Dr. Klaus Vedder
Chairman ETSI TC SCP
The UICC Recent Work of ETSI TC Smart Card Platform
8th ETSI Security Workshop, Sophia Antipolis, France, 16-17 January 2012
Chairman ETSI TC SCP
© ETSI 2012. All rights reserved
SIMs, USIMs, R-UIMs, CSIMs…. in 2011
402 320km
The Smart Card Market
880
1050
1260
4000
5000
6000
7000
8000
M. u
nit
s
3446
4185 4520
5320
6135
7105
1050 13902040
26503200 3400
40004700
5200
280336
410
510
650750
880
0
1000
2000
3000
4000
2004 2005 2006 2007 2008 2009 2010 2011 2012e
Source: Eurosmart
M. u
nit
s
Industry & Government Payment Telecommunication
14691889
3446
2656
The Coverage in 2012
2012 if all SIMs, USIMs, R-UIMs, CSIMs, ….
had been delivered as an ID-1 card.
But
3360
But
• SIMs, … are delivered as “half
cards” to save on transport cost
• And the beloved Plug-in is being
delivered in a multitude of carriers,
including paper
• Cards are delivered directly to
device manufacturers in the
required form factor
The Form Factors
Height Width Area Saving
mm mm mm2
ID-1 card 53,98 85,6 4621
Plug-in Card (1989) 15 25 375
mini-UICC (2004) #* 12 15 180 52% wrt Plug-in Card
4FF (2012)~§ 8,8 12,3 108 40% wrt mini-UICC
# Also called 3FF and Micro-SIM ~ Also called Nano-SIM
* Caused the first technical vote in the history of the committees§ Thickness of plastic 0.6-0.7 mm compared with 0.76 +/- 0.08 for all other card form factors
In comparison:
MFF2 (2010) 5 6 30
The Future of the USB Interface
C1
C2
C3 C8
C4 C5
C6
C7
1,00 max
3,00 min
R0,80±0,10
all 5 corners 0,20 min
clearance area
between contact pads
and package edge
1,65±0,10
Will there be any 4FF UICCs supporting USB ?
In 2012, the vast majority of UICCs
was delivered with a 6-pin contact plate
The mini-UICC as part of the Plug-in card
being part of the ID-1 card
4,81 max
6,81 min
8,62 max
10,62 min
12,30±0,10
Taken from ETSI TS 102 221
The Smaller Cards and the eUICC
It took a good 8 years for the mini-UICC to be introduced to the market on a broad scale
• When will it replace the Plug-in SIM in mobile communications or will it itself be replaced by the 4FF ?
What will be the impact of the 4FF on the deployment of embedded UICCs ?embedded UICCs ?
Will there be mobile devices supporting both an eUICC and a SIM card (3FF or 4FF) ?
• The SIM card could take precedence over the embedded SIM • To use a local subscription for easy roaming • To profit from better tariffs
• Similar to a solution specified in the current ETSI specifications, where the ID-1 SIM takes precedence over the Plug-in SIM
• Would this be a long-term solution or just an interim measure until all operators support subscription management ?
ETSI TC Smart Card Platform
25 Years of Dedication and Real-life Experience
TC SCP was founded in March 2000 as the successor of SMG9, the people who specified the most successful smart card application ever with well over 5 billion subscribers using one or more of the over 30 billion SIMs, USIMs, R-UIMs, CSIMs, … delivered to the market
The Mission
Create a series of specifications for a smart card platform, based on real-life requirements, on which other bodies from inside and outside the telecom-world can base their system specific applications to achieve compatibility between all applications resident on the smart cardapplications to achieve compatibility between all applications resident on the smart card
The Work
ETSI TC SCP has published over fifty specifications on smart cards encompassing for every topic the whole range from requirements via the technical solution to the test specification; topics range from administrative commands to APIs, browsers, Internet connectivity, Machine-to-Machine, new interfaces for high speed and NFC as well as remote management
All can be downloaded free of charge from the ETSI website
The specifications are application agnostic, they are not restricted to the world of telecommunications
They can be used as a (secure) platform for basically any smart card application8
Structure and Officials
SCP Plenary
Chair: Klaus Vedder, G&DVice Chair: Tim Evans, IlluminismoVice Chair: Heiko Kruse, Morpho
SCP Requirement WG
Chair: Colin Hamling, TelefónicaVice Chair: Heiko Kruse, MorphoVice Chair: Denis Praca, Gemalto
SCP Testing WG
Chair: Andreas Bertling, Comprion
Vice Chair: Christophe Dubois, Gemalto
SCP Technical WG
Chair: Paul Jolivet, LGVice Chair: Sebastian Hans, Oracle
Description
SCP
• Final acceptance of Work Items to be progressed by Working Groups
• Acceptance for publication of all Technical Specifications and Technical Reports as well as Change Requests to published documents
• Input to its work is received from ETSI members such as TC M2M as well as 3GPP, 3GPP2, GlobalPlatform, GSM Association, Global Certification Forum (GCF), NFC Forum, OMA, …
SCP REQ
• Working Group SCP REQ is responsible for developing the requirements for the Smart Card Platform
SCP TEC
• Working Group SCP TEC is responsible for the technical realisation of the requirements developed by SCP REQ and accepted by SCP
SCP TEST
• Working Group SCP TEST is responsible for the development of test specifications for deliverables produced by SCP TEC and accepted by SCP
10
2012 in a Nutshell
4FF technical realisation completed
Test specifications now available for the Secure Channel specification
• ETSI TS 103 484-1 Test Specification for the Secure Channel interface Part 1: Terminal Features; Part 2: UICC Features
3GPP and OMA use the Secure Channel specification for secure communications between the USIM application and a Relay Node and OMA BCAST, resp.
