GlobalPlatform has released a new framework that gives consumers control over which secure applications can be used within part of the secure element (SE) of their trusted devices, without compromising security for the SE as a whole. The model “forms a blueprint for a move away from the issuer-centric model to putting the consumer in control”, the standards body says.
Consumer-Centric Model Configuration v1.0 will be “instrumental” in helping service providers of applications such as loyalty, couponing and temporary physical access, as well as wearables and device manufacturers, achieve “commercial and technical objectives”, GlobalPlatform adds.
The new model defines a new type of security domain: an end user security domain which opens up an isolated area of the SE for end user-controlled activity.
It allows issuers to give end users control over value-added services on their device through a PIN-protected interface module that allows them to download and maintain apps, in contrast to traditional approaches where only the issuer or authorised service provider can manage an application in the SE.
The new framework “encourages consumers to tailor the applications on their devices to suit their individual requirements, representing a significant change from service providers determining what consumers can have to consumers choosing the digital experiences they want,” says Gil Bernabeu, technical director at GlobalPlatform.
The new model focuses on a trusted token onto which applications are downloaded: a secure chip-based object, owned by the consumer, that adopts the role of a personal security container. Such hardware tokens will be supplied by trusted token providers, allowing a service provider to verify the security of a consumer’s token. These tokens can take the form of a device such as a USB stick or microSD card. Additionally, the configuration is flexible, allowing the token to also be embedded hardware.
GlobalPlatform adds that the consumer-centric approach can also work in collaboration with other application management models – like issuer-centric or dual-mode – that have already been defined by GlobalPlatform. A single SE can therefore host multiple trusted applications, each of which can be managed in a range of different ways.
“The configuration shows that it is possible to enhance the user experience and gives the end user control without undermining the security that is crucial to the functioning of the app-based ecosystem,” Bernabeu adds.
“GlobalPlatform is a neutral body that is keen to support different application management models and processes. We recognise that for some parties this approach aligns with its commercial and technical objectives and will be instrumental in achieving these goals.”
A total of 17.7bn secure elements based on GlobalPlatform specifications were deployed globally between 2010 and 2015, representing 41% of all SE shipments in that same period, the standards body revealed last year.