As the line between mobile devices and computers becomes increasingly blurred, security architectures from two previously separate worlds are also converging. GlobalPlatform’s secure components – the Secure Element (SE) and Trusted Execution Environment (TEE) – are becoming de facto in mobile devices and the Trusted Computing Group’s (TCG) Trusted Platform Module (TPM) is widely deployed across the computing ecosystem.
GlobalPlatform’s technical director, Gil Bernabeu, is often asked whether the two technologies compete, if there is crossover and even if one will kill the other. Here, he explains why it is not a question of competition, but one of fruitful collaboration between GlobalPlatform and TCG and the two technologies.
Why are GlobalPlatform and TCG working together?
A. GlobalPlatform and TCG share a common philosophy. Every device must have a trust anchor at its core to build Chains of Trust and offer secure services. Based on this common approach, TCG and GlobalPlatform have standardised different secure services to support the deployment of use cases for different industries.
This shared viewpoint enables the organisations to come together to identify points of alignment and key areas of specialisation. For example, TCG develops a range of important services specific to the PC industry which are not a focus for GlobalPlatform.
What is the benefit of this collaboration?
A. I think I can use one example. The TEE’s ability to host and execute third party apps and services in its protected environment is key. Because of this, GlobalPlatform and TCG ensure that specific services defined by TCG can be loaded and managed inside a GlobalPlatform secure component, such as a TEE.
We have published different documents to explain how this can be achieved. This offers a solution to device makers seeking to encrypt the hard disc – a popular service in the Trusted Platform Module community – allowing them to load and anchor this encryption service within a TEE.
What might this convergence look like in the future?
A. Well, multiple markets are now connecting things and the demand for more security is growing. The market for both technologies looks bright and multiple routes for collaboration are in front of us.
For example, the IoT (Internet of Things) world needs connectivity via 3/4/5G. Because SE technology is embedded in SIMs (Subscriber Identity Modules) and eSIMs I expect the TPM use case to be delivered using a GlobalPlatform SE. Additionally, “always connected” PCs may want to authenticate to a network using a SE with a SIM function, perform a NFC transaction with a banking application or a strong authentication with FIDO. All using the same SE.
As a result, device manufacturers, alongside many other stakeholders, stand to benefit from the combined efforts of GlobalPlatform and TCG.
The author of this blog is Gil Bernabeu, technical director, GlobalPlatform