GlobalPlatform

From Wikipedia, the free encyclopedia

GlobalPlatform is a fully independent, non-for-profit, democratic standardization organization.

GlobalPlatform mission is to establish, maintain and drive adoption of standards to enable an open and interoperable infrastructure for smart cards, devices and systems that simplifies and accelerates development, deployment and management of applications across industries.

Execution of GlobalPlatform initiatives is carried out by three technical committees: the Card Committee, Device Committee and Systems Committee. Following the roadmaps crafted by the Board of Directors, these three groups formulate business requirements and define guidelines for different components of multiple industry implementation and deployment. Members of GlobalPlatform may submit work proposals for Committee consideration. Work proposals include new standards or specifications, amendments to existing standards or specifications, or requests for technical documentation. Full and Participating Members have the ability to review these proposals and provide input on their direction through participation in Committees.

The specifications are freely available at the GlobalPlatform web site

Contents 1 GlobalPlatform Specifications – what they define 1.1 Card specification 1.2 Device specification 1.3 Systems specification 2 Delivering an End-To-End Infrastructure

[edit] GlobalPlatform Specifications – what they define

Card issuers require four core pieces of technology:

• a card stock,
• a smart card management system,
• a host system
• and a terminal network.

The structures and operations of the interactivity and security of these components are defined under the GlobalPlatform specifications delivering a complete set of smart card specifications for an end-to-end smart card infrastructure.

[edit] Card specification

The GlobalPlatform Card Specification is a secure, dynamic card and application management specification that defines card components, command sets, transaction sequences and interfaces that are hardware-neutral, operating system neutral, vendor-neutral and application independent. It is applicable to any type of application and industry, allowing any combination of applications from any industry on a single card – from mono-application to multi-application. The GlobalPlatform Card Security Requirements Specification provides guidance for selecting card configurations most appropriate to the security policies set up by the Card Issuer and Application Providers. Card vendors are also provided with guidance to implement security functions in a consistent manner. This specification also provides guidelines to manage business risks, provide security policy alternatives to mitigate those risks, and links those policies to the corresponding card configurations to select.

[edit] Device specification

In order to provide a common basis to the programming of Card Acceptance Devices, GlobalPlatform endorses the STIP Specifications. (STIP provides an open framework for device programming, with different profiles for different industries. The profiles are organized around a common core framework technology and share most of their detailed API’s). The GlobalPlatform Device API provides an additional layer of abstraction on top of the STIP specification to program completely interoperable logical kernels of device applications helping to reduce cost and time to market.

[edit] Systems specification

There are a number of GlobalPlatform specifications relating to the systems infrastructure, developed to standardize back-end systems from personalization to security, key management and application loading. The GlobalPlatform Profile Specification standardizes the interface between the data preparation system and the personalization device utilizing a simple, cost effective, interoperable machine-independent mechanism. Similarly, the Systems Scripting Language Specification defines a standard scripting language by which stakeholders can produce interoperable personalization scripts for card or application personalization. Complementing this specification is the Key Management Systems Functional Requirements Specification. Simplified, this specification standardizes the description, or key profile, and procedures around key management, providing an opportunity to deliver centralized key management across separate systems. Communication between various components of the systems infrastructure is standardized via the GlobalPlatform Messaging Specification, which defines all the roles and responsibilities of the actors, or systems, for a multi application smart card infrastructure.

[edit] Delivering an End-To-End Infrastructure

Delivering an end-to-end solution, the GlobalPlatform Specifications comprise:

• Security – designed with an emphasis on secure infrastructure at the Card, Device and Systems levels
• Interoperability – focused on the interoperability of Cards, Devices and Systems to provide a greater range of product solutions for smart card programs
• Configuration – the open technology-based Systems standards that facilitate the creation and maintenance of smart card product portfolios
• Customization – Systems documentation defines technologies for off-the-shelf back-end systems necessary for the creation of personalized smart cards
• Issuance – Systems Specifications and guides allow for seamless issuance of smart cards into the marketplace which aim to improve the integration of back-end systems
• Acceptance – Device Specifications define the framework to enable the acceptance of smart cards through multiple devices
• Management – Once smart cards are issued, GlobalPlatform’s requirements and implementation guides for back-end systems provide essential knowledge for post-issuance management of smart cards, keys and devices.

---