Information Technology Reference
In-Depth Information
The USF is being developed and will be in-
stalled on top of the Java Card Platform (JCP).
The USF Engines are the core of the USF. Using
all JCP APIs, the USF Engines implement DRM,
PKI, Secure Communication (SC) and Anti-Virus
Engines. Each Engine is used for processing the
cryptographic operations such as asymmetric and
symmetric ciphers, hash functions, etc. and the
related operations like XML parsing, ASN.1
encoding/decoding, etc. required for performing
the client-side operations of the security protocols.
The current version of DRM, PKI and SC engines
supports OMA DRM 2.0 specifications, PKCS
series of RSA Laboratory and TLS v1.1, respec-
tively. The Anti-Virus Engine is under designing
to protect mobile platforms against known mali-
cious codes.
The PAL is utilized to make USF independent
of the base platforms. This layer implements in-
terfaces between USF and the base platform so
as not to change the USF Engines even though
the base platform is totally changed or updated.
The cryptographic algorithms and the wrapper
classes of primitives necessary for processing of
the USF Engines but not supported in the base
platform should be implemented in this layer. Due
to this feature, even thought the USF is currently
implemented on top of the JCP, it can be installed
on other Java-based mobile platforms by changing
the PAL accordingly.
The USF provides the developers with the
USF APIs to implement UICC applications us-
ing the USF Engines. All interfaces and classes
of the USF Engines are currently designed to be
accessible from the UICC applications via the
USF APIs. The mobile service applications usu-
ally can access the UICC via the interface APIs
supported by terminal OS. Then, these applica-
tions can access applets and servlets developed
based on the USF via these APIs for requests to
and responses from the USF.
The USF Engines, the core of USF, can be
accessible from mobile service applications via
applets or servlets which implement using USF
APIs. This external communication between UICC
and terminal can be achieved via interfaces, ISO
or USB interface and interface APIs supported by
terminal OS, respectively. The USF Engines are
interfacing only with the PAL for processing the
incoming requests from the UICC applications
internally. The interworking among USF Engines
can also happen in some cases. For instance, when
the RI (Right Issuer)'s certificate is verified for
DRM-based UICC applications, the DRM Engine
can interwork with the PKI Engine for PKI-related
operations. In the architecture of the USF Engines,
the PKI Engine is the base engine since all other
security operations of DRM and SC Engines need
to use the operations of the PKI Engine. However,
the Anti-Virus Engine may not be interworking
with other Engines.
For management of the USF, the interworking
with USF Management Infrastructures (UMI),
parts of FMC service infrastructures should be
implemented to update virus signatures and man-
age certificates and DRM ROs (Right Objects) as
depicted in Figure 6.
The USF Engines usually consist of a number
of functional handlers, modules and parsers for
the object oriented implementations and the ease
of the management.
The PKI Engine provides the functionalities
related to the certificates. The PKCS series
operations, the generation and verification of
the digital signatures, the management of the
certificates and other PKI-related operations can
be performed by this Engine. It mainly consists
of ASN.1 handler, X.509 handler, CMP handler,
OCSP handler and PKCS modules. By facilitat-
ing the handlers of ASN.1 and X.509, parsing of
the certificate is performed. The PKCS modules
are implemented to support the PKCS #1, #5, #8,
#10 and #12. The CMP and OCSP handlers are
related to processing of the protocols for com-
municating with the management servers. The
role of the PKI Engine for these two protocols is
to perform only the security-related operations.
Therefore, the CMP handler is implemented to
Search WWH ::
Custom Search