4. Executable Load Files
•Executable Load (ELF) File aka Packages
•ELF contains a one or more Executable Modules.
•To install an application, we should first put a ELF which contains the Executable Module related to that application to the Secure Element.
•Actual on-card container of one or more application's executable code (Executable Modules). It may reside in Immutable Persistent Memory or may be created in Mutable Persistent Memory as the resulting image of a Load File Data Block (- from GP 2.2 spec)
5. Executable Modules
•Executable Module (EM) aka Applets
•An Executable Module can be instantiated to one or more application instances.
•Contains the on-card executable code of a single application present within an Executable Load File (- from GP 2.2 spec)
6. Application (Instance)
•Instance of an Executable Module after it has been installed and made selectable (- from GP 2.2 spec)
•Application Instance is identified by AID.
–AID (5 to 16 bytes) = RID (5bytes) + PIX (up to 11 bytes)
–RID : Registered Application Provider
–PIX : Proprietary Identifier eXtension
•TAR – Toolkit Application Reference - is used to uniquely identify a second level application (e.g.: Toolkit Application). A second level application may have several TAR values assigned.
7. Security Domains
•On-card entity providing support for the control, security, and communication requirements of an off-card entity (e.g. the Card Issuer, an Application Provider or a Controlling Authority)
•Privileged applications with Security information and key sets.
8. Security Domains…
•ISD (Issuer Security Domain) or Card Manager
–The primary on-card entity providing support for the control, security, and communication requirements of the card administrator (typically the Card Issuer)
•SSD (Supplementary Security Domain)
–A Security Domain other than the Issuer Security Domain
•CASD (Controlling Authority Security Domain)
– a special type of Supplementary Security Domain. A Controlling Authority may exist whose role is to enforce the security policy on all application code loaded to the card. If so, the Controlling Authority also uses this type of Security Domain as its on-card representative. There may be more than one such Security Domain.
9. Secure Channels
•A communication mechanism between an off- card entity and a card that provides a level of assurance, to one or both entities.
•Secure Channel Protocol
– A secure communication protocol and set of security services
•E.g.: SCP 02, SCP 80,…
•Secure Channel Session
–A session, during an Application Session, starting with the Secure Channel initiation and ending with a Secure Channel termination or termination of either the Application Session or Card Session
10. Delegated Management
•Pre-authorized Card Content changes performed by an approved Application Provider
•Token
–A cryptographic value provided by a Card Issuer as proof that a Delegated Management operation has been authorized
11. SIM, USIM, ISIM, CSIM
•These are network Authentication Applications resides in UICC.
•Can have one or more applications in a UICC.
•SIM – for GSM networks
•USIM – for UMTS networks
•CSIM – for CDMA network authentication
•ISIM – for accessing IP Multimedia Subsystem networks
12. R-UIM
•Removable user identity card
•Contains SIM, USIM, CSIM applications
•So can use in GSM or UMTS or CDMA handsets