Business Seminar - Technical Overview & Roadmap August 21, 2002 – Toronto Marc Kekicheff GlobalPlatform Technical Director August 21, 2002 – Toronto Marc.

Slides:



Advertisements
Similar presentations
Microsoft Windows NT Embedded 4.0
Advertisements

“Creating e-Freight solutions for efficient and sustainable multimodal transport” Takis Katsoulakos INLECOM eFreight12 Delft -19th April 2012.
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
Multi-Application in Smart Card-based Devices Christophe Colas, Chief Software Architect August 2002.
OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.
UCAIug HAN SRS v2.0 Summary August 12, Scope of HAN SRS in the NIST conceptual model.
Deploying GMP Applications Scott Fry, Director of Professional Services.
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Client/Server Computing Ajay Kumar Shrivastava. Network Operating System (NOS) It manages the services of the server It exists at the session and presentation.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
©Centre for Development of Advanced Computing 1 State e-governance Service Delivery Gateway (SSDG)‏ A Messaging Middleware for.
Dongyan Wang GlobalPlatform Technical Program Manager
Microsoft Certification and IT Professional Tracks Anthony Khan Director of Federal Learning NetCom Learning.
ECHO: NASA’s E os C learing HO use Integrating Access to Data Services Michael Burnett Blueprint Technologies, 7799 Leesburg.
Federal Student Aid Technical Architecture Initiatives Sandy England
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
1 IBM SanFrancisco Product Evaluation Negotiated Option Presentation By Les Beckford May 2001.
IACT 901 Module 9 Establishing Technology Strategy - Scope & Purpose.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
© 2006, Cognizant Technology Solutions. All Rights Reserved. The information contained herein is subject to change without notice. Automation – How to.
Understanding Active Directory
JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.
Jason Morrill NCOAUG Training Day February, 2008
SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.
Secure Multi-Application Card Management The GlobalPlatform Approach Toronto Business Seminar August 2002 Steve Brown Head of Business Development BT Ignite,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
PRESENTATION OF ETSI © ETSI All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge Romero Director General, ETSI.
Database System Development Lifecycle © Pearson Education Limited 1995, 2005.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
THE GITB TESTING FRAMEWORK Jacques Durand, Fujitsu America | December 1, 2011 GITB |
- 1 - Roadmap to Re-aligning the Customer Master with Oracle's TCA Northern California OAUG March 7, 2005.
USM Regional PeopleSoft Conference
1 © Copyright 2009 EMC Corporation. All rights reserved. ISIS and PixTools Toolkits Quickly Enabling Document Capture Solutions EMC Corporation.
Developing Applications for SSO Justen Stepka Authentisoft, LLC
Firmware Storage : Technical Overview Copyright © Intel Corporation Intel Corporation Software and Services Group.
Computer Emergency Notification System (CENS)
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
Middleware for FIs Apeego House 4B, Tardeo Rd. Mumbai Tel: Fax:
Massachusetts Open Standards Policy Claudia Boldman Director of Policy and Architecture Information Technology Division, MA.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
1 Open Systems Defined. 2 Some Definitions Open device - a control device with local intelligence which leverages the use of a standard, common protocol.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1999 by Carnegie.
Work Group / Work Item Proposal Slide 1 © 2012 oneM2M Partners oneM2M-TP oneM2M_Work_Group_Work_Item_Proposal Group name: Technical Plenary Source:
1 Registry Services Overview J. Steven Hughes (Deputy Chair) Principal Computer Scientist NASA/JPL 17 December 2015.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.
The Open Group and Manageability: An Overview Presentation December 1999 Karl Schopmeyer Chair TOG Management Program Group
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
1 Victor Chan NBS Card Technology, MIST Inc. August 21, 2002 Personalization of Multi-Application Smart Card.
IBM Global Services © 2005 IBM Corporation SAP Legacy System Migration Workbench| March-2005 ALE (Application Link Enabling)
IPS Infrastructure Technological Overview of Work Done.
GP Confidential GlobalPlatform’s Modular Approach to its Compliance and certification.
Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED INTERSTAGE BPM ARCHITECTURE BPMS.
JAVA CARD Presented by: MAYA RAJ U C A S,PATHANAMTHITTA.
Business Applications– Using Java _____ Presented by Priya Saha.
© 2011 IBM Corporation ® Managing Decision services in WebSphere Message Broker using WebSphere ILOG JRules. Amar Shah Mallanagouda Patil December 2011.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Training for developers of X-Road interfaces
Overview of MDM Site Hub
EMV® 3-D Secure - High Level Overview
Advanced Integration and Deployment Techniques
Media365 Portal by Ctrl365 is Powered by Azure and Enables Easy and Seamless Dissemination of Video for Enhanced B2C and B2B Communication MICROSOFT AZURE.
Technical Capabilities
PLANNING A SECURE BASELINE INSTALLATION
Software interoperability in the NGN Service layer
Presentation transcript:

