Introduction to GlobalPlatform Compliance Secretariat

Similar documents
Phase I CAQH CORE 102: Eligibility and Benefits Certification Policy version March 2011

European Code of Conduct on Data Centre Energy Efficiency

Phase II CAQH CORE 202 Certification Policy version March 2011 CAQH 2011

Architecture Tool Certification Certification Policy

Policies and Procedures for CTIA Authorized Testing Laboratories

IHE Conformity Assessment

RFM Procedure 3: Certification Body Approval for Chain of Custody Standard. Alaska Responsible Fisheries Management (RFM) Certification Program 17065

Minimum Requirements For The Operation of Management System Certification Bodies

BACnet. Certification Handbook. Version 4.0. Valid as of ( )

NFC Forum Compliance Program. Matt Ronning Compliance Committee Chairman NFC Forum September 2009

2018 CANADIAN ELECTRICAL CODE UPDATE TRAINING PROVIDER PROGRAM Guidelines

MasterCard NFC Mobile Device Approval Guide v July 2015

EU Code of Conduct on Data Centre Energy Efficiency

Common Operating Environment (COE) Platform Certification Program. Certification Policy

SLI Compliance ONC-ATL Testing Program Guide

Timber Products Inspection, Inc.

Compliance & Certification Phase 2 Path to Certification

Battery Program Management Document

TCG Storage Work Group. Storage Certification Program. Program Version 1.0 Document Revision 1.22 March 16, Contact: Doug Gemmill, TCG CPM T C G

IT Security Evaluation and Certification Scheme Document

UNCONTROLLED IF PRINTED

Chapter 4 EDGE Approval Protocol for Auditors Version 3.0 June 2017

Process for the Evaluation and Acceptance of Building Products in the USA

Visa Chip Security Program Security Testing Process

Policy for Accrediting Assessment Bodies Operating within the Cradle to Cradle Certified Product Certification Scheme. Version 1.2

ConCert FAQ s Last revised December 2017

Handbook December 2018

Testing and Certification Regulations For an SA8000 Applicant Status Certification

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

Superannuation Transaction Network

RET CONSTRUCTION MANAGER CERTIFICATION INSTITUTE. Retired Handbook

VOLUNTARY CERTIFICATION SCHEME FOR MEDICINAL PLANT PRODUCE

Policy for Certification of Private Label Products Within the Cradle to Cradle Certified Certification Scheme. Version 1.0.

Payment Card Industry (PCI) 3-D Secure (PCI 3DS) Qualification Requirements for 3DS Assessors

CDISC Operating Procedure 002 ODM Certification

Rules for LNE Certification of Management Systems

PROCESS FOR INITIAL CERTIFICATION OF CERTIFIED SCRUM TRAINER PROFESSIONALS WITH CERTIFICATION STANDARDS

Connected Health Principles

Information Technology (CCHIT): Report on Activities and Progress

Certification Report

Certification of Quality Management Systems with respect to Product Compliance

PRODUCT CERTIFICATION SCHEME FOR MECHANICAL-CUSTOMIZED VEHICLES

R103 - GENERAL REQUIREMENTS: PROFICIENCY TESTING FOR ISO/IEC LABORATORIES

MEMBERSHIP. Learn how you can get involved with SNIA

Product Testing Program

VOLUNTARY CERTIFICATION SCHEME FOR MEDICINAL PLANT PRODUCE REQUIREMENTS FOR CERTIFICATION BODIES

EOQ methods and criteria for approval of training courses and training providers

Certifying LXI Products Testing Criteria and Process

PRODUCT CERTIFICATION SCHEME FOR ENERGY DRINKS

Ref No: RACS/PCS/10 Page 1 of 7. Revision No: 00 Revision Date: October 1, 2018 PRODUCT CERTIFICATION SCHEME FOR ELECTRICAL EQUIPMENT

Candidate Handbook Certified Commissioning Firm (CCF) Program

IAF Guidance on the Application of ISO / IEC Guide 65:1996

APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME

CCM Retired Handbook. Recognizing Knowledge, Experience, and Dedication.

PROTERRA CERTIFICATION PROTOCOL V2.2

POSIX : Certified by IEEE and The Open Group. Certification Policy

Visa Mobile. Proximity Payment Testing & Compliance Requirements for MicroSD and Mobile Accessories

IECEx Guide Guidance for Applications from Service Facilities seeking IECEx Certification

DOCUMENT NO. CSWIP-PED Requirements for the approval of NDT Personnel CERTIFICATION SCHEME FOR PERSONNEL. 2 nd Edition January 2011

Overview on Test & Certification in Wi-SUN Alliance. Chin-Sean SUM Certification Program Manager Wi-SUN Alliance

IECRE OPERATIONAL DOCUMENT

IEC Quality Assessment System for Electronic Components (IECQ System)

Indonesia - SNI Certification Service Terms

FeliCa Approval for Security and Trust (FAST) Overview. Copyright 2018 FeliCa Networks, Inc.

