EP2907070A1 - Sim usb interface to external world - Google Patents

Sim usb interface to external world

Info

Publication number
EP2907070A1
EP2907070A1 EP13776418.9A EP13776418A EP2907070A1 EP 2907070 A1 EP2907070 A1 EP 2907070A1 EP 13776418 A EP13776418 A EP 13776418A EP 2907070 A1 EP2907070 A1 EP 2907070A1
Authority
EP
European Patent Office
Prior art keywords
mobile equipment
security module
communication link
processor
external device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP13776418.9A
Other languages
German (de)
French (fr)
Inventor
Rushikesh SHINGNAPURKAR
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient Mobile Security GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Publication of EP2907070A1 publication Critical patent/EP2907070A1/en
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72409User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories

Definitions

  • the present invention relates to a security module and particularly, it relates to accessing secure applications on a security module by external devices.
  • SIM subscriber identity module
  • a Subscriber Identity Module in general includes a memory which stores information for identification or authentication of subscribers at a specific communication network. Moreover, the SIM also include microprocessor which provide for an increased level of security over the information stored in the memory.
  • SIM generally contain a variety of information related to the subscriber, including, for example, authentication algorithms and authentication keys for attaching the subscribed mobile network, a unique subscriber identity (IMSI) a unique phone number (MSISDN) and also personal data such as address books, text messages, voice messages, and other data.
  • IMSI unique subscriber identity
  • MSISDN unique phone number
  • security modules that provide information specific to an individual is becoming more prevalent in a number of different types of applications.
  • Each system or equipment which employs security modules contains two fundamental components, namely the secure memory of the security module and an interface device, commonly known as a reader for establishing a communication o the security module.
  • SIM are designed to interact with and be accessed by only one device at a time. Because a SIM has its own processor, and because the GSM standard generally requires a relatively elaborate scheme for communicating with a SIM, interacting with and accessing data from the SIM is more complicated than just reading data out from a common memory device. Instead, the requesting device and the SIM are exchanging data and information according to standardized commands and responses via a strict master and slave relationship. However, the SIM processor is relatively simple, slow and very limited in its resources. Therefore it is not designed to switch back and forth between commands received from different master devices. Other devices external to the mobile equipment may interact with and access information on a given SIM, but such external devices typically access the SIM indirectly by being linked to the SIM through the processor of the mobile equipment in which the SIM is housed.
  • Accessing the SIM through the processor of the mobile equipment is slow in data rates, since the processor of the mobile equipment has to establish the communication link on basis of ISO/IEC standard 7816. Furthermore the processor needs to interact between the external device and the SIM which causes additional delays. Since a normal processor of a mobile equipment might be infected by a virus, a trojan and other spy-software, such a communication link might not be secure, if sensitive data have to be transmitted from the external device to the SIM and backwards.
  • Another drawback of existing standards is the inoperability with the security module in case the mobile equipments battery is low or the mobile equipments battery needs to be saved. Due to the forced communication link via the mobile equipments processor, a communication link from the external device to the security module can not be established in battery-down scenarios or consumes battery energy of the mobile equipment. Since the user might want to save battery energy of his mobile equipments no exhaustive communication link between the security module and the mobile equipment should be established. In case secure data - stored in the security module - are needed, e.g. for authentication/ identification purposes or data exchange, those data can not be reached, leading to inflexible use of the security module.
  • An object of the present invention is to provide a security module interface for accessing security module resources by external devices.
  • Another object of the present invention is to provide mobile equipment for accessing security module resources by external devices.
  • Yet another object of the present invention is to provide a method for accessing security module resources by external devices.
  • Yet another object of the present invention is to provide a secure UICC.
  • Yet another object of the present invention is to bifurcate NAND storage of UICC.
  • Yet another object of the present invention is to provide access to a security module present in a mobile equipment in case the mobile equipment is in a power saving mode or in low battery mode or switched off.
