The UICC. Recent Work of ETSI TC Smart Card Platform. Dr. Klaus Vedder Chairman ETSI TC SCP

Similar documents
The UICC. Recent Work of SCP and Related Security Aspects. Dr. Klaus Vedder Chairman ETSI TC SCP

SIM Evolution. Klaus Vedder. Presented by: 10 July 2018 ETSI th Sigos Conference

The SIM Turns 20. Dr. Klaus Vedder. Chairman ETSI TC SCP. 3rd ETSI Security WS Sophia Antipolis, France January 2008

2 nd ETSI Security Workshop: Future Security. Smart Cards. Dr. Klaus Vedder. Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient

GSM Association (GSMA) Mobile Ticketing Initiative

GSMA Embedded SIM Specification Remote SIM Provisioning for M2M. A single, common and global specification to accelerate growth in M2M

GSMA Embedded SIM 9 th December Accelerating growth and operational efficiency in the M2M world

GSMA Embedded SIM for Connected Cars

The Open Application Platform for Secure Elements.

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

Testing Remote SIM Provisioning. Solutions for M2M and Consumer Devices

ETSI TS V7.1.0 ( )

Embedded SIM (esim)/euicc Technology

ETSI standards are enabling a global M2M solution. Enrico Scarrone, ETSI TC M2M Chairman, Telecom Italia 3 ETSI M2M workshop, Mandelieu, France, EU

NTT DOCOMO Technical Journal. 1. Introduction. Kazunari Suzuki Teppei Azuma

New Business. Opportunities for Cellular IoT. Loic Bonvarlet Director of Marketing Secure Identity Arm. Copyright 2018 Arm, All rights reserved.

Connected Living. SIMs & M2M the Central and Developing Role of SIMs

Enabler Release Definition for Smartcard-Web-Server

Secure Elements 101. Sree Swaminathan Director Product Development, First Data

esim Whitepaper The what and how of Remote SIM Provisioning March 2018

SEPA goes Mobile Dr. Marijke De Soete ETSI Security Workshop January 2011 Sophia Antipolis, France

ETSI TS V ( )

Solutions to Enhance IoT Authentication Using SIM Cards (UICC)

Mobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013

3GPP TS V ( )

M2MD Communications Gateway: fast, secure, efficient

3GPP R15 5G SIM card: A definition

NIS Platform Working Group 3 Individuals Digital Rights and Capabilities. Dr. Gisela Meister April

ETSI TS V8.0.0 ( ) Technical Specification

ETSI TS V9.1.0 ( ) Technical Specification

ETSI TS V6.1.0 ( )

Bringing you an end to end Mobile Connect Solution. Mobile Connect for Mobile Network Operator. Mars 2016

ETSI TS V8.0.0 ( )

Secure Over-The-Air Services in NFC Ecosystems

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

Smart Card Alliance Member Webinar: Mission Expansion and Name Change. February 22, 2017

3GPP TS V9.1.0 ( )

SOLUTIONSPORTFOLIO RESHAPING SIM BUSINESS

ETSI TS V7.8.0 ( )

Technical Specification Smart Cards; UICC Application Programming Interface for Java Card for Contactless Applications (Release 10)

ETSI TS V ( ) Technical Specification

Best Practices for esim Deployments. Héctor López Solutions Architect Telecommunication Industries G+D Mobile Security

ETSI TR V ( )

ETSI TS V6.0.0 ( )

ETSI TS V7.4.0 ( ) Technical Specification

ETSI TS V6.2.0 ( )

<Insert Picture Here> Integration of the SIM card via TCP/IP

ETSI TS V9.2.0 ( ) Technical Specification. Smart Cards; ETSI numbering system for telecommunication application providers (Release 9)

Technical Specification Smart Cards; ETSI numbering system for telecommunication application providers (Release 12)

SMART CARDS. Miguel Monteiro FEUP / DEI

The Mobile Finnish Identity Certificate

ETSI TS V (201

M2MD Communications Gateway: fast, secure and efficient

Technical Specification Smart Cards; UICC Application Programming Interface and Loader Requirements; Service description (Release 10)

7 th ETSI Security Workshop

Kigen SIM Solutions. Unlock the full potential of IoT

Advances with Osaifu-Keitai Starting Services Supporting NFC (Type A/B) on NTT DOCOMO UIM Cards. contactless IC cards that is being adopted

