The Smart Card Platform Gaby Lenhart Project leader ETSI Technical Committee Smart Card Platform (TC SCP)
Mar 27, 2015
The Smart Card Platform
Gaby LenhartProject leader
ETSI Technical Committee Smart Card Platform (TC SCP)
2
ETSI Technical Committee Smart Card Platform
16 Years of dedication and real-life experience founded in March 2000 as the successor of SMG9,
the SIM-people, who specified the most successful smart card application with currently more than 1 billion subscribers and +4 billion SIMs deployed
mission to create a series of specifications for a smart card
platform, based on real-life (outside) requirements, on which other committees can base their system specific work to achieve basic compatibility
3
TC SCP Terms of Reference
to develop the physical and the logical IC card platform
to develop advanced security methods for applications such as financial transactions (“mobile commerce”)
to develop a card-side toolkit to allow the creation of terminal independent value added services
to develop supporting specifications and technical reports
4
SCP Technical Group
Chairman Paul Jolivet, LG Electronics
Vice-Chair Sebastian Hans, Sun Microsystems
SCP Requirements Group
Chairman Tim Evans, Vodafone UK
SCP Plenary
Chairman Klaus Vedder, G&DVice-Chair Nigel Barnes, Motorola
Vice-Chair Ilario Macchi, TIM
Vice-Chair Xavier Piednoir, Orange
TC SCP Working Structure
5
TC SCP - Who Does What
Plenary strategy and other general topics approval of requirements for technical solutions approval of new work items and specifications/reports approval of Change Requests (CRs) to specifications/reports liaisons with other committees and organizations
Requirement Working Group analysis of requirements coming from outside and inside SCP elaboration of requirements for the technical work development of requirement specifications
Technical Working Group enhancements to the core platform specifications development of the next generation UICC use of PKI, security between applications on the card secure messaging, administrative commands Card Application Toolkit (CAT) Application Programming Interfaces (APIs) development of card interfaces
6
The UICC System
TETRAUSIM SIM
CDMA2000 eHealth
.....
..
*Scope similar to EMV2000 as used by financial sector
TS 102 221The
multi-application platform*
Additional commands, features, security, PKI
7
From “Mono-" to Multi-Application
SIM
SIM Application Toolkit (SAT)
Banking
LocationBrowse
r SIM-WIM
The UICC -
the multi-application platform separation of layers and
applications logical channels to run
applications in parallel
The SIM - a "mono-application" card
SIM according to GSM 11.11 applications based on SIM
Application Toolkit WIM as exception
(own command set and triggered by WAP browser)
UICC
Others
EMV
USIM SIM
ElectronicPurse
Phonebook
(U)SAT
GSM Purse
eHealth
8
Multi-application cardSupports multipleapplications which can run simultaneouslyusing logical channels
New PIN protection
conceptHierarchical PIN
managementUniversal PIN, Application
PIN,Local PIN
Mutual authenticationAuthentication and Key Agreement (AKA) involves authentication of the 3G network to the USIM as well
Powerful phonebookStore entries with
e-mail, second name, groups Intelligent linking to the GSM application allows
data sharing in a GSM phone
New Features of the USIM/UICC
USIM/UICC
9
Published (1) - The Platform
TS 102 221 Physical and logical characteristics of the card / terminal interface
the core specification which provides a multi-application platform with logical channels for smart cardsbased on this platform a smart card application can be defined for any system
specifies the lower layers of a smart card including the electrical and mechanical interface, the logical structure, the basic commands and the intrinsic security system
Related test specification published as TS 102 230
10
Published (2) - Core Documents
Administrative commands (TS 102 222) allows standardized personalization and standardized remote
administration, e.g. over-the-air (OTA)
Card Application Toolkit (TS 102 223 / 227) based on the successful GSM specification "SIM Application Toolkit"
which was stripped of all the GSM specific features allows the card issuer to create value added services independent from
the terminal application writers benefit by using CAT for different systems
Transport protocol for CAT applications between a UICC application and a remote entity to ensure acknowledgement, segmentation/fragmentation, retransmission of messages
ETSI numbering system for telecommunication application providers (TS 101 220) the ETSI offering of managing Application Identifiers (AIDs) for UICC
based applications
11
Published (3) - Derivatives
Generalization of well-known GSM specifications
(GSM 03.48 Secure messaging; GSM 03.19 Java CardTM API) Secure messaging
defines end-to-end (smart card to application server) secure messaging over a variety of bearers (e.g. enciphered and integrity protected messages between the smart card and a banking server)
• TS 102 224 Security mechanisms for UICC based Applications
• TS 102 225 Secured packet structure for UICC based applications
• TS 102 226 Remote APDU Structure for UICC based Applications
Application Programming Interface (API) allows applications to be developed independently of the underlying
card operating system• TS 102 240 Application Programming Interface and Loader, Requirements
• TS 102 241 Java CardTM Application Programming Interface for the UICC; Stage 2 (Java CardTM 2.2)
12
Published (4) - EMC
Technical Reports on interference topics
Measurement of Electromagnetic Emission of SIM Cards (TR 102 151) definition of a standard hardware equipment for
electromagnetic measurements of smart cards and a common electromagnetic measurement procedure
Terminal - card interface; Considerations on robustness improvements (TR 102 242)
describes failure mechanisms that could potentially generate major operating issues between the terminal and the card, the countermeasures that should be applied within the current specifications and the enhancements that may further increase the interface robustness
13
Published (5) - The Toolkit Transport Protocol
CAT_TP provides the following functionality as underlying layer for application protocols (TS 102 124 and TS 102 127) reliability of the data communication
(not necessarily security, security can be handled by an independent GSM 03.48 layer)
segmentation and concatenation of data retransmission of messages addressing for different physical bearers
(GPRS uses IP, SMS uses telephone numbers, Bluetooth has its own addressing scheme...)