  • the present invention provides a method of accessing resources on a security module present in a mobile equipment by an external device, wherein the external device is electrically coupled to the mobile equipment , said method comprising the steps of: receiving, by a processor of the mobile equipment, a request for access of the security module from the external device and establishing, by the processor of the mobile equipment, a selectively switchable communication link between the security module and the external device for accessing the resources on the security module.
  • the communication link is preferably a high data rate communication link, e.g. universal serial bus according to existing USB 1.0; USB 2.0 or USB 3.0 standards.
  • the security module is a module reduced in size and resources comprising a central processing unit, at least one data interface for communication with the device and a storage area.
  • This storage area might comprise secret data.
  • the security module obtains features to prohibit manipulation and/or abuse attempts to read out the secret data.
  • the secret data in the security module are for identification and / or authentication of a user at the device, a terminal or a network system.
  • the security module is for example a smart card, such as a UICC, a SIM, U-SIM, R- UIM or ISIM-card, an electronic identity document such as elD or ePassport, an electronic driver's license, electronic vehicle registration or a payment card, such as a credit or debit card.
  • a smart card such as a UICC, a SIM, U-SIM, R- UIM or ISIM-card, an electronic identity document such as elD or ePassport, an electronic driver's license, electronic vehicle registration or a payment card, such as a credit or debit card.
  • the security module is a subscriber identity module for authentication / identification of a subscriber in a mobile radio network environment.
  • subscriber identity modules are operated using a card reader units in a terminal and can be removed in principle from the terminal to be either exchanged for other smart cards or operated in a different terminal.
  • the security module is an integral part within a terminal such as a hard-wired electronic module.
  • security modules are also embedded as UICC, eUICC, or embedded secure element, ESE refers. In this configuration, these modules are not provided for security of supply from the terminal and cannot in principle be easily replaced.
  • the security module is a machine-to-machine module.
  • These modules are used for remote monitoring, control and maintenance of devices or equipment such as machinery, equipment and systems.
  • those modules are used for counting units such as electric meters, water meters, so-called smart meters.
  • the security module as a software component in a trusted part of an operating system, called a Trusted Execution Environment (TEE) of a device.
  • TEE Trusted Execution Environment
  • the security module is then designed, for example within a secure runtime environment.
  • the security module is operable by means of the mobile equipment.
  • the mobile equipment according to the present invention comprises means for communicating with a communication network.
  • the mobile equipment might be a mobile device, like a smart phone, a tablet PC, a notebook, a PDA, a smartlet, a netbook and so on.
  • the mobile equipment is a multimedia device such as digital picture frame, audio equipment, a TV, a set top box, e-book reader and so on.
  • the term mobile equipment also includes any kind of machinery, like automats, vehicles, smart-meters and so on.
  • the mobile equipment is configured to communicating over a communications network.
  • a communications network For obtaining services - such as speech or data transmission services - from the communications network the equipment has to identify and/or authenticate itself on the network.
  • this invention belongs to the field of wireless communication networks such as the "Global System for Mobile Communications," GSM, representing the second generation or the "General Packet Radio Service", GPRS or "Universal Mobile Telecommunications System,” UMTS represents the third generation or "Long term Evolution", LTE, representing the fourth generation of cellular based mobile networks as well as other cellular communications systems using Code Division Multiple Access, CDMA or Customised Applications for Mobile network Enhanced Logic, CAMEL.
  • GSM Global System for Mobile Communications
  • GPRS General Packet Radio Service
  • UMTS represents the third generation or “Long term Evolution”
  • LTE representing the fourth generation of cellular based mobile networks as well as other cellular communications systems using Code Division Multiple Access, CDMA or Customised Applications for Mobile network Enhanced Logic, CAMEL.
  • a communication link according to the invention is defined as the means of connecting one entity to another for the purpose of transmitting and receiving information. It can also refer to a set of electronic assemblies, consisting of a transmitter and a receiver and the interconnecting data communication circuit.
  • the communication link is either a physical communication path, build of electrical coupled connections or is either governed by a communication link protocol enabling digital data to be transferred from one entity to the other.
