Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview & Definitions for Downloadable Credentials 1 S10-20110926-013 3GPP2 TSG-S WG1 Source: Sprint, US Cellular, Motorola Mobility, Qualcomm Contact(s):

Published byDorothy Morgan Modified over 8 years ago

Similar presentations

Presentation on theme: "Overview & Definitions for Downloadable Credentials 1 S10-20110926-013 3GPP2 TSG-S WG1 Source: Sprint, US Cellular, Motorola Mobility, Qualcomm Contact(s):"— Presentation transcript:

1 Overview & Definitions for Downloadable Credentials 1 S10-20110926-013 3GPP2 TSG-S WG1 Source: Sprint, US Cellular, Motorola Mobility, Qualcomm Contact(s): Bonnie Chen, Bonnie.Chen@sprint.comBonnie.Chen@sprint.com Sebastian Thalanany, Sebastian.Thalanany@uscellular.comSebastian.Thalanany@uscellular.com Doris He, doris.he@motorola.comdoris.he@motorola.com Anand Palanigounder, apg@qualcomm.comapg@qualcomm.com Recommendation: For Discussion & Decision Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. Contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. Contributors specifically reserve the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above.

2 Background 3GPP2 has agreed on a work item to develop systems requirements for Downloadable Credentials (see WI-00294)WI-00294 The scope of this WI is to develop systems requirements to remotely download and manage credentials & other subscription related information required for the operation of cdma2000 devices (including support for embedded UICCs) – i.e., download and manage data set and functions equivalent to UIM, R-UIM, CSIM, USIM and ISIM applications (also known as Network Access Applications or NAAs) – Examples of cdma2000 Credentials include, but not limited to, subscription identifiers (e.g., MIN/IMSI, etc) associated security keys (e.g., A-key, K, etc) associated authentication algorithms (e.g., CAVE, AKA “f” functions) Also, called Network Access Credentials Once requirements are agreed in TSG-S, it may be used – As a basis for any further work in other TSGs as needed – Liaise 3GPP2 requirements to other organizations developing standards in this area as needed (e.g., ETSI SCP for eUICC) Purpose of this contribution: – Introduce and adopt the proposed definitions & the high-level concepts NOTE: An attempt is made to align terminology where possible with in ETSI SCP (based on the current status in SCP) but not guaranteed to be identical 2

3 Definitions (1) 3 TermDefinition DeviceA cdma2000 end-point of a communication link that requires connectivity from a mobile network. It contains a Secure Environment (SecEnv) for storing network access credentials and other information required for accessing services provided by the Mobile Network Operator (MNO). SubscriberAn entity who has a subscription with a mobile access service provider, such as the MNO. UserA user is any person who is authorized to initiate subscription related management operations on the Device (e.g., load or delete Profiles). Mobile Network Operator (MNO) An entity that authorizes and provides communication services to a Device using a mobile network, such as the cdma2000 network.

4 Definitions (2) 4 TermDefinition Network Access Application (NAA) An application, issued by an MNO, that runs within a SecEnv on a Device that enables access to services offered by the MNO. Examples of NAA include UIM, R-UIM, USIM, CSIM or ISIM. Embedded UICC (eUICC) A UICC which hosts the NAAs and supports remote management of the NAAs. Depending on the form factor, a eUICC may not be easily accessible or replaceable from the Device. Secure Environment (SecEnv) A logical entity within a Device that provides secure storage and execution environment that is trusted by the MNO to host the NAAs. SecEnv may be realized using any suitable platform or form factors, such as a eUICC, or eUICC functions integrated into the Device itself.

5 Definitions (3) 5 TermDefinition ProfileA Profile is a set of data (e.g., MMSS) and applications (including NAAs), specific to an MNO, which is used by the Device to obtain services from that MNO. Operational Profile A Profile associated with an Operational Subscription. Operational Subscription Subscription, with its associated Profile, that enables a Device to access a mobile network for the purpose of accessing connectivity and other related services from an MNO and optionally for the management of Profiles. Provisioning Profile A Profile used to enable a Device to access a controlled cellular access network for the purpose of managing other Profile(s). A Provisioning Profile is optional and is not required if the Device can get the connectivity to the SM by other means. Subscription Manager (SM) A functional entity in the network that manages the Profiles in the SecEnv. An SM can be either an MNO or an entity trusted by the MNO (e.g., MVNO or M2M Service Provider) to manage the Profiles on behalf of the MNO.

6 Definitions (4) 6 TermDefinition ProvisioningThe process of loading a profile into a SecEnv. SubscriptionA commercial relationship for the supply of services between the Subscriber and the Service Provider. Provisioning Subscription Subscription, with its associated Profile, that enables a Device to access a mobile network for the purpose of management of other Profiles in the SecEnv. Profile Management Operations performed on a Profile. At a minimum, these include operations such as load, modify, delete, enable, disable, activate, and deactivate. Policy Control Function Set of rules defined by the MNO that controls the management of the SecEnv and the Profiles. NOTE: This term is different from PCF used in the context of PCRF.

