Upload
forgerock
View
471
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Jean-Francois Rubon of SIMalliance presents a Breakout Session at the 2014 IRM Summit in Phoenix, Arizona.
Citation preview
Security, Identity, Mobility
Secure element architects for today’s generation
What UICC Means for NFC & Security JF RUBONSIMalliance
IRM SummitPhoenix, AZ06/05/14
Securing the future of mobile services 2
Security, Identity, Mobility
SIMalliance: Who we are
SIMalliance members represent 86% of the global SIM market and deliver the most widely distributed secure application delivery platform in the world (UICC/SIM/USIM).
Securing the future of mobile services 3
Security, Identity, Mobility
What we do…
SIMalliance is the global, non-profit industry association which simplifies secure element (SE) implementation to drive the creation,
deployment and management of secure mobile services.
SIMalliance:
> Promotes the essential role of the secure element (SE) in delivering secure mobile applications and services across all devices that can access wireless networks
> Identifies and addresses SE-related technical issues, and clarifies and recommends existing technical standards relevant to SE implementation
> Promotes an open SE ecosystem to facilitate and accelerate delivery of secure mobile applications globally
> Monitors the market and produces market data reports
Securing the future of mobile services 4
Security, Identity, Mobility
SIMalliance Latest Delicerables
> Secure Element Deployment & Host Card Emulation v1.0
– Introduction to Android's Host Card Emulation (HCE) and explores its value to the NFC ecosystem relative to the Secure Element (SE)
– Technology remains immature, un-standardised and, relative to SE-based deployments, vulnerable to malicious attack.
> UICC LTE Profile
– A collection of requirements for optimal support of LTE/EPS networks by UICC.
– Widely utilised by North American MNOs.
> UICC Device Implementation Guidelines
– Outline fundamental and optional UICC features device vendors need to support to optimise UICC interoperability in future devices.
> Stepping Stones Documents
– Best practices for development of interoperable applications (USIM, NFC, SE).
> General SIM Security Guidelines
– Ensure that a SIM's security levels are optimally maintained.
Securing the future of mobile services 5
Security, Identity, Mobility
SIMalliance: Creating Opportunities for Market Growth
> Open Mobile API
– Standardised way to connect mobile apps with all SEs on a device (SE form factor neutral) including a service layer to provide a more intuitive interface and increasingly powerful functionality.
– Enables delivery of highly secure business and consumer mobile applications across all SE form factors.
– Referenced by GSMA (NFC Handset & APIs Requirements and Test Book).
– Open Source implementation (Seek-for-Android).
– Implemented in more than 150 models of Android (NFC) Smartphones
Open Mobile API
APP
Securing the future of mobile services 6
Security, Identity, Mobility
A Secure Element (SE) for Each Business Model
> An SE is a tamper resistant component which is used in a device to provide the security, confidentiality, and multiple application environments required to support various business models
> An SE resides in extremely secure chips and may exist in a variety of form factors
> The SE should provide separate memory for each application without interactions between them
> SIMalliance considers true SEs to be a combination between software and dedicated hardware
UICC (SIM)> Includes the application that authenticates the
user in the network
> Controlled by the mobile network operator (MNO)
Embedded SE (eSE)> SE embedded in the mobile at the time of
manufacturing
> Controlled by the device maker (OEM)
Secure MicroSD> SE embedded in µSD form factor and featuring
large memory
> Controlled by the service provider (SP)
Securing the future of mobile services 7
Security, Identity, Mobility
Memory
MNO BANK 1
BANK 2
SP
Global Platform compliant OS
Certified Secured Hardware & Software
The UICC is a SE Providing a Safe Execution Environment for Applications
> Highly Secured (Certifications: EMVCO, Common Criteria up to EAL5, CAST)
> Highly customisable multi-services platform (Java & GlobalPlatform OS)
> Connected: NFC (SWP) & remotely manageable (OTA & OTI)
> Multi-party manageable: Secured domains managed independently by each entity +dynamic security domains creation
> Standardised (ISO/IEC, ETSI, 3GPP, …)
> Interoperable for mobile devices, for services hosting & management (trusted service manager compliant)
> Proven and mature technology – NFC ready
7
Securing the future of mobile services 8
Security, Identity, Mobility
Strong NFC Foundation in Place for Use by Service Providers
124m NFC SIM shipments in
3 years
2014: 416m NFC phones to be
shipped*
2017: 53% of NFC-ready PoS globally*
In 2013 : 78m NFC SIM shipped (SIMalliance):
+159%
Japan/Korea: 37m
North America: 24m
Europe: 14m
*Forecast
Securing the future of mobile services 9
Security, Identity, Mobility
Securing Digital Services with SEs is Convenient and Provides an Enhanced User Experience
Smartphones With OpenMobileAPI
UserExperience
Universal with SIM toolkit (simple UI)
Smartphoneapps withOpenMobileAPI
Interface to the physical worldwith NFC
Simplified‘passwords’ with certificates and single-sign-on
Securing the future of mobile services 10
Security, Identity, Mobility
Appropriate Utilization of SE in NFC
Securing the future of mobile services 11
Security, Identity, Mobility
Conclusion
> Identity applications, strong authentication & digital signature services support trust in digital services.
> These services rely on SEs to store and manage user credentials, to counter security threats and meet certification requirements
> SEs provide a smooth user experience in mobile applications with NFC and Smartphone API
> Technology options enable service providers to support the identity service best adapted to their business model using:
– SIM cards
– Micro-SD
– Embedded SEs
Thanks! Visit www.simalliance.org for more information