Mobile/NFC Security Fundamentals. Secure Elements 101. Smart Card Alliance Webinar March 28, 2013

Die Zukunft des M-Payment The future of m-payment NFC. Andreas Johne. Düsseldorf, 25. Januar 2008

ETSI TS V9.0.0 ( ) Technical Specification

3GPP TS V ( )

ebook - TRUSTED esim TESTING FRAMEWORK - June 2016 BUILDING A TRUSTED EMBEDDED SIM TESTING FRAMEWORK IN THE AGE OF IOT

ETSI TS V (201

ETSI TS V5.3.0 ( )

3GPP security. Valtteri Niemi 3GPP SA3 (Security) chairman Nokia

NGN Security standards for Fixed-Mobile Convergence

A Novel Scheme for On-demand Distribution of Secure Element Keys

Telenor SIM specification General Purpose Telematics (GPT) Profile no: 001

introducing it? CME Sharing Initiative 21 st of July 2016

ETSI s role in global ICT standardization

Workshop Numbering for ecall 31. January Johannes Vallesverd CEPT ECC WG NaN Chairman

OECD work on IoT. Regulatory impacts of IoT or the liberalisation of the SIM-card

EES3, EGS5/-X, EGS3, BGS3/-ATEX

Göran Näslund M2M Business Development Manager Smart Metering Vodafone Global Enterprise Sweden

Enabler Test Report Smartcard Web Server v1.0. OMA TestFest (January 2008) Version 1st February 2008

Case Study. gsma.com/iotsecurity

Big Data for Smart Cities Connected Vehicles in the Wireless World

euicc for: Connected cars

GSM GSM TECHNICAL July 1996 SPECIFICATION Version 5.0.0

Identity and Authentication PKI Portfolio

EUROPEAN ETS TELECOMMUNICATION September 1994 STANDARD

3GPP TS V8.3.0 ( )

3GPP TR V7.0.0 ( )

euicc for: Connected wearable technology

ETSI TS V6.1.0 ( )

3GPP TS V ( )

Product family: Automotive

M2M INTEROPERABILITY DEMONSTRATIONS

Security Strategy for Mobile ID GSMA Mobile Connect Summit

How To deploy IoT Gloablly

ETSI TS V ( )

Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

Enabling Mobile NFC CTST 2008

ETSI TS V ( )

ETSI TS V5.2.0 ( )

ETSI TS V7.3.0 ( )

GlobalPlatform Addressing Unique Security Challenges through Standardization

3GPP TS V6.4.0 ( )

WLANSIM a wireless IP networked UICC ETSI Workshop 4-5 june 2008, Sophia Antipolis Steinar Brede. Research Manager Telenor R&I

PRESENTED FOR INFORMATION

Transcription:

Dr. Klaus Vedder Chairman ETSI TC SCP The UICC Recent Work of ETSI TC Smart Card Platform 8th ETSI Security Workshop, Sophia Antipolis, France, 16-17 January 2012 ETSI 2012. All rights reserved

SIMs, USIMs, R-UIMs, CSIMs. in 2011 402 320km

The Smart Card Market M. units 8000 7000 6000 5000 4000 3000 2000 1000 0 1469 280 1050 1889 2656 3446 510 4185 4520 750 650 410 336 3200 3400 2650 2040 1390 5320 7105 6135 1260 1050 880 5200 4700 4000 2004 2005 2006 2007 2008 2009 2010 2011 2012e Industry & Government Payment Telecommunication Source: Eurosmart

The Coverage in 2012 2012 if all SIMs, USIMs, R-UIMs, CSIMs,. had been delivered as an ID-1 card. 3360 But SIMs, are delivered as half cards to save on transport cost And the beloved Plug-in is being delivered in a multitude of carriers, including paper Cards are delivered directly to device manufacturers in the required form factor

The Form Factors Height Width Area Saving mm mm mm 2 ID-1 card 53,98 85,6 4621 Plug-in Card (1989) 15 25 375 mini-uicc (2004) # * 12 15 180 52% wrt Plug-in Card 4FF (2012)~ 8,8 12,3 108 40% wrt mini-uicc In comparison: MFF2 (2010) 5 6 30 # Also called 3FF and Micro-SIM ~ Also called Nano-SIM * Caused the first technical vote in the history of the committees Thickness of plastic 0.6-0.7 mm compared with 0.76 +/-0.08 for all other card form factors