7 TermDefinition SecEnv Access Credentials Data required to exist within a SecEnv so that a secured communication can be set up between an external entity and the SecEnv in order to manage the profiles on the SecEnv. Profile Access Credentials Data required to exist within a Profile so that secured communication can be set up between an external entity and the SecEnv in order to manage that Profile’s structure and its data. Network Access Credentials Data required to exist within a Profile so that it can authenticate to a Mobile Network, this may include data such as algorithms, Ki/K/A-key, and IMSI/MIN stored within a NAA. Enable ProfileThe process of marking a Profile in a SecEnv so that it is available to be activated. Disable ProfileThe process of marking a Profile in a SecEnv so that it is not available to be activated. Activate ProfileThe process of selecting a Profile in a SecEnv for use by the Device. Deactivate Profile The process of de-selecting a Profile in a SecEnv from use by the Device. Definitions (5) 7

8 TermDefinition Load ProfileThe process of adding a Profile into a SecEnv. Delete ProfileThe process of purging a Profile from a SecEnv. Definitions (6) 8

9 Provisioning Lifecycle 9

10 SecEnv Overview 10 Proprietary Implementation Profile Management Active Profile Policy Control Function SecEnv Abstraction Layer SecEnv Access Credentials SecEnv Platform Inactive Operational Profile Profile Access Credentials Inactive Operational Profile Profile Access Credentials Inactive Provisioning Profile Profile Access Credentials Inactive Provisioning Profile Profile Access Credentials

11 SecEnv Properties (1) All SecEnvs provide a uniform SecEnv Abstraction Layer – Goal is to allow a Profile to be developed for SecEnvs from any manufacturer – It isolates the proprietary implementations of each SecEnv manufacturer A SecEnv contains Profile Management functionality, including certain Policy Control functionality and SecEnv Access Credentials 11

12 SecEnv Properties (2) A SecEnv contains one set of SecEnv Access Credentials – These should be unique per SecEnv – There should not be a need to change them A SecEnv may contain zero or more Operational Profiles A SecEnv may contain zero or more Provisioning Profiles 12

13 SecEnv Properties (3) Only one Profile is Active at any given time – Profile can be either Operational or Provisional Profile If there are no active Operational or Provisioning Profiles, then the SecEnv Access Credentials can be used to load a Profile 13

14 Profiles States A Profile is in one of the following states: – Enabled, Active (only one) – Enabled, Inactive Device can see Profiles in this state and activate them (if allowed by policy) – Disabled, Inactive (default state when loaded) Device will not see Profiles in this state 14

15 Profile Management A Profile should be “opaque” to the Profile Management Protocol Profile State Transitions may be controlled by the Policy Control Function – Some transitions may be restricted by operator policy Activating a Profile automatically inactivates the current active profile 15

16 Operational Profile Provisioning Provisioning of an Operational Profile (OP) can occur via: – A non-NAA network Network that does not require a device having an NAA to gain access to the network – Does not require a Provisioning Profile (PP) for provisioning – E.g., CDMA2000 (with possible enhancements), WLAN, etc. – An NAA network Network that requires a device to have an NAA to gain access the network – Requires a Provisioning Profile (PP) for provisioning 16

17 Provisioning via a Non-NAA Network 17 Device Non-NAA Network Profile Management Protocol SecEnv OP Subscription Manager Subscription Manager

18 Provisioning via a NAA Network 18 Device NAA Network Profile Management Protocol SecEnv PP OP Subscription Manager Subscription Manager

19 Proposal Discuss and adopt the concepts and definitions into the Systems Requirements document 19

Download ppt "Overview & Definitions for Downloadable Credentials 1 S10-20110926-013 3GPP2 TSG-S WG1 Source: Sprint, US Cellular, Motorola Mobility, Qualcomm Contact(s):"

Similar presentations

Binding of cdma2000 access subscription with specific device(s) 3GPP2 TSG-S WG4 S40-20120416-005 Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,

Binding of cdma2000 access subscription with specific device(s) 3GPP2 TSG-S WG4 S Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,
Use cases for Device Binding 3GPP2 TSG-S WG4 S40-20120725-002 Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,

Use cases for Device Binding 3GPP2 TSG-S WG4 S Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,
Page 1 Title: Traffic Detection Function Extensions for cdma2000 1x and HRPD Networks Sources: Qualcomm Contact: George Cherian

Page 1 Title: Traffic Detection Function Extensions for cdma2000 1x and HRPD Networks Sources: Qualcomm Contact: George Cherian
Mobile IPv4 FA CoA Support in WLAN Interworking Raymond Hsu, Qualcomm Inc., Sanket S. Nesargi, Nortel, Nanying Yin,

Mobile IPv4 FA CoA Support in WLAN Interworking Raymond Hsu, Qualcomm Inc., Sanket S. Nesargi, Nortel, Nanying Yin,
IP Connectivity for E911 in HRPD/PDS Networks Page 1 IP Connectivity for Emergency Calls in HRPD/PDS Networks 3GPP2 Meeting, 1/07 IP Connectivity for Emergency.

