As the use of mobile devices for all kinds of transactions grows on a daily basis, the need for reliable and secure identification of devices and users is growing too, and as a result more and more mobile ID applications are being deployed. The white paper, entitled ‘Mobile ID: Realization of Mobile Identity Solutions by GlobalPlatform Technologies’, discusses the importance of mobile ID applications as a means of enabling authentication capabilities on mobile devices, alongside the essential role that the secure element (SE) and trusted execution environment (TEE) play in mobile ID architectures. The derivation and deployment of mobile ID across various applications is examined and the paper explains how credentials can be managed and implemented in a SE or in a TEE using GlobalPlatform Specifications.
With security an overarching concern for mobile ID deployments, the paper explores the value of certification schemes when providing assurance in relation to the security requirements of particular markets. It outlines how standard mobile ID applications and protocols like FIDO (online authentication), GSMA Mobile Connect (telecommunication sectors), RADIUS VPN (enterprise sectors), TLS (web authentication), PIV (U.S. government specifications), and eIDAS (EU regulation with respective ISO/IEC, ETSI and CEN standards) can be implemented on a TEE or SE, in order to securely store credentials, protect applications, or secure the mobile device user interface.
The paper concludes with a comparison of different implementation scenarios for mobile ID solutions based on the rich execution environment (REE), SE and TEE. This offers an insight into which platform(s) are the most suitable to meet the needs of specific markets and applications.
“Mobile ID service providers have to make many decisions when shaping a successful deployment. One of the most important is which combination of execution environments will best fulfil the needs of the application in regards to viability, security, deployment, and usability,” says Kevin Gillick, Executive Director of GlobalPlatform.
“GlobalPlatform’s standardized secure components, the TEE and SE, enable mobile ID applications to be implemented in a secure way and are essential to fulfill specific privacy and security requirements. GlobalPlatform technologies can also be used in combination with a REE, controlled by a Rich OS. Depending on the application, the single use or combination of these three elements can address the varying requirements of mobile ID schemes.
“With ongoing growth in mobile ID deployments and use cases, GlobalPlatform provides an established infrastructure for service providers which assures interoperability, consistency and enables implementation of end-to-end solutions in a secure and certified way. Through this paper, we aim to educate relevant stakeholders that standards-based technologies, such as those specified by GlobalPlatform, provide a solid foundation for the realization of further growth in the global mobile ID market.”