10-gemalto interworking

The UICC A multi-network authentication device

An application platform

April 2008

Gemalto

April 2008, CDG Technology Forum 2

Operator branded services from any device

and any access network

Multiple authentications

One single device for multiple wireless networks

Inter-working authentication

An operator-controlled application platform

Flexible distribution models

Secure value added services


The UICC is a multi-network authentication

device

With open markets, we find competing heterogeneous networks with common security requirements

Separate subscription from devices Hosts various network authentication applications and associated

credentials

OTA management

Fully standardized

Security, trust, and user convenience


The UICC: single hardware authentication

platform securing access to multiple networks

32/1632/16--bit Hardware and librariesbit Hardware and libraries

HALHAL

Memory Memory blocksblocks

APDUAPDU

comcom--stackstackHALHAL SecuritySecurity

SYSSYSCrypto Crypto enginesengines

KernelKernel

Card

Card

Registry

Registry

Java Card RuntimeJava Card Runtime

EnvironmentEnvironment

(JCRE)(JCRE)

Open Platform Open Platform

EnvironmentEnvironment

(OPEN)(OPEN)

Java Card Java Card

Virtual MachineVirtual Machine

(JCVM)(JCVM)

ApplicationApplication

ToolsToolsJava CardJava Card

APIAPI

Toolkit Toolkit

frameworkframeworkFile SystemFile System

servicesservices

OTA OTA

mechanismmechanismNetwork AccessNetwork Access

ApplicationsApplications

JTEJTE

Extension Applications

and associated secure data

USIM

USIM

CSIM

CSIM

ISIM

ISIM

WISIM

WISIM

UICCplatform

GSM 3G/LTE networks (AKA)

Secure IMS applis (AKA)

CDMA networks (CAVE/AKA)

WiBRO/WiMAX networks (EAP)


UICC Authentication in various networks

LTE

CDMA 2000

WIMAX

CAVE/CHAP

authentication

with USIM in UICC

AKA authentication

with USIM in UICC

EAP authentication

(AKA, SIM )


UICC deployments benefits

Opex reduction & increased operating flexibility

Reduced cost of customer care

Better user experience with unsubsidized devices

Better network selection for outbound roaming based on negotiated

agreements

Increased revenues

Inbound international roaming revenues

Additional prepaid purchases from foreign visitors

Better service to the user; reduced churn

Better user experience when changing handset

Transparent inter-working with multiple networks worldwide


LTE / WiMAX or HRPD inter-working

Connection to LTE core network via WIMAX interface

During authentication procedure UE interacts with MME to perform EAP-

AKA authentication

EAP packets are channeled via the WIMAX/HRPD access

WIMAX

Or HRPD

LTE core

MME

AAA

AKA

authentication with USIM

Dual mode handset

LTE/WiMAX or LTE/CDMA


International roaming with dual mode

LTE/CDMA handset

In countries offering GSM/2G/3G access: Roaming possible if dual mode

handset is compliant with radio

frequencies used

Otherwise plastic roaming is

possible

User is authenticated using USIM

application and AKA algorithm with

HSS of home operator

CDMAHandset

GSM/3G/LTEHandset

Plastic roaming


The UICC is also a multi application platform

4G will bring even more unsubsidized wireless devices that need to be easily provisioned

Operator branded services are inserted with the UICC

Toolkit API enables native access to handset peripherals

Native IP connectivity through handset with BIP

Dynamic remote provisioning of applications with UICC OTA

Emerging business modelswith global platform delegated management UICC real estate renting

Service providers have control on applications and partitions


Transport SDTransport SD

Ticketing Info

The Secure Element, beyond wireless access

- Secure multi-application environment

- Specification supported by the Financial Industry

...Transport Bank

Issuer Security DomainIssuer Security Domain

GSM

(U)SIM

MNO

Services

Events

Ticketing

Smart

Poster

Bank SDBank SD

Credit

Card

Debit

CardLoyalty

Operator


The business of managing identities

The UICC help MNO offer identity management services Different identity management initiatives:

3GPP GAA 5generic authentication architecture)

Liberty alliance ID-WSF (Identity web services framework)

Open ID

Cardspace

UICCs: huge infrastructure of shared secrets Operators leverage and monetize

this infrastructure through a panel ofidentity management solutions


Taiwan

China

Korea

NFC: merging wireless with existing contactless

Japan

Mobile PaymentMobile TransportMajor payment

schemes

Payment

Smart poster

Loyalty Ticketing

Travel


An open solution based on the UICC

SIM - Application logic (java)- User credentials- Open Platform enabled

NFC chipset- RF layer- Multi-protocol(type A, B, felica, 15693)

RF antenna Recommended by

(OTA)PortabilityPortabilityCarry m-applications, credentials and value-added services when changing handsets

SecuritySecurityA secure device that can be certified by payment institutions

MultiMulti--applicationapplicationEach service provider has an exclusive control over its own applications and partition.

Remote ManagementRemote ManagementApplications are managed and personalized OTA through existing and standardized protocols


Securing Mobile TV services

UICC holds conditional access application used for service protection;

Card operating system and conditional access application are regularly updated to maintain security at sufficient level

UICC collects and distributes channel viewing information for audience monitoring purposes


Securing access to branded services globally

As an authentication device, the UICC

Is a flexible platform enabling user authentication in various networks

Enables open market distribution model beneficial to users, operators, and

OEMs

Presents convenience and ease of use, crucial to customer satisfaction

As an application platform, the UICC

Is a key enabler thanks to its high level of security and trust value

Enables operators to push branded services to unknown devices

Features standard over the air management of application life cycle

10-gemalto interworking

Documents