an individual would be minimal. As the mobile services marketplace starts to witness the deployment of an increasing amount of 'secure' applications - such as identity, mobile wallets or corporate applications that operate and are executed within the device - the consequences of a malicious party hacking an individual's smartphone to source personal or corporate data could be serious.


Simple OS updates of one component do not provide sufficient security to protect these applications. Instead, a clearly defined and universally agreed 'root of trust' is needed. A 'root of trust' is created when a set of functions are trusted by all parties engaged in the delivery of the mobile service to maintain the integrity of the service and privacy of the consumer's data. The TEE is fundamental within the root of trust, as we will see in many of the presentations delivered at GlobalPlatform's TEE conference.


But how do we 'know' we can trust TEE products? As they play such a vital security role, what can be done to achieve confidence and stability within this marketplace?


Setting standards
GlobalPlatform has been instrumental in standardizing TEE technology. Now it is turning its attention to ensuring the TEE ecosystem is stable. As a testing provider, we recognize that products must perform as advertised and the only way to promote confidence is conducting rigorous and industry approved tests.


Over the last few years, GlobalPlatform has worked to establish a functional compliance test program, which has seen a number of products receive the GlobalPlatform 'Qualified' mark. FIME is delighted to have played a part in this important program with its Global Device test tool, which streamlines the testing process and has approved a number of products on behalf of GlobalPlatform. To find out more and see the tool in action, visit our demonstration table during the conference.

What is really interesting, however, is the imminent launch of a testing environment to support the GlobalPlatform TEE Protection Profile (PP). This industry recognized document identifies the security needs of the TEE to support different market requirements. It achieves this by combining the standard security methodology outlined by Common Criteria, with the best practice specifications as defined by GlobalPlatform in relation to TEE architecture and interfaces.


National certification bodies worldwide have confirmed support of GlobalPlatform's TEE PP. To ensure there is a fully unified, international approach to TEE security testing, GlobalPlatform is working to implement its own certification scheme. This will create a testing environment that will bring clarity and confidence to the security testing of TEE products.


The combination of functional and security testing has the potential to truly support the TEE marketplace, and enable the technology to achieve its full market adoption to support the delivery of trusted applications.


Today's market needs
FIME is witnessing real momentum within the TEE marketplace globally. It services are being called upon to advise and test on TEE functionality and security. We expect this level of engagement to increase as cloud-based payments gain traction. The TEE, therefore, could address an immediate need in today's marketplace, if we promote and generate confidence in our standardized, secure and qualified GlobalPlatform products.


FIME is a trusted provider of consulting services, certification and tools, across the mobile telecom, payment, e-ID and transit sectors.

 

FEE TO ATTEND
Welcome coffee, lunch and the cocktail reception are included in the below fees.

GlobalPlatform Members

  • Members can send up to 3 employees to the event for free.
  • US$99 (700 CNY) for each additional member.

Non-members:

Registration fee is:

US$299
(2100 CNY)




TEE TRAINING REGISTRATION
A TEE instructor-led training session is available 13-14 September. The course, given in English language, is open to both GlobalPlatform members and non-members. It is designed to improve knowledge of the TEE specifications, efficient implementation, and effective use a TEE environment.  Learn more

 




Quick Links
Connect With Us
 

Become a member of GlobalPlatform. Influence the future direction of TEE Specifications, learn and discuss mobile security best practice solutions, enhance your global positioning within the TEE ecosystem. Join now.

Privacy / Use Policy | Copyright © 2017 GlobalPlatform. All Rights Reserved