Information Technology Reference
In-Depth Information
Figure 2. The Basic Flow of UICC-based Security Services
let the applet developers utilize the functionalities
of UICCs, and manage the applets and UICCs.
The de-facto standard of UICC platforms are
Java Card Platform for providing the functional-
ities to the applets and GlobalPlatform for securely
managing the UICC and its installing applets.
Java Card Platform is a smart card operat-
ing system which includes Java Card Runtime
Environment, Java Card Virtual Machine and
APIs. This platform provides lots of useful APIs
required to develop the applet for UICC-based
security services such as cryptographic algorithms.
Furthermore, this platform supports the code and
context isolation for security as explained later.
This feature acting as firewall among applets can
prohibit applets from accessing the resources of
other applets, except for the case when the applet
implements the special interface named by SIO
(Shareable Interface Object). Currently, version
2.2.x is widely utilized and version 3.0, which
includes SCWS and other J2ME-level features, is
planning to be commercialized in the near future.
GlobalPlatform is a secure, dynamic card
and application management system that defines
card components, command sets, transaction se-
quences and interfaces that are hardware-neutral,
operating system neutral, vendor-neutral and
application independent. This platform provides
the method to manage the UICC and the installed
software such as applet and servlet. Speaking of
GlobalPlatform, SD (Security Domain) is a key
component. SDs act as the on-card representa-
tives of off-card authorities such as card issuer,
application providers, etc. ISD (Issuer Security
Domain), on-card representative of card issuer
(usually mobile operator in the case of UICC),
is defined and installed onto the UICC, which
can manage the SSDs (Supplementary Security
Domain), on-card representative of application
providers, with them actual UICC-based softwares
interact. SDs support security services such as key
handling, encryption, decryption, digital signature
generation and verification for the applications.
Each SD is established on behalf of a Card Issuer,
an Application Provider or a Controlling Author-
ity when these off-card entities require the use of
keys that are completely isolated from each other.
Then, we'll briefly explain about the processes
of managing the UICC applications. First of all,
the systems of card issuer authenticate with the
card using the key for ISD and then try to install
the SSD for one specific application provider
with the pre-shared key for that SSD. The UICC
application developed by the application provider
will be installed by the systems of card issuer and
then the application and SSD are associated by
the extradition process. Then, application provider
utilizes the key for SSD to manage its own UICC
application. If the UICC application does not
necessitate the SSD for some business reasons,
the installation of SSD can be omitted.
Security Characteristics of UICC
Speaking of the security features, the UICC is the
ideal solution for the mobile services.
Search WWH ::
Custom Search