Global Platform A Standard serving Government ID market

4/27/2006 1Smartcard ID Summit - March 2006

GlobalPlatform Global PlatformA Standard serving Government ID market

Thierry Deffontaines – Gemplus

Smartcard ID Summit - March 2006 2

Agenda

What is GlobalPlatform?Organization overviewAn introduction to GlobalPlatform standardsOverview of GlobalPlatform implementation in ID

Global Platform a system infrastructure

GlobalPlatform and standardsUpdate on the GlobalPlatform work with ISO and ETSI, in developing suitable working standards

Card Specification highlights

Effective Collaboration results : the GlobalPlatform Card Specification 2.2

Overview of new features

New opportunities for the standardization of ID cards


Introduction to the Organization


An organization that:

Creates

Foundation for future growth

Defines

Requirements and technology

standardsfor smart cards,

devices and systems

Promotes

Smart card usage and adoption

What is GlobalPlatform ?


Mission Statement

“Establish, maintain and drive adoption of standards to enable an open and interoperable infrastructure for smart cards, devices and systems that simplifies and

accelerates development, deployment and management of applications across industries “


Membership Driven Organization

Matsushita Electric Industrial Co LtdDAI NIPPON PRINTING CO.,LTD

Approximately 50 Members Worldwide….


Practical Applications of Technology

Vision and standards are in practiceFinancial, Mobile Telecom, Government, Security/ID/Authentication, Healthcare

Over 75 million cards deployed worldwideAdditional 650+ million GSM cards globally use GlobalPlatform technology for over-the-air (OTA) application download

20,00

0,000

40,00

0,000

60,00

0,000

20022002200320032004200420052005

2006+2006+

80,00

0,000

100,0

00,00

0

120,0

00,00

0

20 million20 million55 million55 million

65 million65 million75 million75 million

160 million160 million

140,0

00,00

0

160,0

00,00

0


ID implementation


Implementations

US Department of Defence – (Government)Common Access Card – ID card for active military, selected reserves, DoD civilians, and contractors.Contains physical and logical access controlsUtilizes biometric technology and PINOver 10 million cards issued

Macau SAR Project – (Government, ID)Multifunctional identification card solution enabling e-governmentDistribution to Macau’s 460,000 citizensSolution providers include Bell ID, G&D, and NEC

Sultanate of Oman National ID Card – (Government, ID)National ID program for Oman’s 2.7 Million citizens1st smart card deployed in Middle EastUtilizes GlobalPlatform Card and Systems technologySolution providers include Gemplus, Datacard Group,and Sagem


Implementations Cont….

Singapore e-passport (Government ID program)Highly secure passport: facial & fingerprint biometry, data page with electronic inlay laminated insideActual deployment of electronic passports (# 250ku passports peryear)Utilizes GlobalPlatform Card & Systems technology3 leading companies : SNP, NEC and Gemplus

Moscow Social Card – (Government, Transit, ID)Dual interface (contact/contactless) chipIncludes transit application, social benefits and discounts, medical benefits, government ID dataVisa Electron payment application, benefits and transit applications for qualified individuals through Bank of Moscow


GlobalPlatform Technology

Overview


Compliance Program

End-To-End Infrastructure

GlobalPlatform delivers the complete set of specifications for an end to end smart card infrastructure

Standardized and secure card and application management

Card Specifications

Standardized back-end systems: smart card

management environmentMessaging,

key managementIssuance, post issuance

Systems Specifications

Device SpecificationsEnable the acceptance of cards and services

through multiple devices

CARDS

DEVICES

SYSTEMS


Device Specifications


GlobalPlatform Device Overview


GlobalPlatform Device Mission

Enable a multi-application environment on devices

Enable coordinated development of card and device portions of smart card based applications

Enable development of portable device applications based on standard architecture:

STIP Common Core and APIsSTIP ProfilesGlobalPlatform Abstraction APIs


GlobalPlatform Device Framework Architecture


Global Platform Device Specification use cases

Multi Agencies Government CaseMake possible sharing of terminals applicationsProvide Agency-A to Agency-B mutually agreed interoperability beyond the scope of global interoperability standard.

