In a move that will accelerate the deployment of certified Trusted Execution Environment (TEE) products and promote a globally interoperable mobile ecosystem, GlobalPlatform has announced that it is launching a TEE Security Evaluation Secretariat to manage its TEE Certification Scheme.
Under the scheme, providers of TEE products will be able to submit their products to the new GlobalPlatform secretariat for independent evaluation of their conformance to the organization’s TEE Protection Profile.
The TEE Protection Profile, which has been certified against Common Criteria under its Trusted Computing category, specifies the typical threats the hardware and software of the TEE needs to withstand. It also details the security objectives that are to be met in order to counter these threats and the security functional requirements that a TEE will have to comply with. A positive evaluation of conformance to this security framework, through GlobalPlatform’s Certification Scheme, will indicate that a TEE product meets an international security baseline. The scheme will enable service providers to confidently and effectively manage risk, by ensuring that there is a consistent level of security across connected devices.
The TEE Security Evaluation Secretariat will perform the following four functions:
• Maintenance of the GlobalPlatform Certification Scheme documents (including the TEE Protection Profile, the security evaluation methodology and legal framework).
• Accreditation of laboratories which meet certification scheme criteria.
• Management of requests for evaluation from TEE product vendors and reviews of accredited laboratory reports.
• Issuance of certificates for TEE products which meet the security evaluation criteria. GlobalPlatform will also maintain a public list of evaluated products on its website, enabling service providers to identify certified products “at a glance”.
Once initial laboratories have been accredited, a key priority for the TEE Security Evaluation Secretariat will be to evaluate products combining hardware and software, within three months of receiving the product. A fast time-to-market for TEE products has been identified as a strong requirement from the mobile community, to reflect rapid mobile handset development cycles.
Gil Bernabeu, GlobalPlatform’s Technical Director, comments: “The launch of the TEE Security Evaluation Secretariat is a natural next step for GlobalPlatform as it advances its TEE standardization activities. The security evaluation methodology at the heart of the TEE Certification Scheme was developed by GlobalPlatform’s membership; our unique technical community represents the entire mobile ecosystem, including service providers, chipset makers, OEMs, mobile network operators and security evaluation laboratories. As such it is a truly global and cross-industry exercise. This neutrality is essential to support the development of a TEE security evaluation process which addresses the connected device security requirements of all actors, across all sectors and all regions.
“Over the next twelve months, GlobalPlatform will begin accrediting laboratories which successfully meet the criteria of the certification scheme. Multiple laboratories from all major continents have already confirmed their intent to participate in this process. Once accredited laboratories are in place, we expect the first certificates to be issued in approximately twelve months from launch. The three month evaluation cycle will then continue, in line with market requirements for a rapid certification process.”