Introduction
Consumer mobile devices like smartphones are becoming the entrance to digital services, such as mobile banking, electronic identity verification, digital key management, etc. Meanwhile more and more security attack vectors are being explored, such as malicious applications, network eavesdropping. Defining security and assurance requirements for mobile devices can mitigate potential risks and drive the mobile device security to an appropriate level in order to protect users of such mobile devices. Smartphones and tablets are typical consumer mobile devices.
ETSI TS 103 732 identifies key assets to be protected in typical consumer usage scenarios and identifies security threats associated to these key assets. The identified threats are mitigated by security objectives, which are in their turn fulfilled by implementing appropriate security functional requirements.
ETSI TS 103 732 is defined as a Protection Profile following the structure from the Common Criteria standards and therefore can be used for third party Common Criteria security assessments and certification.
Our Role & Activities
ETSI TS 103 732
ETSI TS 103 732 is developed by ETSI Technical Committee Cyber Security (CYBER). It is a multi-part specification covering the Consumer Mobile Device:
- Part 1: "Base Protection Profile";
- Part 2: "Biometric Authentication Protection Profile Module";
- Part 3: "Multi-user Protection Profile Module";
- Part 4: "Consumer Module Devices - Preloaded Apps PP-Module";
- Part 5: “Bootloader & Root of Trust Protection Profile Module”.
Specifications
The list of related specifications is accessible via the standards search.