The UICC - ETSI docbox

The UICC Recent Work of ETSI TC Smart Card Platform Dr. Klaus Vedder Chairman ETSI TC SCP

6th ETSI Security WS Sophia Antipolis, France 19-20 January 2010 Footer text (edit in View : Header and Footer)

World Class Standards

SIMs, USIMs, R-UIMs, CSIMs…. in 2010 You could stack the SIMs, USIMs, R-UIMS, CSIMs … delivered to the market in 2010

If you place the SIMs, USIMs, R-UIMs, CSIMs, …. ever delivered to the market next to each other you could

to a tower 3,040 km high

575 km

go more than 40 times around the world!

6th ETSI Security WS

2


The Smart Card Market 6000

CAG

5000

M. units

2656

3000

1889 1469 280 1050

4520

4995 860

650

750

510

2650

CAGR 05-09 23% 22% 25%

410

336

1000

4185

3446

4000

2000

% R 24

3200

3400

2008

2009

3700

2040 1390

Note: The current estimate for 2010 is 4 billion units

0 2004

2005

2006

Industry & Government

2007 Payment

2010e

Telecommunication

Source: Eurosmart


3


ETSI TC Smart Card Platform 23 Years of Dedication and Real-life Experience TC SCP founded in March 2000 as the successor of SMG9, the people which specified the most successful smart card application ever with over 4 billion subscribers using one or more of the over 20 billion SIMs, USIMs, R-UIMs, CSIMs, … delivered to the market

ETSI TC SCP has published over fifty specifications on smart cards covering all areas from administrative commands to APIs, browsers, Internet connectivity, Machine-to-Machine (M2M), new interfaces for high speed and NFC as well as related test specifications all can be downloaded free of charge from the ETSI website

The specifications are application agnostic and are not restricted to the world of telecommunications. They can be used as a (secure) platform for basically any application. 6th ETSI Security WS

4


Structure and Officials SCP Plenary Chairman: Klaus Vedder, G&D Vice Chairman: Tim Evans, Illuminismo Vice Chairman: Denis Praca, Gemalto

SCP Requirement WG

SCP Technical WG

Chairman: Colin Hamling, Telefónica

Chairman: Paul Jolivet, LG

Vice Chairman: Heiko Kruse, Sagem Orga Vice Chairman: Denis Praca, Gemalto

Vice Chairman: Sebastian Hans, Oracle

SCP Testing WG Chairman: Andreas Bertling, Comprion Vice Chairman: Christophe Dubois, Gemalto 6th ETSI Security WS

5


Description SCP Final acceptance of Work Items to be progressed by Working Groups Acceptance for publication of all Technical Specifications, Technical Reports and Change Requests to published documents Input to its work is received from ETSI members as well as 3GPP, 3GPP2, GlobalPlatform, GSMA, GSMA SCaG, Global Certification Forum (GCF), NFC Forum, OMA, WiMAX Forum, …

SCP REQ Working Group SCP REQ is responsible for developing the requirements for the Smart Card Platform

SCP TEC Working Group SCP TEC is responsible for the technical realisation of the requirements developed by SCP REQ and accepted by SCP

SCP TEST Working Group SCP TEST is responsible for the development of test specifications for deliverables produced by SCP TEC and accepted by SCP 6th ETSI Security WS

6


The UICC - the Multi-application Platform The UICC is the smart card platform providing a clear separation of lower layers and applications residing on it

eHealth Payment

SIM

USIM

Public Transport

(U)SAT Phonebook

Specified by TC SCP

UICC a technology agnostic platform 6th ETSI Security WS

Firewalls between applications provided by smart card supplier

ID

7


Complete revamp of the UICC New interfaces IC_USB interface for high-speed contact communication • • •

modification of USB 2.0 on the physical layer for direct (non-pluggable) connections between chips; higher layers are not affected and run transparently without modifications on the IC_USB interface nominal speed of 12 megabit per second use of existing contact layout of the smart card (C4 and C8)

Single Wire Protocol and Host Controller Interface •

contactless communication (Near Field Communication)

VCC

GND

RST

SWP

CLK

I/O

USB

USB

Secure Channel to an end point terminal (to support, for instance, OMA BCAST)

Support for large memory part of the IC_USB specification

A jump into the IP world IP Connectivity for the UICC remote management over IP Migration of the SIM toolkit framework over IP

API for the Smart Card Web Server New user interface (consistent interface across the range of handsets) Web like look and feel (using the browser in the handset)

while retaining the security attributes 6th ETSI Security WS

8


The Smart Card Web Server A full-fledged Web server on the UICC UICC is the secure interface to the Internet accessed by the Internet browser of the (mobile) device gives services on the UICC a Web look and feel

The SCWS combines

Packet the benefits of the World Wide Web data • ease of use and administration http • dynamic content and the UICC • platform for VAS • the user’s home page • OTP, Instant messenger • Web Pages with FAQ to save calls to the Operator xHtml • access to services based on new technologies such as NFC • security and over-the-air administration (OTA)


9


Contactless Mobile Terminals The Mobile Terminal works like a contactless card for payment, personal banking, ticketing, access control, … and as as a card reader for the applications on the Secure Element

The Single Wire Protocol (SWP) is the standardised I/F between UICC and the Contactless Front End (CLF)

Contactless applications on USIM (or mobile)

Contactless applications on USIM, SE or mobile

Mobile Phone CPU

Mobile Phone CPU

Secure Element (SE)

NFC chip for contactless transmission


10


G lo ba lP la tfo rm

Security Capabilities on the UICC TrustSector TSMn

SD TSMn

SD TSM1

GP API

ISD (U)SIM

App 2

App 3

TrustSector TSM1

App 1

ISD

ISD

App 1

App 2

App 3

Issuer applications

MNO App 1

MNO App 2

Java CardTM API SWP

HCI

Secure OS


11

World Class Standards TC SCP – Major Achievements in 2010 Publication of M2M specification Environmental conditions and new form factors for the UICC

Publication of test specifications for the USB interface* Set of two specifications (terminal and UICC features)

Completion of test specifications for UICC based NFC* Two new specifications to complete the set of five for SWP and HCI

Specification of a UICC API for Java CardTM for contactless applications Test specification for SCWS Application Invocation API for Java CardTM Technical Report on UICC in Mobile Broadband Notebook Upon request by the GSMA *

The development of these Technical Specifications was done by an ETSI STF (Specialist Task Force) with half the budget provided by ETSI and half by the participating companies


12


New Specifications and Reports UICC in Mobile Broadband Notebook (TR 102 906) Analyses the integration of UICCs in Mobile Broadband Notebooks Describes the different market initiatives Provides a non-exclusive set of use cases

Test specification for SCWS Application Invocation API for Java CardTM; Test Environment and Annexes (TS 102 835) Core specification (TS 102 588) defines an API that allows a UICC based SCWS to forward Http requests to an Applet and to receive the response from the Applet. It also defines an API for the Applet to register and unregister to the SCWS The test specification describes the technical characteristics and methods for testing this API including procedures and testing tools

UICC Application Programming Interface for Java Card™ for contactless applications (TS 102 705) Provisioning of access for a contactless Applet to the services provided by the Host Controller Interface (HCI) protocol for the communication via the Contactless Front End (CLF) Registration of contactless parameters and management of contactless Applets in card emulation mode is defined in "GlobalPlatform Amendment C" 6th ETSI Security WS

13

World Class Standards New Specifications: Testing the Contactless Interface The two new test specifications on the Host Controller Interface complete the set of five test specifications on NFC employing the UICC and using the Single Wire Protocol (SWP) for communication between the UICC and the NFC chip in the terminal TS 102 695 - Smart Cards; Test specification for the Host Controller Interface (HCI) • Part 1: Terminal features • covers the minimum characteristics which are considered necessary for the terminal in order to provide compliance to TS 102 622 UICC - Contactless Frontend (CLF) Interface; Host Controller Interface (HCI)

• Part 3: Host Controller features • covers additional test cases for the Host Controller to those specified in part 1 • also tests for host controller features which are transparent to the terminal


14


New Specifications: Testing the USB Interface Complete set of specifications for the USB interface of the UICC Interface specification (USB_IC) published in late 2007 Test specifications for both the terminal and the UICC now also available to allow interoperability testing • TS 102 922-1 – Smart Cards; Test specification for the ETSI aspects of the IC USB interface; Part 1:Terminal features • TS 102 922-2 – Smart Cards; Test specification for the ETSI aspects of the IC USB interface; Part 2:UICC features

What is the future of this interface? Currently no “active” implementations • No SIMS, USIMS, R-UIMS, … with megabytes of memory deployed

T=0 interface sufficient for the “normal” SIM, USIM, R-UIM, … ? • T=1 never took off due to interoperability issues


15


M2M Specification Completed TS 102 671: Smart Cards; Machine to Machine UICC; Physical and logical characteristics Machine-to-Machine (M2M) specific constraints such as data retention, temperature, memory update cycles, vibration resistance, humidity Two new form factors for M2M use • •

MFF1: socketable 8 pin solution MFF2: SON8

SON8 5mm x 6mm


16


M2M System Overview A sensor inside a machine

Out through a wireless transmitter

Over a network

Into a software application

Integrated into a business process

Smart metering

Sensor

M2M Module

M2M Terminal

Satellite/Cellular Network

Middleware

Fleet Management Environmenta l monitoring

UICC

Security


17


The challenge of M2M M2M enabled device

Vending machine operator

Vending machine manufacturer

M2M terminal

OEM

M2M module

Which Subscription? May have to be changeable after deployment!

Modem manufacturer

M2M UICC

MNO

UICC manufacturer


18


Management of M2M Subscriptions UICCs may be embedded in M2M devices at M2M production site This may be in advance of choice of country of deployment and network operator Network operator may be changed during life time of the device

This requires remote management of subscriptions in M2M UICCs Remote profiling and activation of UICCs Subscription portability between operators

The overall security shall be at least equivalent to that achieved with current removable SIM cards, processes and OTA management Securely updateable M2M UICC operating system, secure download and management of security and subscription data TS 102 225: Secured packet structure for UICC based applications


19


Endless possibilities for M2M applications The low maintenance mousetrap Companies producing food attract small animals; it just smells good to them. For hygienic reasons one cannot use classical mousetraps (no blood!) or cats to cater for the mice. The mice have to be caught alive. But the trap has to be checked every 12 hours. This new electronic mousetrap sends, once a mouse has been trapped, an SMS to the maintenance people person. No batteries are required as the mouse itself produces the energy needed to activate the system and send the SMS (“energy harvesting“).


20


SCP: Major Completed Topics In addition to eight deliverables the following topics were concluded CAT (Card Application Toolkit) access on Modem interface. Extension of CAT to a single client interfacing with the modem AT Commands for UICC interaction, description of AT commands that can be issued to a terminal and that are specifically for use with the UICC to better facilitate communication between a UICC and applications on a laptop via a built in modem In close co-operation with 3GPP

Confidential Applications: allows 3rd party applications to be loaded and executed within a secure and private environment In close co-operation with GlobalPlatform

Use cases and requirements related to the usage of the UICC with data modems integrated in notebooks Requirements on interface management while allowing evolution of the existing set of specifications. Potential areas are the USB interface, power management and negotiation, the voltage class used to secure the deployment of the use cases 6th ETSI Security WS

21


SCP: Current and Future Work

CAT (Card Application Toolkit) access on Modem interface. Extension of CAT to multiple clients interfacing with the modem

AT Commands for UICC interaction, description of AT commands that can be issued to a terminal and that are specifically for use with the UICC to better facilitate communication between a UICC and applications on a laptop via a built in modem

API for secure channels

Support of P2P mode in contactless interface specifications

Specification of requirements and use cases for Peer to Peer contactless mode support in the UICC To facilitate communication between applications on different UICCs

UICC next generation Run Time Environment (RTE) to support multi-tasking of the UICC with more than one interface

Test specifications to be realised this year

Use cases and requirements related to the usage of the UICC with data modems integrated in notebooks

Security requirements still to be addressed

Technical solution for a new framework for application and services migration over IP/USB

Evolution the test specification for UICC API for Java Card™ to Rel-7

Framework allowing service discovery, registration and invocation over IP/USB

Use cases and requirements related to the usage of the UICC in an M2M context (with emphasis on creating inputs for M441) Creation of conformance test specification covering UICC conformance requirements specified in ETSI TS 102 221 6th ETSI Security WS

22

World Class Standards Convergence of Daily Life Security-based Applications

Pay

Communicate

Identify


23


Vision: Tomorrow in my Mobile Wallet


24


Visit the

ETSI SCP website for details on meetings, current work items, documents, …

www.etsi.org Next SCP Plenary Meeting: 02-04 March here at ETSI 6th ETSI Security WS

25


The UICC is everywhere (in the form of the SIM, USIM, R-UIM, CSIM, …)


26


Dr. Klaus Vedder Group Senior Vice President Giesecke & Devrient GmbH Prinzregentenstr. 159 81607 Munich Germany [email protected]


27