globalplatform-1

GlobalPlatform Enables the Web to Access Advanced Security Services

January 13, 2017         By: Mike Dautner

GlobalPlatform has defined a standardized communications interface between web applications and SEs, which will enable developers of web services to build in advanced security features to protect online services against many types of attack and fraud.

By allowing web services to utilize a dedicated tamper resistant piece of hardware within a device, known as a SE, the newly released Web API for Accessing Secure Elements v1.0 enables sensitive data from online applications to be securely stored and processed in a secure, isolated environment.

By extending the benefits of GlobalPlatform’s secure, standardized infrastructure to web services for the first time, Web API for Accessing Secure Elements v1.0 presents web app developers with advanced security options which may help them to overcome multiple security challenges presented by the increasing connectivity of mobile devices.

The new API enables web-based applications to access SEs of any form factor, including UICC or eUICC, embedded SEs and smart micro SD cards.

Gil Bernabeu, GlobalPlatform’s Technical Director, comments: “The release of this API extends the highest levels of security available currently to web services, empowering online service providers to take advantage of new use cases to protect their assets and customers in a way that has not previously been possible.

“This is particularly relevant in light of the many security challenges that we face globally as the Internet of Things (IoT) leads to an unprecedented volume of connected devices and greatly increases the attack surface at risk. With this new API, used in conjunction with other complementary GlobalPlatform technology for SE Access Control, secure messaging and Trusted Execution Environment (TEE) standardization, online service providers can now benefit from far greater security and privacy than ever before.”

“We are pleased that the release of this web API has come so quickly following the transferral of ownership of the OMAPI Specification to GlobalPlatform. Our goal is very much to expand the existing OMAPI Specification to serve new use cases and environments and a web API is the logical next step towards ensuring that secure and trusted applications across many platforms, in addition to Android, can utilize the SE to offer enhanced security benefits,” concluded Gil.