Dr. Klaus Vedder

Chairman ETSI TC SCP

The UICC Recent Work of ETSI TC Smart Card Platform

8th ETSI Security Workshop, Sophia Antipolis, France, 16-17 January 2012

Chairman ETSI TC SCP

© ETSI 2012. All rights reserved

SIMs, USIMs, R-UIMs, CSIMs…. in 2011

402 320km

The Smart Card Market

880

1050

1260

4000

5000

6000

7000

8000

M. u

nit

s

3446

4185 4520

5320

6135

7105

1050 13902040

26503200 3400

40004700

5200

280336

410

510

650750

880

0

1000

2000

3000

4000

2004 2005 2006 2007 2008 2009 2010 2011 2012e

Source: Eurosmart

M. u

nit

s

Industry & Government Payment Telecommunication

14691889

3446

2656

The Coverage in 2012

2012 if all SIMs, USIMs, R-UIMs, CSIMs, ….

had been delivered as an ID-1 card.

But

3360

But

• SIMs, … are delivered as “half

cards” to save on transport cost

• And the beloved Plug-in is being

delivered in a multitude of carriers,

including paper

• Cards are delivered directly to

device manufacturers in the

required form factor

The Form Factors

Height Width Area Saving

mm mm mm2

ID-1 card 53,98 85,6 4621

Plug-in Card (1989) 15 25 375

mini-UICC (2004) #* 12 15 180 52% wrt Plug-in Card

4FF (2012)~§ 8,8 12,3 108 40% wrt mini-UICC

# Also called 3FF and Micro-SIM ~ Also called Nano-SIM

* Caused the first technical vote in the history of the committees§ Thickness of plastic 0.6-0.7 mm compared with 0.76 +/- 0.08 for all other card form factors

In comparison:

MFF2 (2010) 5 6 30

The Future of the USB Interface

C1

C2

C3 C8

C4 C5

C6

C7

1,00 max

3,00 min

R0,80±0,10

all 5 corners 0,20 min

clearance area

between contact pads

and package edge

1,65±0,10

Will there be any 4FF UICCs supporting USB ?

In 2012, the vast majority of UICCs

was delivered with a 6-pin contact plate

The mini-UICC as part of the Plug-in card

being part of the ID-1 card

4,81 max

6,81 min

8,62 max

10,62 min

12,30±0,10

Taken from ETSI TS 102 221

The Smaller Cards and the eUICC

It took a good 8 years for the mini-UICC to be introduced to the market on a broad scale

• When will it replace the Plug-in SIM in mobile communications or will it itself be replaced by the 4FF ?

What will be the impact of the 4FF on the deployment of embedded UICCs ?embedded UICCs ?

Will there be mobile devices supporting both an eUICC and a SIM card (3FF or 4FF) ?

• The SIM card could take precedence over the embedded SIM • To use a local subscription for easy roaming • To profit from better tariffs

• Similar to a solution specified in the current ETSI specifications, where the ID-1 SIM takes precedence over the Plug-in SIM

• Would this be a long-term solution or just an interim measure until all operators support subscription management ?

ETSI TC Smart Card Platform

25 Years of Dedication and Real-life Experience

TC SCP was founded in March 2000 as the successor of SMG9, the people who specified the most successful smart card application ever with well over 5 billion subscribers using one or more of the over 30 billion SIMs, USIMs, R-UIMs, CSIMs, … delivered to the market

The Mission

Create a series of specifications for a smart card platform, based on real-life requirements, on which other bodies from inside and outside the telecom-world can base their system specific applications to achieve compatibility between all applications resident on the smart cardapplications to achieve compatibility between all applications resident on the smart card

The Work

ETSI TC SCP has published over fifty specifications on smart cards encompassing for every topic the whole range from requirements via the technical solution to the test specification; topics range from administrative commands to APIs, browsers, Internet connectivity, Machine-to-Machine, new interfaces for high speed and NFC as well as remote management

All can be downloaded free of charge from the ETSI website

The specifications are application agnostic, they are not restricted to the world of telecommunications

They can be used as a (secure) platform for basically any smart card application8

Structure and Officials

SCP Plenary

Chair: Klaus Vedder, G&DVice Chair: Tim Evans, IlluminismoVice Chair: Heiko Kruse, Morpho

SCP Requirement WG

Chair: Colin Hamling, TelefónicaVice Chair: Heiko Kruse, MorphoVice Chair: Denis Praca, Gemalto

SCP Testing WG

Chair: Andreas Bertling, Comprion

Vice Chair: Christophe Dubois, Gemalto

SCP Technical WG

Chair: Paul Jolivet, LGVice Chair: Sebastian Hans, Oracle

Description

SCP

• Final acceptance of Work Items to be progressed by Working Groups

• Acceptance for publication of all Technical Specifications and Technical Reports as well as Change Requests to published documents

• Input to its work is received from ETSI members such as TC M2M as well as 3GPP, 3GPP2, GlobalPlatform, GSM Association, Global Certification Forum (GCF), NFC Forum, OMA, …

SCP REQ

• Working Group SCP REQ is responsible for developing the requirements for the Smart Card Platform

SCP TEC

• Working Group SCP TEC is responsible for the technical realisation of the requirements developed by SCP REQ and accepted by SCP

SCP TEST

• Working Group SCP TEST is responsible for the development of test specifications for deliverables produced by SCP TEC and accepted by SCP

10

2012 in a Nutshell

4FF technical realisation completed

Test specifications now available for the Secure Channel specification

• ETSI TS 103 484-1 Test Specification for the Secure Channel interface Part 1: Terminal Features; Part 2: UICC Features

3GPP and OMA use the Secure Channel specification for secure communications between the USIM application and a Relay Node and OMA BCAST, resp.

