SA3LI12_074

advertisement
3GPP/SA3-LI#46
Quebec City, Canada
July17-19 2012
Tdoc SA3LI12_074
Embedded UICC
Remote Provisioning Discussion
Source: Rogers Wireless
Contact: Ed O’Leary (ed.oleary@rci.rogers.com),
George Babut (gbabut@rci.rogers.com)
Introduction
• This document provides information regarding
existing deployments and future deployments
of remote provisioning and Embedded UICC
• It provides some regulatory concerns and
specific LI concerns for the currently
envisioned deployments
A brief History
•
M2M study concludes that
– Smaller UICC required for Embedded Devices
– Non removal
– Remote provisioning of UICC required (embedded UICC)
•
Dutch consumer Affairs, determines that m2m may provide anti competitive front
for incumbent MNO.
–
•
Brazilian Government wants easy access for users, multi-profiled SIM
–
–
•
•
Inability to change subscription
MNO policies on termination, and or start of service
Social policy to improve communication infrastructure, access Broadband
Smart Phones Vendors eye opportunity to become virtual MNO, via remote
provisioning
ITU floats idea on new MCC or MNC codes for M2M device
Standards
• Several groups start addressing the issue
– GSMA
– SIM Alliance
– Standards
• ETSI
– SCP
– M2M
•
•
•
•
3GPP
TIA
ATIS
Formation later this year of Onem2m, new partnership program with
other interest groups and stakeholders http://onem2m.org/
• Global Platforms
MNO Impetus
•
Declining activations and revenue
– Saturated markets, Regulatory policy
– These are key market indicators
•
All IP networks coming on line
– New capabilities, new economic models
– Internet of Things, forecast 10X increase in subscriptions
•
5th 6th generations devices, are smaller.
– Embedded device into electronic
•
Threat to current Business models
– M2M – current focus
– Smart Phones – some vendor focus
•
Four models
–
–
–
–
MNO build out
Vendor Build out/ operated supported by MNO/ MNOs
Third party MNO hosted
MNO build out supported by Third party HLR (MNO ) and Billing
MNO focus
• Today the eUICC focus is on M2M only, however it is
expected to rapidly move to smart phones
• Operators need time to revamp back end business
systems that support activations of smart phones
using eUICC
– ordering, inventory management, commissions, tracking
warehousing, prepaid, billing, customer care, Multiple Sim
vendors, certification …..
• Operators focusing on the business rules,
architecture and interconnection requirements for
M2M
UICC Vendor Impetus
• Ownership of UICC changing
– Potential to sell services to M2M device, M2M vendor,
M2M aggregator, and the M2M user
– User apps, eg electronic car VIN, auth key to start, engine
app (settings)
– Anything requiring the security a SIM card provides
– Inventory and management of cards
• Batches per MNO
• Batches to fewer MNO with high volumes lowers costs
– Open up new relationships to device vendors and
MNO
UICC Vendor Focus
• New Architectures for provisioning
– New revenues
•
•
•
•
Provisioning and re-provisioning from operators
lease of space on eUICC for third party apps
Subscription Management functions
Subscription preparations functions
– Lower cost
• Smaller form factors, more chips per die
• Higher run and volume production
– Security model
M2M vendor impetus
• Remote activation of devices
– Can be tied to payment and commissions
• Reduced costs
– Size of pluggable SIM, and its receiving connector
– Inventory, management for operators
• Reduced foot print, access to more devices
– Competition with WIFI access in device
• Camera, printers, eHealth
M2M Vendor Focus
• Cost reductions
– Component parts
• Reduced Carrier testing/ interop
– Donor MNO only
• Size reductions
– Open up new markets for embedded devices
Smart Phone Vendor Impetus
• Virtual MNO, can hide the operator from the
consumer, just manage access, cellular WiFi
etc
• Smaller foot print allows more room for
MIMO antennas, required for greater data
rates
• Installation of their own apps, protect SN,
IMEID, boot keys, NFC wallets, password and
keys for services
Smart Phone Vendor Focus
• Unknown,
– there have been attempts at Secure Elements in
the past
– ongoing battle with MNO on Branding,
• SIM provides access and control over some features in
