Embedded UICC Remote Provisioning Discussion

Source: Rogers WirelessContact: Ed O’Leary (ed.oleary@rci.rogers.com), George Babut (gbabut@rci.rogers.com)

3GPP/SA3-LI#46 Tdoc SA3LI12_074Quebec City, CanadaJuly17-19 2012

Introduction

• This document provides information regarding existing deployments and future deployments of remote provisioning and Embedded UICC

• It provides some regulatory concerns and specific LI concerns for the currently envisioned deployments

A brief History• M2M study concludes that

– Smaller UICC required for Embedded Devices– Non removal– Remote provisioning of UICC required (embedded UICC)

• Dutch consumer Affairs, determines that m2m may provide anti competitive front for incumbent MNO.

– Inability to change subscription

• Brazilian Government wants easy access for users, multi-profiled SIM– MNO policies on termination, and or start of service– Social policy to improve communication infrastructure, access Broadband

• Smart Phones Vendors eye opportunity to become virtual MNO, via remote provisioning

• ITU floats idea on new MCC or MNC codes for M2M device

Standards

• Several groups start addressing the issue– GSMA– SIM Alliance– Standards

• ETSI – SCP– M2M

• 3GPP• TIA• ATIS • Formation later this year of Onem2m, new partnership program with

other interest groups and stakeholders http://onem2m.org/ • Global Platforms

MNO Impetus• Declining activations and revenue

– Saturated markets, Regulatory policy– These are key market indicators

• All IP networks coming on line– New capabilities, new economic models– Internet of Things, forecast 10X increase in subscriptions

• 5th 6th generations devices, are smaller.– Embedded device into electronic

• Threat to current Business models– M2M – current focus– Smart Phones – some vendor focus

• Four models– MNO build out– Vendor Build out/ operated supported by MNO/ MNOs– Third party MNO hosted– MNO build out supported by Third party HLR (MNO ) and Billing

MNO focus

• Today the eUICC focus is on M2M only, however it is expected to rapidly move to smart phones

• Operators need time to revamp back end business systems that support activations of smart phones using eUICC– ordering, inventory management, commissions, tracking

warehousing, prepaid, billing, customer care, Multiple Sim vendors, certification …..

• Operators focusing on the business rules, architecture and interconnection requirements for M2M

UICC Vendor Impetus

• Ownership of UICC changing– Potential to sell services to M2M device, M2M vendor,

M2M aggregator, and the M2M user– User apps, eg electronic car VIN, auth key to start, engine

app (settings)– Anything requiring the security a SIM card provides – Inventory and management of cards

• Batches per MNO• Batches to fewer MNO with high volumes lowers costs

– Open up new relationships to device vendors and MNO

UICC Vendor Focus

• New Architectures for provisioning– New revenues

• Provisioning and re-provisioning from operators• lease of space on eUICC for third party apps• Subscription Management functions• Subscription preparations functions

– Lower cost• Smaller form factors, more chips per die• Higher run and volume production

– Security model

M2M vendor impetus

• Remote activation of devices– Can be tied to payment and commissions

• Reduced costs– Size of pluggable SIM, and its receiving connector– Inventory, management for operators

• Reduced foot print, access to more devices– Competition with WIFI access in device

• Camera, printers, eHealth

M2M Vendor Focus

• Cost reductions– Component parts

• Reduced Carrier testing/ interop– Donor MNO only

• Size reductions– Open up new markets for embedded devices

Smart Phone Vendor Impetus

• Virtual MNO, can hide the operator from the consumer, just manage access, cellular WiFi etc

• Smaller foot print allows more room for MIMO antennas, required for greater data rates

• Installation of their own apps, protect SN, IMEID, boot keys, NFC wallets, password and keys for services

Smart Phone Vendor Focus

• Unknown, – there have been attempts at Secure Elements in

the past– ongoing battle with MNO on Branding,

• SIM provides access and control over some features in the device, ie access to Fax and CS Data

