GlobalPlatform Simplifies Secure User Authentication with Standardized API


GlobalPlatform has released a new specification to simplify and bring greater trust to the authentication of digital services on smartphones and biometric-enabled cards.

Originally developed within EMVCo, the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions, the Secure Element Broker Interface defines a standard to make end-user authentication simpler for all applications running in a GlobalPlatform-certified Secure Element (SE). It enables service providers to easily develop secure apps that utilize the authentication mechanisms available in the device, which are now known as Consumer Device Cardholder Verification Methods (CDCVM). The specification means developers no longer need multiple app versions for different device operating systems or models. It also accelerates the roll out of contactless biometric payment cards. Regardless of whether a consumer is using a biometric card or a smartphone, they can rely on a single secure authentication method for all apps stored in the device, rather than remembering multiple PINs and passcodes.

“The Broker Interface supports two of today’s big trends: unified user authentication and strong customer authentication for smartphones, smart wearables and contactless cards. And this is about simplifying everyone’s lives. Developers no longer have to adapt their solutions for different devices and wallets, and end-users get a more consistent experience across their services,” comments Gil Bernabeu, Technical Director of GlobalPlatform.

The specification also supports FIDO authentication and GlobalPlatform will extend the application of the Application Programming Interface (API) beyond mobile payments. GlobalPlatform’s SE technology is widely deployed across sectors including enterprise ID, government and transport. It means the new interface can be used to support authentication services for a variety of use cases, and increase interoperability among digital service providers, Original Equipment Manufacturers (OEMs) and application developers.

“EMVCo welcomes this initiative to support the use of external mobile services within the device, including Consumer Device Cardholder Verification Method (CDCVM) use-cases,” comments Junya Tanaka, Chair of the EMVCo Executive Committee. “EMVCo’s initial work in this area demonstrated clear utility beyond payments, and collaboration with GlobalPlatform will promote security and interoperability for mobile service providers and original equipment manufacturers across multiple sectors, delivering convenience, simplicity and familiarity to consumers.”