10-gemalto interworking
DESCRIPTION
UICCTRANSCRIPT
-
The UICC A multi-network authentication device
An application platform
April 2008
Gemalto
-
April 2008, CDG Technology Forum 2
Operator branded services from any device
and any access network
Multiple authentications
One single device for multiple wireless networks
Inter-working authentication
An operator-controlled application platform
Flexible distribution models
Secure value added services
-
April 2008, CDG Technology Forum 3
The UICC is a multi-network authentication
device
With open markets, we find competing heterogeneous networks with common security requirements
Separate subscription from devices Hosts various network authentication applications and associated
credentials
OTA management
Fully standardized
Security, trust, and user convenience
-
April 2008, CDG Technology Forum 4
The UICC: single hardware authentication
platform securing access to multiple networks
32/1632/16--bit Hardware and librariesbit Hardware and libraries
HALHAL
Memory Memory blocksblocks
APDUAPDU
comcom--stackstackHALHAL SecuritySecurity
SYSSYSCrypto Crypto enginesengines
KernelKernel
Card
Card
Registry
Registry
Java Card RuntimeJava Card Runtime
EnvironmentEnvironment
(JCRE)(JCRE)
Open Platform Open Platform
EnvironmentEnvironment
(OPEN)(OPEN)
Java Card Java Card
Virtual MachineVirtual Machine
(JCVM)(JCVM)
ApplicationApplication
ToolsToolsJava CardJava Card
APIAPI
Toolkit Toolkit
frameworkframeworkFile SystemFile System
servicesservices
OTA OTA
mechanismmechanismNetwork AccessNetwork Access
ApplicationsApplications
JTEJTE
Extension Applications
and associated secure data
USIM
USIM
CSIM
CSIM
ISIM
ISIM
WISIM
WISIM
UICCplatform
GSM 3G/LTE networks (AKA)
Secure IMS applis (AKA)
CDMA networks (CAVE/AKA)
WiBRO/WiMAX networks (EAP)
-
April 2008, CDG Technology Forum 5
UICC Authentication in various networks
LTE
CDMA 2000
WIMAX
CAVE/CHAP
authentication
with USIM in UICC
AKA authentication
with USIM in UICC
EAP authentication
(AKA, SIM )
-
April 2008, CDG Technology Forum 6
UICC deployments benefits
Opex reduction & increased operating flexibility
Reduced cost of customer care
Better user experience with unsubsidized devices
Better network selection for outbound roaming based on negotiated
agreements
Increased revenues
Inbound international roaming revenues
Additional prepaid purchases from foreign visitors
Better service to the user; reduced churn
Better user experience when changing handset
Transparent inter-working with multiple networks worldwide
-
April 2008, CDG Technology Forum 7
LTE / WiMAX or HRPD inter-working
Connection to LTE core network via WIMAX interface
During authentication procedure UE interacts with MME to perform EAP-
AKA authentication
EAP packets are channeled via the WIMAX/HRPD access
WIMAX
Or HRPD
LTE core
MME
AAA
AKA
authentication with USIM
Dual mode handset
LTE/WiMAX or LTE/CDMA
-
April 2008, CDG Technology Forum 8
International roaming with dual mode
LTE/CDMA handset
In countries offering GSM/2G/3G access: Roaming possible if dual mode
handset is compliant with radio
frequencies used
Otherwise plastic roaming is
possible
User is authenticated using USIM
application and AKA algorithm with
HSS of home operator
CDMAHandset
GSM/3G/LTEHandset
Plastic roaming
-
April 2008, CDG Technology Forum 9
The UICC is also a multi application platform
4G will bring even more unsubsidized wireless devices that need to be easily provisioned
Operator branded services are inserted with the UICC
Toolkit API enables native access to handset peripherals
Native IP connectivity through handset with BIP
Dynamic remote provisioning of applications with UICC OTA
Emerging business modelswith global platform delegated management UICC real estate renting
Service providers have control on applications and partitions
-
April 2008, CDG Technology Forum 10
Transport SDTransport SD
Ticketing Info
The Secure Element, beyond wireless access
- Secure multi-application environment
- Specification supported by the Financial Industry
...Transport Bank
Issuer Security DomainIssuer Security Domain
GSM
(U)SIM
MNO
Services
Events
Ticketing
Smart
Poster
Bank SDBank SD
Credit
Card
Debit
CardLoyalty
Operator
-
April 2008, CDG Technology Forum 11
The business of managing identities
The UICC help MNO offer identity management services Different identity management initiatives:
3GPP GAA 5generic authentication architecture)
Liberty alliance ID-WSF (Identity web services framework)
Open ID
Cardspace
UICCs: huge infrastructure of shared secrets Operators leverage and monetize
this infrastructure through a panel ofidentity management solutions
-
April 2008, CDG Technology Forum 12
Taiwan
China
Korea
NFC: merging wireless with existing contactless
Japan
Mobile PaymentMobile TransportMajor payment
schemes
Payment
Smart poster
Loyalty Ticketing
Travel
-
April 2008, CDG Technology Forum 13
An open solution based on the UICC
SIM - Application logic (java)- User credentials- Open Platform enabled
NFC chipset- RF layer- Multi-protocol(type A, B, felica, 15693)
RF antenna Recommended by
(OTA)PortabilityPortabilityCarry m-applications, credentials and value-added services when changing handsets
SecuritySecurityA secure device that can be certified by payment institutions
MultiMulti--applicationapplicationEach service provider has an exclusive control over its own applications and partition.
Remote ManagementRemote ManagementApplications are managed and personalized OTA through existing and standardized protocols
-
April 2008, CDG Technology Forum 14
Securing Mobile TV services
UICC holds conditional access application used for service protection;
Card operating system and conditional access application are regularly updated to maintain security at sufficient level
UICC collects and distributes channel viewing information for audience monitoring purposes
-
April 2008, CDG Technology Forum 15
Securing access to branded services globally
As an authentication device, the UICC
Is a flexible platform enabling user authentication in various networks
Enables open market distribution model beneficial to users, operators, and
OEMs
Presents convenience and ease of use, crucial to customer satisfaction
As an application platform, the UICC
Is a key enabler thanks to its high level of security and trust value
Enables operators to push branded services to unknown devices
Features standard over the air management of application life cycle