GlobalPlatform, the standard for secure digital services and devices, has published two configurations to simplify and expedite the implementation of its Trusted Execution Environment Management Framework (TMF). The configurations offer guidance on the specific parts of the framework that need to be implemented to remotely manage Trusted Execution Environments (TEEs) and their trusted applications (TAs) on particular device types.
“The original TMF specification is extensive, covering a wide range of use cases and business models, from basic IoT devices to rich-featured devices like smartphones,” comments Gil Bernabeu, Technical Director of GlobalPlatform. “To help manufacturers of IoT devices - like automotive equipment, gateways, and industrial devices and appliances - we have developed two configurations to define a minimum subset of remote functions that allow a consistent level of management. This will dramatically reduce the time needed to implement TEE application management on those devices.”
Single purpose and rich-featured IoT devices
The configurations and framework will be used by service providers, application developers, device manufacturers and TEE implementers
The two configurations address the needs of different use cases:
- Single purpose IoT devices that fulfil simple use cases like sensors for smart homes, buildings and cities. They are often controlled by a single entity, manage a single application and contain one security domain and therefore need fewer management commands.
- Rich-featured IoT devices like gateways, automotive in-vehicle infotainment (IVI) systems and smartphones. They require a richer management framework, that enables numerous service providers’ applications to be isolated within their own security domains in the same TEE.
The configurations and framework will be used by service providers, application developers, device manufacturers and TEE implementers. They enable TEE users to securely install, update and personalise trusted applications on a TEE once it is active, providing clear and practical direction into the management requirements of trusted applications.
Better clarity and stability to on-device security
The ongoing standardisation of TEE management brings significant value and flexibility to those providing trusted services on connected devices"
“The ongoing standardisation of TEE management brings significant value and flexibility to those providing trusted services on connected devices. This work is bringing greater interoperability to the management of trusted applications across devices, streamlining deployments and bringing greater clarity and stability to on-device security. With the IoT world developing at pace, these configurations will be invaluable to the deployment of foundational security without impacting the pace of innovation,” adds Gil.
GlobalPlatform will examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), and also delve into their associated business and technical use cases to explore more deeply the need for security in the connected world at their 6th annual seminar on September 19 in Beijing, China.