Responsible for the development and maintenance of
a common Smart Card Platform for all mobile telecommunication systems, for
the application independent specifications, for the interface with terminal
equipment and for smart card standards for general telecommunications,
mCommerce and security applications
The
main task of ETSI’s Smart Card Platform Technical Committee (TC SCP) is to
expand and maintain the Smart Card Platform specifications for mobile
communication systems. The specifications developed by TC SCP are, however,
not bound to usage in the telecommunications sector. They are, by design,
generic and application-agnostic and may thus be used as specifications for
a (secure) platform for any application designed to reside on a smart card
or a secure element.
To date, TC SCP has produced well over 40 specifications on smart cards,
covering all areas from administrative commands to Application Programming
Interfaces (APIs), browsers, Internet connectivity, Machine-to-Machine (M2M)
and new interfaces for high speed and Near Field Communication (NFC). They
include both core specifications as well as related test specifications
TC SCP strives to deliver specifications that meet real life needs and
therefore holds as key its policy of creating test specifications for both
the core specifications and the various interfaces provided by the Smart
Card Platform. This way, interoperability between applications implemented
on this true multi-application platform (called the UICC) can be – and is –
achieved.
TC SCP also provides and maintains the application identity register for
smart card applications residing on the UICC for other committees including
the Third Generation Partnership Project (3GPP™), 3GPP2, various financial
institutions and the WiMAX Forum.
2010 saw the completion of a large body of work. In total, TC SCP published
seven new ETSI Technical Specifications (TSs) and one new ETSI Technical
Report (TR).
The Technical Report deals with the UICC in Mobile Broadband Notebooks, a
topic that addresses an enquiry by the GSM Association. It analyses the
integration of UICCs in Mobile Broadband Notebooks, describes the different
market initiatives and provides a non-exclusive set of use cases. These use
cases will form the basis for establishing the relevant standardisation
requirements.
Following the completion of the specifications for the use of the Smart Card
Platform for mobile NFC applications in 2008, TC SCP has now completed a set
of four test specifications for the lower layers – the Single Wire Protocol
(SWP) and the Host Controller Interface (HCI). In addition to the test
specification for the terminal features of the HCI, TC SCP has created and
approved tests for host controller features which are transparent to the
terminal. This suite of test specifications is key to providing maximum
possible assurance of correct implementation and to delivering interoperable
products to the market.
The test specification for the high speed interface between the smart card
and a terminal (which is based on the Inter-Chip USB specification) was
accepted by TC SCP for publication in 2010. It was developed by an ETSI
Specialist Task Force (STF) which was financed jointly by ETSI and the
participating companies. The two parts of this specification cover the
minimum requirements for testing, respectively the ETSI aspects of the
terminal and the UICC features of this interface. This new test
specification is expected to further the interoperable implementation of the
high speed interface in handsets.
A new test specification was developed in 2010 to describe the technical
characteristics and methods for testing the API that allows a UICC-based
Smart Card Web Server (SCWS) to forward HTTP requests to an Applet and to
receive the response from the Applet.
TC SCP also produced a TS specifying a Java Card™ API, to serve the
provisioning of ‘contactless’ applications residing on the UICC and needing
access to the services provided by the HCI protocol for communication with
the Contactless Front End (CLF) in the device. Registration of contactless
parameters and the management of contactless Applets in card emulation mode
are defined in ‘GlobalPlatform Amendment C’. In co-operation with
GlobalPlatform, the necessary additions were defined for contactless reader
mode and connectivity events to provide in the API specification all
features present in the core specifications.
‘Standard’ SIMs have been used for specific M2M applications such as
metering and device tracking for quite some time. Other applications may,
however, require special functionality and different hardware properties as
well as a new form factor. Specific constraints such as data retention,
temperature, memory update cycles, vibration resistance and humidity, as
well as two new form factors for M2M use, were accepted, and a TS on the
physical and logical characteristics of Machine-to-Machine UICC was
published. While one of the two new form factors is socketable and may thus
be removable, the other needs to be soldered. Whichever form factor is
eventually chosen for the technical realisation of an M2M device, the
integration of the UICC in the M2M device or the integration of the M2M
device itself in the machine often result in the UICC not being removable.