– Shrinking revenue pie

Deployments

• Jasper– A MNO which utilizing their HLR or hosting the MNO M2M HLR and

providing a unique Billing options provide third party MNO m2m services

• Control, and Billing not very well supported in existing MNO service complex’s

– Many m2m devices to one customer– Specific pricing plans for low data rates or off hr usage

Deployments

Some examples– http://m2m.vodafone.com/home/ – ttp://www.telenorconnexion.com/– http://www.business.att.com/enterprise/Family/mobility-services/ma

chine-to-machine/

– http://www.rogersm2mbusiness.com/on/en/m2m-solutions– http://www.orange-business.com/en/mnc2/themes/m2m/ – http://m2m.telekom.com/

Current M2M services

• Cars– Telematics, and E Call, aka GM Onstar

• Remote kill, start, door open, tracking,

• E-readers and Tablets– Pre installed embedded devices, awaiting

activation of mobile services

• eHealth and mHealth coming

Current thinking

• As supported in various organizations– When an m2m device is shipped and installed it needs to have

credentials to access the network, in order to be provisioned to a servicing MNO

– This requires a Donor MNO to provide the initial credentials that are shipped in the embedded device, and then a means to install new credentials from the serving MNO

– This model uses the exiting networks without changes• Supports old networks and new• Does not require new means and methods to hotline and provision devices which

would require upgrades to some networks that will see capital investment frozen until the technology is sunseted

• Requires a change to the eUICC to support remote provisioning, but it is changing anyways.

Current thinking

• The eUICC or a network entity may allow or control multiple profiles within the eUICC– Provisioning profile, MNO profiles– Only one will be active at a time.

• May be required for regulatory reasons, (Brazil)• May provide redundancy for critical infrastructure (SCP

REC Use case)

– The M2M device is not supposed to active a new profile on its own

Current thinking

• UICC can support multiple applications– SIM– ISM– USIM

• In a NFC model– MNO supporting many

applications and digital wallets and applications, including 3 party apps

USIM

UICC

Others

EMV

USIM SIM

ElectronicPurse

Phonebook

(U)SAT

NFC

One possible envision

Security domain controlled by some entity (SM-SR/ Donor MNO)Profile Management system that provides access to MNO and their applicationsDigital lockers for other applicationsAll lockers are isolated from one and another

And for something completely different

• An now some discussion on regulatory issues and LI

Critical Infrastructure• “Critical infrastructure refers to processes, systems,

facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of Canadians and the effective functioning of government.

• Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects and significant harm to public confidence”.

• http://www.publicsafety.gc.ca/prg/ns/ci/index-eng.aspx

Critical Infrastructure• In Canada Rogers, Bell, Telus have been

designated Critical Infrastructure• Currently under ISO 27000 like Cyber Security

Assessment and risk assessment on ability to offer telecommunication to Canadians

• In US a new bill was introduced into the Senate Feb 2012, “The Cybersecurity Act of 2012” which outlines similar risk assessments– Yet to be passed into law

• In Europe : Mandate M/487 to Establish Security Standards

Critical Infrastructure

• Other governments are in the process of such actions

• Why– Recent attacks of Stuxnet on essential M2M devices– 2003 Black out in Northeast North America

• Highlighted Hydro grid, and Smart grid reliability and its consequences on the public

• Banking, cellular, gas pumps, transportation all affected– Standstill of economy and people– Threat to the digital economy

High level architecture proposal

Source (ETSI SCP 11 0101)

Critical Infrastructure

• Source of the eUICC– Since the device vendor can source the eUICC,

some countries may have issues with its origin– Some countries may require their m2m device

vendors to source locally– It not clear yet how the eUICC will be identified in

this regards– A certification process is anticipated

Critical Infrastructure

• Issues– Location of SM-SR (Subscription management-

Secure Routing)• Would likely be required to reside in Canada, under

Canadian control– Removes the risk of outside influences

» Governments» Disasters» Cyber attacks on specific countries

• Profile management– Changing MNO profiles during a warrant

Critical Infrastructure• Provisioning profile

– May have the same constraints as the location of SM-SR

• Ie an attack on the provisioning Profile holder may cripple service, activations and telecommunications in Canada