  • the term selectively switchable communication link refers to a communication link which can be switched by a switching means.
  • the switching means selects, whether the link between the security module and the external device is to be established or not.
  • Resources of the security modules in the sense of the invention are for instance data interfaces for data input and output data, one or more central processing units CPU, a volatile memory as RAM and non-volatile memory areas in particular, ROM EEPROM or FLASH of the security module.
  • Applications and Files on the security module or remote from external devices need to be access those system resources during their execution.
  • These system resources are mainly managed by the firmware of the security module.
  • the firmware therefore is an interface between applications of the security module and the system resources of the security module.
  • said method further comprising the steps of establishing (and/or providing) a second communication link between the security module and the processor of the mobile equipment , said second communication link being distinct from the selectively switchable communication link.
  • the second communication link is based on an ISO/IEC 7816 standardized communication between processor and security module.
  • a method of accessing resources on a security module present in a mobile equipment by an external device comprising the steps of: receiving, by a processor of the external device, a request for access of the security module and establishing, by the processor of the external device, a selectively switchable communication link between the security module and the external device for accessing the resources on the security module.
  • An inactive processor of the mobile equipment herein means, that the processor is not responding to a request or communication signal from the external device.
  • An inactive processor of the mobile equipment can occur in a power saving mode of the mobile equipment.
  • An inactive processor of the mobile equipment can occur in a low battery mode of the mobile equipment.
  • An inactive processor of the mobile equipment can occur in a power down or switch-off mode of the mobile equipment.
  • applications and/or resources of the mobile equipment operatively communicate with the security module through the communication link between the security module and the processor of the mobile equipment.
  • said method further comprising a step of authentication, wherein the processor of the mobile equipment establishes the selectively switchable communication link between the security module and the external device after successful completion of the authentication of the external device.
  • access of the security module resources by the external device via the selectively switchable communication link is independent of the resources of the mobile equipment.
  • the selectively switchable communication link by-passes the processor of the mobile equipment.
  • a mobile equipment comprising an security module, allowing access to resources on the security module by an external device, wherein the external device is electrically coupled to the mobile equipment, said mobile equipment comprising a processor comprising: a receiving unit configured to receiving a request for accessing resources on the security module from the external device and an establishing unit configured to establishing within the mobile equipment a selectively switchable communication link between the security module and the external device for accessing the resources on the security module.
  • the mobile equipment further comprising a second communication link between the security module and the processor of the mobile equipment, said second communication link being distinct from the selectively switchable communication link.
  • the second communication link is non- switchable for the external device and a communication link for data transmission between the security module and the processor of the mobile equipment only. It is in particular an ISO/IEC 7816 standardized communication link.
  • the mobile equipment further comprises applications and/or resources, wherein these applications and/or resources are configured to operatively communicate with the security module through the second communication link between the security module and the processor of the mobile equipment.
  • the establishing unit of the processor of the mobile equipment is configured to establishing the selectively switchable communication link between the security module and the external device after successful authentication of the external device.
  • access of the security module resources by the external devices via the selectively switchable communication link is independent of the resources of the mobile equipment. Therefore the processor of the mobile equipment can be inactive or deactivated for accessing of resources of the security module through the external device.
  • the selectively switchable communication link by-passes the processor of the mobile equipment.
  • the selectively switchable communication link further comprises a hub device, wherein the hub device is coupleable in between the external device and to the security module on the other side via a switch, wherein the switch is configured to operatively couple the processor of the mobile equipment to the security module and is further configured to operatively couple the security module to the external device.
  • the hub device is a composite Universal Serial Bus interface device providing at least a Universal Integrated Circuit Card - Chip Card Interface Device (USB-UICC-CCID) interface, and/or a Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device (USB-UICC- MSD) interface; and/or a Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device Secure (USB-UICC-MSD-S) interface.
  • the processor of the mobile equipment comprises a normal execution environment and a trusted execution environment, wherein the trusted execution environment establishes the selectively switchable communication link for exclusive communication between the security module and the external device.
