TB SiteMapbreadcrumb separatorSCPbreadcrumb separatorActivity Reportsbreadcrumb separatorActivity Report 2010

SCP Activity Report 2010

2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 

Chairman: Klaus Vedder (Giesecke & Devrient GmbH)

Responsible for the development and maintenance of a common Smart Card Platform for all mobile telecommunication systems, for the application independent specifications, for the interface with terminal equipment and for smart card standards for general telecommunications, mCommerce and security applications

The main task of ETSI’s Smart Card Platform Technical Committee (TC SCP) is to expand and maintain the Smart Card Platform specifications for mobile communication systems. The specifications developed by TC SCP are, however, not bound to usage in the telecommunications sector. They are, by design, generic and application-agnostic and may thus be used as specifications for a (secure) platform for any application designed to reside on a smart card or a secure element.

To date, TC SCP has produced well over 40 specifications on smart cards, covering all areas from administrative commands to Application Programming Interfaces (APIs), browsers, Internet connectivity, Machine-to-Machine (M2M) and new interfaces for high speed and Near Field Communication (NFC). They include both core specifications as well as related test specifications

TC SCP strives to deliver specifications that meet real life needs and therefore holds as key its policy of creating test specifications for both the core specifications and the various interfaces provided by the Smart Card Platform. This way, interoperability between applications implemented on this true multi-application platform (called the UICC) can be – and is – achieved.

TC SCP also provides and maintains the application identity register for smart card applications residing on the UICC for other committees including the Third Generation Partnership Project (3GPP™), 3GPP2, various financial institutions and the WiMAX Forum.

2010 saw the completion of a large body of work. In total, TC SCP published seven new ETSI Technical Specifications (TSs) and one new ETSI Technical Report (TR).

The Technical Report deals with the UICC in Mobile Broadband Notebooks, a topic that addresses an enquiry by the GSM Association. It analyses the integration of UICCs in Mobile Broadband Notebooks, describes the different market initiatives and provides a non-exclusive set of use cases. These use cases will form the basis for establishing the relevant standardisation requirements.

Following the completion of the specifications for the use of the Smart Card Platform for mobile NFC applications in 2008, TC SCP has now completed a set of four test specifications for the lower layers – the Single Wire Protocol (SWP) and the Host Controller Interface (HCI). In addition to the test specification for the terminal features of the HCI, TC SCP has created and approved tests for host controller features which are transparent to the terminal. This suite of test specifications is key to providing maximum possible assurance of correct implementation and to delivering interoperable products to the market.

The test specification for the high speed interface between the smart card and a terminal (which is based on the Inter-Chip USB specification) was accepted by TC SCP for publication in 2010. It was developed by an ETSI Specialist Task Force (STF) which was financed jointly by ETSI and the participating companies. The two parts of this specification cover the minimum requirements for testing, respectively the ETSI aspects of the terminal and the UICC features of this interface. This new test specification is expected to further the interoperable implementation of the high speed interface in handsets.

A new test specification was developed in 2010 to describe the technical characteristics and methods for testing the API that allows a UICC-based Smart Card Web Server (SCWS) to forward HTTP requests to an Applet and to receive the response from the Applet.

TC SCP also produced a TS specifying a Java Card™ API, to serve the provisioning of ‘contactless’ applications residing on the UICC and needing access to the services provided by the HCI protocol for communication with the Contactless Front End (CLF) in the device. Registration of contactless parameters and the management of contactless Applets in card emulation mode are defined in ‘GlobalPlatform Amendment C’. In co-operation with GlobalPlatform, the necessary additions were defined for contactless reader mode and connectivity events to provide in the API specification all features present in the core specifications.

‘Standard’ SIMs have been used for specific M2M applications such as metering and device tracking for quite some time. Other applications may, however, require special functionality and different hardware properties as well as a new form factor. Specific constraints such as data retention, temperature, memory update cycles, vibration resistance and humidity, as well as two new form factors for M2M use, were accepted, and a TS on the physical and logical characteristics of Machine-to-Machine UICC was published. While one of the two new form factors is socketable and may thus be removable, the other needs to be soldered. Whichever form factor is eventually chosen for the technical realisation of an M2M device, the integration of the UICC in the M2M device or the integration of the M2M device itself in the machine often result in the UICC not being removable. Such UICCs may be embedded in M2M devices at the production site of the M2M device and this may be in advance of the choice of country of deployment and network operator. Furthermore, the network operator may be changed during the lifetime of the device. The development of technology to deal with the issues arising as a result would enable enormous scope for the exploitation of M2M applications, but it has also initiated intense discussion amongst the players involved in mobile communications; the subscription management of such an embedded M2M UICC is now being considered and is expected to require standardisation in the near future.

In 2010 TC SCP closed all work on Release 9 of the Smart Card specifications and started the definition of the requirements for Release 10 and their technical realisation. The Release 10 requirements include, in particular, support of multiple connected entities and security requirements for the transport of Card Application Toolkit (CAT) commands and responses over the AT interface of a modem, requirements for a technical solution for the integration of a UICC in a Mobile Broadband Notebook and the migration of existing services over the USB-based high-speed interface. All the requirements, together with use cases, can be found in a dedicated requirement specification.

The use of confidential applications was further developed during 2010 to allow third-party applications to be loaded and executed within a secure and private environment. This was again completed in close co-operation with GlobalPlatform and will be of particular interest to mobile NFC and M2M application providers who might often not own (or control) the platform onto which their application is loaded. For instance, owners of finance applications may demand that their applications are managed and operated with a ‘firewall’ between them and any other application on the card.

Modem interfaces featured in two major extensions to the specifications. The CAT access on modem interface was specified for a single client interfacing with the modem. This functionality concerns AT commands which can be issued by a terminal to provide communication and interaction with a UICC within a modem device. This work was undertaken in close co-operation with 3GPP.

Use cases and requirements related to the usage of the UICC with data modems integrated in notebooks were analysed with respect to the requirements for interface management and evolution of the existing set of specifications. Areas considered were the USB interface, power management and negotiation, and the voltage class used to secure the execution of the use cases. The set of requirements will be used for the specification of the technical realisation by TC SCP.

Establishing the UICC as a fully fledged part of the Internet has moved on a good step with the definition of the remote management of the UICC using the Internet Protocol (IP) terminating in the UICC. This will augment and eventually replace the current smart card technique of using Application Programming Data Units (APDUs), which requires translation of the IP data within the host device. The position of the UICC as an IP-centric entity is thus significantly enhanced.

2011 will see the creation of a test specification covering UICC interface conformance requirements, complimenting the one already available for the terminal side of the interface. TC SCP will also develop test specifications related to newer releases of the corresponding core specifications.

Other topics to be covered in 2011 include the CAT access on the modem interface, with an extension of the CAT from a single client to multiple clients interfacing with the modem. TC SCP will undertake the definition of an API for secure channels for the APDU protocol, based on the secure channel API requirements. The Committee will prepare the specification of requirements and use cases for Peer-to-Peer (P2P) contactless mode support in the UICC, to facilitate communication between applications on different UICCs, and work to support the P2P mode in contactless interface specifications. TC SCP will address the UICC next generation Run Time Environment (RTE) to support multi-tasking within the UICC with more than one interface, and the security aspects of the use cases and requirements related to the usage of the UICC with data modems integrated in notebooks. A technical solution for a new framework for application and services migration over IP/USB, allowing service discovery, registration and invocation, will be sought, and use cases and requirements related to the usage of the UICC in an M2M context will be identified.

A full list of all active and completed work items and detailed information pertaining to them can be found in the ‘Work Item Monitoring’ window at: http://portal.etsi.org/scp.