New test specification for UICC API for Java CardTM for Contactless Applications New test specification for UICC API for Java CardTM for Contactless Applications (ETSI TS 103 115)
Work continued on• Requirements for an Embedded UICC
• P2P mode for contactless communications
SCP started the following new Work Items• Test cases to cover new features of TS 102 241 UICC API for Java card
• Security for encapsulated Card Application Toolkit (CAT)
• Security for CAT
• UICC Access Optimisation
• Use cases and requirements related to the addition of new contactless features
The Road to embedded UICCs
Plug-in
3FF 4FF
MFF2
The SIM card has evolved to meet market requirements
• Strongly driven by size requirements, and to meet portability regulations
• Memory, security and interfaces to meet application requirements
Move to the embedded UICC (specifically the soldered MFF2)• Triggered by SIM card requirements to address the M2M market such as limited
accessibility, reliability
• Delivers benefits in size / space, reduced production cost in all types of devices
M2M - Rise of the Machines
A sensor inside a machine
Over a network
Into a business system
SIMs in different
form factors
� Smart metering� Vending machines� Security� Fleet management � Telematics� Tracking systems
� Energy suppliers� Automotive industry� Environmental monitoring� Administration� Reports
Mobile
Network
The Road Towards Subscription Management
Some M2M applications require new form factors
such as MFF2
Provisioning of subscription over-the-air (after production,
�
�Provisioning of subscription over-the-air (after production,
outside of factory) for M2M is needed
New ecosystem with dynamic subscription management(provisioning and changing of subscriptions and profiles)
originates for M2M
�
�
Subscription Management – Secure Ecosytem
End-2-End Security of subscription credentials
eUICC
Subscription
Management
Client (SMC)
Subscription
Management
API
Operating SystemSM-SR’
SDSM -SR
Certified
environment (SAS)
“MUC”
“ARN”
encrypted Subscription Credentialsprotected by eUICC specific key
���� Encryption: AES128
� Authentication: C-MAC
VPN
SM –DP
HSM
Authentication Algorithm is not loaded via OTA
A soldered eUICC Enables a New Device Lock
Today, subsidised devices are “protected” through the
use of a “SIM Lock”• to prevent unauthorised use of the device
• a mechanism is implemented on the device, based on IMSI and Group
Identifier, to check if a SIM is allowed in the specific device
An embedded UICC which is soldered into the device
can enable a new form of Device Lock
to protect a subsidy• only a trusted Subscription Manager can change the
subscription in the eUICC
Options for a Device Lock using an eUICC
1. Implement Device Lock on the device as today – not
implemented on the eUICC
• a downloaded subscription could be rejected by the Device Lock
2. The Subscription Manager (SM) checks with the current MNO
for permission before a change of subscription
3. A Device Lock is implemented by a Subscription Manager’s
database - a policy control table
• the SM will keep track of which devices are locked to which MNOs,
and only downloads in line with those rules
4. A Device Lock is implemented on the eUICC
• the eUICC refuses to install an MNO subscription that violates the lock-
rules recorded on the eUICC
Leveraging the Strengths of the eUICC and SM
The proposed new Device Lock• To ensure the Device Lock always remains with the device, there is a lock data
field on the eUICC that the MNO can set
• When a change of subscription is requested, the Subscription Manager (SM) enforces the lock policy that is stored on the eUICC
• Devices with a user interface could allow the user to read the lock status (e.g. when buying a second hand device)
An Effective Device Lock can• Protect device subsidies – MNO sets lock info at start of a new subscription
• Prevent accidental deletion of a subscription
• Reduce device theft – the device is worthless as the subscription will be blocked and can not be changed on the eUICC
Soldered eUICCs expected to be much stronger
than the “SIM Lock” that is used to protect device subsidies
Dr. Klaus Vedder
Group Senior Vice PresidentGiesecke & Devrient GmbHPrinzregentenstr. 159
Next SCP Plenary Meeting07-08 FebruaryCupertino, USA
see: www.etsi.org
Prinzregentenstr. 15981607 MunichGermany
New Work Items in 2012
Test cases to cover new features of TS 102 241 UICC API for Java card
Security for encapsulated Card Application Toolkit (CAT)• Definition of a mechanism that allows securing of encapsulated CAT commands and
envelopes. The mechanism can be used on top of the AT commands defined for CAT over the modem interface.
Security for CAT• Definition of a mechanism that allows securing of CAT commands and envelopes. Existing
security mechanisms from TS 102 484 will be re-used
mUICC Access OptimisationmUICC Access Optimisation• Analysis of issues related to the reduction of the time for the terminal to access the
content on the UICC in order to provide a better user experience
• Background: The UICC is a platform that was designed for multiple application support. While this platform was often used for a single application in the past, it is more and more frequent that multiple applications reside on the UICC (e.g. USIM + ISIM + CSIM). The current work in other Technical Committees and organizations may create even further applications to be hosted on the UICC, such as the M2M Service Module
Use cases and requirements related to the addition of new contactless features• New usages of the UICC in contactless environment shall be taken into account by the
ETSI specifications. For instance, several types of secure elements may use the HCI as an interface. In order to increase interoperability and avoid proprietary implementations, there is a need to standardise interaction between the UICC and these secure elements through HCI