PRESENTATION OF ETSI © ETSI 2014. All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge...
-
Upload
dwight-mckinney -
Category
Documents
-
view
218 -
download
0
Transcript of PRESENTATION OF ETSI © ETSI 2014. All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge...
PRESENTATION OF ETSI
© ETSI 2014. All rights reserved
Sophia Antipolis, 22 May 2014
Luis Jorge RomeroDirector General, ETSI
ETSI in a nutshell
Associate
― ICT standards organization based in France― Formaly recognized as SDO by the EU― Telecoms, IT and « ICT inside » e.g. e-ID,
transports, mobile payments, etc.― Global membership (750+ Members/62
countries)― Direct participation― “Made in EU for global use” enabler of a
series of worldwide industrial hits― Home of the UICC –most deployed secure
element worldwide― Partnership is the preferred way (3GPP,
M2M…)― Interoperability (CTI)
© ETSI 2014. All rights reserved
Today’s theme: e-ID
The Porvoo Group is an international cooperative network coordinated by the Population Register Centre of Finland.
Its primary goal is to promote a trans-national, interoperable e-ID based on PKI technology (Public Key Infrastructure), smart cards and chip ID cards, as well as secure e-services in Europe.
© ETSI 2014. All rights reserved
Constellation of terms…
© ETSI 2014. All rights reserved
eID
PKI
Cross-border
Mobile ID
Privacy
Future
Authentication
ESTI Structure
5
General Assembly
ETSI Board
Technical Organization (TO)Technical Bodies (TBs)
Partnership Projects(EPP)
Technical Committees(TC)
Special Committees (2)(SC)
ETSI Projects(EP)
Industry Specification Groups (ISG)
Operational Co-ordination Group (OCG)
Special Committees (1)(SC)
(EMTEL, SAGE, UG)(3GPP)
(FC, IPR)
The ETSI Secretariat provides support !
© ETSI 2014. All rights reserved
Bottom-up approach
© ETSI 2014. All rights reserved
© ETSI 2014. All rights reserved
Mobile Communications
© ETSI 2014. All rights reserved
Four Specification Groups• Radio Access Network (3G / 4G) • GSM EDGE Radio Access Network (2G)• Service & Systems Aspects• Core Network & Terminals
Some key terms:• Mobile ID• Authentication• Cross border
Smart Card Platform
UICC used for (U)SIM/ISIM in 3GPP, for R-UIM in 3GPP2 and more (5+ billion UICC deployed)
Embedded UICC (eUICC): Work on secure remote provisioning of access credentials
Mobile contactless: Work with NFC Forum and GlobalPlatform
APIs and conformance testing work ongoing
© ETSI 2014. All rights reserved
Electronic Signatures
© ETSI 2014. All rights reserved
Electronic signature formats: XAdES, CAdES, PAdES
Algorithms and parameters for e-signatures
Rationalised Framework of e-sign standards
Cryptographic suites
Trusted Service Providers supporting signature
Testing compliance and interoperability
Cybersecurity
Security of infrastructures, devices, services and protocols
Security advice, guidance and operational security requirements to users, manufacturers and network and infrastructure operators
Security tools and techniques to ensure security
Creation of security specifications and alignment with work done in other TCs
© ETSI 2014. All rights reserved
Top-down
© ETSI 2014. All rights reserved
Where we come from:
ETSI has a number of security-related standardization activities
ETSI is the home of the UICC• a smart card not only targeted at telecoms• used in various environments to secure service- and application-
related credentials• most notable use as a platform for mobile comms application• a secure element of choice for mobile contactless services• the most successful smart card ever (5+ billion deployed in 2012)
© ETSI 2014. All rights reserved
Where we stand:
UICC evolution driven by mobile telecoms
Convergence of services on the mobile platform• Payments• DRM• Ticketing & Access Control• ID, Health Card, Driver License
Yet, multiplication of secure elements• No single element meets all security requirements• The card issuer "gets in the way"• Card Issuer + third parties model difficult to set up.• Each vertical market has its own secure element
© ETSI 2014. All rights reserved
Where we go:
Delivery of a smart and secure platform• For securely managing identities, authentication and authorization, based on the
consolidated requirements of multiple industries• Not only a smart and secure element• Common understanding of the security requirements and levels• Best in class interoperability
Involvement of all industry sectors• Requirements collection process takes all sectors into account• Win/Win for all players:
• Common platform and management entities• Lower costs and better interoperability• Better market adoption
• Level playing field for all
© ETSI 2014. All rights reserved
Smart Secure PlatformFramework and approach
First, a firewalled, per sector approachThen work on common elements
© ETSI 2014. All rights reserved
Aggregation of Sectors Requirements and identification of Generic Needs
Use Cases
RequirementsSet #1
Key Players
Common decision regarding the setup of future activities
Work on technical specifications and compliance aspects
Use Cases
RequirementsSet #2
Key Players
Use Cases
RequirementsSet #3
Key Players
Use Cases
RequirementsSet #4
Key Players
Use Cases
RequirementsSet #5
Key Players
Banking and Financial Services
Mobile Telecoms
Government & Identity
Transportation, Physical Access,Logical Access
Machine-Type Communicatio
ns (M2M)
Timeline
Consultations
Aggregation of needs & requirementsAutumn 2014
SectorWorkshopsMarch - June