Overview & Definitions for Downloadable Credentials 1 S GPP2 TSG-S WG1 Source: Sprint, US Cellular, Motorola Mobility, Qualcomm Contact(s): Bonnie Chen, Sebastian Thalanany, Doris He, Anand Palanigounder, Recommendation: For Discussion & Decision Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. Contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. Contributors specifically reserve the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above.
Background 3GPP2 has agreed on a work item to develop systems requirements for Downloadable Credentials (see WI-00294)WI The scope of this WI is to develop systems requirements to remotely download and manage credentials & other subscription related information required for the operation of cdma2000 devices (including support for embedded UICCs) – i.e., download and manage data set and functions equivalent to UIM, R-UIM, CSIM, USIM and ISIM applications (also known as Network Access Applications or NAAs) – Examples of cdma2000 Credentials include, but not limited to, subscription identifiers (e.g., MIN/IMSI, etc) associated security keys (e.g., A-key, K, etc) associated authentication algorithms (e.g., CAVE, AKA “f” functions) Also, called Network Access Credentials Once requirements are agreed in TSG-S, it may be used – As a basis for any further work in other TSGs as needed – Liaise 3GPP2 requirements to other organizations developing standards in this area as needed (e.g., ETSI SCP for eUICC) Purpose of this contribution: – Introduce and adopt the proposed definitions & the high-level concepts NOTE: An attempt is made to align terminology where possible with in ETSI SCP (based on the current status in SCP) but not guaranteed to be identical 2
Definitions (1) 3 TermDefinition DeviceA cdma2000 end-point of a communication link that requires connectivity from a mobile network. It contains a Secure Environment (SecEnv) for storing network access credentials and other information required for accessing services provided by the Mobile Network Operator (MNO). SubscriberAn entity who has a subscription with a mobile access service provider, such as the MNO. UserA user is any person who is authorized to initiate subscription related management operations on the Device (e.g., load or delete Profiles). Mobile Network Operator (MNO) An entity that authorizes and provides communication services to a Device using a mobile network, such as the cdma2000 network.
Definitions (2) 4 TermDefinition Network Access Application (NAA) An application, issued by an MNO, that runs within a SecEnv on a Device that enables access to services offered by the MNO. Examples of NAA include UIM, R-UIM, USIM, CSIM or ISIM. Embedded UICC (eUICC) A UICC which hosts the NAAs and supports remote management of the NAAs. Depending on the form factor, a eUICC may not be easily accessible or replaceable from the Device. Secure Environment (SecEnv) A logical entity within a Device that provides secure storage and execution environment that is trusted by the MNO to host the NAAs. SecEnv may be realized using any suitable platform or form factors, such as a eUICC, or eUICC functions integrated into the Device itself.
Definitions (3) 5 TermDefinition ProfileA Profile is a set of data (e.g., MMSS) and applications (including NAAs), specific to an MNO, which is used by the Device to obtain services from that MNO. Operational Profile A Profile associated with an Operational Subscription. Operational Subscription Subscription, with its associated Profile, that enables a Device to access a mobile network for the purpose of accessing connectivity and other related services from an MNO and optionally for the management of Profiles. Provisioning Profile A Profile used to enable a Device to access a controlled cellular access network for the purpose of managing other Profile(s). A Provisioning Profile is optional and is not required if the Device can get the connectivity to the SM by other means. Subscription Manager (SM) A functional entity in the network that manages the Profiles in the SecEnv. An SM can be either an MNO or an entity trusted by the MNO (e.g., MVNO or M2M Service Provider) to manage the Profiles on behalf of the MNO.
Definitions (4) 6 TermDefinition ProvisioningThe process of loading a profile into a SecEnv. SubscriptionA commercial relationship for the supply of services between the Subscriber and the Service Provider. Provisioning Subscription Subscription, with its associated Profile, that enables a Device to access a mobile network for the purpose of management of other Profiles in the SecEnv. Profile Management Operations performed on a Profile. At a minimum, these include operations such as load, modify, delete, enable, disable, activate, and deactivate. Policy Control Function Set of rules defined by the MNO that controls the management of the SecEnv and the Profiles. NOTE: This term is different from PCF used in the context of PCRF.
TermDefinition SecEnv Access Credentials Data required to exist within a SecEnv so that a secured communication can be set up between an external entity and the SecEnv in order to manage the profiles on the SecEnv. Profile Access Credentials Data required to exist within a Profile so that secured communication can be set up between an external entity and the SecEnv in order to manage that Profile’s structure and its data. Network Access Credentials Data required to exist within a Profile so that it can authenticate to a Mobile Network, this may include data such as algorithms, Ki/K/A-key, and IMSI/MIN stored within a NAA. Enable ProfileThe process of marking a Profile in a SecEnv so that it is available to be activated. Disable ProfileThe process of marking a Profile in a SecEnv so that it is not available to be activated. Activate ProfileThe process of selecting a Profile in a SecEnv for use by the Device. Deactivate Profile The process of de-selecting a Profile in a SecEnv from use by the Device. Definitions (5) 7
TermDefinition Load ProfileThe process of adding a Profile into a SecEnv. Delete ProfileThe process of purging a Profile from a SecEnv. Definitions (6) 8
Provisioning Lifecycle 9
SecEnv Overview 10 Proprietary Implementation Profile Management Active Profile Policy Control Function SecEnv Abstraction Layer SecEnv Access Credentials SecEnv Platform Inactive Operational Profile Profile Access Credentials Inactive Operational Profile Profile Access Credentials Inactive Provisioning Profile Profile Access Credentials Inactive Provisioning Profile Profile Access Credentials
SecEnv Properties (1) All SecEnvs provide a uniform SecEnv Abstraction Layer – Goal is to allow a Profile to be developed for SecEnvs from any manufacturer – It isolates the proprietary implementations of each SecEnv manufacturer A SecEnv contains Profile Management functionality, including certain Policy Control functionality and SecEnv Access Credentials 11
SecEnv Properties (2) A SecEnv contains one set of SecEnv Access Credentials – These should be unique per SecEnv – There should not be a need to change them A SecEnv may contain zero or more Operational Profiles A SecEnv may contain zero or more Provisioning Profiles 12
SecEnv Properties (3) Only one Profile is Active at any given time – Profile can be either Operational or Provisional Profile If there are no active Operational or Provisioning Profiles, then the SecEnv Access Credentials can be used to load a Profile 13
Profiles States A Profile is in one of the following states: – Enabled, Active (only one) – Enabled, Inactive Device can see Profiles in this state and activate them (if allowed by policy) – Disabled, Inactive (default state when loaded) Device will not see Profiles in this state 14
Profile Management A Profile should be “opaque” to the Profile Management Protocol Profile State Transitions may be controlled by the Policy Control Function – Some transitions may be restricted by operator policy Activating a Profile automatically inactivates the current active profile 15
Operational Profile Provisioning Provisioning of an Operational Profile (OP) can occur via: – A non-NAA network Network that does not require a device having an NAA to gain access to the network – Does not require a Provisioning Profile (PP) for provisioning – E.g., CDMA2000 (with possible enhancements), WLAN, etc. – An NAA network Network that requires a device to have an NAA to gain access the network – Requires a Provisioning Profile (PP) for provisioning 16
Provisioning via a Non-NAA Network 17 Device Non-NAA Network Profile Management Protocol SecEnv OP Subscription Manager Subscription Manager
Provisioning via a NAA Network 18 Device NAA Network Profile Management Protocol SecEnv PP OP Subscription Manager Subscription Manager
Proposal Discuss and adopt the concepts and definitions into the Systems Requirements document 19