SCP Activity Report 2017
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Chairman: Klaus Vedder, Giesecke + Devrient Mobile Security GmbH
Responsible for the development and maintenance of specifications for secure elements (SEs) in a multi-application capable environment, the integration into such an environment, as well as the secure provisioning of services making use of SEs
The work of ETSI’s Smart Card Platform committee includes the development and maintenance of specifications for the SE and its interface to the outside world for use in telecommunication systems, for general telecommunication purposes as well as for Machine-to-Machine (M2M)/Internet of Things (IoT) communications. The committee’s work comprises the interface, procedures and protocol specifications between the SE and entities (remote or local) used in its management. It also includes interfaces, procedures and protocol specifications used between such entities for the secure provisioning and operation of services making use of the SE.
The specifications developed by TC SCP are generic and application-agnostic. They can thus be used as specifications for any application designed to reside in an SE, for its interface to the outside world and the ecosystem in which it is embedded. They have thus found their way into other applications such as ID-management and the contactless interface specified by TC SCP is used in financial services.
To date, TC SCP has produced 50 specifications for SEs. For each topic addressed, its specifications define requirements, the technical solution and conformance testing for both the SE and the terminal. It is TC SCP’s hallmark in the world of standards that it provides the industry with a hitherto unknown basis for the development and integration of applications. In this way, interoperability can be achieved between terminals and the applications implemented on this true multi-application platform (called the UICC).
The areas addressed by TC SCP range from the definition of all lower layers and interfaces of the SE itself and application functionality, including physical aspects. This covers administrative commands, Application Programming Interfaces (APIs), browsers, Internet connectivity, M2M and interfaces for high speed and Near Field Communication (NFC), as well as remote management and the interface of entities (remote or local) in the management of the UICC.
TC SCP also provides and maintains the application identity register for smart card applications on behalf of other organizations including the Third Generation Partnership Project (3GPP™), 3GPP2, GlobalPlatform, the Open Mobile Alliance (OMA), oneM2M, various financial institutions and the WiMAX Forum.
The scope of TC SCP has broadened to take account of the growing number of actors which are now involved in the remote management of the UICC content. Instead of just a removable UICC and the device hosting it, or the UICC and a remote server communicating with the UICC over the air, TC SCP will now also address the use of a UICC as a non-removable secure element, its remote management and the interfaces required for the interaction of servers involved in the management of the UICC and controlled by different actors.
The emphasis of the work in 2017 was on the next generation Secure Element. This will, in particular, be needed for the security functions provided by 3GPP for 5G. TC SCP considers that the topics of trust and privacy in IoT and mobile applications are essential to the market and that its new Smart Secure Platform (SSP) incorporating this next generation work can and will contribute significantly to help to achieve these two aims.
The requirement specification TS 103 465 “Smart Secure Platform (SSP); Requirement Specification” is expected to be completed in early 2018, while the technical realisation is progressed by SCP’s technical working group together with an ETSI Special Task Force (STF 546). It is important to note in this context that an embedded UICC (or eUICC) which is not removable has no immediate requirements on interoperability (from the hardware and low-level communication protocol standpoints). However, the Profile Package that is loaded into an eUICC needs to have the same structure on all eUICCs to achieve interoperability at application level. This had been addressed by a specification published in 2016. The same holds for the so-called integrated SSP (iSSP) which is a secure element integrated into a System-on-Chip (SoC) and will be one of the embodiments of the SSP.
The technical realization of the Smart Secure Platform will consist of two deliverables constituting the first parts in a multi-part specification. The work of the STF and SCP’s technical working group is expected to be completed by mid-2018 to meet the timelines of 3GPP. The first deliverable will address the generic portions of the SSP which are those parts that apply to every SSP regardless of its form factor and the physical interfaces it supports. This first deliverable forms the input for a secure authentication platform for 5G Phase 1. The second deliverable addresses the already mentioned specific class of the SSP, the iSSP.
TC SCP’s specifications are widely used by the industry and certification bodies, and the maintenance and technical improvement of its specifications, as well as the continuous updating of its test specifications to cover new features and functions, therefore form a significant part of its work. As in previous years, in 2017 TC SCP upgraded several existing test specifications to cover new releases of the respective core specifications and reviewed a large number of existing test descriptions to take into account experience gained in the field. For 2018 the emphasis will be, apart from the ongoing update of existing test specifications, the analysis of Internet of Things (IoT) devices which make use of technologies specified by ETSI TC SCP. As these devices sometimes do not implement the full feature functionality specified, there is a need to review existing test cases and to define new specific test cases where required. The non-removability (or even integration) of a Secure Element also sets new challenges that will need to be assessed and tackled by TC SCP for its testing work.
As a device may contain multiple secure elements for mobile NFC there is a need to achieve interoperability and avoid proprietary implementations. ETSI TC SCP joined forces with GlobalPlatform and the NFC Forum to tackle these issues. A white paper “Ensure interworking between multiple Contactless Card Emulation Environments” was published in March 2017. In particular, there is a need to standardize the interaction between the NFC controller, the UICC and other (secure) elements, particularly the routing of data to a specific application (in any one of the secure elements) without user interaction being required at the time of the contactless transaction. The shared work initiative explains how to ensure that NFC services successfully coexist within a device and operate as intended. The paper contains a detailed standardized approach to implementing and managing NFC services across all technologies and platforms. It clarifies how the ecosystem defines the expected behavior of multiple NFC services hosted in the same device and simplifies the end-user experience. This covers services such as payment, transport, loyalty or access control. The approach will also be of interest to OEMs developing devices that support NFC services. For consumers, this clarity brings guarantees that services will work as advertised, regardless of the hosting contactless environment selected by the service provider. In the specific context of ETSI, the technical solution ensures that legacy UICC applications still work in a device implementing Host Card Emulation (HCE).
The work of TC SCP is based on input from both inside and outside ETSI, and the committee therefore continues to liaise with major external contributors such as GlobalPlatform, the GSM Association, 3GPP, 3GPP2, the NFC Forum, the OMA, the Global Certification Forum (GCF), oneM2M, the PCS Type Certification Review Board (PTCRB) and the SIMalliance.
A full list of all active and completed work and detailed information relating to them can be found on the committee’s ‘Work Item Monitoring’ page at: http://portal.etsi.org/scp.