Industry Bodies Collaborate to Expand Secure Element Access for Secure Mobile Services
03 November, 2016 – SIMalliance has announced that it is transferring ownership of its established Open Mobile API (OMAPI) Specification to GlobalPlatform. The OMAPI Specification defines how mobile applications may access different secure elements (SEs), including the UICC and embedded secure elements (eSEs) in a mobile device and is currently referenced by GSMA, mandated by EMVCo in devices used for contactless payments, and implemented in over 250 models of Android NFC smartphone. This most recent move by SIMalliance will ensure that the technical specification continues to evolve in line with the wider secure chip ecosystem, which is fully represented by the GlobalPlatform membership.
Hervé Pierre, Chairman of SIMalliance, comments: “Since SIMalliance launched the OMAPI Specification in 2011, it has been globally implemented and now plays an extremely important role in enabling mobile services to access SEs across Android devices. As the secure mobile ecosystem continues to evolve and expand, the OMAPI Specification has the potential to play an ever greater role in defining how secure and trusted applications across many platforms, in addition to Android, can utilise the SE to offer enhanced security benefits.
“After very careful consideration, the SIMalliance Board has concluded that transferring the specification to GlobalPlatform is the best way to preserve the integrity of the OMAPI Specification and ensure it is optimised to expand future SE access across applications and devices. This decision has been made easier thanks to GlobalPlatform’s position as an active specifications development body, which will increase opportunities for the integration of OMAPI with other relevant technology, as well as the organisation’s unwavering commitment to developing complementary specifications and certification programs.”
Gil Bernabeu, Technical Director of GlobalPlatform, adds: “GlobalPlatform is a long-standing advocate of the OMAPI Specification, which is already referenced in the organisation’s compliance program. We stand alongside other influential industry bodies, such as GSMA and EMVCo, in recognising the value of this cornerstone technology; we have already used it to develop value added specifications, which enable the control of communication between device applications and SE applications, and which also allow open communication between trusted applications and SEs.
“GlobalPlatform has agreed to take on the development of the OMAPI Specification from SIMalliance, to ensure that it can be expanded in the future to serve new use cases and environments. We are currently exploring the extension of OMAPI to allow web applications to benefit from access to SE applications within a device. This is especially relevant and timely considering the security challenges that the Internet of Things (IoT) looks set to deliver. On behalf of GlobalPlatform I’d like to offer my thanks to SIMalliance for its significant investment in developing the OMAPI Specification to date, and its contribution of this important technology to GlobalPlatform. I can assure all OMAPI stakeholders that GlobalPlatform welcomes this decision by SIMalliance and is committed the long term development of the specification.”
The current version, OMAPI Specification v3.2 and the corresponding OMAPI Test Suite v2.2, are now available for download from both the SIMalliance and GlobalPlatform websites. The next release of the specification, v3.3, and all future extensions and test suite updates, will be made available for download from the device committee pages of the GlobalPlatform website. All archived specifications (v3.2 and earlier) will remain on the SIMalliance website, however any future releases (v3.3 and beyond) will be available on GlobalPlatform’s website.
SIMalliance is the global, non-profit industry association which simplifies aspects of hardware-based device security to drive the creation, deployment and management of secure mobile services. GlobalPlatform is the association which standardizes the management of applications on secure chip technology.
Note to Editors:
About SIMalliance (Security, Identity, Mobility)
SIMalliance is the global, non-profit industry association which simplifies aspects of hardware-based device security to drive the creation, deployment and management of secure mobile services. The organisation promotes the essential role of a dedicated tamper resistant hardware module in delivering secure mobile applications and services across all devices that can access wireless networks. By identifying and addressing related technical issues, and both clarifying and recommending existing technical standards relevant to the implementation of hardware security, the SIMalliance aims to facilitate and accelerate delivery of secure mobile applications globally. SIMalliance members represent 88% of the global SIM card market. As such, the SIMalliance’s membership is responsible for delivering the most widely distributed secure application delivery platform in the world (UICC/SIM/USIM).
