One of the most difficult challenges companies deploying scaled up IoT solutions today is managing for tomorrow. Given that standards in the world of connected things are still up in the air, and given the "gold rush" effect of hundreds of companies now producing sensors, actuators, gateways, clouds, applications and full business solutions, the potential for fragmentation is tempering investment and slowing down decisions inside of large enterprises to move forward.
The fear? Obsolescence, not always planned, but often an "unintended consequence" should an IoT start up go south, or when new, better software appears.
The natural nature of the IoT is dispersed and decentralized, and with the millions, billions and now trillions of endpoints being predicted to go live between now and 2025, it's no wonder decision makers are stopping to think about what managing the edge (and all other elements) will really require, including the security of systems which are now in the "wild, wild west" according to some.
Today, GlobalPlatform, a non-profit organization which describes itself as "the standard for secure digital services and devices," published the "Open Firmware Loader for Tamper Resistant Elements" otherwise knowns as OFL.
This free and open specification standardizes how secure element (SE) firmware – combining the secure operating system (OS), applications and data – can be remotely loaded and managed onto a SE such as SIM, embedded SE or eUICC / eSIM, or integrated SE even after a device has been issued.
Managing the lifecycle of any hardware/software technology service is hard. What GlobalPlatform seems to be doing is reducing the risk of a device's shelf life, offering software that supports "in-field OS and firmware provisioning, device refurbishment, backup / restoration of the SE and the secure transfer of a customer profile to a new device."
Security by design in mind, the the OFL scheme, when adopted by handset manufacturers, service providers and firmware implementers "can build a new privacy-by-design ecosystem where services can be securely deployed and updated on connected devices," according to the news release.
“The growth of embedded SEs is driving the development of new solutions as, previously, there has not been a standardized way to load the OS to an eUICC after the smartphone has been produced,” says Gil Bernabeu, Technical Director of GlobalPlatform. “With the OFL protocol, the selection of an OS can be delayed until the device reaches its destination. So, if a smartphone is manufactured in one country, for example in China, a country-specific OS can be loaded to the eSIM or integrated SE once it reaches France, or the U.S. What’s great is that this also brings greater flexibility further down the line. Smartphones, connected cars or any other device with an embedded or integrated SE often have more than one owner during their lifecycle. OFL ensures a new OS can replace an existing one and, importantly, a personalized OS and its services can be securely transferred to a new device.”
The OFL protocol enables the industry to:
- Distribute generic and blank (no firmware/operating system) embedded hardware featuring a standardized loading mechanism. This enables firmware from various developers to be loaded, with policy enforcement, after the issuance of the device.
- Solve the logistical challenge of distributing devices to fragmented markets with low volume.
- Distribute new firmware once the device has been issued to address additional use cases.
- Mitigate the challenges of loading firmware containing diversified data into embedded hardware during manufacturing.
- Use a standardized loader, shared between multiple silicon makers, allowing firmware implementers to produce loadable OSs.
- Ensure perfect forward secrecy and confidentiality between firmware makers easing compliancy with the latest data regulations (GDPR).
“This is an important specification for the embedded community," saod Gil Bernabeu, Technical Director, GlobalPlatform. "The Open Firmware Loader supports the innovation and sustainability of the embedded SE ecosystem by opening up new use cases while supporting strong security and privacy by design model. Device manufacturers can now get their equipment to their destination before loading operating systems. IoT devices can be effectively refurbished. Data and applications can be remotely loaded and in a standardized way.”
GlobalPlatform's industry association brings together 100 member companies. Members share a common goal to develop GlobalPlatform’s specifications, which are today highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.
Market sectors adopting GlobalPlatform technology include automotive, healthcare, government and enterprise ID, payments, premium content, smart cities, smart home, telecoms, transportation, and utilities.
Edited by
Ken Briodagh