Vedder 2011 01 ETSI Sec WS finaldocbox.etsi.org/Workshop/2011/201101_SECURITYWORKSHOP/S3_I… · Industry & Government Payment Telecommunication 1469 1889 3446 CAGR 05-09 23% 22%

Footer text (edit in View : Header and Footer)

The UICC

Dr. Klaus VedderChairman ETSI TC SCP

6th ETSI Security WS

Sophia Antipolis, France

19-20 January 2010

Recent Work of ETSI TC Smart Card Platform

6th ETSI Security WS 2

World Class Standards

SIMs, USIMs, R-UIMs, CSIMs…. in 2010

You could stack the SIMs, USIMs, R-UIMS, CSIMs …delivered to the market in

2010

to a tower

3,040 km high

go more than 40 times around the world!

575 km

If you place the SIMs, USIMs, R-UIMs, CSIMs, …. ever delivered to the market next to

each other you could



The Smart Card Market

10501390

20402650

3200 34003700

280336

410

510

650750

860

0

1000

2000

3000

4000

5000

6000

2004 2005 2006 2007 2008 2009 2010e

Source: Eurosmart

CAGR 2

4%

M. units

Industry & Government Payment Telecommunication

14691889

3446

CAGR 05-09

23%

22%

25%

2656

41854520

4995

Note:

The current

estimate for 2010

is 4 billion units



ETSI TC Smart Card Platform

� 23 Years of Dedication and Real-life Experience

� TC SCP founded in March 2000 as the successor of SMG9, the people which specified the most successful smart card application ever with over 4 billion subscribers using one or more of the over 20 billion SIMs, USIMs, R-UIMs, CSIMs, … delivered to the market

� ETSI TC SCP has published over fifty specifications on smart cards covering all areas from administrative commands to APIs, browsers, Internet connectivity, Machine-to-Machine (M2M), new interfaces for high speed and NFC as well as related test specifications

� all can be downloaded free of charge from the ETSI website

The specifications are application agnostic and are not restricted to the world of telecommunications.

They can be used as a (secure) platform for basically any application.

4



Structure and Officials

SCP Plenary

Chairman: Klaus Vedder, G&DVice Chairman: Tim Evans, IlluminismoVice Chairman: Denis Praca, Gemalto

SCP Requirement WG

Chairman: Colin Hamling, TelefónicaVice Chairman: Heiko Kruse, Sagem Orga

Vice Chairman: Denis Praca, Gemalto

SCP Testing WG

Chairman: Andreas Bertling, Comprion

Vice Chairman: Christophe Dubois, Gemalto

SCP Technical WG

Chairman: Paul Jolivet, LGVice Chairman: Sebastian Hans, Oracle

5



Description

� SCP� Final acceptance of Work Items to be progressed by Working Groups

� Acceptance for publication of all Technical Specifications, Technical Reports and Change Requests to published documents

� Input to its work is received from ETSI members as well as 3GPP, 3GPP2, GlobalPlatform, GSMA, GSMA SCaG, Global Certification Forum (GCF), NFC Forum, OMA, WiMAX Forum, …

� SCP REQ� Working Group SCP REQ is responsible for developing the requirements for

the Smart Card Platform

� SCP TEC� Working Group SCP TEC is responsible for the technical realisation of the

requirements developed by SCP REQ and accepted by SCP

� SCP TEST� Working Group SCP TEST is responsible for the development of test

specifications for deliverables produced by SCP TEC and accepted by SCP

6



The UICC - the Multi-application Platform

The UICC is the smart card platformproviding a clear separation of lower layers and applications residing on it

UICCa technology agnostic platform

ID

eHealth

Payment

PublicTransport

USIM SIM

Phonebook

(U)SAT

Specified by

TC SCP

Fir

ew

all

s b

etw

ee

n a

pp

lic

ati

on

sp

rovid

ed

by s

ma

rt c

ard

su

pp

lie

r



Complete revamp of the UICC

� New interfaces� IC_USB interface for high-speed contact communication

• modification of USB 2.0 on the physical layer for direct (non-pluggable) connections between chips; higher layers are not affected and run transparently without modifications on the IC_USB interface

• nominal speed of 12 megabit per second• use of existing contact layout of the smart card (C4 and C8)

� Single Wire Protocol and Host Controller Interface• contactless communication (Near Field Communication)

� Secure Channel to an end point terminal (to support, for instance, OMA BCAST)

� Support for large memory� part of the IC_USB specification

� A jump into the IP world� IP Connectivity for the UICC remote management over IP� Migration of the SIM toolkit framework over IP

� API for the Smart Card Web Server� New user interface (consistent interface across the range of handsets)� Web like look and feel (using the browser in the handset)

while retaining the security attributes

VCC

RST

CLK

USB

GND

SWP

I/O

USB



The Smart Card Web Server

A full-fledged Web server on the UICC -

UICC is the secure interface to the Internet� accessed by the Internet browser of the (mobile) device

� gives services on the UICC a Web look and feel

The SCWS combines� the benefits of the World Wide Web

• ease of use and administration

• dynamic content

� and the UICC

• platform for VAS

• the user’s home page

• OTP, Instant messenger

• Web Pages with FAQ to save calls to the Operator

• access to services based on new technologies such as NFC

• security and over-the-air administration (OTA)

Packetdata

http

xHtml



Contactless Mobile Terminals

The Mobile Terminal works like a contactless card for payment, personal banking, ticketing, access control, …and as as a card reader for the applications on the Secure Element

Mobile Phone CPU

The Single Wire Protocol (SWP) is the standardised I/F

between UICC and the Contactless Front End (CLF)

NFC chip for contactless

transmission

Contactless

applications

on USIM (or

mobile)

Mobile Phone CPU

Contactless

applications

on USIM,

SE or mobile

Secure Element (SE)



Security Capabilities on the UICC

SWP HCI Secure OS

ISD

ISD

ISDG

P A

PI

SD TSMn

Java CardTM API

Issuer applications

(U)SIMMNO

App 1

SD TSM1TrustSector TSM1

TrustSector TSMn

MNOApp 2

App 1 App 2 App 3

App 1 App 2 App 3

Glo

bal P

latfo

rm



TC SCP – Major Achievements in 2010

� Publication of M2M specification

� Environmental conditions and new form factors for the UICC

� Publication of test specifications for the USB interface*

� Set of two specifications (terminal and UICC features)

� Completion of test specifications for UICC based NFC*

� Two new specifications to complete the set of five for SWP and HCI

� Specification of a UICC API for Java CardTM for contactless applications

� Test specification for SCWS Application Invocation API for Java CardTM

� Technical Report on UICC in Mobile Broadband Notebook

� Upon request by the GSMA

* The development of these Technical Specifications was done by an ETSI STF (Specialist Task Force) with half the budget provided by ETSI and half by the participating companies

12



New Specifications and Reports

� UICC in Mobile Broadband Notebook (TR 102 906) � Analyses the integration of UICCs in Mobile Broadband Notebooks� Describes the different market initiatives � Provides a non-exclusive set of use cases

� Test specification for SCWS Application Invocation API for Java CardTM; Test Environment and Annexes (TS 102 835)� Core specification (TS 102 588) defines an API that allows a UICC based

SCWS to forward Http requests to an Applet and to receive the response from the Applet. It also defines an API for the Applet to register and unregister to the SCWS

� The test specification describes the technical characteristics and methods for testing this API including procedures and testing tools

� UICC Application Programming Interface for Java Card™ for contactless applications (TS 102 705)� Provisioning of access for a contactless Applet to the services provided by

the Host Controller Interface (HCI) protocol for the communication via the Contactless Front End (CLF)

� Registration of contactless parameters and management of contactless Applets in card emulation mode is defined in "GlobalPlatform Amendment C"



New Specifications: Testing the Contactless Interface

� The two new test specifications on the Host Controller Interfacecomplete the set of five test specifications on NFC employing the UICC and using the Single Wire Protocol (SWP) for communication between the UICC and the NFC chip in the terminal

� TS 102 695 - Smart Cards; Test specification for the Host Controller Interface (HCI)

• Part 1: Terminal features

• covers the minimum characteristics which are considered necessary for the terminal in order to provide compliance to TS 102 622 UICC - Contactless Front-end (CLF) Interface; Host Controller Interface (HCI)

• Part 3: Host Controller features

• covers additional test cases for the Host Controller to those specified in part 1

• also tests for host controller features which are transparent to the terminal



New Specifications: Testing the USB Interface

� Complete set of specifications for the USB interface of the UICC

� Interface specification (USB_IC) published in late 2007

� Test specifications for both the terminal and the UICC now also available to allow interoperability testing

• TS 102 922-1 – Smart Cards; Test specification for the ETSI aspects of the IC USB interface; Part 1:Terminal features

• TS 102 922-2 – Smart Cards; Test specification for the ETSI aspects of the IC USB interface; Part 2:UICC features

� What is the future of this interface?

� Currently no “active” implementations

• No SIMS, USIMS, R-UIMS, … with megabytes of memory deployed

� T=0 interface sufficient for the “normal” SIM, USIM, R-UIM, … ?

• T=1 never took off due to interoperability issues



M2M Specification Completed� TS 102 671: Smart Cards; Machine to Machine UICC; Physical and logical

characteristics� Machine-to-Machine (M2M) specific constraints such as data retention, temperature,

memory update cycles, vibration resistance, humidity

� Two new form factors for M2M use

• MFF1: socketable 8 pin solution

• MFF2: SON8

SON85mm x 6mm



M2M System Overview

A sensor inside a machine

Out through a wireless

transmitter

Over a network

Into a software application

Integrated into a

business process

Sensor M2M Module

M2M Terminal

UICC

Smart metering

MiddlewareSatellite/Cellular Network Fleet

Management

Environmental monitoring

Security



The challenge of M2M

M2M module

M2M terminal

M2M enabled device

M2M UICC

UICC manufacturer

MNO

Modem manufacturer

OEM

Vending machinemanufacturer

Vending machineoperator

WhichSubscription?

May have to bechangeable

after deployment!



Management of M2M Subscriptions

� UICCs may be embedded in M2M devices at M2M production site� This may be in advance of choice of country of deployment and

network operator

� Network operator may be changed during life time of the device

� This requires remote management of subscriptions in M2M UICCs

� Remote profiling and activation of UICCs

� Subscription portability between operators

The overall security shall be at least equivalent to that achieved with current removable SIM cards, processes and OTA management

� Securely updateable M2M UICC operating system, secure download and management of security and subscription data � TS 102 225: Secured packet structure for UICC based applications



Endless possibilities for M2M applications

The low maintenance mousetrap

� Companies producing food attract small animals; it just smells good to them.

� For hygienic reasons one cannot use classical mousetraps (no blood!) or cats to cater for the mice. The mice have to be caught alive. But the trap has to be checked every 12 hours.

� This new electronic mousetrap sends, once a mouse has been trapped, an SMS to the maintenance people person.

� No batteries are required as the mouse itself produces the energy needed to activate the system and send the SMS (“energy harvesting“).



SCP: Major Completed Topics

In addition to eight deliverables the following topics were concluded

� CAT (Card Application Toolkit) access on Modem interface. Extension of CAT to a single client interfacing with the modem � AT Commands for UICC interaction, description of AT commands that can be

issued to a terminal and that are specifically for use with the UICC to better facilitate communication between a UICC and applications on a laptop via a built in modem

� In close co-operation with 3GPP

� Confidential Applications: allows 3rd party applications to be loaded and executed within a secure and private environment� In close co-operation with GlobalPlatform

� Use cases and requirements related to the usage of the UICC with data modems integrated in notebooks � Requirements on interface management while allowing evolution of the

existing set of specifications. Potential areas are the USB interface, power management and negotiation, the voltage class used to secure thedeployment of the use cases



SCP: Current and Future Work

� CAT (Card Application Toolkit) access on Modem interface. Extension of CAT to multiple clients interfacing with the modem

� AT Commands for UICC interaction, description of AT commands that can be issued to a terminal and that are specifically for use with the UICC to better facilitate communication between a UICC and applications on a laptop via a built in modem

� API for secure channels

� Support of P2P mode in contactless interface specifications� Specification of requirements and use cases for Peer to Peer contactless mode support in the UICC� To facilitate communication between applications on different UICCs

� UICC next generation Run Time Environment (RTE) to support multi-tasking of the UICC with more than one interface

� Test specifications to be realised this year � Evolution the test specification for UICC API for Java Card™ to Rel-7

� Use cases and requirements related to the usage of the UICC with data modems integrated in notebooks � Security requirements still to be addressed

� Technical solution for a new framework for application and services migration over IP/USB� Framework allowing service discovery, registration and invocation over IP/USB

� Use cases and requirements related to the usage of the UICC in an M2M context (with emphasis on creating inputs for M441)

� Creation of conformance test specification covering UICC conformance requirements specified in ETSI TS 102 221



Convergence of Daily Life Security-based Applications

Pay Communicate

Identify



Vision: Tomorrow in my Mobile Wallet



Visit the

ETSI SCP websitefor details on meetings, current work items, documents, …

www.etsi.org

Next SCP Plenary Meeting:02-04 March here at ETSI



The UICC is everywhere

(in the form of the SIM,

USIM, R-UIM, CSIM, …)



Dr. Klaus Vedder

Group Senior Vice PresidentGiesecke & Devrient GmbHPrinzregentenstr. 15981607 MunichGermany

[email protected]

Documents

Vedder 2011 01 ETSI Sec WS finaldocbox.etsi.org/Workshop/2011/201101_SECURITYWORKSHOP/S3_I… · Industry & Government Payment Telecommunication 1469 1889 3446 CAGR 05-09 23% 22%