SIMalliance members are Card Centric Solutions, Eastcompeace, Gemalto, Giesecke & Devrient, Incard, Kona I, Oasis Smart SIM, Oberthur Technologies, Safran Identity & Security, VALID, Watchdata, Wuhan Tianyu and XH Smartcard (Zhuhai) Co. Ltd. SIMalliance Strategic Partners are Comprion, Linxens, Movenda and Simulity Labs. For more information visit www.simalliance.org
GlobalPlatform defines and develops specifications to facilitate the secure deployment and management of multiple embedded applications on secure chip technology. Its standardized infrastructure empowers service providers to develop services once and deploy across different markets, devices and channels. GlobalPlatform’s security and privacy parameters enable dynamic combinations of secure and non-secure services from multiple providers on the same device, providing a foundation for market convergence and innovative new cross-sector partnerships.
GlobalPlatform is the international industry standard for trusted end-to-end secure deployment and management solutions. The technology’s widespread global adoption across finance, mobile/telecom, government, healthcare, retail and transit sectors delivers cost and time-to-market efficiencies to all. GlobalPlatform supports the long-term interoperability and scalability of application deployment and management through its secure chip technology open compliance program.
As a non-profit, member-driven association, GlobalPlatform has cross-market representation from all continents. 120+ members contribute to technical committees and market-led task forces. For more information on GlobalPlatform membership visit www.globalplatform.org
This License Agreement (Agreement) is a legal agreement between you and SIMalliance. (Licensor), which is the owner of the specification (Specification) you will be downloading when you complete this Agreement. As used in this Agreement, "you" means the company, entity or individual that is acquiring a license under this Agreement.
By clicking on the "ACCEPT" button below, you are agreeing that you will be bound by and are becoming a party to this Agreement. If you are an entity, and an individual is entering into this Agreement on your behalf, then you will be bound by this Agreement when that individual clicks on the "ACCEPT" button. When they do so, it will also constitute a representation by the individual that s/he is authorized to bind you as a party to this Agreement. If you do not agree to all of the terms of this Agreement, click the "DO NOT ACCEPT" button at the end of this Agreement.
1. License Grant.
Licensor hereby grants you the right, without charge, on a perpetual, non- exclusive and worldwide basis, the right to utilize the Specification for the purpose of developing, making, having made, using, marketing, importing, offering to sell or license, and selling or licensing, and to otherwise distribute, products complying with the Specification, in all cases subject to the conditions set forth in this Agreement and any relevant patent and other intellectual property rights of third parties (which may include members of Licensor). This license grant does not include the right to sublicense, modify or create derivative works based upon the Specification. For the avoidance of doubt, products implementing this Specification are not deemed to be derivative works of the Specification.
2. NO WARRANTIES.
THE SPECIFICATION IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL LICENSOR, ITS MEMBERS OR ITS CONTRIBUTORS BE LIABLE FOR ANY CLAIM, OR ANY DIRECT, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THE SPECIFICATION.
3. THIRD PARTY RIGHTS.
Without limiting the generality of Section 2 above, LICENSOR ASSUMES NO RESPONSIBILITY TO COMPILE, CONFIRM, UPDATE OR MAKE PUBLIC ANY THIRD PARTY ASSERTIONS OF PATENT OR OTHER INTELLECTUAL PROPERTY RIGHTS THAT MIGHT NOW OR IN THE FUTURE BE INFRINGED BY AN IMPLEMENTATION OF THE SPECIFICATION IN ITS CURRENT, OR IN ANY FUTURE FORM. IF ANY SUCH RIGHTS ARE DESCRIBED ON THE SPECIFICATION, LICENSOR TAKES NO POSITION AS TO THE VALIDITY OR INVALIDITY OF SUCH ASSERTIONS, OR THAT ALL SUCH ASSERTIONS THAT HAVE OR MAY BE MADE ARE SO LISTED.
4. TERMINATION OF LICENSE.
In the event of a breach of this Agreement by you or any of your employees or members, Licensor shall give you written notice and an opportunity to cure. If the breach is not cured within thirty (30) days after written notice, or if the breach is of a nature that cannot be cured, then Licensor may immediately or thereafter terminate the licenses granted in this Agreement.
All notices required under this Agreement shall be in writing, and shall be deemed effective five days from deposit in the mails. Notices and correspondence to either party shall be sent to its address as it appears below. This Agreement shall be construed and interpreted under the internal laws of the United Kingdom, without giving effect to its principles of conflict of law.