DCL PRODUCT CERTIFICATION

FileMaker Business Alliance. Program Guide

Introduction to CPIP

ArchiMate 2.0 Standard Courseware. Course Introduction

Association of Psychology Postdoctoral and Internship Centers INTERNSHIP MATCHING PROGRAM

Domestic TPC Perspective on EPA Formaldehyde Regulation Jackson Morrill and Gary Heroux Composite Panel Association

TCG. TCG Certification Program. TNC Certification Program Suite. Document Version 1.1 Revision 1 26 September 2011

Compliance Verification Program Governance Guide

CERTIFICATE IN LUXEMBOURG COMPANY SECRETARIAL & GOVERNANCE PRACTICE

Accreditation Body Evaluation Procedure for AASHTO R18 Accreditation

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.

Building an Assurance Foundation for 21 st Century Information Systems and Networks

Microsoft Independent Software Microsoft Independent Vendor Royalty License and Software Vendor Royalty

Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition

GlobalPlatform Addressing Unique Security Challenges through Standardization

REQUEST FOR QUOTATION (RFQ)

SERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY?

CIPURSE V2 Certification Program

Certification program PCWU-3

This fee sheet details all relevant fees for BREEAM-SE. It includes fees for the following:

Regulation for the accreditation of product Certification Bodies

CONTINUING EDUCATION PROVIDER GUIDE

CIPURSE Certification Program

PRODUCT CERTIFICATION SCHEME FOR CHILDREN TOYS

CONSTRUCTION MANAGER CERTIFICATION INSTITUTE. Recertification Point Provider Guide

REGISTERED TRAINING PROVIDER GUIDELINES AND APPLICATION 2018

FIRE SAFETY GUIDELINES

Framework for a Better Ads Experience Program

IEC Quality Assessment System for Electronic Components (IECQ System)

PRODUCT CERTIFICATION SCHEME FOR ORGANIC PRODUCTS

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

1-TIER AUTHORIZED INFORMATICA RESELLER (AIR)

CHARTER OUR MISSION OUR OBJECTIVES OUR GUIDING PRINCIPLES

IHE Conformity Assessment Strategic Objectives

PRODUCT UNDER TEST TEST EVENT RESULT. Quality Manual ISO Test Lab Test Report

S. Scholz / K. Meyer / J.E. Nielsen / Harald Drück/J.Fernández/E.Prado/L.Nelson Page 1 of 7

Transcription:

Introduction to GlobalPlatform Compliance Secretariat

Introduction Key to market stability is the adoption of proven standards. Industry acceptance of any standard or specification, however, will only be achieved if there is a commitment to maintain the stability of the specifications to encourage their adoption. Standards, specifications and configurations are only as dependable as the products developed to abide by them. This is why it is important that the industry has a means to test and verify product compliance. For this reason, GlobalPlatform has invested heavily in the creation of test suites. These allow test tool providers and laboratories to create the correct tools and services, which will provide industry with strong assurance that products in the marketplace are in compliance with GlobalPlatform Specification and will therefore perform as advertised. The launch of the GlobalPlatform Compliance Secretariat demonstrates GlobalPlatform s long-term commitment to this program. This body has the authority to issue the compliance trademark to test tools and laboratories, as well as oversee product certification. This presentation offers an insight into this new body and the processes implemented by GlobalPlatform to manage this scheme. 2

Positioning the GlobalPlatform Compliance Secretariat in a certification scheme Scope of current presentation GlobalPlatform Compliance Secretariat GlobalPlatform Composition Model Certification Scheme Functional compliance Security compliance 3

Useful definitions TestFest means an event conducted by GlobalPlatform for purposes of enabling product vendors to engage in cross-testing of products, in order to demonstrate compliance with the relevant and then current GlobalPlatform Specifications for a configuration and category of product. Test suite means a suite consisting of GlobalPlatform testing documentation, test scripts and/or other materials, based on a given GlobalPlatform Specification and related configuration, which has been released by GlobalPlatform for purposes of enabling authorized users to develop corresponding qualified test products. Configuration means a particular set of features and implementation rules as specified by GlobalPlatform for, or required by, a given GlobalPlatform Specification, such as a configuration for mobile or a configuration for government use. Test tool means a tool that integrates any portion of the test suite and is created, developed or produced for purposes of performing tests on proposed GlobalPlatform compliant products. GlobalPlatform compliant product means a commercial implementation of a secure chip or terminal related product or component that has successfully demonstrated sufficient conformance with the relevant specifications at a TestFest hosted by GlobalPlatform. 4

Compliance secretariat role (extract) The compliance secretariat manages the product qualification process procedures: Evaluates TestFest results and determines whether GlobalPlatform qualification should be granted to a test tool Evaluates laboratory documents and determines whether GlobalPlatform qualification should be granted to a laboratory Evaluates product (and derivative product) requests for qualification and communicates evaluation results Evaluates appropriate resolution of non-conformance issues reported to GlobalPlatform, including additional testing, revision or eventual termination of the Letter of Qualification for a particular qualified product (or test tool). The role also includes communicating product qualification process status to third parties, maintenance of product qualification process information on the GlobalPlatform website, and the maintenance of a database that provides the following: Product qualification process documentation and forms List of qualified laboratories, qualified test tools, qualified products, self-tested products. 5