  • a secure Universal Integrated Circuit Card for use with a mobile equipment, said UICC comprising NAND storage unit divided into an un-secure portion for storing of non-secure data and a secure portion for storing of secure data, wherein the un-secure portion of the NAND storage unit further comprises a composite interface device configured to receiving an authentication key for accessing the secure data stored in the secure portion.
  • the UICC further comprises an access control unit configured to receiving the authentication key from the interface device and configured to providing access to the secure portion upon authentication.
  • the secure portion of the UICC is configured to storing the secure data accessible by an external device wherein the external device is electrically coupled to the mobile equipment.
  • FIGS 1 and 2 represent block diagram of an apparatus in accordance with one or more embodiment of the present invention
  • Figure 3 represents an apparatus in accordance to another embodiment of the present invention
  • Figure 4 represents an apparatus in accordance to yet another embodiment of the present invention
  • Figure 5 represents a block diagram for data flow path in accordance to yet another embodiment of the present invention.
  • Figure 6 represents a block diagram for data flow path in accordance to yet another embodiment of the present invention.
  • Figure 7 represents a block diagram for data flow path in accordance to yet another embodiment of the present invention.
  • Figure 8 represents structure of storage device in accordance to yet another embodiment of the present invention.
  • Figure 9 represents a flow diagram of example method in accordance with another embodiment of the present invention.
  • Figure 10 represents an apparatus of yet another embodiment of the present invention.
  • the main purpose of the present invention is to provide a physical interface to a security module for an external device and to enable the external device to use secure applications executing on said security module.
  • the present invention introduces a change in present mobile equipment hardware.
  • the additional components are USB hub and an analog switch.
  • FIG. 1 and 2 shows the structure of mobile equipment (100 or 200) in accordance to an embodiment the present invention.
  • the mobile equipment (100 or 200) comprises a processor (101 or 201) and a UICC (103 or 203).
  • the processor (101 or 201) is coupled to the UICC (103 or 203) through a second communication link (106, 208) as standardized in ISO/IEC 7816, an analog switch (104 or 204) and a Contactless Front end (102 or 202) via single wire protocol (SWP).
  • the ME (100 or 200) also includes a USB hub (105 or 205) for establishing a communication link (107, 207) between the UICC (103 or 203) and external devices (ED).
  • the communication link (107, 207) is established as a wired path in the mobile equipment (100 or 200).
  • the processor (101 or 201) of the ME (100 or 200) is configured to receiving a request to access resources on the UICC (103 or 203) by an external device. Also, the processor (101 or 201) establishes within the ME (100 or 200) the selectively switchable communication link (107, 207) between the UICC (103 or 203) and the external device (ED) for accessing the resources on the UICC (103 or 203) after a successful authentication of the ED.
  • the switchable communication link (107, 207) between the UICC (103 or 203) and ED is to provide access of UICC (103 or 203) resources independent of the resources of the ME (100 or 200) by bypassing the processor (101 or 201) of the ME (100 or 200).
  • the selectively switchable communication link (107, 207) comprises the USB hub (105 or 205) coupled to the ED on one side and to the UICC (103 or 203) on the other side via the switch (104 or 204).
  • the switch (104 or 204) is coupled to the processor (101 or 201) of the ME (100 or 200) and is controlled by the processor (100 or 200) for establishing the selectively switchable communication link (107, 207) between the UICC (103 or 203) and the ED.
  • the communication link (107, 207) is different from the second communication link (106, 208) since additional wired paths are necessary to electrically couple the ED to the UICC independent from the processor (101, 201)) of the mobile equipment (100 or 200)
  • the ME (100 or 200) comprises the second communication link (106, 208) between the UICC (103 or 203) and the processor (101 or 201) of the ME (100 or 200) according to the ISO/IEC 7816 standard.
  • This second communication link (106, 208) is of a non-switchable type and is distinct from the selectively switchable communication link (107, 207).
