You've been redirected from MobilePaymentsToday.com to PaymentsDive.com. In March 2021, Mobile Payments Today became a part of Payments Dive. For the latest payments news, sign up for the daily newsletter.

GlobalPlatform updates security protocol

'GlobalPlatform Secure Channel Protocol 11' addresses the increasing number of use cases, such as mobile banking, where applications utilize both the SE and TEE to protect a secure service.

Published

June 12, 2015

Trade association GlobalPlatform has published an upgrade to its Card Specification v2.2 to protect the data exchange between a secure element and a trusted execution environment on a mobile device, according to a press release. 

"GlobalPlatform Secure Channel Protocol 11" addresses the increasing number of use cases, such as mobile banking, where applications utilize both the SE and TEE to protect a secure service, according to the announcement. GlobalPlatform said the document is particularly relevant to secure application developers and issuers, and can be downloaded free of charge.

"This advancement focuses on making the best use of security that is already present on the device," said Karl Eglof Hartel, chair of the GlobalPlatform card committee and director for standards and innovation in the mobile security business unit at Giesecke & Devrient. "Data breaches are growing daily and as more secure services are deployed to mobile devices, hackers will follow. This update seeks to better combine the security characteristics of the SE and TEE, ensuring that the communication channel between them is secure."

GlobalPlatform said that in use cases such as biometric authentication, virtual private networks and mobile banking, the SE in the device is used to store the critical part of the application and its associated cryptographic keys. In parallel, the trusted application resides in the TEE to enable management of the end user and backend interaction prior to a transaction being authorized. Secure Channel Protocol 11 protects the data being transferred between these two secure components, according to the announcement.

"The combination of advanced cryptography and the secure components simplifies the delivery of secure services," Hartel said in a statement. "Data is secure while stored in the SE and TEE, and this channel further strengthens the protection of sensitive data when it is in transit. We have brought forward this update to answer a market need for more effective security and to support the long-term requirements of secure application developers and issuers."