• Attack on DNS servers can do the same thing– (VPN and or dedicated facilities (current SS7))

– May be at business odds, ie competitor or roaming partner

• Runs into anti competitive behaviours– Likely to be a Canadian Entity controlled

• Yet to be addressed by regulatory

Anonymous Emergency CallMost countries now require a subscription or proof of identity when purchasing Prepaid phones, SIM cards to stem the rash of E call, prank or otherwise

– A donor MNO may or may not have a MSISDN– It may appear to be anonymous to Public Safety

• It may violate existing rules and laws (identification of the user to the device)

references– USA proposal S.3427 -- Pre-Paid Mobile Device Identification Act (Introduced

in Senate - IS) 2009- 2010 believe the carriers implement a policy without the Bill passing

– Canada report (2006) on OECD countries, Simon Frazier University, However department does not exist anymore so links to those web pages are broken

Anonymous Emergency Call

• From Canada Paper, Registration requiredas of 2006 Cited Regs

Switzerland

South Africa

Slovak Republic

Japan

Italy

Hungary

Germany Telecom act sect 111 June 22 2004

France

Australia 1997 telecom act

Legal Intercept• To be considered if the SM-SR controls profiles, and multiple

profiles• The SM-SR is a TSP and is subject to legal interception.• The SM-SR will know which profile is active and which profiles are

loaded– It may be required to provide profiles and which one is active.– It forces an issue with dynamic updating, not currently supported in

some jurisdictions, in Europe , Dynamic triggers would allow the seamless capture, only if the SM-SR signals the change of profile to LEA

• The SM-SR may be required to provide additional information– If the SM-SR has a view on the applications or wallets in the profiles, it

is required to report that, and may be required to supply crypto keys it has.

• These provide Operational considerations

Legal Intercept

• If the Donor MNO allows multiple Profiles to be stored on the device and to be able to active them when they chose.– No indication when the profile changes– If the Donor is foreign , no Dynamic triggering or other means to alert

LEA of a change in MNO

• If the device appears as permanent roamer, – it may roam on all MNO’s based on the roaming algorithms

established in the device until a local MNO is provisioned

• The Donor MNO may provide Trial or full access to services until a local MNO is provisioned– Limited LEA access

Wireless Number portability• Legislation enacted to protect the consumer

– Retain same MSISDN while changing MNO– These systems have not been included into the

architecture• (some users may want to continue with this model, ie SCADA

users with modems)– Standards have allowed for the M2M Control to move

outside the MNO control (MTC Server)• New Addressing schemes being proposed to save on exhaustion of

E164 numbers• Architecture does not support this

– New addressing– MNO and MTIC provisioning– Number portability between MTC-S and MNO

Privacy• There will be issues with Privacy

– If SM-SR is a local or foreign entity, then some information is past as the device is provisioned with new MNO credentials (old MNO, New MNO, IMSI/ E164 address pairs)

– If Donor MNO is a foreign entity, then some information is past as the device is provisioned (pending the solution, the Donor MNO may have back door access to the profiles)

– When re-provisioned, the Donor MNO is again involved with new MNO– If the Donor is in country and the device moves to a competing MNO, the

Donor acquires market intelligence it would not otherwise have– The EUICC vendor will also get information on each provision as it must

compile and provide the required profiles to be sent to the device• Today the SIM vendor only knows IMSI ranges and file structures, but here it might pick up

m2m services, and any 3 party application that are installed

Privacy

• European commission– Commission proposes a comprehensive reform of

the data protection rules (Jan 25 2012)– Rules on how user data is handled internally and

aboard

Summary

• LI Issues– While the Donor Profile is active, m2m device is roaming in the target

