GlobalPlatform releases guidelines for Mobile/IoT trusted applications
Technical standards organization GlobalPlatform recently published a framework detailing the remote and dynamic management methods of trusted applications hosted on a GlobalPlatform-compliant Trusted Execution Environment (TEE), according to a report by Infosecurity Magazine.
The organization informs how the framework can be applied to mobile, IoT, or any device, and ultimately used by service providers, TEE implementers, device makers, trusted application providers and trusted application managers.
The GlobalPlatform TEE Management Framework (TMF) defines standard processes to manage the lifecycle of the TEE once it is active.
In an effort to support the different applications of the TEE in the current digital landscape, GlobalPlatform’s guidelines have been defined to support the management of TEEs and trusted applications in deployment models which include one or many actors; connected or unconnected devices; and one-to-one or one-to-many devices, as well as with symmetric and asymmetric cryptography.
“This framework is a key part of GlobalPlatform’s TEE Specification offering,” said Gil Bernabeu, GlobalPlatform’s technical director. “This document integrates the lessons learned from trusted application deployment required to achieve a real-world insight into the use of GlobalPlatform TEE Specifications. It enables TEE users to install, update and personalize trusted applications on a TEE, providing clear and practical direction into the management requirements of trusted applications. This standardization brings significant value to those providing trusted services on connected devices.”
The management functionality has been updated to complement the existing GlobalPlatform TEE Specifications — which were initially released in 2013 — enabling the deployment of trusted applications that use the various GlobalPlatform TEE API.
The organization is currently working towards defining specific vertical TMF-related configurations to help lead implementers and users of certain devices.