the device, ie access to Fax and CS Data
– Shrinking revenue pie
Deployments
• Jasper
– A MNO which utilizing their HLR or hosting the MNO M2M HLR and
providing a unique Billing options provide third party MNO m2m
services
• Control, and Billing not very well supported in existing MNO service
complex’s
– Many m2m devices to one customer
– Specific pricing plans for low data rates or off hr usage
Deployments
Some examples
– http://m2m.vodafone.com/home/
– ttp://www.telenorconnexion.com/
– http://www.business.att.com/enterprise/Family/mobilityservices/machine-to-machine/
– http://www.rogersm2mbusiness.com/on/en/m2m-solutions
– http://www.orange-business.com/en/mnc2/themes/m2m/
– http://m2m.telekom.com/
Current M2M services
• Cars
– Telematics, and E Call, aka GM Onstar
• Remote kill, start, door open, tracking,
• E-readers and Tablets
– Pre installed embedded devices, awaiting
activation of mobile services
• eHealth and mHealth coming
Current thinking
• As supported in various organizations
– When an m2m device is shipped and installed it needs to have
credentials to access the network, in order to be provisioned to a
servicing MNO
– This requires a Donor MNO to provide the initial credentials that are
shipped in the embedded device, and then a means to install new
credentials from the serving MNO
– This model uses the exiting networks without changes
• Supports old networks and new
• Does not require new means and methods to hotline and provision devices which
would require upgrades to some networks that will see capital investment frozen
until the technology is sunseted
• Requires a change to the eUICC to support remote provisioning, but it is changing
anyways.
Current thinking
• The eUICC or a network entity may allow or
control multiple profiles within the eUICC
– Provisioning profile, MNO profiles
– Only one will be active at a time.
• May be required for regulatory reasons, (Brazil)
• May provide redundancy for critical infrastructure (SCP
REC Use case)
– The M2M device is not supposed to active a new
profile on its own
Current thinking
• UICC can support
multiple applications
– SIM
– ISM
– USIM
• In a NFC model
– MNO supporting many
applications and digital
wallets and applications,
including 3 party apps
Others
EMV
USIM
(U)SAT
Phonebook
UICC
USIM
SIM
NFC
Electronic
Purse
One possible envision
Security domain controlled by some entity (SM-SR/ Donor MNO)
Profile Management system that provides access to MNO and their applications
Digital lockers for other applications
All lockers are isolated from one and another
And for something completely
different
• An now some discussion on regulatory issues
and LI
Critical Infrastructure
• “Critical infrastructure refers to processes, systems,
facilities, technologies, networks, assets and services
essential to the health, safety, security or economic wellbeing of Canadians and the effective functioning of
government.
• Critical infrastructure can be stand-alone or interconnected
and interdependent within and across provinces, territories
and national borders. Disruptions of critical infrastructure
could result in catastrophic loss of life, adverse economic
effects and significant harm to public confidence”.
• http://www.publicsafety.gc.ca/prg/ns/ci/index-eng.aspx
Critical Infrastructure
• In Canada Rogers, Bell, Telus have been
designated Critical Infrastructure
• Currently under ISO 27000 like Cyber Security
Assessment and risk assessment on ability to
offer telecommunication to Canadians
• In US a new bill was introduced into the Senate
Feb 2012, “The Cybersecurity Act of 2012” which
outlines similar risk assessments
– Yet to be passed into law
• In Europe : Mandate M/487 to Establish Security
Standards
Critical Infrastructure
• Other governments are in the process of such
actions
• Why
– Recent attacks of Stuxnet on essential M2M devices
– 2003 Black out in Northeast North America
• Highlighted Hydro grid, and Smart grid reliability and its
consequences on the public
• Banking, cellular, gas pumps, transportation all affected
– Standstill of economy and people
– Threat to the digital economy
High level architecture proposal
Source (ETSI SCP 11 0101)
