SlideShare a Scribd company logo

Secure element content

Manjula Weerasinghe, profile picture
Manjula Weerasinghe

This document provides an overview of the different types of contents that can be stored in secure elements, including executable load files containing executable modules (applets), application instances, security domains, and network authentication applications like SIM, USIM, and ISIM. It describes executable load files as containers for executable modules that make up applications, application instances as identifiable instances of modules, and security domains like the issuer security domain and supplementary security domains that support security and communication requirements.

Law
1 of 13
Downloaded 22 times
1
2
3
4
5
6
7
8
9
10
11
12
13
RAM Content - Contents in Secure Elements Manjula
Overview •Secure Element Types •Executable Load Files (Package) •Executable Modules (Applets) •Application Instances •Security Domains •Secure Channels •SIM-USIM-CSIM-ISIM
Secure Element Types •UICC •Embedded SE •MicroSD
Executable Load Files •Executable Load (ELF) File aka Packages •ELF contains a one or more Executable Modules. •To install an application, we should first put a ELF which contains the Executable Module related to that application to the Secure Element. •Actual on-card container of one or more application's executable code (Executable Modules). It may reside in Immutable Persistent Memory or may be created in Mutable Persistent Memory as the resulting image of a Load File Data Block (- from GP 2.2 spec)
Executable Modules •Executable Module (EM) aka Applets •An Executable Module can be instantiated to one or more application instances. •Contains the on-card executable code of a single application present within an Executable Load File (- from GP 2.2 spec)
Application (Instance) •Instance of an Executable Module after it has been installed and made selectable (- from GP 2.2 spec) •Application Instance is identified by AID. –AID (5 to 16 bytes) = RID (5bytes) + PIX (up to 11 bytes) –RID : Registered Application Provider –PIX : Proprietary Identifier eXtension •TAR – Toolkit Application Reference - is used to uniquely identify a second level application (e.g.: Toolkit Application). A second level application may have several TAR values assigned.
Security Domains •On-card entity providing support for the control, security, and communication requirements of an off-card entity (e.g. the Card Issuer, an Application Provider or a Controlling Authority) •Privileged applications with Security information and key sets.
Security Domains… •ISD (Issuer Security Domain) or Card Manager –The primary on-card entity providing support for the control, security, and communication requirements of the card administrator (typically the Card Issuer) •SSD (Supplementary Security Domain) –A Security Domain other than the Issuer Security Domain •CASD (Controlling Authority Security Domain) – a special type of Supplementary Security Domain. A Controlling Authority may exist whose role is to enforce the security policy on all application code loaded to the card. If so, the Controlling Authority also uses this type of Security Domain as its on-card representative. There may be more than one such Security Domain.
Secure Channels •A communication mechanism between an off- card entity and a card that provides a level of assurance, to one or both entities. •Secure Channel Protocol – A secure communication protocol and set of security services •E.g.: SCP 02, SCP 80,… •Secure Channel Session –A session, during an Application Session, starting with the Secure Channel initiation and ending with a Secure Channel termination or termination of either the Application Session or Card Session
Delegated Management •Pre-authorized Card Content changes performed by an approved Application Provider •Token –A cryptographic value provided by a Card Issuer as proof that a Delegated Management operation has been authorized
SIM, USIM, ISIM, CSIM •These are network Authentication Applications resides in UICC. •Can have one or more applications in a UICC. •SIM – for GSM networks •USIM – for UMTS networks •CSIM – for CDMA network authentication •ISIM – for accessing IP Multimedia Subsystem networks
R-UIM •Removable user identity card •Contains SIM, USIM, CSIM applications •So can use in GSM or UMTS or CDMA handsets
References •Global Platform Specification

More Related Content

PDF
Secure Elements in Web Applications
Olivier Potonniée
 
PPTX
Secure Element Solutions
Ugo Chirico
 
PPTX
What UICC Means for NFC & Security
ForgeRock
 
PPTX
Two factor authentication 2018
Will Adams
 
PPTX
Two Factor Authentication
Nikhil Shaw
 
PPTX
OmniSource_ppt_2011_7-2 (2)(1)
Andrea Colombetti
 
PPTX
Mobile Security for the Enterprise
Will Adams
 
PDF
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smart-i Electronics Systems Pvt Ltd.
 