Cross boarder interoperabilityFramework to exchange devices application between countriesEases Cross boarder ID cards recognition.


System Infrastructure

Specifications


Global Platform System Infrastructure

Four technologiesMessagingProfile and Scripting

CPS: Common Perso Specification, Standard Interoperable Personalization

Key Management System (KMS)Smart Card Management System concept (SCMS)

One compliance program


System Infrastructure: Messaging

GlobalPlatform Messaging specification definesThe Roles that will existThe Responsibilities of the RoleA language in common (.xml)

ApplicationOwner

AO

ApplicationDeveloper

AD

Card Enabler

CE

IC Manufacturer

IM

ApplicationProvider

AP

Card IssuerIC

CardManufacturer

CM

PlatformDeveloper

PD

Collator/Decollator

CD

LoaderLO

Card HolderCH

PlatformSpecification

Owner PS


For the Roles of CardIssuer and Application

Provider, GlobalPlatform Messaging Specification

will tell me what my responsibilities are Application

OwnerAO

ApplicationDeveloper

AD

Card Enabler

CE

IC Manufacturer

IM

ApplicationProvider

AP

Card IssuerIC

CardManufacturer

CM

PlatformDeveloper

PD

Collator/Decollator

CD

LoaderLO

Card HolderCH

PlatformSpecification

Owner PS

System Infrastructure Messaging:Roles and Responsibilities

Framework that helps to define deployment of new applications


System Infrastructure: Profiles & Scripting

GP System supporting

GP Profile and GP scripting

Card Profiles are generated by the smart card manufacturer

Key Profiles are generated by the application developer and/or under the control of the issuer

Application Profiles are generated by the application developer

Issuers data stream(Card per card data)

Standardized processPerso environment

interoperability


Compliance Program

End-To-End Infrastructure

GlobalPlatform delivers the complete set of specifications for an end to end smart card infrastructure

Standardized and secure card and application management

Card Specifications

Standardized back-end systems: smart card

management environmentMessaging,

key managementIssuance, post issuance

Systems Specifications

Device SpecificationsEnable the acceptance of cards and services

through multiple devices

CARDS

DEVICES

SYSTEMS


Links with other

standardization bodies


AICFAPSCAETSI EurosmartFINREADGlobal Collaboration ForumINCITSJCFNICSSNISTOMTPSCA

Collaborative Partners


ISO 7816-13

Application to ISO for official ‘Liaison Member’Liaison Member to SC17/WG4Approved by ISO (March ’05)

7816-13 - New smart card standardScope: commands for application management in multi-application environment

3 commands : Application management request, Load, DeleteA subset of GP Card Spec v2.1.1 proposed via as “Fast track”

Second draft (CD): Approved January 20

Pre-standard (FDIS) if approved at WG4 March meeting


Global Collaboration Forum

Today three regional frameworks exist:European

CWA 15264 eAuthentication and CEN 224_15 ECCJapanese

NICSS-Framework V1.0- Next e-Japan Strategies have been approved by Strategic

Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society in Prime Minister's Office on 18 january,2006.

North AmericanGSC-Framework V2.1 and PIV/FIPS 201

Global Collaboration Forum is working on creating a convergence road map

Technical advisors: Global Platform & EuroSmart


ETSI

ETSI's Smart Card Platform (SCP) Committee and GlobalPlatform collaborated and aligned their specifications

ETSI's UMTS Integrated Circuit Card (UICC) Specifications (TS 102 225 & 226) GlobalPlatform Card (2.1.1) Specification

New Work Item for ETSI Release 7USSM : UICC Security Service ModuleLike a Key Management System in a cardSpecification in ETSI on going based on GlobalPlatform 2.2 Card Specification

Link with

Telecom

industry


Card Specifications


Focus on

Overview of smart card architecture

Security Domains

GP card 2.2 overview


Card Architecture


Card Manager Responsibilities

Managing application loading, installing and deleting

Application life cycle management

Independent of the card life cycle

Security Services

Issuer Security Domain

Represent Authority of the

card Issuer


Security Domain

Provide a secure in-card support for different business relationship between Issuer and Application provider

4 business models are available todayIssuer Centric ModelDAP Verification ModelApplication Empowerment ModelControlling Authority Model

Apply to issuance and post issuance


Controlling Authority Model


Controlling Authority Model


Multiple Security Domains: use cases & combinations

“RSA mandated DAP” verification (available since GP 2.1)usable for certification control scheme

Security domain crypto services to appletA basic SD attached to the applet provides GP standard Secure Channel to the application: Perso., post Issuance, …Allows application personalization compatible with GP system framework.