Critical Infrastructure
• Source of the eUICC
– Since the device vendor can source the eUICC,
some countries may have issues with its origin
– Some countries may require their m2m device
vendors to source locally
– It not clear yet how the eUICC will be identified in
this regards
– A certification process is anticipated
Critical Infrastructure
• Issues
– Location of SM-SR (Subscription managementSecure Routing)
• Would likely be required to reside in Canada, under
Canadian control
– Removes the risk of outside influences
» Governments
» Disasters
» Cyber attacks on specific countries
• Profile management
– Changing MNO profiles during a warrant
Critical Infrastructure
• Provisioning profile
– May have the same constraints as the location of SMSR
• Ie an attack on the provisioning Profile holder may cripple
service, activations and telecommunications in Canada
• Attack on DNS servers can do the same thing
– (VPN and or dedicated facilities (current SS7))
– May be at business odds, ie competitor or roaming
partner
• Runs into anti competitive behaviours
– Likely to be a Canadian Entity controlled
• Yet to be addressed by regulatory
Anonymous Emergency Call
Most countries now require a subscription or proof of identity when
purchasing Prepaid phones, SIM cards to stem the rash of E call, prank or
otherwise
– A donor MNO may or may not have a MSISDN
– It may appear to be anonymous to Public Safety
• It may violate existing rules and laws (identification of the user to the device)
references
– USA proposal S.3427 -- Pre-Paid Mobile Device Identification Act (Introduced
in Senate - IS) 2009- 2010 believe the carriers implement a policy without the
Bill passing
– Canada report (2006) on OECD countries, Simon Frazier University, However
department does not exist anymore so links to those web pages are broken
Anonymous Emergency Call
• From Canada Paper, Registration required
as of 2006
Cited Regs
Switzerland
South Africa
Slovak Republic
Japan
Italy
Hungary
Germany
Telecom act sect 111 June 22
2004
France
Australia
1997 telecom act
Legal Intercept
• To be considered if the SM-SR controls profiles, and multiple
profiles
• The SM-SR is a TSP and is subject to legal interception.
• The SM-SR will know which profile is active and which profiles are
loaded
– It may be required to provide profiles and which one is active.
– It forces an issue with dynamic updating, not currently supported in
some jurisdictions, in Europe , Dynamic triggers would allow the
seamless capture, only if the SM-SR signals the change of profile to
LEA
• The SM-SR may be required to provide additional information
– If the SM-SR has a view on the applications or wallets in the profiles, it
is required to report that, and may be required to supply crypto keys it
has.
• These provide Operational considerations
Legal Intercept
• If the Donor MNO allows multiple Profiles to be stored on the
device and to be able to active them when they chose.
– No indication when the profile changes
– If the Donor is foreign , no Dynamic triggering or other means to alert
LEA of a change in MNO
• If the device appears as permanent roamer,
– it may roam on all MNO’s based on the roaming algorithms
established in the device until a local MNO is provisioned
• The Donor MNO may provide Trial or full access to services
until a local MNO is provisioned
– Limited LEA access
Wireless Number portability
• Legislation enacted to protect the consumer
– Retain same MSISDN while changing MNO
– These systems have not been included into the
architecture
• (some users may want to continue with this model, ie SCADA users
with modems)
– Standards have allowed for the M2M Control to move
outside the MNO control (MTC Server)
• New Addressing schemes being proposed to save on exhaustion of
E164 numbers
• Architecture does not support this
– New addressing
– MNO and MTIC provisioning
– Number portability between MTC-S and MNO
Privacy
• There will be issues with Privacy
– If SM-SR is a local or foreign entity, then some information is past as the
device is provisioned with new MNO credentials (old MNO, New MNO, IMSI/
E164 address pairs)
– If Donor MNO is a foreign entity, then some information is past as the device is
provisioned (pending the solution, the Donor MNO may have back door access
to the profiles)
– When re-provisioned, the Donor MNO is again involved with new MNO
– If the Donor is in country and the device moves to a competing MNO, the
Donor acquires market intelligence it would not otherwise have
– The EUICC vendor will also get information on each provision as it must
compile and provide the required profiles to be sent to the device
• Today the SIM vendor only knows IMSI ranges and file structures, but here it might pick up
m2m services, and any 3 party application that are installed
Privacy
• European commission
– Commission proposes a comprehensive reform of
the data protection rules (Jan 25 2012)
– Rules on how user data is handled internally and
aboard
Summary
• LI Issues
– While the Donor Profile is active, m2m device is roaming in the target
MNO network
• GPRS data is Encrypted
• Issues with forecast planning for capability and Global limits to issue
warrants
– If third party provisioned
• Device may be roaming,
• If data is sent back to MNO, then some LI information may be lost in the
Donor GGSN
• IP mapping to target address may be missing or not accessible
• Multiple copies (clear plus encrypted from MNO GGSN)
– Profile changes during a warrant
Reference material
Industry
•
http://www.digiworldsummit.com/2011/UserFiles/File/RUBON_JF_DWS2011.pdf
•
http://www.gi-de.com/gd_media/media/documents/complementary_material/smart__newsletter/smart02-2011_Subscription_Management.pdf
•
http://www.gemalto.com/php/pr_view.php?id=1179
•
http://www.cinterion.com/products-and-services/services-and-solutions/flexible-subscriptionmanagement.html
•
http://www.ericsson.com/res/thecompany/docs/publications/ericsson_review/2011/m2m_remotesubscri
ptions.pdf
•
http://www.gsma.com/connectedliving/embedded-sim/
•
http://www.gsma.com/connectedliving/wpcontent/uploads/2012/04/gsmaconnectingcarsthetechnologyroadmapv2.pdf
•
USA: Cyber Security Act 2012 http://www.hsgac.senate.gov/download/the-cybersecurity-act-of-2012-s2105
•
Mandate M/487 to Establish Security Standards, Final Report Phase 1, Analysis of the Current Security
Landscape
Reference material
3gpp
• TS 22.368
Service requirements for machine-type communications
• TR 23.888
Architectural Enhancements for machine-type communications
• TS 33.868
Security aspects of Machine-Type Communications
• TR 22.868
Study on facilitating machine to machine communication in 3GPP systems
• TR 33.812
Feasibility study on the security aspects of remote provisioning and change
of subscription for Machine to Machine (M2M) equipment (Release 9)
Reference material
ETSI
•
SCPREQ(11)0018_Embedded_SIM_Use_Cases_and_Requirements
•
SCPREQ(11)0019r1_WI_Embedded_SIM_Use_Cases_and_Requirements
•
SCPREQ(11)0061r1_Report_Approved_report_of_SCP_REQ_#29
•
SCPREQ(11)0072r7_Draft_Embedded_UICC_Requirements_Specification__agreed_skele
•
SCPREQ(11)0075r1_Multiple_Active_Profiles
•
SCPREQ(11)0078r2_High_Level_Architecture_for_eUICC_and_Remote_Provisioning
•
SCPREQ(11)0093_eUICC_Ecosystem_Presentation
•
SCPREQ(11)0101_embedded_UICC_high_level_architecture_and_principles_
•
ts_102689v010 Machine-to-Machine communications (M2M); M2M service requirements
OECD
•
OECD (2012), “Machine-to-Machine Communications: Connecting Billions of Devices”, OECD Digital
Economy Papers, No. 192, OECD Publishing. http://dx.doi.org/10.1787/5k9gsh2gp043-en
ECC
•
ECC RECOMMENDATION (11)03, NUMBERING AND ADDRESSING FOR MACHINE-TO-MACHINE (M2M)
COMMUNICATIONS
EUC
•
Commission proposes a comprehensive reform of the data protection rules (Jan 25 2012)
http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm
Reference material
SFU Link
• In Google
• www.sfu.ca/cprost/docs/GowPrivacyRightsPrepaidCommServices.pdf
• Quick view , the link below may not work due to the security tags
• https://docs.google.com/viewer?a=v&q=cache:6yyKzA4_GcJ:www.sfu.ca/cprost/docs/GowPrivacyRightsPrepaidCommServices.pdf+p
repaid+cell+phone+registration&hl=en&gl=ca&pid=bl&srcid=ADGEESgeFaWm0kngygCLsdbAPBFuO5dpMJ6DEP0zqdW-cToVbw9Z1BVvwg5GGq4LsxxFjXxJTPC4kkf_9jLCKJImr6lqqLapbyitpah9Ku9YTXk5gYglWQDNJ0JzZixDnB1v2K_RX&sig=AHIEtbTwvlkpAAJzL
58LkP3eQn5-bejQ5A
Download