Business Seminar - Technical Overview & Roadmap August 21, 2002 – Toronto Marc Kekicheff GlobalPlatform Technical Director August 21, 2002 – Toronto Marc Kekicheff GlobalPlatform Technical Director

GlobalPlatform Device Committee Agenda GlobalPlatform Card Committee GlobalPlatform Security Architecture & Business Relationship Models GlobalPlatform Technical Road-Map GlobalPlatform Systems Committee

Device Committee Release of version 2.0 of GlobalPlatform Device Framework Specification MOU with STIP Consortium announced at Cartes 2001 Objective is to offer a complete solution with the GPDF framework STIP endorses GlobalPlatform application management definition Dynamic device application management will be integrated in next release of GPDF specification GlobalPlatform Device Framework Specification 2.0

Business Logic Layer Select SID Service CLC Services Card Directory Services CLC Module 1 CLC Module n … Utilities Communications Cryptography Printer Storage User Interface Card Slot Mag. Stripe PIN Procesing Environt. Services Layer Platform Layer Core Logic Layer API for Environment & Platform Independent Services API for Environment & Platform Dependent Services GP Device Framework Device Application

Card Committee GlobalPlatform Card Specification 2.1 GP Security Requirements Specification GP Compliance GP Compliance

Any Application, Any Time, Any Where Multiple Applications on a single card: è Market Segment of One Cross-industry and card schemes interoperability è Any type of Application Multiple Application Providers on a single card: è Multiple business partnerships è Any type of business models Dynamic pre-issuance or post-issuance load / removal of Applications: è Anytime, Anywhere Access è Freedom and choice for cardholders

Multi-Application Card Management Portability of Applications across chip-cards: è “Write Once, Run Anywhere” TM è Lower costs and faster time to market Issuer has ultimate liability and responsibility towards cardholder: è Minimum on-card Issuer Control Standardization of Smart Card Management Systems (application load, personalization, issuance, etc.) è Any type of Operating System/Platform è Lower costs and faster time to market Backward compatibility with existing terminals & back-end systems è Interoperability

Flexibility & Choice Standardized Back-Office Procedures Proprietary Card Vendor OS Proprietary Card Vendor OS WfSC OS WFSC OS OR n Choice of Operating System e-Com LoyaltyAuthent.Access Credite-Purse n Choice of Applications Integrated Circuit Chips n Choice of Chip Platform WfSC VM & API WFSC VM & API Java Card VM & API n Choice of Runtime Environment GlobalPlatform Card Manager GlobalPlatform API

Application Management Framework Portability across OS/Platforms –Standardized processes and commands for load, install, removal –Files and data structures are application dependent, independent of OS/Platforms Application lifecycle independent of card lifecycle –Load, install, removal at any time Application lifecycle independent of each other –Separate lifecycle status –Separate application files and data store –One Loader/Personalizer per application (or set of applications) è Manages the coexistence of multiple applications on the same card

Card Management Framework Generic process for pre and post-issuance with: –Different level of security requirements –Different delivery channels Allow Issuance and Personalization process –In Centralized Personalization Bureau –In walk-in situations (“instant issuance”) –Over open networks (at home over the Net, over the air, etc.) –By multiple entities and multiple Application Providers è Define a range of card and application management models: –From: Issuer Centric Model –To: Application Provider Empowered Model (“Delegated Management”) –Incl.: Controlling Authority Model

Secure Management Framework Augment the Platform Runtime Environment security features: –Secure communication to the card = Secure Channel Protocol –Can’t load/remove an application without proper authority –Authenticity and integrity of application code verified during loading Treat on-card applications as untrusted –Applications deploy their own security features è Establish clearly roles and responsibilities on-card and off-card: –Card Issuer –Application Providers –etc.

