Home › IoT News › Connected Devices › GlobalPlatform standardises a secure channel to optimise for mobile apps security
GlobalPlatform standardises a secure channel to optimise for mobile apps security
Optimising mobile device security
Redwood City, CA, USA. June 11, 2015 –GlobalPlatform has published an upgrade to its Card Specification v2.2 to protect the data exchange between a secure element (SE) and a trusted execution environment (TEE) on a mobile device.
“This advancement focuses on making the best use of security that is already present on the device,” comments Karl Eglof Hartel, chair of the GlobalPlatform Card Committee and Director for Standards and Innovation in the Mobile Security business unit at Giesecke & Devrient. “Data breaches are growing daily and as more secure services are deployed to mobile devices, hackers will follow. This update seeks to better combine the security characteristics of the SE and TEE, ensuring that the communication channel between them is secure.”
In use cases like biometric authentication, virtual private networks (VPN) or mobile banking, the SE in the device is used to store the critical part of the application and its associated cryptographic keys. In parallel, the trusted application resides in the TEE to enable management of the end user and backend interaction prior to a transaction being authorised. The Secure Channel Protocol 11 protects the data being transferred between these two secure components.
“The combination of advanced cryptography and the secure components simplifies the delivery of secure services,” adds Karl Eglof. “Data is secure while stored in the SE and TEE, and this channel further strengthens the protection of sensitive data when it is in transit. We have brought forward this update to answer a market need for more effective security and to support the long-term requirements of secure application developers and issuers.”
From a technical perspective, data passed between trusted applications stored in the TEE and SE is protected by the secure channel, which is established by GlobalPlatform’s TEE SE API. Elliptic curve cryptography (ECC) is used for the generation of the session keys for encryption and authentication. It also provides perfect forward secrecy (PFS) by using ephemeral keys, preventing the decryption of the data by attackers, should they also get hold of the long-term keys.
The adage “less is more” is the current state of digital transformation, starting with existing technology that has already proven successful – and then further adapting and streamlining. The “smart city” embraces this end goal by digitalizing community services where we live and work, such as traffic and transportation, water and power, and other crucial
Mission-critical use cases are driving private IoT connection growth in key industrial markets like manufacturing, logistics and transportation. Industrial IoT (IIoT) customers are eager to digitalise critical use cases with high-powered, dedicated networks, making these industries leaders in private 4G and 5G adoption. According to a new report from global technology intelligence firm ABI Research,
What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their
In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,
Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of
There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all
As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.
Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.
The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.
Join the IoTNow online community for FREE, to receive:
Exclusive offers for entry to all the IoT events that matter, round the world
Free access to a huge selection of the latest IoT analyst reports and industry whitepapers
The latest IoT news, as it breaks, to your inbox
Please check your emailYour email has been saved
Don’t show me this again
⨯
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.