  • the non-switchable type communication link (106, 208) between UICC (103 or 203) and the processor (101 or 201) of ME (100 or 200) is established to communicate applications / resources of the ME (100 or 200) with the UICC (103 or 203).
  • the communication link (106, 208) between the UICC (103 or 203) and the ME (100 or 200) can be disconnected for a direct data transfer between the ED and the UICC (103, 203) through the selectively configured communication link (107, 207).
  • the ME (100 or 200) would still communicate to UICC through ISO 7816 over the second communication link (106, 208).
  • the USB hub (105 or 205) is a composite interface device providing, by way of non- limiting example, Universal Serial Bus - Universal Integrated Circuit Card - Chip Card Interface Device (USB-UICC-CCID) interface, Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device (USB-UICC-MSD) interface; and Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device Secure (USB-UICC-MSD-S) interface.
  • USB-UICC-CCID Universal Serial Bus - Universal Integrated Circuit Card - Chip Card Interface Device
  • USB-UICC-MSD Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device
  • USB-UICC-MSD-S Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device Secure
  • USB hub 105 or 205
  • the interface module works in two modes: ME-connect mode and PC-connect mode.
  • the communication link (107, 207) further comprises voltage supply.
  • the mobile equipments (100, 200) battery is low, and/or the mobile equipment (100, 20) is switched off and/or the mobile equipment (100, 200) is in a power saving mode, configured to not supplying the UICC with supply energy, a data transfer and accessing the resources of the UICC (103, 203) is still possible with the energy supply of the external device (ED). So a bypassing of the mobile equipments (100, 200) processor (101, 201) is achieved which leads to a higher security and a higher data rate communication.
  • FIG 3 shows the structure of mobile equipment (300) in ME- connect mode in accordance to another embodiment the present invention.
  • the mobile equipment (ME) (300) comprises a processor (301), a UICC (303) and a USB hub (305).
  • the processor (301) is coupled to UICC (303) through second communication link (306) realized in ISO/IEC 7816 standards, analog switch (304) and Contactless Front End (302) via Single Wire Protocol.
  • the switch (304) is coupled to the processor (301) of the ME (100 or 200) and is controlled by the processor (301).
  • the ME (300) comprises a second communication link (306) between the UICC (303) and the processor (301) of the ME (300) the path is of a non-switchable type and is distinct from the selectively switchable communication link (307).
  • the non-switchable type second communication link (306) between UICC (303) and the processor (301) of the ME (300) is established to communicate applications / resources of the ME (300) with the UICC (303).
  • USB-Interface module In ME-connect mode, USB-Interface module (USB HUB and switch) will work as USB compound device but only ME will be detected by external world. UICC USB device will be connected ME processor and will not be connected to USB HUB. Initially USB HUB will be enumerated by external world and later ME may be enumerated as USB composite device.
  • FIG 4 shows the structure of mobile equipment (400) in accordance to another embodiment the present invention.
  • the mobile equipment (ME) (400) comprises a processor (401) and a UICC (403).
  • the processor (401) is coupled to the UICC (403) through ISO 7816 and Contactless Front end (402) via SWP.
  • the ME (400) also includes a USB hub (405) for establishing a communication link (407) between the UICC (403) and the external device (ED).
  • the processor (401) of the ME (400) receives a request to access resources on the UICC (403) by the external device. Also, the processor (401) establishes within the ME (400) a selectively switchable communication link (407) between the UICC (403) and the ED for accessing the resources on the UICC (403) after a successful authentication of the ED.
  • the switchable communication link (407) between the UICC (403) and ED is to provide access of UICC (403) resources independent of the resources of the ME (400) by bypassing the processor (401) of the ME (400).
  • the selectively switchable communication link (407) comprises the USB hub (405) coupled to the ED on one side and to the UICC (403) on the other side via a switch (404).
  • the switch (404) is coupled to the processor (401) of the ME (400) and is controlled by the processor (400) for establishing the selectively switchable communication link (407) between the UICC (403) and the ED.