GlobalPlatform Security Architecture Roles and Responsibilities for: Card Issuer Application Provider Runtime Environment Card Manager Security Domain Applications Back-Office Systems  GP Security Requirements

Issuer Centric Model Card Manager manages secure applet load, install, deletion Card Manager = On-card representative of the primary Issuer

Delegated Management Model Application Provider Security Domain performs secure load, install, deletion of pre-approved applets

Controlling Authority Model Controlling Authority Security Domain verifies all loads of all applets

Business Relationship Models Allow a multiplicity of trust models: –Controlling Authority Model –Issuer Centric Model –Application Provider Empowered Model –Optional on-card “global” Cardholder Verification Method(s) Allow a multiplicity of privacy models: –Centralized back-office systems (SCMS, transactions, data capture, etc) –Distributed back-office systems (SCMS, transactions, data capture, etc) –Separation of applications by default (lifecycle, transactions, etc) –Limited secured on-card registry è Open to a multiplicity of business relationships –Card Issuer Application Providers –Card Issuer / Application Providers Cardholders

System Committee SCMS System v. 3.4 Document

Card & App. Management System Flow

Profile Specification Overview Application Developer Card Manufacturer SCMS Application Profiles  GP 2.1  Memory Space  Chip Req. VALID FROM GOOD THRU /00 CV R ELATIONSHIP C ARD VALID FROM GOOD THRU /00 CV R ELATIONSHIP C ARD VALID FROM GOOD THRU /00 CV R ELATIONSHIP C ARD VALID FROM GOOD THRU /00 CV R ELATIONSHIP C ARD Cards Applications Code Compatible ?? Card Profile  GP 2.1  Memory Space  Chip Req. Compatible Card Configuration GP 2.1 Memory Space Chip Req. GP 2.1 Memory Space Chip Req.

Scripting Specification Overview VALID FROM GOOD THRU /00 CV R ELATIONSHIP C ARD VALID FROM GOOD THRU /00 CV R ELATIONSHIP C ARD VALID FROM GOOD THRU /00 CV R ELATIONSHIP C ARD VALID FROM GOOD THRU /00 CV R ELATIONSHIP C ARD Cards Issuer KMS Application Providers Card Issuer SCMS Personalization Processing ?? App. Perso. Script Issuer Load Script Processing Issuer & App. Scripts Interpret & Execute Applications Code Applications Data App. KMS App. Database

Card Issuance and Post-Issuance Process

Typical Card Issuance and Post-Issuance Issuer Card Manager Master Keys Personalization Chip. Mfg. (Mask) EnablementProduction Card Manufacturer Application Loading Application Provider Post Issue load Orders cards, selects applications and has the option to partner with other Service / Application Providers Depending on volume and application stability, the Issuer has option to have applications masked into ROM. Card is enabled by loading appropriate Issuer keys. The Issuer can also opt for Delegated Management of certain applications. There is no license fee to add or delete applications from the Issuer’s Card Card is then personalized by service provider or by card manufacturer. Post issuance load can be done by the the Issuer using the Card Manager keys or can be delegated to an Application Provider using Security Domains. Integrity of the application that gets loaded is insured by the delegated management features of GlobalPlatform Specification

Agenda GlobalPlatform Technical Road-Map GlobalPlatform Device Committee GlobalPlatform Card Committee GlobalPlatform Security Architecture & Business Relationship Models GlobalPlatform Systems Committee

Activities Inventory Planning Unit (Business Committee)  Business Requirements Collation & Evaluation  Product & Version Management Process  Compliance Process Card Committee  ETSI + 3G SCP Cooperation  Sun MOU + Java Card Forum Cooperation  Eurosmart + SCSUG Cooperation  Business & Technical Card Requirements  GlobalPlatform Card Specification v2.1 maintenance  GlobalPlatform Card Security Requirements Specification  SCOPE Specification (ex-Open Kernel)  GlobalPlatform Card Specification v2.2/3.0  Card Compliance Program  Card Compliance Kit  v2.1 Q&A, Errata, FAQ  Export File for Java Cards  Application Developers Guidelines Device Committee  STIP Cooperation  Device Application Management Req.  GlobalPlatform Device Specification v2.0  Device Application Management Specification  Device Compliance Program Systems Committee  CAMS model  SCMS Requirements  KMS Requirements  GlobalPlatform System Profile Specification v1.0  GlobalPlatform System Scripting Specification v1.0  KMS Specification  SCMS Message Exchange (incl. Perso Bureau, Post- issuance Server)  Card Customization Guide  Systems Compliance Program Compliance SpecificationsRequirements

Activities Road-Map (1) ActivityCommitteeDateDescription Road Map Objectives Meet the needs of Issuers Define and promote cross- industry inter- operability Ensure adoption of the specs Promote open standards and infrastructure Remain relevant by improving technologies Business Requirements Collation & Evaluation Planning UnitOn-goingGather & screen business & functional requirements for future releases of GP specifications Product & Version Management Process Planning UnitOn-goingUpdate & maintain a product & version management process Compliance Process Planning UnitTBDDefine & maintain a compliance program and its procedures Cooperation with external organizations (ETSI, Sun, JCF, etc.) CardOn-goingPromote GP specifications and gather new technical & functional requirements

Activities Road-Map (2) ActivityCommitteeDateDescription Road Map Objectives Meet the needs of Issuers Define and promote cross- industry inter- operability Ensure adoption of the specs Promote open standards and infrastructure Remain relevant by improving technologies Card Spec. v2.1 maintenance v2.1 Q&A, Errata, FAQ CardOn-going Maintain v2.1 Card Specification & release any updates if needed Manage Q&A, release Errata & FAQ as needed Card Spec. v2.2/3.0 Card TBDEnhance v2.1 Card Specification w/ new Business & Technical Requirements Card Compliance Program & Compliance Kit CardApr-02Define a compliance program with the Card Specification (incl. procedures & tools) SCOPE Spec. Card Nov-02Define a basic OS functional framework supporting any secure runtime environment

Activities Road-Map (3) ActivityCommitteeDateDescription Road Map Objectives Meet the needs of Issuers Define and promote cross- industry inter- operability Ensure adoption of the specs Promote open standards and infrastructure Remain relevant by improving technologies Card Security Requirements Spec. CardOct-02Develop Security Requirements according to Common Criteria & facilitate security evaluation of GP cards Device Spec. v2.0 DeviceJul-02Update the OPTF v1.5 Specification to include STIP services & other requirements Device Application Management Requirements DeviceOct-02Define a structure for managing deployment of applications to various devices Device Compliance Program DeviceOct-03Define a program for testing compliance with the Device Specification

Activities Road-Map (4) ActivityCommitteeDateDescription Road Map Objectives Meet the needs of Issuers Define and promote cross- industry inter- operability Ensure adoption of the specs Promote open standards and infrastructure Remain relevant by improving technologies CAMS model SCMS Req. SystemsFeb-02Define functional requirements for SCMS (incl. minimum req.) Profile Spec. v1.0 Scripting Spec. v1.0 SystemsAug-02Enhance & restructure CCSB spec. to include standard technology (XML, javascript) & other requirement SCMS Message Exchange Spec. SystemsOct-02Define a messaging spec. applicable to back-office system interfaces (SCMS, Perso Bureau, Post- issuance Server, Legacy systems)

Activities Road-Map (5) ActivityCommitteeDateDescription Road Map Objectives Meet the needs of Issuers Define and promote cross- industry inter- operability Ensure adoption of the specs Promote open standards and infrastructure Remain relevant by improving technologies KMS Spec.SystemsOct-02Define functional & technical requirements and develop a specification for key management systems System Compliance Program & Compliance Kit SystemsOct-03Define a program for testing compliance with the System Specifications

THANK YOU THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.