Multiple Security Domains can be combined:Represent the respective different roles or authorities.Multiple mandated DAP Security Domains possible:

Applet integrity checking, registration checking, Certification authority control

Can be combined with Security Domains associated to applets for personalization.


Security DomainsThe key to understanding security domains,

is understanding the concept of…

TRUST VS. CONTROL

ControllingAuthority

IssuerCentric

DAPVerification

ApplicationProvider Empowerment


Latest Card Specifications

GP 2.2 now published


Collaboration on Card Specification 2.2

Mobile Telecom StandardsETSI: GSM 03.48, TS 23.048ETSI & 3G Smart Card Platform (SCP): TS 102.225, 102.226Objective : Convergence on Over The Air technologies update

NICSS CollaborationConvergence with GP Card SpecificationObjective: dual compliance for cards

Common Press Release in November 2005

eEurope and CENContribution of CEN eSign (area K) CWA 14890Integration of CEN TC 224 requirementConvergence with GP Card Specification

Department of Defense CollaborationSupport of some requirements of the CAC project


Card Specification 2.2 overview

Re-engineering of GlobalPlatform Card FrameworkArchitectural extensions with Privileges and Security Domainhierarchies to support additional business modelsNew Global Services i.e. on-card client-server supportEnhancement for contactless interfaces Improved logical channel support

Over-The-Air card content management

Support for the Multos™ run-time environment

Secure Channel protocol based on Public Key Infrastructure

Backward compatibility


Card 2.2 overview: PK SCP

PK card managementIntegrability in a certificate based system

Secret key management and card management “on-line” with Card Issuer is no more necessary

Will permit fully controlled card management operations under initiative of the card holder.

Already planed for Japanese ID deployment.

PK secure channel protocol principleInitialization of secure channel protocol with PK certificatesSecure messaging with DES session keys2 models for DES session keys: real-time / pushUnique card interface: standardized APDUs

Certificate contents & formatMinimum contents requirements

PK services on-card API for applications


Focus on e IDNew opportunities for the standardization of ID cards


Road to Success

Governments are eager to secure a unified infrastructure for an interoperable ID program

encouraging public acceptance and usage of eID programs

By offering additional services outside the conventional ID application, governments intend to demonstrate the advantages a smart card program offers

e-government applicationsnon-government applications, such as transit cards and ATMcash withdrawal

In order to leverage investment in such schemes, multi-application programs require a platform that is flexible and offers post-issuance capabilities


GlobalPlatform Value Proposal in ID

GlobalPlatform infrastructure proposes a set of ready-to-use solutions for managing an ID application

On-Card Application management See previous slides

Systems specifications provide accurate tools for Issuance, post issuance, Key management

The Common Perso Approach can provide a standard personalization extension to the Logical Data Structure conceptThe Messaging Specification can provide a standard data exchange with the new actor or systems in the issuance (and post issuance) flow

Device managementDevice application management framework for cross border or cross domain (Government and private) application deployment

Based on this multi-application infrastructureOnly the business part or the application/scheme has to be standardized by ad hoc committee


Benefits of GlobalPlatform Standards

Greatly simplified smart card management environment

Need for specialized knowledge and training reducedMigration to post-issuance personalization greatly simplifiedSame technology for E-Passport and E-Government program

Lower costs to implement single and multi-application smart card programs

Achieved through standardizationEconomies of scale

Standards promote accelerated growth of applications

“Time to market” is reducedCardholder value proposition increases


Visit our website @ www.globalplatform.org

Find information about becoming a member of GlobalPlatform

Download GlobalPlatform Specifications ‘royalty free’

Global Platform Day

At CardTech 2006

May 2d , 2006 , FT03

San Francisco, CA

Documents

Global Platform A Standard serving Government ID market