Chairman: Klaus Vedder (Giesecke & Devrient GmbH)
Responsible for the development and maintenance of a common Smart Card Platform for all mobile telecommunication systems, for the application-independent specifications, for the interface with terminal equipment and for smart card standards for general telecommunications, mCommerce and security applications
The main task of ETSI’s Smart Card Platform Technical Committee (TC SCP) is to expand and maintain the Smart Card Platform specifications for mobile communication systems. The specifications developed by TC SCP are, however, not bound to usage only in the telecommunications sector. They are, by design, generic and application-agnostic and may thus be used as specifications for a (secure) platform for any application designed to reside on a smart card or a secure element.
To date, TC SCP has produced well over 40 specifications on smart cards. For each topic addressed, its specifications define requirements, the technical solution, and testing for both the smart card and the terminal. It is the hallmark of TC SCP in the world of standards that it provides the industry with a hitherto unknown basis for the development and integration of applications. This way, interoperability between terminals and the applications implemented on this true multi-application platform (called the UICC) can be achieved.
The topics addressed by TC SCP range from the definition of all lower layers and interfaces of the Smart Card Platform itself and application functionality, including administrative commands, Application Programming Interfaces (APIs), browsers, Internet connectivity, Machine-to-Machine (M2M), and interfaces for high speed and Near Field Communication (NFC), as well as remote management.
TC SCP also provides and maintains the application identity register for smart card applications on behalf of other committees including the Third Generation Partnership Project (3GPP™), 3GPP2, GlobalPlatform, various financial institutions and the WiMAX Forum.
2012 saw the completion of three new test specifications, the specification for the technical realisation of a 4th Form Factor for the UICC smart card and ongoing discussion on the requirements for an embedded UICC and its management. TC SCP’s specifications are widely used by industry, and providing ongoing support as they are implemented is an important adjunct of the Committee’s work. The maintenance and technical improvement of its specifications, as well as the continuous update of its test specifications to cover new features and functions, therefore form a significant part of the work of TC SCP.
The Secure Channel specification developed by TC SCP is used by the Open Mobile Alliance (OMA) in the OMA BCAST specifications, and by 3GPP for secure communications between the USIM application on a UICC and a relay node. Test specifications fulfil an important role in the correct delivery of solutions. For this reason TC SCP strives to provide test specifications for the industry as part of a complete portfolio. The test specification for the Secure Channel interface was published in 2012; it consists of two parts: Part 1 covers the terminal features while part 2 covers those of the UICC. Development of these specifications was achieved with the support of an ETSI Specialist Task Force (STF) which was financed jointly by ETSI and the participating companies.
The third test specification published in 2012 covers conformance requirements for the ‘UICC Application Programming Interface for Java CardTM for Contactless Applications’.
The 4th Form Factor for the UICC smart card was eventually agreed by vote in 2012 after many long and intensive discussions. The technical realisation of the 4th Form Factor has taken the miniaturisation of the existing three form factors, specified respectively in 1988 (ID-1 Card), 1989 (Plug-in Card) and 2004 (Mini-UICC), to the limit by removing nearly all plastic surrounding the contact area and shifting the two contacts needed for the high speed interface to the central part of the contact area. A small plastic rim surrounding the metal contact area is still required to avoid short circuits once inserted in the device.
In 2012 TC SCP completed its work on the security for both the Card Application Toolkit (CAT) and the encapsulated CAT. The definition of mechanisms for securing the commands and envelopes of the two methods of the Card Application Toolkit will re-use existing security mechanisms from the Secure Channel specification. The mechanism for the encapsulated CAT can be used on top of the AT commands defined for CAT over the modem interface.
Work was also completed on memory integrity monitoring in M2M applications. TC SCP has introduced the possibility for Java CardTM applications to indicate that certain data objects in the non-volatile memory of the chip are subject to high update activities.
TC SCP has specified the MFF2 (M2M Form Factor 2) for use in M2M applications. The MFF2 is a Surface Mounted Device (SMD) package which must be soldered to a circuit board; it is an example of an ‘embedded UICC’ (eUICC), that is a UICC which is ‘not easily accessible or replaceable’. The ability to change subscriptions on devices which utilise an eUICC necessitates new methods for provisioning identity and access credentials both securely and remotely. During 2012, TC SCP had long and difficult discussions about the management of the eUICC, impeded by the diverging interests of the players serving different markets and the disruptive nature of this topic on the ecosystem. By the end of the year a Technical Specification containing use cases and a fairly extensive set of requirements had been produced. Publication was scheduled for early in 2013. The Committee will expand this work in 2013 and also begin work on the technical realisation of the requirements.
In 2012 TC SCP closed all work on Release 11 of the Smart Card specifications and began the definition of the requirements for Release 12 and their technical realisation. The Release 12 requirements include, in particular, the optimisation of the UICC access as well as use cases and requirements related to the addition of new contactless features.
The UICC was designed as a platform for multiple application support. While it was often used for a single application in the past, increasingly multiple applications reside on the UICC such as USIM, ISIM, CSIM and M2M. The Committee is working on UICC access optimisation, analysing the issues related to the reduction of the time for the terminal to access the content on the UICC at the platform level in order to provide a better user experience. The contactless world is advancing and more and more applications, as well as secure elements based on the UICC, are using TC SCP’s specifications for NFC. As a result, several types of secure elements may use the Host Controller Interface (HCI) as an interface. In order to increase interoperability and avoid proprietary implementations, there is a need to standardise the interaction between the UICC and these secure elements through the HCI.
In 2013 TC SCP plans to produce a new UICC conformance test specification and to upgrade several existing test specifications to cover new releases of the respective core specifications. The Committee will also address the specification of an API for the secure channel for the Java Card™ Platform.
The work of TC SCP is driven by input from both inside and outside ETSI, and the Committee therefore continues to liaise with major external contributors such as the GlobalPlatform, the GSM Association, 3GPP™, 3GPP2, the NFC Forum, the OMA, the Global Certification Forum (GCF) and the PCS Type Certification Review Board (PTCRB).
A full list of all active and completed work items and detailed information pertaining to them can be found in the ‘Work Item Monitoring’ window at: http://portal.etsi.org/scp.