GlobalPlatform
Information security consortium
From Wikipedia, the free encyclopedia
GlobalPlatform, Inc. (formerly Visa OpenPlatform) is a non profit industry consortium for technical standards focused on the interoperability, management and security of embedded hardware such as smart cards.[1] The GlobalPlatform specifications are the de facto standard for remote management of smart card applications.[2]
 | |
| Abbreviation | GP |
|---|---|
| Formation | 1999 |
| Founder | Visa Inc. |
| Type | Nonprofit, consortium |
| Legal status | Association |
| Purpose | Promotion of digital security technical standards |
| Location | |
Region served | Worldwide |
| Membership | 100 companies (2024) |
Official language | English |
Executive Director | Ana Lattibeaudiere |
| Website | globalplatform |
Formerly called | Visa OpenPlatform |
GlobalPlatform has more than 100 members, including Visa, Mastercard, Qualcomm, T-Mobile US, Apple, and Samsung.[3] Membership tiers include full member, observer and public entities with fees based on the level of involvement.[4]
History
.svg){kind=small}
Visa Inc. introduced the Visa OpenPlatform smart card specification in April 1998 to support the development of multi-application smart cards based on Java Card technology.[5] In 1999, Visa donated the specifications to the OpenPlatform Consortium in order to drive wider adoption. The OpenPlatform Consortium and the specifications themselves were renamed GlobalPlatform later that year.[1][6] Mastercard joined the association in 2001, who intended to include MULTOS.[7] American Express joined in 2009.[8] In 2025, the governance of PSA Certified was handed over to GlobalPlatform.[9][better source needed]
Specifications
The specifications cover security, interoperability, and multi-application functionality. Key components include lifecycle management for secure application handling, a Card Manager for central control, and security domains for application isolation. The specifications also define secure channel protocols for data communication and offers an API.[4]
In recent years, GlobalPlatform has expanded its scope beyond physical smart cards to include other technologies or form factors that require a secure element. These include embedded SIMs (eSIMs), Trusted Execution Environments (TEEs) that provide a secure area independent of the device operating system, and IoT devices.[3]
The GlobalPlatform specifications and security frameworks are incorporated into other industry standards. For example, they form part of the ETSI/3GPP standards that define how SIM cards are used to authenticate users on mobile networks.[10][11] GlobalPlatform is also used within the EMV standard to secure card, contactless, and smartphone-based payments.[12]
See also
Further reading
- Béguelin, Santiago Zanella (2006). "Formalisation and Verification of the GlobalPlatform Card Specification Using the B Method". In Barthe, Gilles; Grégoire, Benjamin; Huisman, Marieke; Lanet, Jean-Louis (eds.). Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. Lecture Notes in Computer Science. Vol. 3956. Berlin, Heidelberg: Springer. pp. 155–173. doi:10.1007/11741060_9. ISBN 978-3-540-33691-4.
- Bernabeu, Gil (2007-11-01). "GlobalPlatform – the future of mobile payments". Card Technology Today. 19 (11): 9. doi:10.1016/S0965-2590(07)70154-8. ISSN 0965-2590.
- De Almeida Braga, Daniel; Fouque, Pierre-Alain; Sabt, Mohamed (2020-06-19). "The Long and Winding Path to Secure Implementation of GlobalPlatform SCP10". IACR Transactions on Cryptographic Hardware and Embedded Systems: 196–218. doi:10.46586/tches.v2020.i3.196-218. ISSN 2569-2925.
- Avoine, Gildas; Ferreira, Loïc (2018-05-08). "Attacking GlobalPlatform SCP02-compliant Smart Cards Using a Padding Oracle Attack". IACR Transactions on Cryptographic Hardware and Embedded Systems: 149–170. doi:10.46586/tches.v2018.i2.149-170. ISSN 2569-2925.