GlobalPlatform released a security upgrade for managing the content of applications on secure chip technology compliant to GlobalPlatform Card Specification v2.2. The technical document references new cryptographic schemes based on Elliptic Curve Cryptography and up-to-date RSA algorithms and keys.
GlobalPlatform released Amendment E to Card Specification v2.2 to meet the long-term requirement for stronger cryptographic technology from players in the smart card community. The need to migrate is being driven by government mandates for Elliptic Curve Cryptography or extended length RSA keys to support digital signatures, as well as service providers in the mobile contactless market who want to confidentially load applications and manage keys in secure elements.
The document, which will be of particular interest to card manufacturers and application developers, details the use of Elliptic Curve Cryptography and new schemes for RSA with respect to signing, encryption and padding operations. Additionally, a new scenario for confidential key generation based on Elliptic Curve Cryptography technology is available which meets the requirements of implementation models for secure applications involving service providers, issuers and third parties, such as a trusted service manager.
The GlobalPlatform Card Committee produced amendment E. The new document can be downloaded here.