1. SE abstraction scenarios Group Name: SEC Source: Claus Dietze, Giesecke & Devrient Meeting Date: 2015-03-23 Agenda Item: WI SE abstraction

2. Introduction Intention: clarification on scenarios relevant for SE abstraction WI This contribution tries to map oneM2M architecture with security scenarios © 2014 oneM2M Partners 2

3. Recap: Security Architecture © 2014 oneM2M Partners 3

4. Scenario 1 Mas ≠ Mcs ? Mas / Mcs: provides a set of abstraction functions (API) CSE split into CSE services and Security Services provided by the CSE_SEC CSE_SEC contains the Secure Environment and realizes the physical connection to the SE (SE dependent) CSE_SEC provides the logical abstraction layer (via MAS and Mcs) and the Host SW/HW to connect to the SE © 2014 oneM2M Partners 4 Dedicated Secure Environment that provides generic security services and resources to AE and CSE

5. Scenario 2 AE running inside the SE realization of AE interface to SE (API...) is SE specific no need to specify Mas within oneM2M Mcs for security services used by other CSEs  needed? © 2014 oneM2M Partners 5 Dedicated Secure Environment holding the AE that also has direct access to generic or AE specific security services and resources

6. Scenario 3 AE_SEC running inside the SE AE_SEC to AE (Maa) AE_SEC contains security application logic (uses CSE_SEC) © 2014 oneM2M Partners 6 Secure Environment holding parts of the AE and the CSE

7. Conclusion AEs can reside within the SE completely or partly CSE may need to be split into a Security part CSE_SEC and the remaining common services SE dedicated resources and functions (services) need to be defined one (two?) new reference points are needed are there more scenarios? © 2014 oneM2M Partners 7