Industry bodydetails how to establish a Root of Trust using secure components to ensuresecure mobile service delivery
November, 16 2016 – GlobalPlatformhas published Root of Trust Definitions and Requirementsto enable original equipment manufacturers (OEMs) and service providers(SPs) to create, implement and use a Root of Trust to protect their devices andservices.
The document provides a detailed technicalframework, explaining how GlobalPlatform technology implements two key conceptsthat are integral to securing the delivery of digital services, regardless ofsector:
Rootof Trust (RoT) – A computing engine and its code, data and keys that is assmall as possible and offers secure services to other code (like the operatingsystem and applications) hosted in a device. GlobalPlatform Trusted ExecutionEnvironments and Secure Elements already fulfill this function in billions ofconnected devices like smartphones, set-top-boxes and internet of things (IoT)devices.
Chainof Trust – The ability to bind a service to one or more RoTs to offervalue added services.
Representatives from the IoT and connectedcomputing industries have worked with GlobalPlatform to develop the technicaldocument as the number and sensitivity of services available through connecteddevices is growing rapidly.
“Until now, GlobalPlatform securecomponents have not been presented as meeting RoT requirements, but thefunctionality has always been present,” comments Gil Bernabeu, TechnicalDirector of GlobalPlatform. “This means that device makers and SPs have beenunable to use GlobalPlatform SEs or TEEs as a security baseline for RoTservices. For the first time, this document outlines how to use GlobalPlatformtechnology to create RoTs that answer the latest needs of increasingly complexmarkets and address the presence of numerous stakeholders and devices.
“RoT is an important securityconcept, but the real value for SPs and OEMs lies in the establishment ofChains of Trust to securely connect services with secure components and/or thedevice RoT. As billions of devices are being connected to one another thesecurity services offered by secure components are essential to facilitate theprotection of information and devices from malicious attacks, and brands fromirreparable damage in the wake of hacking.”
Several extensions to thefunctionality of RoTs are included in the requirements document. Firstly,GlobalPlatform supports the process to securely transfer the ownership of asecure component in a multi-stakeholder environment. This is required when aSecure Element manufacturer passes administration ownership of the component toa device manufacturer or car manufacturer, for example. Additionally, with morethan one secure component now present in many devices, the combination ofmultiple ROTs has also been defined.
The document – Root of TrustDefinitions and Requirements – is available to download now.
Interested to follow or get involved withGlobalPlatform’s RoT and Chain of Trust activity? Check out the website.