Download - Gaby Lenhart - CENETEC_2006_04

8/8/2019 Gaby Lenhart - CENETEC_2006_04

http://slidepdf.com/reader/full/gaby-lenhart-cenetec200604 1/26

The Smart Card Platform

Gaby Lenhart

Project leader

ETSI Technical Committee Smart Card Platform (TB SCP)



2

ETSI Technical Committee

Smart Card Platform

16 Years of dedication and real-life experience

founded in March 2000 as the successor of SMG9,

the SIM-people, who specified the most successful smart

card application with currently more than 1 billion

subscribers and +2 billion SIMs deployed

mission

to create a series of specifications for a smart card

platform, based on real-life (outside) requirements, on

which other committees can base their system specific

work to achieve basic compatibility



3

TC SCP Terms of Reference

to develop the physical and the logical IC cardplatform

to develop advanced security methods for

applications such as financial transactions

(“mobile commerce”)

to develop a card-side toolkit to allow the creation of

terminal independent value added services

to develop supporting specifications and technical

reports



4

TC SCP Working Structure*

SCP Technical GroupSCP Requirement Group

SCP Plenary

*as of April 2006



5

TC SCP - Who Does What

Plenary strategy and other general topics

approval of requirements for technical solutions

approval of new work items and specifications/reports

approval of Change Requests (CRs) to specifications/reports

liaisons with other committees and organizations

Requirement Working Group analysis of requirements coming from outside and inside SCP

elaboration of requirements for the technical work

development of requirement specifications

Technical Working Group enhancements to the core platform specifications

development of the next generation UICC use of PKI, security between applications on the card

secure messaging, administrative commands

Card Application Toolkit (CAT)

Application Programming Interfaces (APIs)

development of card interfaces



6

From “Mono-" to Multi-Application

To provide interoperability in a multi-applicationenvironment a split was made

in GSM (GERAN):

SIM = physical card + “GSM application” (GSM 11.11)

in 3G (UMTS/UTRAN):

UICC* = physical card and physical, logical interface

the multi-application platform

USIM** = UMTS application on a UICC

the application implementation

* TS 102.221 owned by TC SCP

** TS 31.102 owned by 3GPP T3



7

The UICC System

TETRA

USIM SIM

CDMA2000 GAI

T

.....

..

*Scope similar

to EMV2000

as used byfinancial sector

TS 102 221The

multi-applicationplatform*

Additional

commands,features, security,PKI



8

From “Mono-" to Multi-Application

SIM

SIM Application Toolkit(SAT)

Banking

LocationBrowse

r SIM-

WIM

The UICC -the multi-application platform

separation of layers and

applications

logical channels to run

applications in parallel

The SIM -a "mono-application" card

SIM according to GSM 11.11

applications based on SIM

Application Toolkit

WIM as exception

(own command set and

triggered by WAP browser)

UICC

WIM

Ticketing

EMV

USIM SIM

ElectronicPurse

Phonebook

(U)SAT

GSM Purse



9

Multi-applicationcardSupports multipleapplications which canrun simultaneouslyusing logical channels

New PINprotection

conceptHierarchical PIN

managementUniversal PIN, Application

PIN,Local PIN

Mutualauthentication

Authentication and KeyAgreement (AKA) involvesauthentication of the 3Gnetwork to the USIM aswell

Powerfulphonebook Store entries with

e-mail, second name, groupsIntelligent linking to theGSM application allows

data sharing in a

GSM phone

New Features of the USIM/UICC

USIM/UICC



10

Published (1) - The Platform

TS 102 221 Physical and logical characteristicsof the card / terminal interface

the core specification which provides a multi-

application platform with logical channels for

smart cards

based on this platform a smart card applicationcan be defined for any system

specifies the lower layers of a smart card

including the electrical and mechanical interface,

the logical structure, the basic commands and

the intrinsic security system

Related test specification published as TS 102

230



11

Published (2) - Core Documents

Administrative commands (TS 102 222) allows standardized personalization and standardized remote

administration, e.g. over-the-air (OTA)

Card Application Toolkit (TS 102 223 / 227)

based on the successful GSM specification "SIM Application Toolkit"

which was stripped of all the GSM specific features allows the card issuer to create value added services independent from

the terminal

application writers benefit by using CAT for different systems

Transport protocol for CAT applications

between a UICC application and a remote entity to ensure

acknowledgement, segmentation/fragmentation, retransmission of messages

ETSI numbering system for telecommunication application

providers (TS 101 220)

the ETSI offering of managing Application Identifiers (AIDs) for UICC

based applications



12

Published (3) - Derivatives

Generalization of well-known GSM specifications

(GSM 03.48 Secure messaging; GSM 03.19 Java CardTM API)

Secure messaging

defines end-to-end (smart card to application server) secure

messaging over a variety of bearers (e.g. enciphered and integrity

protected messages between the smart card and a banking server)• TS 102 224 Security mechanisms for UICC based Applications

• TS 102 225 Secured packet structure for UICC based applications

• TS 102 226 Remote APDU Structure for UICC based Applications

Application Programming Interface (API)

allows applications to be developed independently of the underlying

card operating system• TS 102 240 Application Programming Interface and Loader, Requirements

• TS 102 241 Java Card TM Application Programming Interface for the UICC;

Stage 2 (Java CardTM 2.2)



13

Published (4) - EMC

Technical Reports on interference topics

Measurement of Electromagnetic Emission of SIM Cards

(TR 102 151)

definition of a standard hardware equipment for

electromagnetic measurements of smart cards and a commonelectromagnetic measurement procedure

Terminal - card interface; Considerations on robustness

improvements (TR 102 242)

describes failure mechanisms that could potentially generate

major operating issues between the terminal and the card, thecountermeasures that should be applied within the current

specifications and the enhancements that may further increase

the interface robustness



14

Published (5) - The Toolkit Transport Protocol

CAT_TP provides the following functionality asunderlying layer for application protocols (TS 102 124and TS 102 127) reliability of the data communication

(not necessarily security, security can be handled by anindependent GSM 03.48 layer)

segmentation and concatenation of data

retransmission of messages

addressing for different physical bearers(GPRS uses IP, SMS uses telephone numbers, Bluetoothhas its own addressing scheme...)

access to BIP channels(up to 8 channels may be open the same time)

possible multiplexing of BIP channels

standardised opening a BIP channel from the server side



15

CAT_TP and BIP

Server

CAT_TP

03.48 security layer

application protocol

* Mechanism originally specified by

3GPP T3 by which the ME provides

the UICC with access to the data

bearers supported by the ME and the

network

BIP*



16

How Small Is Small?

3rd Form Factor (3FF)specification of a new smaller card size providing backward

compatibility

i.e. to utilize the same silicon / device for both the current

plug-in and the new card size. The new card size may enable

the use of devices currently not feasible for Plug-in cards.

13 mm

12 mm

2 mm

2 mm

9,62 mm

1 mm

1 mm

Reduce Plug-in Card

from 15 x 25 mm

to 15 x 16.3 mm

(375 mm2 to 244.5 mm2)

8 x 8 mm

12 x 13 mm



17

The New Mini UICC

12 mm x 15 mm

The solution:

1 5

16.3

IC Card

Plug-in Card Mini

Plug-in Card T o o b i g



18

Co-operation

SCP is co-operating on both technical and service aspects with a number of other committees both within and outside the telecommunications sector.These include

3GPP (UTRAN/GERAN), 3GPP2 (CDMA2000), ARIB and some ETSI TechnicalBodies provision of requirements, referencing SCP specifications

GSMAssociaton (GSMA SCaG and GSMNA)

provision and alignment of requirements

GlobalPlatform close co-operation in the advancement of, in particular, OTA specifications all specifications updated to and aligned with GlobalPlatform 2.1

Liberty Alliance close co-operation on identity issues

Open Mobile Alliance (OMA)

connectivity to the Smart Card Web Server, developed in OMA close co-operation regarding Digital Rights Management (DRM)

… and many others



19

Current Topics (1)

High speed interface evolution of the smart card communication channel with

respect to transfer rate, size and protocol considering issues

such as:

• performance and power consumption

• value to applications and scalability

• to allow for large memory on the USIM• ease of implementation (in both terminal and UICC)

candidates

• MMC (Multi Media Card protocol)

• USB (Universal Serial Bus) T o b

e f i n a l i z e

d s o o n

UICC external peripherals data-exchange (near field communication

providing an interface for the UICC to access contactless technology in the

terminal, which would allow e.g. for:

• communicating patient data

• accessing public transport

• micro-payments using an electronic purse on the UICC



20

Current Topics (2)

Support for Large Files on the UICC Multimedia and PKI applications among others need to exceed

the current maximum file size of 65,535 bytes.

The aim is to increase the maximum file size beyond this limit

providing backward compatibility (for existing implementations)

Environmental conditions

temperature range and humidity

vibration and acceleration shocks T o b

e f i n a l i z e

d s o o n

Sensitive data creation and initialization

The USSM (UICC Security Service Module) container for security related topics such as keys, certificates, PINs and

management of algorithms utilized by UICC based applications



21

The Future - UICC ng

The scope of the “next generation” Work Item includes: possible role of memory management units

32-bit processors and ASIC co-processors

proof-carrying code

new memory architectures

multi-tasking operating systems

embedded electrical sources

alternative form factors

(not restricted by backward compatibility)

free-running oscillators on the chip

integrated biometric sensors, universal byte codes, new chip

carriers, and high-speed communication channels



22

Success = +

Equation of Success



23

How to Get More Information

ETSIhttp://www.ETSI.org

all (>12 000!) published specifications are available

free of charge !!

but, can only be downloaded one at a time …

but, not so many smart card specifications, so noproblem !

ETSI SCP website

http://portal.etsi.org/scp/summary.asp

Next SCP Requirement WG / Plenary meeting

Toulouse, 03-05 / 05-07 July 2006



24

Current Technical Specifications/Reports (1)

TS 101 220ETSI numbering system for telecommunication application providers

TS 102 124Transport protocol for CAT applications; Service description; Stage 1

TS 102 127Transport protocol for CAT applications; Stage

TR 102 151Measurement of Electromagnetic Emission of SIM Cards

TR 102 216Vocabulary for Smart Card Platform Specifications

TS 102 221UICC-Terminal interface; Physical and logical characteristics

TS 102 222 Administrative commands for telecommunications applications

TS 102 223Card Application Toolkit (CAT)

A n n e x



25

Current Technical Specifications/Reports (2)

TS 102 224Security mechanisms for UICC based Applications - Functional requirements

TS 102 225Secured packet structure for UICC based applications

TS 102 226

Remote APDU Structure for UICC based Applications TS 102 230

UICC-Terminal interface; Physical, electrical and logical test specification

TS 102 240UICC Application Programming Interface and Loader Requirements; Servicedescription

TS 102 241Java CardTM Application Programming Interface for the UICC

TR 102 242Terminal - card interface; Considerations on robustness improvements

A n n e x



26

Current Technical Specifications/Reports (3)A n n e x

TS 102 266USSM: UICC Security Service Module

TS 102 310EAP Support in UICC

TS 102 350Identity files and procedures on a UICC: Stage 1

TS 102 384Card Application Toolkit (CAT) conformance specification

TS 102 412Smart Card Platform Requirements