Secure Elements in Web Applications
Olivier Potonniée
 
Secure Element Solutions
Ugo Chirico
 
What UICC Means for NFC & Security
ForgeRock
 
Two factor authentication 2018
Will Adams
 
Two Factor Authentication
Nikhil Shaw
 
OmniSource_ppt_2011_7-2 (2)(1)
Andrea Colombetti
 
Mobile Security for the Enterprise
Will Adams
 
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smart-i Electronics Systems Pvt Ltd.
 

What's hot (20)

PPTX
Two Factor Authentication: Easy Setup, Major Impact
Salesforce Admins
 
PDF
CNIT 128 7: Mobile Device Management
Sam Bowne
 
PPTX
Multifactor Authentication
Ronnie Isherwood
 
PDF
CyberArk Cleveland Defend Multi-Factor
Chad Bowerman
 
PPTX
Logincat MFA and SSO
Rohit Kapoor
 
PPTX
Intro to Smart Cards & Multi-Factor Authentication
hon1nbo
 
PPTX
Seminar-Two Factor Authentication
Dilip Kr. Jangir
 
PPTX
Hardware Authentication
Coder Tech
 
PPTX
Security on android
pk464312
 
PDF
CNIT 128: 9: Mobile payments
Sam Bowne
 
PPS
Research Paper
poongkuzhali
 
PDF
SolusDeck
andreeabrodo
 
PPTX
Two factor authentication presentation mcit
mmubashirkhan
 
PDF
How Intel Security Ensures Identity Protection - Infographic
Intel IT Center
 
PPTX
TS31103 ISIM introduction
Kimmy Yang
 
PDF
Strong Authentication and US Federal Digital Services
FIDO Alliance
 
PPTX
End point control
Lan & Wan Solutions
 
PDF
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CloudIDSummit
 
PDF
Introduction to Solus
Solus
 
PDF
Combat the Latest Two-Factor Authentication Evasion Techniques
IBM Security
 
Two Factor Authentication: Easy Setup, Major Impact
Salesforce Admins
 
CNIT 128 7: Mobile Device Management
Sam Bowne
 
Multifactor Authentication
Ronnie Isherwood
 
CyberArk Cleveland Defend Multi-Factor
Chad Bowerman
 
Logincat MFA and SSO
Rohit Kapoor
 
Intro to Smart Cards & Multi-Factor Authentication
hon1nbo
 
Seminar-Two Factor Authentication
Dilip Kr. Jangir
 
Hardware Authentication
Coder Tech
 
Security on android
pk464312
 
CNIT 128: 9: Mobile payments
Sam Bowne
 
Research Paper
poongkuzhali
 
SolusDeck
andreeabrodo
 
Two factor authentication presentation mcit
mmubashirkhan
 
How Intel Security Ensures Identity Protection - Infographic
Intel IT Center
 
TS31103 ISIM introduction
Kimmy Yang
 
Strong Authentication and US Federal Digital Services
FIDO Alliance
 
End point control
Lan & Wan Solutions
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CloudIDSummit
 
Introduction to Solus
Solus
 
Combat the Latest Two-Factor Authentication Evasion Techniques
IBM Security
 
Ad

Viewers also liked (20)

PDF
Android HCE: An intro into the world of NFC
NFC Forum
 
PPT
DC4420 2014 - NFC - The Non-Radio Bits
Tom Keetch
 
PDF
Entrellat 11
Arnau Cerdà
 
PPT
3a Oracle Day Sigorta
Ermando
 
PPT
Insider trading_in_turkey
guest0437b8
 
PDF
The Influence of Ethnic Identity on Consumer Behaviour
The Added Value Group
 
PPTX
SMiB09 Peter Crosby
smibevents
 
PPT
Reunió De Pares
Alejandro Rodríguez
 
PDF
Caching your rails application
ArrrrCamp
 
PPT
TRATADO DE GINEBRA
guest605b6fd
 
PPT
Excel2007 Power Point Slides
Hungama Digital Media Entertainment Pvt. Ltd.
 