The Future of the USB Interface R0,80±0,10 all 5 corners 0,20 min clearance area between contact pads and package edge C1 C4 C5 C2 C6 C3 C8 C7 1,65±0,10 The mini-uicc as part of the Plug-in card being part of the ID-1 card 1,00 max 3,00 min 4,81 max 6,81 min 8,62 max 10,62 min 12,30±0,10 Taken from ETSI TS 102 221 Will there be any 4FF UICCs supporting USB? In 2012, the vast majority of UICCs was delivered with a 6-pin contact plate

The Smaller Cards and the euicc It took a good 8 years for the mini-uicc to be introduced to the market on a broad scale When will it replace the Plug-in SIM in mobile communications or will it itself be replaced by the 4FF? What will be the impact of the 4FF on the deployment of embedded UICCs? Will there be mobile devices supporting both an euicc and a SIM card (3FF or 4FF)? The SIM cardcould take precedence over the embedded SIM To use a local subscription for easy roaming To profit from better tariffs Similar to a solution specified in the current ETSI specifications, where the ID-1 SIM takes precedence over the Plug-in SIM Would this be a long-term solution or just an interim measure until all operators support subscription management?

ETSI TC Smart Card Platform 25 Years of Dedication and Real-life Experience TC SCP was founded in March 2000 as the successor of SMG9, the people who specified the most successful smart card application ever with well over 5 billion subscribers using one or more of the over 30 billion SIMs, USIMs, R-UIMs, CSIMs, delivered to the market The Mission Create a series of specifications for a smart card platform, based on real-life requirements, on which other bodies from inside and outside the telecom-world can base their system specific applications to achieve compatibility between all applications resident on the smart card The Work ETSI TC SCP has published over fifty specifications on smart cards encompassing for every topic the whole range from requirements via the technical solution to the test specification; topics range from administrative commands to APIs, browsers, Internet connectivity, Machine-to- Machine, new interfaces for high speed and NFC as well as remote management All can be downloaded free of charge from the ETSI website The specifications are application agnostic, they are not restricted to the world of telecommunications They can be used as a (secure) platform for basically any smart card application 8

Structure and Officials SCP Plenary Chair: Klaus Vedder, G&D Vice Chair: Tim Evans, Illuminismo Vice Chair: Heiko Kruse, Morpho SCP Requirement WG Chair: Colin Hamling, Telefónica Vice Chair: Heiko Kruse, Morpho Vice Chair: Denis Praca, Gemalto SCP Technical WG Chair: Paul Jolivet, LG Vice Chair: Sebastian Hans, Oracle SCP Testing WG Chair: Andreas Bertling, Comprion Vice Chair: Christophe Dubois, Gemalto

Description SCP Final acceptance of Work Items to be progressed by Working Groups Acceptance for publication of all Technical Specifications and Technical Reports as well as Change Requests to published documents Input to its work is received from ETSI members such as TC M2M as well as 3GPP, 3GPP2, GlobalPlatform, GSM Association, Global Certification Forum (GCF), NFC Forum, OMA, SCP REQ Working Group SCP REQ is responsible for developing the requirements for the Smart Card Platform SCP TEC Working Group SCP TEC is responsible for the technical realisation of the requirements developed by SCP REQ and accepted by SCP SCP TEST Working Group SCP TEST is responsible for the development of test specifications for deliverables produced by SCP TEC and accepted by SCP 10

2012 in a Nutshell 4FF technical realisation completed Test specifications now available for the Secure Channel specification ETSI TS 103 484-1 Test Specification for the Secure Channel interface Part 1: Terminal Features; Part 2: UICC Features 3GPP and OMA use the Secure Channel specification for secure communications between the USIM application and a Relay Node and OMA BCAST, resp. New test specification for UICC API for Java Card TM for Contactless Applications (ETSI TS 103115) Work continued on Requirements for an Embedded UICC P2P mode for contactless communications SCP started the following new Work Items Test cases to cover new features of TS 102 241 UICC API for Java card Security for encapsulated Card Application Toolkit (CAT) Security for CAT UICC Access Optimisation Use cases and requirements related to the addition of new contactless features