MNO network• GPRS data is Encrypted • Issues with forecast planning for capability and Global limits to issue

warrants

– If third party provisioned• Device may be roaming, • If data is sent back to MNO, then some LI information may be lost in the

Donor GGSN• IP mapping to target address may be missing or not accessible • Multiple copies (clear plus encrypted from MNO GGSN)

– Profile changes during a warrant

Reference materialIndustry• http://www.digiworldsummit.com/2011/UserFiles/File/RUBON_JF_DWS2011.pdf• http://www.gi-de.com/gd_media/media/documents/complementary_material/smart__newsletter/smart-

02-2011_Subscription_Management.pdf

• http://www.gemalto.com/php/pr_view.php?id=1179• http://www.cinterion.com/products-and-services/services-and-solutions/flexible-subscription-

management.html• http://www.ericsson.com/res/thecompany/docs/publications/ericsson_review/2011/

m2m_remotesubscriptions.pdf• http://www.gsma.com/connectedliving/embedded-sim/• http://www.gsma.com/connectedliving/wp-content/uploads/2012/04/

gsmaconnectingcarsthetechnologyroadmapv2.pdf• USA: Cyber Security Act 2012 http://www.hsgac.senate.gov/download/the-cybersecurity-act-of-2012-s-

2105 • Mandate M/487 to Establish Security Standards, Final Report Phase 1, Analysis of the Current Security

Landscape

Reference material3gpp• TS 22.368 Service requirements for machine-type communications• TR 23.888 Architectural Enhancements for machine-type communications• TS 33.868 Security aspects of Machine-Type Communications• TR 22.868 Study on facilitating machine to machine communication in 3GPP systems• TR 33.812 Feasibility study on the security aspects of remote provisioning and change of

subscription for Machine to Machine (M2M) equipment (Release 9)

Reference materialETSI• SCPREQ(11)0018_Embedded_SIM_Use_Cases_and_Requirements• SCPREQ(11)0019r1_WI_Embedded_SIM_Use_Cases_and_Requirements• SCPREQ(11)0061r1_Report_Approved_report_of_SCP_REQ_#29• SCPREQ(11)0072r7_Draft_Embedded_UICC_Requirements_Specification__agreed_skele• SCPREQ(11)0075r1_Multiple_Active_Profiles• SCPREQ(11)0078r2_High_Level_Architecture_for_eUICC_and_Remote_Provisioning• SCPREQ(11)0093_eUICC_Ecosystem_Presentation• SCPREQ(11)0101_embedded_UICC_high_level_architecture_and_principles_• ts_102689v010 Machine-to-Machine communications (M2M); M2M service requirements

OECD• OECD (2012), “Machine-to-Machine Communications: Connecting Billions of Devices”, OECD Digital

Economy Papers, No. 192, OECD Publishing. http://dx.doi.org/10.1787/5k9gsh2gp043-en ECC• ECC RECOMMENDATION (11)03, NUMBERING AND ADDRESSING FOR MACHINE-TO-MACHINE (M2M)

COMMUNICATIONSEUC• Commission proposes a comprehensive reform of the data protection rules (Jan 25 2012)

http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm

Reference materialSFU Link• In Google• www.sfu.ca/cprost/docs/GowPrivacyRightsPrepaidCommServices.pdf• Quick view , the link below may not work due to the security tags• https://docs.google.com/viewer?a=v&q=cache:6yyKzA4_G-

cJ:www.sfu.ca/cprost/docs/GowPrivacyRightsPrepaidCommServices.pdf+prepaid+cell+phone+registration&hl=en&gl=ca&pid=bl&srcid=ADGEESgeF-aWm0kngygCLsdbAPBFuO5dpMJ6DEP0zqdW-cToVbw9Z1BVvwg-5GGq4LsxxFjXxJTPC4kkf_9jLCKJImr6lqqLap-byitpah9Ku9YTXk5gYglWQDNJ0JzZixDnB1v2K_RX&sig=AHIEtbTwvlkpAAJzL58LkP3eQn5-bejQ5A