PPTX
Case study twitter
Rubén López
 
PDF
FCEVs and H2 in California
California Fuel Cell Partnership
 
PDF
Week10
s1150188
 
PDF
myStratex Strategy Board Game
FabStart
 
PPT
Seoheaven
Seoheaven
 
PDF
Ngc sepsis
Alex Castañeda-Sabogal
 
PPTX
Hands-on User Experience
Dirk Huysmans
 
PPTX
Shelley's Personal Brand Plan
shelleyannethomas
 
PPTX
PreparacióN De Unas Vacaciones
MartaRomeral
 
Android HCE: An intro into the world of NFC
NFC Forum
 
DC4420 2014 - NFC - The Non-Radio Bits
Tom Keetch
 
Entrellat 11
Arnau Cerdà
 
3a Oracle Day Sigorta
Ermando
 
Insider trading_in_turkey
guest0437b8
 
The Influence of Ethnic Identity on Consumer Behaviour
The Added Value Group
 
SMiB09 Peter Crosby
smibevents
 
Reunió De Pares
Alejandro Rodríguez
 
Caching your rails application
ArrrrCamp
 
TRATADO DE GINEBRA
guest605b6fd
 
Excel2007 Power Point Slides
Hungama Digital Media Entertainment Pvt. Ltd.
 
Case study twitter
Rubén López
 
FCEVs and H2 in California
California Fuel Cell Partnership
 
Week10
s1150188
 
myStratex Strategy Board Game
FabStart
 
Seoheaven
Seoheaven
 
Ngc sepsis
Alex Castañeda-Sabogal
 
Hands-on User Experience
Dirk Huysmans
 
Shelley's Personal Brand Plan
shelleyannethomas
 
PreparacióN De Unas Vacaciones
MartaRomeral
 
Ad

Similar to Secure element content (20)

PPTX
EOC MODULE 3 IP security - SR.pptx engineering college
komalsingh2444
 
PPTX
Safe and secure autonomous systems
Alan Tatourian
 
PDF
Securing the Internet of Things - Hank Chavers
WithTheBest
 
PPT
Trusted computing introduction and technical overview
Sajid Marwat
 
PDF
IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)
zOSCommserver
 
PDF
Sfa community of practice a natural way of building
Chuck Speicher
 
PDF
Embedded System Security: Learning from Banking and Payment Industry
Narudom Roongsiriwong, CISSP
 
PPTX
501 ch 5 securing hosts and data
gocybersec
 
DOCX
[removed]Cryptography and Network Security Principles a.docx
hanneloremccaffery
 
PDF
Understanding Telecom SIM and USIM/ISIM for LTE
ntel
 
PPT
SCOSTA (Smart Card Operating System for Transport Applications)
ALOK GUPTA
 
PPT
IS Unit-4 .ppt
NamanRockzz
 
PDF
Multilayer security mechanism in computer networks (2)
Alexander Decker
 
PDF
Secure sigfox ready devices recommendation guide
Sigfox
 
PDF
Application layer security protocol
Kirti Ahirrao
 
PPTX
Smart id's
Chetanya Bansal
 
PPT
Gao
Md Jasim Uddin
 
PDF
Multilayer security mechanism in computer networks
Alexander Decker
 
PDF
11.multilayer security mechanism in computer networks
Alexander Decker
 
PDF
Reference Architecture for Electric Energy OT.pdf
imjamadarp19
 
EOC MODULE 3 IP security - SR.pptx engineering college
komalsingh2444
 
Safe and secure autonomous systems
Alan Tatourian
 
Securing the Internet of Things - Hank Chavers
WithTheBest
 
Trusted computing introduction and technical overview
Sajid Marwat
 
IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)
zOSCommserver
 
Sfa community of practice a natural way of building
Chuck Speicher
 
Embedded System Security: Learning from Banking and Payment Industry
Narudom Roongsiriwong, CISSP
 
501 ch 5 securing hosts and data
gocybersec
 
[removed]Cryptography and Network Security Principles a.docx
hanneloremccaffery
 
Understanding Telecom SIM and USIM/ISIM for LTE
ntel
 
SCOSTA (Smart Card Operating System for Transport Applications)
ALOK GUPTA
 
IS Unit-4 .ppt
NamanRockzz
 
Multilayer security mechanism in computer networks (2)
Alexander Decker
 
Secure sigfox ready devices recommendation guide
Sigfox
 
Application layer security protocol
Kirti Ahirrao
 
Smart id's
Chetanya Bansal
 
Gao
Md Jasim Uddin
 
Multilayer security mechanism in computer networks
Alexander Decker
 
11.multilayer security mechanism in computer networks
Alexander Decker
 
Reference Architecture for Electric Energy OT.pdf
imjamadarp19
 

Recently uploaded (20)

PPTX
Indian Medical Device Rules or Institute of Management Development and Research.
lakshmi87622
 
PPTX
BL 2 - Courts and Alternative Dispute Resolution.pptx
blamgaming01
 
PDF
OBLICON (Civil Law of the Philippines) Obligations and Contracts
NicholeAnneLavides
 
PDF
Contact CADA Legal Counsel Sexual Harassment
Rollover kids company (factory), Ferozepur Road, Asif Town, Lahore, Pakistan
 
PPTX
Behavioural_Approach_Public_Administration_Zambia_USA.pptx
innocentkamfwa250820
 
PDF
Insolvency and Bankruptcy Amendment Bill 2025
Richa Saraf
 
PPTX
BL - Chapter 1 - Law and Legal Reasoning
blamgaming01
 
PPTX
Classifying Different Branches of Law.pptx
theworthlessone69
 
PDF
Companies Act (1).pdf in details anlysis
nmuthuri1
 
PPTX
Court PROCESS Notes_Law Clinic Notes.pptx
shelynchand
 
PDF
AHRP LB - OJK’s New Rules Updating Electronic Shareholders Meetings Introduci...
AHRP Law Firm
 
PDF
Palghar-SGupta-ScreesnShots-12Aug25.pdf The image of the voter list with phot...
sabranghindi
 
PPTX
Evolution of First Amendment Jurisprudence.pptx
James Marsh
 
PDF
Analysis Childrens act Kenya for the year 2022
ssuserbc32b91
 
PDF
NRL_Legal Regulation of Forests and Wildlife.pdf
yuvanaaramachandran
 
PPTX
PPT in Consti 2 Report (Week1).pptx under the contituiton
JAMESJEFFERSONROSALE
 
PDF
250811-FINAL-Bihar_Voter_Deletion_Analysis_Presentation.pdf
sabranghindi
 
PPTX
Basic key concepts of law by Shivam Dhawal
Shivam Dhawal
 
PPTX
R.A. NO. 76 10 OR THE CHILD ABUSE LAW.pptx
DyepoyFigsVjoucher
 
PDF
Palghar-286Nilemore-VoterList-Aug25-1.pdf
sabranghindi
 
Indian Medical Device Rules or Institute of Management Development and Research.
lakshmi87622
 
BL 2 - Courts and Alternative Dispute Resolution.pptx
blamgaming01
 
OBLICON (Civil Law of the Philippines) Obligations and Contracts
NicholeAnneLavides
 
Contact CADA Legal Counsel Sexual Harassment
Rollover kids company (factory), Ferozepur Road, Asif Town, Lahore, Pakistan
 
Behavioural_Approach_Public_Administration_Zambia_USA.pptx
innocentkamfwa250820
 
Insolvency and Bankruptcy Amendment Bill 2025
Richa Saraf
 
BL - Chapter 1 - Law and Legal Reasoning
blamgaming01
 
Classifying Different Branches of Law.pptx
theworthlessone69
 
Companies Act (1).pdf in details anlysis
nmuthuri1
 
Court PROCESS Notes_Law Clinic Notes.pptx
shelynchand
 
AHRP LB - OJK’s New Rules Updating Electronic Shareholders Meetings Introduci...
AHRP Law Firm
 
Palghar-SGupta-ScreesnShots-12Aug25.pdf The image of the voter list with phot...
sabranghindi
 
Evolution of First Amendment Jurisprudence.pptx
James Marsh
 
Analysis Childrens act Kenya for the year 2022
ssuserbc32b91
 
NRL_Legal Regulation of Forests and Wildlife.pdf
yuvanaaramachandran
 
PPT in Consti 2 Report (Week1).pptx under the contituiton
JAMESJEFFERSONROSALE
 
250811-FINAL-Bihar_Voter_Deletion_Analysis_Presentation.pdf
sabranghindi
 
Basic key concepts of law by Shivam Dhawal
Shivam Dhawal
 
R.A. NO. 76 10 OR THE CHILD ABUSE LAW.pptx
DyepoyFigsVjoucher
 
Palghar-286Nilemore-VoterList-Aug25-1.pdf
sabranghindi
 

Secure element content

  • 1. RAM Content - Contents in Secure Elements Manjula
  • 2. Overview •Secure Element Types •Executable Load Files (Package) •Executable Modules (Applets) •Application Instances •Security Domains •Secure Channels •SIM-USIM-CSIM-ISIM
  • 3. Secure Element Types •UICC •Embedded SE •MicroSD
  • 4. Executable Load Files •Executable Load (ELF) File aka Packages •ELF contains a one or more Executable Modules. •To install an application, we should first put a ELF which contains the Executable Module related to that application to the Secure Element. •Actual on-card container of one or more application's executable code (Executable Modules). It may reside in Immutable Persistent Memory or may be created in Mutable Persistent Memory as the resulting image of a Load File Data Block (- from GP 2.2 spec)
  • 5. Executable Modules •Executable Module (EM) aka Applets •An Executable Module can be instantiated to one or more application instances. •Contains the on-card executable code of a single application present within an Executable Load File (- from GP 2.2 spec)
  • 6. Application (Instance) •Instance of an Executable Module after it has been installed and made selectable (- from GP 2.2 spec) •Application Instance is identified by AID. –AID (5 to 16 bytes) = RID (5bytes) + PIX (up to 11 bytes) –RID : Registered Application Provider –PIX : Proprietary Identifier eXtension •TAR – Toolkit Application Reference - is used to uniquely identify a second level application (e.g.: Toolkit Application). A second level application may have several TAR values assigned.
  • 7. Security Domains •On-card entity providing support for the control, security, and communication requirements of an off-card entity (e.g. the Card Issuer, an Application Provider or a Controlling Authority) •Privileged applications with Security information and key sets.
  • 8. Security Domains… •ISD (Issuer Security Domain) or Card Manager –The primary on-card entity providing support for the control, security, and communication requirements of the card administrator (typically the Card Issuer) •SSD (Supplementary Security Domain) –A Security Domain other than the Issuer Security Domain •CASD (Controlling Authority Security Domain) – a special type of Supplementary Security Domain. A Controlling Authority may exist whose role is to enforce the security policy on all application code loaded to the card. If so, the Controlling Authority also uses this type of Security Domain as its on-card representative. There may be more than one such Security Domain.
  • 9. Secure Channels •A communication mechanism between an off- card entity and a card that provides a level of assurance, to one or both entities. •Secure Channel Protocol – A secure communication protocol and set of security services •E.g.: SCP 02, SCP 80,… •Secure Channel Session –A session, during an Application Session, starting with the Secure Channel initiation and ending with a Secure Channel termination or termination of either the Application Session or Card Session
  • 10. Delegated Management •Pre-authorized Card Content changes performed by an approved Application Provider •Token –A cryptographic value provided by a Card Issuer as proof that a Delegated Management operation has been authorized
  • 11. SIM, USIM, ISIM, CSIM •These are network Authentication Applications resides in UICC. •Can have one or more applications in a UICC. •SIM – for GSM networks •USIM – for UMTS networks •CSIM – for CDMA network authentication •ISIM – for accessing IP Multimedia Subsystem networks
  • 12. R-UIM •Removable user identity card •Contains SIM, USIM, CSIM applications •So can use in GSM or UMTS or CDMA handsets