Home	About Gamma	Tour our Web Site	Events	White Papers	Services	Visitors' Book	How to contact us
				IMS	Internal Control	ISMS	Smart Cards	Common Criteria

GlobalPlatform Technology

Smart cards, we believe, are generally good things.  The idea behind GlobalPlatform means that we just need one piece of plastic to carry around with us.  Issued by our bank, or phone company perhaps, it will always give us access to our account with them.  The same card could also give us access to Visa, MasterCard, etc and loyalty  programmes with various retailers, gasoline outlets, hotels and airlines.  We could choose to have these other businesses on our card at the time of issue or, provided that our Card Issuer agrees, download them later.  So we just need one card. But what of security?  What if our card fell into the wrong hands? Could merchants do nasty things when they put the card into their machines (called a Card Acceptance Device or CAD for short)? What happens if I use it over the Internet or with my WAP enabled mobile phone? Could I catch a virus?  Could someone steal all my money? or discover where I have been spending it?

These are very interesting questions.  They are security related questions and demand an answer.  However, they are cardholder questions.  What questions do the Card Issuers have regarding their security risks?  What about the Application Providers?  Who loads the software onto the cards? Can they be trusted?  What about the Card Manufacturers? (and we must bear in mind that the chip manufactures and operating system providers are often different companies).  What indeed do organisations, such as Visa, think - whose brand names might be at stake?

Some of the answers to these questions present the Common Criteria (ISO 14508) as the answer, but these raise other questions.

What work has been done?

Pioneering work has been conducted in eight main areas:

• In Europe, with EuroSmart, which represents the smart card vendors' perspective - eager to embrace the Common Criteria and use it to as standard to express what can be achieved.

• In the US, with Visa and the Smart Card Security Users' Group (SCSUG) with the development of the SCSUG-Smart Card Protection Profile, which expresses the users' perspective on requirements.

• In the US, with Visa and GlobalPlatform with the development of the GlobalPlatform Card Specification

• In the US, with Visa and the development of the Visa Open Platform Protection Profile (OP3)

• In Taiwan, with the Industrial Technology Research Institute (ITRI) with the development of a comprehensive smart card architecture (also see our e-Smart 2002 paper)

• With GlobalPlatform with the development of the GP Card Security Requirements Specification, which is based on the ITRI/Gamma architecture.

• At the 2004 eSmart 2004 conference, GlobalPlatform reported that it had embarked on a programme of formally specifying the card specification, using our informal card security requirements specification as the starting point.

• At the same conference, Gamma presented in work in applying internal control system metrics in order to facilitate the correct choice of on-card and off-card measures.

Working for various clients, Gamma has been directly involved with the majority of these initiatives.

Other work of merit has been performed in Europe on a Protection Profile for the integrated circuitry (IC) - the Silicon Vendors' Security Group Protection Profile (which is on the EuroSmart site) and some early work on Java Card ^TM - which we will call  the JCSPP - sorry no reference as yet.

Where does this get us?

This is a very good question. There are two parts to this answer:

• The ITRI/Gamma architecture and the GP Card Security Requirements Specification pave the way to showing how a security target can written that is compliant with all the relevant smart card protection profiles. Moreover, it shows that the composition problem that everyone has found so elusive is really a decomposition problem.

• The GP Card Security Requirements Specification identifies the areas where off card measures are required, and current ISO SC27 WG3 work directed towards system evaluation will help organisations to meet those requirements.

Two areas to watch are therefore GP developments and the ISO SC27 WG3 work.  At the Fourth International Common Criteria Conference (ICCC4)  we ran a track dedicated to such issues.