New test specification for UICC API for Java CardTM for Contactless Applications New test specification for UICC API for Java CardTM for Contactless Applications (ETSI TS 103 115)

Work continued on• Requirements for an Embedded UICC

• P2P mode for contactless communications

SCP started the following new Work Items• Test cases to cover new features of TS 102 241 UICC API for Java card

• Security for encapsulated Card Application Toolkit (CAT)

• Security for CAT

• UICC Access Optimisation

• Use cases and requirements related to the addition of new contactless features

The Road to embedded UICCs

Plug-in

3FF 4FF

MFF2

The SIM card has evolved to meet market requirements

• Strongly driven by size requirements, and to meet portability regulations

• Memory, security and interfaces to meet application requirements

Move to the embedded UICC (specifically the soldered MFF2)• Triggered by SIM card requirements to address the M2M market such as limited

accessibility, reliability

• Delivers benefits in size / space, reduced production cost in all types of devices

M2M - Rise of the Machines

A sensor inside a machine

Over a network

Into a business system

SIMs in different

form factors

� Smart metering� Vending machines� Security� Fleet management � Telematics� Tracking systems

� Energy suppliers� Automotive industry� Environmental monitoring� Administration� Reports

Mobile

Network

The Road Towards Subscription Management

Some M2M applications require new form factors

such as MFF2

Provisioning of subscription over-the-air (after production,

�

�Provisioning of subscription over-the-air (after production,

outside of factory) for M2M is needed

New ecosystem with dynamic subscription management(provisioning and changing of subscriptions and profiles)

originates for M2M

�

�

Subscription Management – Secure Ecosytem

End-2-End Security of subscription credentials

eUICC

Subscription

Management

Client (SMC)

Subscription

Management

API

Operating SystemSM-SR’

SDSM -SR

Certified

environment (SAS)

“MUC”

“ARN”

encrypted Subscription Credentialsprotected by eUICC specific key

���� Encryption: AES128

� Authentication: C-MAC

VPN

SM –DP

HSM

Authentication Algorithm is not loaded via OTA

A soldered eUICC Enables a New Device Lock

Today, subsidised devices are “protected” through the

use of a “SIM Lock”• to prevent unauthorised use of the device

• a mechanism is implemented on the device, based on IMSI and Group

Identifier, to check if a SIM is allowed in the specific device

An embedded UICC which is soldered into the device

can enable a new form of Device Lock

to protect a subsidy• only a trusted Subscription Manager can change the

subscription in the eUICC

Options for a Device Lock using an eUICC

1. Implement Device Lock on the device as today – not

implemented on the eUICC

• a downloaded subscription could be rejected by the Device Lock

2. The Subscription Manager (SM) checks with the current MNO

for permission before a change of subscription

3. A Device Lock is implemented by a Subscription Manager’s

database - a policy control table

• the SM will keep track of which devices are locked to which MNOs,

and only downloads in line with those rules

4. A Device Lock is implemented on the eUICC

• the eUICC refuses to install an MNO subscription that violates the lock-

rules recorded on the eUICC

Leveraging the Strengths of the eUICC and SM

The proposed new Device Lock• To ensure the Device Lock always remains with the device, there is a lock data

field on the eUICC that the MNO can set

• When a change of subscription is requested, the Subscription Manager (SM) enforces the lock policy that is stored on the eUICC

• Devices with a user interface could allow the user to read the lock status (e.g. when buying a second hand device)

An Effective Device Lock can• Protect device subsidies – MNO sets lock info at start of a new subscription

• Prevent accidental deletion of a subscription

• Reduce device theft – the device is worthless as the subscription will be blocked and can not be changed on the eUICC

Soldered eUICCs expected to be much stronger

than the “SIM Lock” that is used to protect device subsidies

Dr. Klaus Vedder

Group Senior Vice PresidentGiesecke & Devrient GmbHPrinzregentenstr. 159

Next SCP Plenary Meeting07-08 FebruaryCupertino, USA

see: www.etsi.org

Prinzregentenstr. 15981607 MunichGermany

klaus.vedder@gi-de.com

New Work Items in 2012

Test cases to cover new features of TS 102 241 UICC API for Java card

Security for encapsulated Card Application Toolkit (CAT)• Definition of a mechanism that allows securing of encapsulated CAT commands and

envelopes. The mechanism can be used on top of the AT commands defined for CAT over the modem interface.

Security for CAT• Definition of a mechanism that allows securing of CAT commands and envelopes. Existing

security mechanisms from TS 102 484 will be re-used

mUICC Access OptimisationmUICC Access Optimisation• Analysis of issues related to the reduction of the time for the terminal to access the

content on the UICC in order to provide a better user experience

• Background: The UICC is a platform that was designed for multiple application support. While this platform was often used for a single application in the past, it is more and more frequent that multiple applications reside on the UICC (e.g. USIM + ISIM + CSIM). The current work in other Technical Committees and organizations may create even further applications to be hosted on the UICC, such as the M2M Service Module

Use cases and requirements related to the addition of new contactless features• New usages of the UICC in contactless environment shall be taken into account by the

ETSI specifications. For instance, several types of secure elements may use the HCI as an interface. In order to increase interoperability and avoid proprietary implementations, there is a need to standardise interaction between the UICC and these secure elements through HCI