IP Connectivity for E911 in HRPD/PDS Networks Page 1 IP Connectivity for Emergency Calls in HRPD/PDS Networks 3GPP2 Meeting, 1/07 IP Connectivity for Emergency.
XHRPD Example Scenario for MSS Masa Shirota Qualcomm Inc. July 15, 2014 3GPP2 Dalian Meeting Recommendation: FYI Notice QUALCOMM Incorporated grants a.

XHRPD Example Scenario for MSS Masa Shirota Qualcomm Inc. July 15, GPP2 Dalian Meeting Recommendation: FYI Notice QUALCOMM Incorporated grants a.
Summary of 3GPP TR 33.868 3GPP2 TSG-S WG4 S40-20120725-003 Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,

Summary of 3GPP TR GPP2 TSG-S WG4 S Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,
3GPP2 A30-20110907-008r0 3GPP2 C20-20110926-xxxr0 TSG-A WG3 and TSG-C WG2 Title: HRPD Redirect on EPC Unavailable Source: Mike DolanAlcatel-Lucent Dave.

3GPP2 A r0 3GPP2 C xxxr0 TSG-A WG3 and TSG-C WG2 Title: HRPD Redirect on EPC Unavailable Source: Mike DolanAlcatel-Lucent Dave.
1 IP Service Authorization Support and Mobility Selection for X.S0011-E Source: QUALCOMM Inc.: Masa Shirota, George Cherian, Jun Wang,

1 IP Service Authorization Support and Mobility Selection for X.S0011-E Source: QUALCOMM Inc.: Masa Shirota, George Cherian, Jun Wang,
Proposed High Level Solution for Device Binding 3GPP2 TSG-SX WG4 SX40-20130501-001 Source: Qualcomm Incorporated and Alcatel-Lucent Contact(s): Anand Palanigounder,

Proposed High Level Solution for Device Binding 3GPP2 TSG-SX WG4 SX Source: Qualcomm Incorporated and Alcatel-Lucent Contact(s): Anand Palanigounder,
1 Title: TDF support in cdma2000 1x and HRPD Networks Sources: China Telecom, ZTE, Huawei Contact: CT: Heng Nie ( ), Congjie Mao(

1 Title: TDF support in cdma2000 1x and HRPD Networks Sources: China Telecom, ZTE, Huawei Contact: CT: Heng Nie ( ), Congjie Mao(
1 Title: Need for the Message Integrity of User traffic Abstract: From both: competitive and security standpoints, UMB standard should add the option of.

1 Title: Need for the Message Integrity of User traffic Abstract: From both: competitive and security standpoints, UMB standard should add the option of.
1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.

1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.
1 cdma2000® Data Service Transition to NULL Support Jun Wang Ravi Patwardhan June 5, 2003 Recommendation -

1 cdma2000® Data Service Transition to NULL Support Jun Wang Ravi Patwardhan June 5, 2003 Recommendation -
© Alcatel-Lucent 2010 1 | M2M Numbering | April 12, 2010 3GPP2 M2M-20100412-004 TITLE Numbering in 3GPP2 for M2MSOURCE Mike Dolan, Alcatel-Lucent, Mike.

© Alcatel-Lucent | M2M Numbering | April 12, GPP2 M2M TITLE Numbering in 3GPP2 for M2MSOURCE Mike Dolan, Alcatel-Lucent, Mike.
1x Device Binding Framework Overview to TSG-AC 3GPP2 TSG-AC AC00-20130603-027 Source: TSG-SX WG4 Contact(s): Anand Palanigounder,

1x Device Binding Framework Overview to TSG-AC 3GPP2 TSG-AC AC Source: TSG-SX WG4 Contact(s): Anand Palanigounder,
Revised Solution for Device Binding Revised from S40-20121003-001 3GPP2 TSG-SX WG4 SX40-20130321-002 Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,

Revised Solution for Device Binding Revised from S GPP2 TSG-SX WG4 SX Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,
Broadcast Area Based Management for BCMCS Quanzhong Gao Weidong Wu 04/05/2005.

Broadcast Area Based Management for BCMCS Quanzhong Gao Weidong Wu 04/05/2005.
Security Framework for (e)HRPD 1 S40-20100621-005 3GPP2 TSG-S WG4 Source: QUALCOMM Incorporated Contact(s): Anand Palanigounder

Security Framework for (e)HRPD 1 S GPP2 TSG-S WG4 Source: QUALCOMM Incorporated Contact(s): Anand Palanigounder
IP Packet Tunneling and Routing in UMB March 26 th, 2007 Qualcomm/Alcatel-Lucent/Hitachi Notice Contributors grant a free, irrevocable license to 3GPP2.

IP Packet Tunneling and Routing in UMB March 26 th, 2007 Qualcomm/Alcatel-Lucent/Hitachi Notice Contributors grant a free, irrevocable license to 3GPP2.

Similar presentations

Ads by Google