GlobalPlatform
SoftwareAn industry standard for secure management of smart card applications, including applet installation, deletion, and secure channels.
GlobalPlatform
GlobalPlatformGlobalPlatformSoftwareCard application management standard.Click to view → (GP) is an industry standard that defines the infrastructure for managing applications on secure chip technology — smart cards, Secure Elements, and TEEs. It specifies how applications are securely loaded, installed, deleted, and managed on multi-application cards, providing the administrative framework that sits above the card operating system (typically JavaCard).
Key Concepts
GlobalPlatform organizes card management around Security Domains:
| Component | Description |
|---|---|
| Issuer Security Domain (ISD) | The card issuer's master domain — controls card lifecycle and delegates privileges |
| Supplementary Security Domain (SSD) | Additional domains for application providers with delegated management authority |
| CASD (Controlling Authority SD) | Optional domain for certification authority token verification |
| Card Manager | The on-card entity that routes APDUs and enforces lifecycle policies |
Each Security Domain holds its own set of cryptographic keys for authenticating management operations. This key separation ensures that a payment network can manage its applets independently of the telecom operator's applets on the same card.
Secure Channel Protocols
All management operations (applet installation, key rotation, card locking) are protected by a secure channel:
| Protocol | Cipher | Status |
|---|---|---|
| SCP01 | 3DES | Deprecated |
| SCP02 | 3DES | Legacy, still in SIMSIMApplicationSmart card for mobile network authentication.Click to view → cards |
| SCP03 | AES-128/192/256 | Current standard |
| SCP11 | ECC + AESAESCryptographyNIST symmetric block cipher for smart card encryption.Click to view → | For certificate-based mutual authentication |
SCP03 is the current production standard, providing AES-based encryption and CMAC integrity protection. SCP11 enables PKI-based authentication, useful for IoT scenarios where pre-shared symmetric keys are impractical.
Card Lifecycle States
GlobalPlatform defines a card lifecycle with controlled transitions:
- OP_READY — Card manufactured, ready for personalization
- INITIALIZED — ISD keys loaded
- SECURED — Production keys set, card ready for deployment
- CARD_LOCKED — Card temporarily locked (security event)
- TERMINATED — Card permanently disabled
These states are enforced by the card hardware — once a card reaches TERMINATED, it cannot be recovered. This lifecycle model is critical for personalization bureaus managing the secure issuance pipeline.
GlobalPlatform Beyond Smart Cards
GlobalPlatform specifications extend beyond traditional cards to cover TEE management (GPD_SPE_021), eSIMeSIMApplicationProgrammable embedded SIM chip.Click to view → profile management (in coordination with GSMA), and IoT device security. The GP Device Technology specifications define secure device enrollment, firmware update, and device attestation protocols.
Related Content
Understanding ISO 7816
Standards & ProtocolsGlobalPlatform Card Management
Standards & ProtocolsGlobalPlatform Card Management GlobalPlatform is the industry consortium…
ISO 7816 Parts Guide
Standards & Protocols…in a multi-application environment Superseded by GlobalPlatform in practice 7816-14 Conformance test plan Test cases for…
Secure Channel Protocols (SCP02/SCP03)
Standards & ProtocolsSecure Channel Protocols (SCP02/SCP03) GlobalPlatform Secure Channel Protocols establish a mutually…
Smart Card Cryptography
Security…800-108 counter-mode KDF or EMV-style diversification. The GlobalPlatform specification governs how card-unique keys are structured…
Key Management for Smart Cards
Security…Domain EMV Visa / MasterCard 3DES + KCMVP Legacy payment GlobalPlatform SCP02 3DES-CBC Legacy card management SCP03 AES-CMAC based…
HSM Integration for Smart Cards
SecurityTEE vs Secure Element
Security…Attestation (Android), Secure Enclave (iOS) Manufacturer + GlobalPlatform Replacement / provisioning OTA firmware update OTA profile…
Häufig gestellte Fragen
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.