Complete source of information about the compliance program 6

The four processes of the GlobalPlatform Compliance Secretariat 1. Generation and maintenance of test suites From configuration to test suite Manage test suite evolution to address market requirements 2. TestFest coordination: test suite and test tools qualification Manage TestFest Manage test tool qualification Manage product evolution (names, ) 3. Test laboratory qualification Manage annual test lab qualification 4. Product qualification Deliver Letter of Qualification to a product vendor 7

Global overview Authorized Organization Spec WG Compliance WG Evolution Request Spec Configuration 1) Coverage Test Suite Test Suite Test Suite Development Test Fest Test Suite Maintenance 2) Test Fest GlobalPlatform Members Publication of Qualified Test Tools Qualified Test Tools Qualified? Test Tools Publication of Qualified Test Lab Qualified Test Labs 3) Qualified? Publication of Test Claims Qualify Products Self-Tested Products 8 4) Test Report Good Claim? Test Labs Product Vendor

From specification to test suite Specification Market Configuration Scope of Interoperability (Coverage Matrix) UML Modeling Tool Model Development - Implement the specification with references to the requirement Test Generation Test Publication Test Suite 9

Compliance test suites Specific License Agreements Free license for GlobalPlatform members internal use only Commercialization license for GlobalPlatform member tool suppliers of qualified tools Commercialization license for GlobalPlatform member laboratory which delivers qualified services. Specific agreement developed for standardization bodies enabling them to review the test suites, and endorse the compliance program 10

Test suite and packages Testing is split into different packages. All packages are managed and maintained separately for each package there is a coverage matrix. Packages are delivered separately but based on the same model to ensure complete coherence. Example: Packages for GlobalPlatform UICC Configuration 11 o o o o o Card Content Management Confidential Card Content Management Data Store GlobalPlatform APIs Key Management o Life Cycle State Management o Logical Channel Management o Security Domain Tree o Security Domain Tree Extended (confidential CCM) o Secure Messaging

Test Tool Qualification A test tool supplier must be a GlobalPlatform Participating or Full Member. During a GlobalPlatform TestFest, the test tool performs a specific test suite on a specific product sample and generates a test report. The test report is analyzed by the compliance secretariat: The secretariat verifies that the results of the tests are as expected The test tool should support all packages and generate the appropriate result of 95% tests of each packages. If results are > 95% and all packages are supported, the compliance secretariat recommends the tool for qualification. TestFest results are validated by the GlobalPlatform Technical Director. 12

Qualified test labs Laboratory must be: A GlobalPlatform Participating or Full Member An officially recognized lab (ISO 17025 or equivalent) and / or are already an EMVCo, FIPS, Common Criteria, PCI qualified laboratory. Laboratory must use a GlobalPlatform qualified test tool: Lab must maintain the test tool to current revision levels (as required by GlobalPlatform / market needs). A GlobalPlatform qualified laboratory must have: At least one expert which has undertaken GlobalPlatform s Card Specifications and Test Suites Training. This is delivered by a GlobalPlatform Certified Trainer. OR Have an expert directly participate in the Compliance Working Group, the TestFest process and use their own qualified tool in their accredited lab. This must be the same expert who performs testing services at the lab. 13

Product qualification Two possibilities: self-testing or lab testing Product Provider Self-testing Testing procedures Lab testing Self Testing Process Qualification process Self Tested product Qualified Product Open to members and non-members 14

Self-testing process 15

Lab testing process Lab testing Test session by Qualified Lab Submit Test Report Qualification and Listing Agreement Pay invoice 100% success No *Additional costs of the contract for services between the test lab and the product provider are outside the scope of the GlobalPlatform process Yes Yes Yes Quotation Quotation Accepted? Pay invoice Non conformance review Positive report No No Only when test report shows less than 100% success Letter of Qualification including listing on GlobalPlatform website Letter of Rejection 16

Pricing model 1 st January 2013 Self Testing US $4,000 for a review of a self test claim provided by a non-globalplatform member Product Vendor US $2,000 for a review of a self test claim provided by a GlobalPlatform member Product Vendor Lab Testing US $7,800 for a review of a Qualification Request provided by a non-globalplatform member Product Vendor. US $5,000 for a review of a Qualification Request provided by a GlobalPlatform member Product Vendor for Product Configuration as listed in section A.1. US $3,900 for a review of a Qualification Request provided by a GlobalPlatform member Product Vendor for Product Configuration other than as listed in section A.1. US $2,800 for a review of a Qualification Request for a Derivative Product US $2,800 for a review of a Product Change Request US $2,000 for a review of a Request for Renewal of an already Qualified Product US $500 for an SCO resubmission due to a declined SCO (incorrect SCO submitted with Qualification Request). 17

Version management 21 days 9 Test Suite N Test Suite N+1 18

Thank you for viewing this presentation. The latest information regarding the GlobalPlatform Compliance Program can be accessed at www.globalplatform.org. If you have any specific enquiries, please email the GlobalPlatform Compliance Program Secretariat at compliance@alliancesmanagement.com. 19 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback