19-20 January 2010. Recent Work of ETSI TC Smart Card Platform .... The Mobile Terminal works like a contactless card fo
The UICC Recent Work of ETSI TC Smart Card Platform Dr. Klaus Vedder Chairman ETSI TC SCP
6th ETSI Security WS Sophia Antipolis, France 19-20 January 2010 Footer text (edit in View : Header and Footer)
World Class Standards
SIMs, USIMs, R-UIMs, CSIMs…. in 2010 You could stack the SIMs, USIMs, R-UIMS, CSIMs … delivered to the market in 2010
If you place the SIMs, USIMs, R-UIMs, CSIMs, …. ever delivered to the market next to each other you could
to a tower 3,040 km high
575 km
go more than 40 times around the world!
6th ETSI Security WS
2
World Class Standards
The Smart Card Market 6000
CAG
5000
M. units
2656
3000
1889 1469 280 1050
4520
4995 860
650
750
510
2650
CAGR 05-09 23% 22% 25%
410
336
1000
4185
3446
4000
2000
% R 24
3200
3400
2008
2009
3700
2040 1390
Note: The current estimate for 2010 is 4 billion units
0 2004
2005
2006
Industry & Government
2007 Payment
2010e
Telecommunication
Source: Eurosmart
6th ETSI Security WS
3
World Class Standards
ETSI TC Smart Card Platform 23 Years of Dedication and Real-life Experience TC SCP founded in March 2000 as the successor of SMG9, the people which specified the most successful smart card application ever with over 4 billion subscribers using one or more of the over 20 billion SIMs, USIMs, R-UIMs, CSIMs, … delivered to the market
ETSI TC SCP has published over fifty specifications on smart cards covering all areas from administrative commands to APIs, browsers, Internet connectivity, Machine-to-Machine (M2M), new interfaces for high speed and NFC as well as related test specifications all can be downloaded free of charge from the ETSI website
The specifications are application agnostic and are not restricted to the world of telecommunications. They can be used as a (secure) platform for basically any application. 6th ETSI Security WS
4
World Class Standards
Structure and Officials SCP Plenary Chairman: Klaus Vedder, G&D Vice Chairman: Tim Evans, Illuminismo Vice Chairman: Denis Praca, Gemalto
SCP Requirement WG
SCP Technical WG
Chairman: Colin Hamling, Telefónica
Chairman: Paul Jolivet, LG
Vice Chairman: Heiko Kruse, Sagem Orga Vice Chairman: Denis Praca, Gemalto
Vice Chairman: Sebastian Hans, Oracle
SCP Testing WG Chairman: Andreas Bertling, Comprion Vice Chairman: Christophe Dubois, Gemalto 6th ETSI Security WS
5
World Class Standards
Description SCP Final acceptance of Work Items to be progressed by Working Groups Acceptance for publication of all Technical Specifications, Technical Reports and Change Requests to published documents Input to its work is received from ETSI members as well as 3GPP, 3GPP2, GlobalPlatform, GSMA, GSMA SCaG, Global Certification Forum (GCF), NFC Forum, OMA, WiMAX Forum, …
SCP REQ Working Group SCP REQ is responsible for developing the requirements for the Smart Card Platform
SCP TEC Working Group SCP TEC is responsible for the technical realisation of the requirements developed by SCP REQ and accepted by SCP
SCP TEST Working Group SCP TEST is responsible for the development of test specifications for deliverables produced by SCP TEC and accepted by SCP 6th ETSI Security WS
6
World Class Standards
The UICC - the Multi-application Platform The UICC is the smart card platform providing a clear separation of lower layers and applications residing on it
eHealth Payment
SIM
USIM
Public Transport
(U)SAT Phonebook
Specified by TC SCP
UICC a technology agnostic platform 6th ETSI Security WS
Firewalls between applications provided by smart card supplier
ID
7
World Class Standards
Complete revamp of the UICC New interfaces IC_USB interface for high-speed contact communication • • •
modification of USB 2.0 on the physical layer for direct (non-pluggable) connections between chips; higher layers are not affected and run transparently without modifications on the IC_USB interface nominal speed of 12 megabit per second use of existing contact layout of the smart card (C4 and C8)
Single Wire Protocol and Host Controller Interface •
contactless communication (Near Field Communication)
VCC
GND
RST
SWP
CLK
I/O
USB
USB
Secure Channel to an end point terminal (to support, for instance, OMA BCAST)
Support for large memory part of the IC_USB specification
A jump into the IP world IP Connectivity for the UICC remote management over IP Migration of the SIM toolkit framework over IP
API for the Smart Card Web Server New user interface (consistent interface across the range of handsets) Web like look and feel (using the browser in the handset)
while retaining the security attributes 6th ETSI Security WS
8
World Class Standards
The Smart Card Web Server A full-fledged Web server on the UICC UICC is the secure interface to the Internet accessed by the Internet browser of the (mobile) device gives services on the UICC a Web look and feel
The SCWS combines
Packet the benefits of the World Wide Web data • ease of use and administration http • dynamic content and the UICC • platform for VAS • the user’s home page • OTP, Instant messenger • Web Pages with FAQ to save calls to the Operator xHtml • access to services based on new technologies such as NFC • security and over-the-air administration (OTA)
6th ETSI Security WS
9
World Class Standards
