GlobalPlatform releases its new consumer-centric model configuration

Industry association GlobalPlatform has released its Consumer-Centric Model Configuration. This framework enables consumers to have ultimate control over which secure applications they want to use from the Secure Elements (SE) housed within their trusted devices.

This configuration is expected to be of particular interest to service providers of applications such as loyalty, couponing and temporary physical access, as well as wearables and device manufacturers.

The GlobalPlatform Consumer Centric Model Configuration v1.0 defines a new type of security domain: the end user security domain and opens up this isolated area of the SE for end user controlled activity. It achieves this without compromising security for the SE as a whole.

This enables issuers to give end users control over value added services on their device through a PIN-protected interface module that allows them to download and maintain apps. This new model is in contrast to traditional approaches where only the issuer or authorised service provider can manage an application in the SE.

“This configuration forms a blueprint for a move away from the issuer centric model to putting the consumer in control,” said Gil Bernabeu, technical director at GlobalPlatform. “It encourages consumers to tailor the applications on their devices to suit their individual requirements, representing a significant change from service providers determining what consumers can have to consumers choosing the digital experiences they want.”

Gil Bernabeu, technical director at GlobalPlatform

The model focuses on a trusted token onto which applications are downloaded; a secure chip-based object, owned by the consumer, that adopts the role of a personal security container.

Such hardware tokens will be supplied by trusted token providers – entities that can provide security assurances, allowing a service provider to verify the security of a consumer’s token. These tokens can take the form of a device such as a USB stick or micro SD card. Additionally, the configuration is flexible, allowing the token to also be embedded hardware.

The consumer centric approach can also work in collaboration with other application management models – like issuer centric or dual mode – that have already been defined by GlobalPlatform. A single SE can therefore host multiple trusted applications, each of which can be managed in a range of different ways.

“Security is at the heart of everything that GlobalPlatform does. The configuration shows that it is possible to enhance the user experience and gives the end user control without undermining the security that is crucial to the functioning of the app-based ecosystem,” Bernabeu added.

“GlobalPlatform is a neutral body that is keen to support different application management models and processes. We recognise that for some parties this approach aligns with its commercial and technical objectives and will be instrumental in achieving these goals.”

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

Recent Articles

Spike in use of cloud-based security to protect corporate data

Posted on: July 1, 2020

A new survey of UK security practitioners by Exabeam shows a marked increase in the adoption of cloud-based security tools compared to an earlier study carried out in March prior to the COVID-19 lockdown. The latest data shows 88% of recent respondents said the accelerated move to the cloud was driven by the need to

Read more

Telcos must be cautiously aggressive to ‘Roar out of Recession’

Posted on: June 30, 2020

As we approach four months since essentially the entire world went on lockdown, telcos have gone through a very mixed experience.

Read more