GlobalPlatform said that it has advanced its composition model, which streamlines the security evaluation of near-field communication (NFC) contactless mobile applications, and that the enhancements would be of particular interest to mobile application and product issuers, such as mobile network operators (MNOs) and financial institutions.
The international organisation for standardising the management of applications on secure chip technology added that a composite product consists of an open platform (such as a secure element [SEs]), with one or more secure applications (known as sensitive applications), and optionally one or more basic applications (which does not need to comply with stringent security requirements to operate).
As SEs in mobile devices begin to host multiple applications, it is important that all applications perform as intended and do not interfere with the other services being delivered. Evaluating the security of applications pre and post issuance is therefore vital, but needs to be cost and time-effective for all market stakeholders.
GlobalPlatform adds that the composition model, first released in 2011, defines a relatively easy approach to certify the security of SE products that carry sensitive and/or basic applications and simplify post-issuance application management.
The model achieves this this by promoting two key concepts: re-using existing security evaluation results; and limiting security evaluation work to only test the impact of new application and SE combinations. The streamlined methodology enables the telecom and payment industries to more easily redeploy SEs and applications once they have been certified.
“Most of the applications we have on our mobile handsets today have low security,” said Gil Bernabeu, GlobalPlatform’s technical director. “As we start to add applications that connect to our bank accounts or identity, the need to protect an application is crucial. Security evaluation can be expensive and time consuming and while it is imperative that the industry adheres to the highest security standards, it is important that products can be brought to market quickly.
“GlobalPlatform’s work in this area aims to streamline the security testing process. This will encourage application developers to validate the security of their applications appropriately without stifling innovation and product advancements.”
Sibos 2017 Day Two highlights: Brexit and banking, and why ‘data is the new oil’ in financial services
How nation first politics can impact global financial organisations It’s clear that data and regulation are the two key topics that are ... read more
Day one of the global Money 20/20 conference focused on AI and machine learning, investor and fintech partnerships and the future of robotics.
On day one of SIBOS, panellists unanimously agreed that doing nothing to modernise payments was no longer safe bet for transaction banking.
On day one of Sibos 2017, Stefan Dab, The Boston Consulting Group led a conversation examining the future of correspondent banking, and specifically the pain points corporate treasurers face in their cross-border payments operations and where technology can be developed to alleviate these.