GlobalPlatform Simplifies Remote Secure Management of Trusted Execution Environments & Trusted Apps

September 4, 2018

New implementation guide streamlines comprehensive specifications to aid the management of TEE-enabled devices

GlobalPlatform, the standard for secure digital services and devices, has published two configurations to simplify and expedite the implementation of its Trusted Execution Environment Management Framework (TMF). The configurations offer guidance on the specific parts of the framework that need to be implemented to remotely manage Trusted Execution Environments (TEEs) and their trusted applications (TAs) on particular device types.

“The original TMF specification is extensive, covering a wide range of use cases and business models, from basic IoT devices to rich-featured devices like smartphones,” comments Gil Bernabeu, Technical Director of GlobalPlatform. “To help manufacturers of IoT devices – like automotive equipment, gateways, and industrial devices and appliances – we have developed two configurations to define a minimum subset of remote functions that allow a consistent level of management. This will dramatically reduce the time needed to implement TEE application management on those devices.”

The two configurations address the needs of different use cases:

  • Single purpose IoT devices that fulfil simple use cases like sensors for smart homes, buildings and cities. They are often controlled by a single entity, manage a single application and contain one security domain and therefore need fewer management commands.
  • Rich-featured IoT devices like gateways, automotive in-vehicle infotainment (IVI) systems and smartphones. They require a richer management framework, that enables numerous service providers’ applications to be isolated within their own security domains in the same TEE.

The configurations and framework will be used by service providers, application developers, device manufacturers and TEE implementers. They enable TEE users to securely install, update and personalize trusted applications on a TEE once it is active, providing clear and practical direction into the management requirements of trusted applications.

“The ongoing standardization of TEE management brings significant value and flexibility to those providing trusted services on connected devices. This work is bringing greater interoperability to the management of trusted applications across devices, streamlining deployments and bringing greater clarity and stability to on-device security. With the IoT world developing at pace, these configurations will be invaluable to the deployment of foundational security without impacting the pace of innovation,” adds Gil.

All documents are available to download from the GlobalPlatform website.

Join GlobalPlatform at our 6th annual seminar on September 19 in Beijing, China, where we will not only examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), but also delve into their associated business and technical use cases to explore more deeply the need for security in our connected world.

Become a member to get involved in the maintenance and advancement of the GlobalPlatform TEE Specifications. Interested in learning more? Book an in-house TEE training session.


Categorised in: