Technical standards body GlobalPlatform has published a framework which details how trusted applications hosted on a GlobalPlatform compliant Trusted Execution Environment (TEE) can be remotely and dynamically managed. The framework is applicable to any type of device including mobile and IoT devices and will be used by service providers, TEE implementers, device makers, trusted application providers and trusted application managers.
The GlobalPlatform TEE Management Framework (TMF) defines standard methods to manage the lifecycle of the TEE once it is active. In order to support the variety of usage of the TEE in today’s digital world, the document has been defined to support the management of TEEs and trusted applications in deployment models which include: one or many actors; connected or unconnected devices; and one-to-one or one-to-many devices, as well as with symmetric and asymmetric cryptography.
Gil Bernabeu, GlobalPlatform’s Technical Director, commented, “This framework is a key part of GlobalPlatform’s TEE Specification offering. This document integrates the lessons learned from trusted application deployment required to achieve a real-world insight into the use of GlobalPlatform TEE Specifications. It enables TEE users to install, update and personalize trusted applications on a TEE, providing clear and practical direction into the management requirements of trusted applications. This standardization brings significant value to those providing trusted services on connected devices.”
GlobalPlatform TEE Specifications were first released in 2013. The management functionality has been defined to complement the existing GlobalPlatform TEE Specifications, enabling the deployment of trusted applications that are using the various GlobalPlatform TEE API. As a next step, GlobalPlatform will define specific vertical TMF-related configurations to guide implementers and users of certain devices.
All documents are available to download from the GlobalPlatform website.