Contactless Mobile Terminals The Mobile Terminal works like a contactless card for payment, personal banking, ticketing, access control, … and as as a card reader for the applications on the Secure Element
The Single Wire Protocol (SWP) is the standardised I/F between UICC and the Contactless Front End (CLF)
Contactless applications on USIM (or mobile)
Contactless applications on USIM, SE or mobile
Mobile Phone CPU
Mobile Phone CPU
Secure Element (SE)
NFC chip for contactless transmission
6th ETSI Security WS
10
World Class Standards
G lo ba lP la tfo rm
Security Capabilities on the UICC TrustSector TSMn
SD TSMn
SD TSM1
GP API
ISD (U)SIM
App 2
App 3
TrustSector TSM1
App 1
ISD
ISD
App 1
App 2
App 3
Issuer applications
MNO App 1
MNO App 2
Java CardTM API SWP
HCI
Secure OS
6th ETSI Security WS
11
World Class Standards TC SCP – Major Achievements in 2010 Publication of M2M specification Environmental conditions and new form factors for the UICC
Publication of test specifications for the USB interface* Set of two specifications (terminal and UICC features)
Completion of test specifications for UICC based NFC* Two new specifications to complete the set of five for SWP and HCI
Specification of a UICC API for Java CardTM for contactless applications Test specification for SCWS Application Invocation API for Java CardTM Technical Report on UICC in Mobile Broadband Notebook Upon request by the GSMA *
The development of these Technical Specifications was done by an ETSI STF (Specialist Task Force) with half the budget provided by ETSI and half by the participating companies
6th ETSI Security WS
12
World Class Standards
New Specifications and Reports UICC in Mobile Broadband Notebook (TR 102 906) Analyses the integration of UICCs in Mobile Broadband Notebooks Describes the different market initiatives Provides a non-exclusive set of use cases
Test specification for SCWS Application Invocation API for Java CardTM; Test Environment and Annexes (TS 102 835) Core specification (TS 102 588) defines an API that allows a UICC based SCWS to forward Http requests to an Applet and to receive the response from the Applet. It also defines an API for the Applet to register and unregister to the SCWS The test specification describes the technical characteristics and methods for testing this API including procedures and testing tools
UICC Application Programming Interface for Java Card™ for contactless applications (TS 102 705) Provisioning of access for a contactless Applet to the services provided by the Host Controller Interface (HCI) protocol for the communication via the Contactless Front End (CLF) Registration of contactless parameters and management of contactless Applets in card emulation mode is defined in "GlobalPlatform Amendment C" 6th ETSI Security WS
13
World Class Standards New Specifications: Testing the Contactless Interface The two new test specifications on the Host Controller Interface complete the set of five test specifications on NFC employing the UICC and using the Single Wire Protocol (SWP) for communication between the UICC and the NFC chip in the terminal TS 102 695 - Smart Cards; Test specification for the Host Controller Interface (HCI) • Part 1: Terminal features • covers the minimum characteristics which are considered necessary for the terminal in order to provide compliance to TS 102 622 UICC - Contactless Frontend (CLF) Interface; Host Controller Interface (HCI)
• Part 3: Host Controller features • covers additional test cases for the Host Controller to those specified in part 1 • also tests for host controller features which are transparent to the terminal
6th ETSI Security WS
14
World Class Standards
New Specifications: Testing the USB Interface Complete set of specifications for the USB interface of the UICC Interface specification (USB_IC) published in late 2007 Test specifications for both the terminal and the UICC now also available to allow interoperability testing • TS 102 922-1 – Smart Cards; Test specification for the ETSI aspects of the IC USB interface; Part 1:Terminal features • TS 102 922-2 – Smart Cards; Test specification for the ETSI aspects of the IC USB interface; Part 2:UICC features
What is the future of this interface? Currently no “active” implementations • No SIMS, USIMS, R-UIMS, … with megabytes of memory deployed
T=0 interface sufficient for the “normal” SIM, USIM, R-UIM, … ? • T=1 never took off due to interoperability issues
6th ETSI Security WS
15
World Class Standards
M2M Specification Completed TS 102 671: Smart Cards; Machine to Machine UICC; Physical and logical characteristics Machine-to-Machine (M2M) specific constraints such as data retention, temperature, memory update cycles, vibration resistance, humidity Two new form factors for M2M use • •
MFF1: socketable 8 pin solution MFF2: SON8
SON8 5mm x 6mm
6th ETSI Security WS
16
World Class Standards
M2M System Overview A sensor inside a machine
Out through a wireless transmitter
Over a network
Into a software application
Integrated into a business process
Smart metering
Sensor
M2M Module
M2M Terminal
Satellite/Cellular Network
Middleware
Fleet Management Environmenta l monitoring
UICC
Security
6th ETSI Security WS
17
World Class Standards
The challenge of M2M M2M enabled device
Vending machine operator
Vending machine manufacturer
M2M terminal
OEM
M2M module
Which Subscription? May have to be changeable after deployment!
Modem manufacturer
M2M UICC
MNO
UICC manufacturer
6th ETSI Security WS
18
World Class Standards
Management of M2M Subscriptions UICCs may be embedded in M2M devices at M2M production site This may be in advance of choice of country of deployment and network operator Network operator may be changed during life time of the device
This requires remote management of subscriptions in M2M UICCs Remote profiling and activation of UICCs Subscription portability between operators
The overall security shall be at least equivalent to that achieved with current removable SIM cards, processes and OTA management Securely updateable M2M UICC operating system, secure download and management of security and subscription data TS 102 225: Secured packet structure for UICC based applications
6th ETSI Security WS
19
World Class Standards
Endless possibilities for M2M applications The low maintenance mousetrap Companies producing food attract small animals; it just smells good to them. For hygienic reasons one cannot use classical mousetraps (no blood!) or cats to cater for the mice. The mice have to be caught alive. But the trap has to be checked every 12 hours. This new electronic mousetrap sends, once a mouse has been trapped, an SMS to the maintenance people person. No batteries are required as the mouse itself produces the energy needed to activate the system and send the SMS (“energy harvesting“).
6th ETSI Security WS
20
World Class Standards
SCP: Major Completed Topics In addition to eight deliverables the following topics were concluded CAT (Card Application Toolkit) access on Modem interface. Extension of CAT to a single client interfacing with the modem AT Commands for UICC interaction, description of AT commands that can be issued to a terminal and that are specifically for use with the UICC to better facilitate communication between a UICC and applications on a laptop via a built in modem In close co-operation with 3GPP
Confidential Applications: allows 3rd party applications to be loaded and executed within a secure and private environment In close co-operation with GlobalPlatform
Use cases and requirements related to the usage of the UICC with data modems integrated in notebooks Requirements on interface management while allowing evolution of the existing set of specifications. Potential areas are the USB interface, power management and negotiation, the voltage class used to secure the deployment of the use cases 6th ETSI Security WS
21
World Class Standards
SCP: Current and Future Work
CAT (Card Application Toolkit) access on Modem interface. Extension of CAT to multiple clients interfacing with the modem
AT Commands for UICC interaction, description of AT commands that can be issued to a terminal and that are specifically for use with the UICC to better facilitate communication between a UICC and applications on a laptop via a built in modem
API for secure channels
Support of P2P mode in contactless interface specifications
Specification of requirements and use cases for Peer to Peer contactless mode support in the UICC To facilitate communication between applications on different UICCs
UICC next generation Run Time Environment (RTE) to support multi-tasking of the UICC with more than one interface
Test specifications to be realised this year
Use cases and requirements related to the usage of the UICC with data modems integrated in notebooks
Security requirements still to be addressed
Technical solution for a new framework for application and services migration over IP/USB
Evolution the test specification for UICC API for Java Card™ to Rel-7
Framework allowing service discovery, registration and invocation over IP/USB
Use cases and requirements related to the usage of the UICC in an M2M context (with emphasis on creating inputs for M441) Creation of conformance test specification covering UICC conformance requirements specified in ETSI TS 102 221 6th ETSI Security WS
22
World Class Standards Convergence of Daily Life Security-based Applications
Pay
Communicate
Identify
6th ETSI Security WS
23
World Class Standards
Vision: Tomorrow in my Mobile Wallet
6th ETSI Security WS
24
World Class Standards
Visit the
ETSI SCP website for details on meetings, current work items, documents, …
www.etsi.org Next SCP Plenary Meeting: 02-04 March here at ETSI 6th ETSI Security WS
25
World Class Standards
The UICC is everywhere (in the form of the SIM, USIM, R-UIM, CSIM, …)
6th ETSI Security WS
26
World Class Standards
Dr. Klaus Vedder Group Senior Vice President Giesecke & Devrient GmbH Prinzregentenstr. 159 81607 Munich Germany
[email protected]
6th ETSI Security WS
27