access to BIP channels (up to 8 channels may be open the same time)
possible multiplexing of BIP channels standardised opening a BIP channel from the server side
14
CAT_TP and BIP
Server
CAT_TP
03.48 security layer
application protocol
* Mechanism originally specified by 3GPP T3 by which the ME provides the UICC with access to the data bearers supported by the ME and the network
BIP*
15
Co-operation
SCP is co-operating on both technical and service aspects with a number of other committees both within and outside the telecommunications sector. These include
3GPP (UTRAN/GERAN), 3GPP2 (CDMA2000), ARIB and some ETSI Technical Bodies
provision of requirements, referencing SCP specifications
GSMAssociaton (GSMA SCaG and GSMNA) provision and alignment of requirements
GlobalPlatform close co-operation in the advancement of, in particular, OTA specifications all specifications updated to and aligned with GlobalPlatform 2.1
Liberty Alliance close co-operation on identity issues
Open Mobile Alliance (OMA) connectivity to the Smart Card Web Server, developed in OMA close co-operation regarding Digital Rights Management (DRM)
… and many others
16
Current Topics (1)
High speed interface evolution of the smart card communication channel with
respect to transfer rate, size and protocol considering issues such as:
• performance and power consumption
• value to applications and scalability
• to allow for large memory on the USIM
• ease of implementation (in both terminal and UICC)
candidates• MMC (Multi Media Card protocol)
• USB (Universal Serial Bus)To be finalized soon
UICC external peripherals data-exchange (near field communication providing an interface for the UICC to access contactless technology in
the terminal, which would allow e.g. for:• communicating patient data• accessing public transport• micro-payments using an electronic purse on the UICC
17
Current Topics (2)
Support for Large Files on the UICC Multimedia and PKI applications among others need to exceed
the current maximum file size of 65,535 bytes. The aim is to increase the maximum file size beyond this limit providing backward compatibility (for existing implementations)
Environmental conditions temperature range and humidity vibration and acceleration shocksTo be finalized soon
Sensitive data creation and initialization
The USSM (UICC Security Service Module) container for security related topics such as keys, certificates, PINs
and management of algorithms utilized by UICC based applications
18
Success = +
Equation of Success
19
How to Get More Information
ETSI
http://www.ETSI.org all (>12 000!) published specifications are available
free of charge !!
but, can only be downloaded one at a time …
but, not so many smart card specifications, so noproblem !
ETSI SCP website
http://portal.etsi.org/scp/summary.asp
Next SCP Requirement WG / Plenary meetingToulouse, 03-05 / 05-07 July 2006
20
Current Technical Specifications/Reports (1)
TS 101 220ETSI numbering system for telecommunication application providers
TS 102 124Transport protocol for CAT applications; Service description; Stage 1
TS 102 127Transport protocol for CAT applications; Stage
TR 102 151Measurement of Electromagnetic Emission of SIM Cards
TR 102 216Vocabulary for Smart Card Platform Specifications
TS 102 221UICC-Terminal interface; Physical and logical characteristics
TS 102 222Administrative commands for telecommunications applications
TS 102 223Card Application Toolkit (CAT)
Annex
21
Current Technical Specifications/Reports (2)
TS 102 224Security mechanisms for UICC based Applications - Functional requirements
TS 102 225Secured packet structure for UICC based applications
TS 102 226Remote APDU Structure for UICC based Applications
TS 102 230UICC-Terminal interface; Physical, electrical and logical test specification
TS 102 240 UICC Application Programming Interface and Loader Requirements; Service description
TS 102 241Java CardTM Application Programming Interface for the UICC
TR 102 242Terminal - card interface; Considerations on robustness improvements
Annex
22
Current Technical Specifications/Reports (3)Annex
TS 102 266USSM: UICC Security Service Module
TS 102 310EAP Support in UICC
TS 102 350Identity files and procedures on a UICC: Stage 1
TS 102 384Card Application Toolkit (CAT) conformance specification
TS 102 412 Smart Card Platform Requirements