Such UICCs may be embedded in M2M devices at the production site of the M2M
device and this may be in advance of the choice of country of deployment and
network operator. Furthermore, the network operator may be changed during
the lifetime of the device. The development of technology to deal with the
issues arising as a result would enable enormous scope for the exploitation
of M2M applications, but it has also initiated intense discussion amongst
the players involved in mobile communications; the subscription management
of such an embedded M2M UICC is now being considered and is expected to
require standardisation in the near future.
In 2010 TC SCP closed all work on Release 9 of the Smart Card specifications
and started the definition of the requirements for Release 10 and their
technical realisation. The Release 10 requirements include, in particular,
support of multiple connected entities and security requirements for the
transport of Card Application Toolkit (CAT) commands and responses over the
AT interface of a modem, requirements for a technical solution for the
integration of a UICC in a Mobile Broadband Notebook and the migration of
existing services over the USB-based high-speed interface. All the
requirements, together with use cases, can be found in a dedicated
requirement specification.
The use of confidential applications was further developed during 2010 to
allow third-party applications to be loaded and executed within a secure and
private environment. This was again completed in close co-operation with
GlobalPlatform and will be of particular interest to mobile NFC and M2M
application providers who might often not own (or control) the platform onto
which their application is loaded. For instance, owners of finance
applications may demand that their applications are managed and operated
with a ‘firewall’ between them and any other application on the card.
Modem interfaces featured in two major extensions to the specifications. The
CAT access on modem interface was specified for a single client interfacing
with the modem. This functionality concerns AT commands which can be issued
by a terminal to provide communication and interaction with a UICC within a
modem device. This work was undertaken in close co-operation with 3GPP.
Use cases and requirements related to the usage of the UICC with data modems
integrated in notebooks were analysed with respect to the requirements for
interface management and evolution of the existing set of specifications.
Areas considered were the USB interface, power management and negotiation,
and the voltage class used to secure the execution of the use cases. The set
of requirements will be used for the specification of the technical
realisation by TC SCP.
Establishing the UICC as a fully fledged part of the Internet has moved on a
good step with the definition of the remote management of the UICC using the
Internet Protocol (IP) terminating in the UICC. This will augment and
eventually replace the current smart card technique of using Application
Programming Data Units (APDUs), which requires translation of the IP data
within the host device. The position of the UICC as an IP-centric entity is
thus significantly enhanced.
2011 will see the creation of a test specification covering UICC interface
conformance requirements, complimenting the one already available for the
terminal side of the interface. TC SCP will also develop test specifications
related to newer releases of the corresponding core specifications.
Other topics to be covered in 2011 include the CAT access on the modem
interface, with an extension of the CAT from a single client to multiple
clients interfacing with the modem. TC SCP will undertake the definition of
an API for secure channels for the APDU protocol, based on the secure
channel API requirements. The Committee will prepare the specification of
requirements and use cases for Peer-to-Peer (P2P) contactless mode support
in the UICC, to facilitate communication between applications on different
UICCs, and work to support the P2P mode in contactless interface
specifications. TC SCP will address the UICC next generation Run Time
Environment (RTE) to support multi-tasking within the UICC with more than
one interface, and the security aspects of the use cases and requirements
related to the usage of the UICC with data modems integrated in notebooks. A
technical solution for a new framework for application and services
migration over IP/USB, allowing service discovery, registration and
invocation, will be sought, and use cases and requirements related to the
usage of the UICC in an M2M context will be identified.
A full list of all active and completed work items and detailed information
pertaining to them can be found in the ‘Work Item Monitoring’ window at:
http://portal.etsi.org/scp.