The Road to embedded UICCs 3FF 4FF Plug-in MFF2 The SIM card has evolved to meet market requirements Strongly driven by size requirements, and to meet portability regulations Memory, security and interfaces to meet application requirements Move to the embedded UICC (specifically the soldered MFF2) Triggered by SIM card requirements to address the M2M market such as limited accessibility, reliability Delivers benefits in size / space, reduced production cost in all types of devices

M2M -Rise of the Machines A sensor inside a machine Over a network Into a business system SIMs in different form factors Mobile Network Smart metering Vending machines Security Fleet management Telematics Tracking systems Energy suppliers Automotive industry Environmental monitoring Administration Reports

The Road Towards Subscription Management ❶ Some M2M applications require new form factors such as MFF2 ❷ Provisioning of subscription over-the-air (after production, outside of factory) for M2M is needed ❸ New ecosystem with dynamic subscription management (provisioning and changing of subscriptions and profiles) originates for M2M

Subscription Management Secure Ecosytem

End-2-End Security of subscription credentials euicc Certified environment (SAS) MUC ARN SM -SR SM-SR SD Subscription Management Client (SMC) Subscription Management API Operating System SM DP HSM VPN encrypted Subscription Credentials protected by euicc specific key Encryption: AES128 Authentication: C-MAC Authentication Algorithm is not loaded via OTA

A soldered euicc Enables a New Device Lock Today, subsidised devices are protected through the use of a SIM Lock to prevent unauthorised use of the device a mechanism is implemented on the device, based on IMSI and Group Identifier, to check if a SIM is allowed in the specific device An embedded UICC which is soldered into the device can enable a new form of Device Lock to protect a subsidy only a trusted Subscription Manager can change the subscription in the euicc

Options for a Device Lock using an euicc 1. Implement Device Lock on the device as today not implemented on the euicc a downloaded subscription could be rejected by the Device Lock 2. The Subscription Manager (SM) checks with the current MNO for permission before a change of subscription 3. A Device Lock is implemented by a Subscription Manager s database - a policy control table the SM will keep track of which devices are locked to which MNOs, and only downloads in line with those rules 4. A Device Lock is implemented on the euicc the euicc refuses to install an MNO subscription that violates the lockrules recorded on the euicc

Leveraging the Strengths of the euicc and SM The proposed new Device Lock To ensure the Device Lock always remains with the device, there is a lock data field on the euicc that the MNO can set When a change of subscription is requested, the Subscription Manager (SM) enforces the lock policy that is stored on the euicc Devices with a user interface could allow the user to read the lock status (e.g. when buying a second hand device) An Effective Device Lock can Protect device subsidies MNO sets lock info at start of a new subscription Prevent accidental deletion of a subscription Reduce device theft the device is worthless as the subscription will be blocked and can not be changed on the euicc Soldered euiccs expected to be much stronger than the SIM Lock that is used to protect device subsidies

Dr. Klaus Vedder Group Senior Vice President Giesecke & Devrient GmbH Prinzregentenstr. 159 81607 Munich Germany klaus.vedder@gi-de.com Next SCP Plenary Meeting 07-08 February Cupertino, USA see: www.etsi.org

New Work Items in 2012 Test cases to cover new features of TS 102241 UICC API for Java card Security for encapsulated Card Application Toolkit (CAT) Definition of a mechanism that allows securing of encapsulated CAT commands and envelopes. The mechanism can be used on top of the AT commands defined for CAT over the modem interface. Security for CAT Definition of a mechanism that allows securing of CAT commands and envelopes. Existing security mechanisms from TS 102484 will be re-used muicc Access Optimisation Analysis of issues related to the reduction of the time for the terminal to access the content on the UICC in order to provide a better user experience Background: The UICC is a platform that was designed for multiple application support. While this platform was often used for a single application in the past, it is more and more frequent that multiple applications reside on the UICC (e.g. USIM + ISIM + CSIM). The current work in other Technical Committees and organizations may create even further applications to be hosted on the UICC, such as the M2M Service Module Use cases and requirements related to the addition of new contactless features New usages of the UICC in contactless environment shall be taken into account by the ETSI specifications. For instance, several types of secure elements may use the HCI as an interface. In order to increase interoperability and avoid proprietary implementations, there is a need to standardise interaction between the UICC and these secure elements through HCI

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback