SCP Activity Report 2016
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Chairman: Klaus Vedder, Giesecke & Devrient GmbH
Responsible for the development and maintenance of specifications for secure elements (SEs) in a multi-application capable environment, the integration into such an environment, as well as the secure provisioning of services making use of SEs
The main task of ETSI’s Smart Card Platform committee (TC SCP) is to develop and maintain specifications for the SE and its interface to the outside world for use in telecommunication systems, for general telecommunication purposes as well as for Machine-to-Machine (M2M)/Internet of Things (IoT) communications. The committee’s work includes the interface, procedures and protocol specifications between the SE and entities (remote or local) used in its management. It also includes interfaces, procedures and protocol specifications used between such entities for the secure provisioning and operation of services making use of the SE.
The specifications developed by TC SCP are generic and application-agnostic, they can thus be used as specifications for any application designed to reside in an SE, for its interface to the outside world and the ecosystem in which it is embedded.
To date, TC SCP has produced 50 specifications for SEs. For each topic addressed, its specifications define requirements, the technical solution and conformance testing for both the SE and the terminal. It is TC SCP’s hallmark in the world of standards that it provides the industry with a hitherto unknown basis for the development and integration of applications. In this way, interoperability can be achieved between terminals and the applications implemented on this true multi-application platform (called the UICC).
The areas addressed by TC SCP range from the definition of all lower layers and interfaces of the SE itself and application functionality, including physical aspects. This covers administrative commands, Application Programming Interfaces (APIs), browsers, Internet connectivity, M2M and interfaces for high speed and Near Field Communication (NFC), as well as remote management and the interface of entities (remote or local) in the management of the UICC.
TC SCP also provides and maintains the application identity register for smart card applications on behalf of other organisations including the Third Generation Partnership Project (3GPP™), 3GPP2, GlobalPlatform, the Open Mobile Alliance (OMA), oneM2M, various financial institutions and the WiMAX Forum.
In 2016 the scope of TC SCP was widened to take account of the growing number of actors which are now involved in the remote management of the UICC content. Instead of just the UICC and the device hosting it, or the UICC and a remote server communicating with the UICC over the air, TC SCP will now also address the use of a UICC as a non-removable secure element, its remote management and the interfaces required for the interaction of servers involved in the management of the UICC and controlled by different actors.
In addition, to take account of the committee’s work on form factors intended for use in M2M applications, which may not necessarily fall under the term ‘card’, and to allow flexibility in the specification of future form factors, the term ‘IC Card’ was dropped from the Terms of Reference.
The main highlights of 2016 were the first discussions on use cases and requirements for a totally new SE, the approval for publication of the technical realisation of the embedded UICC (eUICC) in a specification entitled ‘Embedded UICC; Physical, Logical, and Electrical Characteristics’, the approval of the first release of the Technical Specification on the Profile Package for the eUICC, and joint work with GlobalPlatform and the NFC Forum on a white paper on multiple SEs for mobile contactless communication over the NFC interface. In this context the updating of the test specifications for the support of the UICC as a mobile contactless SE was particularly important.
In line with its revised Terms of Reference, TC SCP’s working group on requirements (SCP REQ) began work on use cases and requirements for a next generation SE. This included consideration of improvements to the existing physical/electrical interface, the logical interface and the potential definition of new interfaces for removable and non-removable SEs. For non-removable SEs, interoperability may not be required in terms of physical dimensions, pin locations or the physical/electrical interface. New data structures capable of handling large amounts of data in a secure way will be required. In addition, configurations will be specified with special emphasis on an optimised configuration for the IoT. TC SCP further enhanced the requirement specification for the embedded UICC, with the addition of local management for profiles.
In general terms, an eUICC is a “UICC which is not easily accessible or replaceable, is not intended to be removed or replaced in the terminal, and enables the secure changing of subscriptions”. It may be inconvenient, if not impossible, to exchange an eUICC for another one, which imposes specific constraints on the administration of an eUICC, including the electrical personalisation of the UICC. The ability to change subscription-related data in the UICC without its physical removal and replacement in the end-device necessitates new methods for provisioning identity and access credentials both securely and remotely.
TC SCP’s Technical working group (SCP TEC) continued its work towards the specification of a technical solution to meet the requirements identified for an eUICC. The work progressed well in 2016 and resulted in the approval for publication of the first version of a Technical Specification on the physical, logical and electrical characteristics of the eUICC. Work will continue in 2017 to cover open topics. To achieve interoperability between eUICCs issued by different providers, TC SCP approved a profile specification of the eUICC which specifies the format to be used for the Profile Package that is loaded into an eUICC. This means that the same structure is used on all eUICCs for data, including subscriptions, ensuring the interoperable management of such data.
TC SCP’s specifications are widely used by the industry and certification bodies, and the maintenance and technical improvement of its specifications, as well as the continuous updating of its test specifications to cover new features and functions, therefore form a significant part of its work. As in previous years, in 2016 TC SCP upgraded several existing test specifications to cover new releases of the respective core specifications and reviewed a large number of existing test descriptions to take into account experience gained in the field.
In order to increase interoperability and avoid proprietary implementations, there is a need to standardise the interaction between the NFC controller, the UICC and other (secure) elements, particularly the routing of data to a specific application (in any one of the secure elements) without user interaction being required at the time of the contactless transaction. The technical realisation of the requirements for the support of multiple contactless Host Controller Interface (HCI) hosts was carried out in close co-operation with GlobalPlatform and the NFC Forum to achieve a harmonised approach. TC SCP completed its part of the work in 2016, ensuring that legacy UICC applications still work in a device implementing Host Card Emulation (HCE). The publication of the findings of the three groups as a joint white paper was scheduled for early 2017.
The work of TC SCP is based on input from both inside and outside ETSI, and the committee therefore continues to liaise with major external contributors such as GlobalPlatform, the GSM Association, 3GPP, 3GPP2, the NFC Forum, the OMA, the Global Certification Forum (GCF), oneM2M and the PCS Type Certification Review Board (PTCRB).
A full list of all active and completed work and detailed information relating to them can be found on the committee’s ‘Work Item Monitoring’ page at: http://portal.etsi.org/scp.