  • the ME (400) comprises a second communication link (406) between the UICC (403) and the processor (401) of the ME (400) the second communication link (406) is of a non-switchable type and is distinct from the selectively switchable communication link (407).
  • the non-switchable type second communication link (406) between UICC (403) and the processor (401) of ME (400) is established to communicate applications / resources of the ME (400) with the UICC (403).
  • the second communication link (406) between the UICC (403) and the ME (400) can be disconnected and can be connected to USB hub to establish the interface between UICC (403) and the ED.
  • the ME (400) can still communicate to UICC through ISO 7816 over the second communication link (406).
  • the USB hub (405) is a composite interface device providing by way of example, Universal Serial Bus - Universal Integrated Circuit Card - Chip Card Interface Device (USB-UICC-CCID) interface, Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device (USB-UICC-MSD) interface; and Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device Secure (USB- UICC-MSD-S) interface.
  • USB-UICC-CCID Universal Serial Bus - Universal Integrated Circuit Card - Chip Card Interface Device
  • USB-UICC-MSD Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device
  • USB- UICC-MSD-S Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device Secure
  • USB-Interface module In PC-connect mode, USB-Interface module (USB HUB and switch) will work as USB compound device, where in ME and UICC may be detected as independent composite USB devices. All enumeration of devices will be handled by individual devices. Initially USB HUB will be enumerated and eventually ME and UICC will be enumerated.
  • FIG. 5 - 7 shows the structure of mobile equipment and the data flow-paths in accordance to another embodiment of the present invention. This embodiment is focused on the UICC interface to external world through an USB hub and an analog switch realized in secure trusted execution environment TEE.
  • the software hub will provide a means by which UICC can be connected to ME or PC or other USB master entity.
  • the figs. 5-7 show the data flow-paths in ME-connect mode and PC-connect mode.
  • FIG. 5 shows a data flow path in between a PC as the external device (500) and UICC (501) through a USB interface module (505).
  • the PC (500) is connected to the USB interface module (505) through a USB device driver (502).
  • the UICC (501) is connected to the USB interface module (505) through a USB host driver (503).
  • USB-device-port of ME is used as composite USB device which will have multiple USB interfaces.
  • Interface 0 ME (Standard ME features like USB MSD, ME PC connect etc.)
  • Interface 1 UICC Shared Interface 1
  • Interface 2 UICC Shared Interface 2. All other modules are already present in the ME which are supporting the USB Device and USB Host interfaces.
  • USB-Interface module is a kind of bridge/router between ME application which handles ME-PC and ME-UICC (USB) interface. The USB-interface module works in two modes: ME-connect mode and PC- connect mode.
  • Fig. 6 shows data flow path in between PC (600) and UICC (601) through a USB interface module (605) in ME-connect mode.
  • the PC (600) is connected to the USB interface module (605) through a USB device driver (602).
  • the UICC (601) is connected to the USB interface module (605) through a USB host driver (603).
  • USB-Interface module In ME-connect mode, USB-Interface module shall work in a pass-through mode. All data from PC shall be forwarded as-it-is to ME without any alternation. All data from UICC shall be forwarded as-it-is to ME without any alternation. In ME-Connect mode USB-Interface module will by-pass all data to ME.
  • Fig. 7 shows data flow path in between PC (700) and UICC (701) through a USB interface module (705) in PC-connect mode.
  • the PC (700) is connected to the USB interface module (705) through a USB device driver (702).
  • the UICC (701) is connected to the USB interface module (705) through a USB host driver (703).
  • USB-Interface module In PC-connect mode, USB-Interface module will work in partial pass-through mode. All data from PC for ME-USB port shall be forwarded as-it-is to ME without any alternation (except enumeration). All data to or from UICC shall be handled by USB- Interface module. In PC-Connect mode USB-Interface module will by-pass data selectively to ME rest all data shall be routed to UICC.
  • USB-Interface module All low lever requests like reset; addressing and enumeration shall be handled by USB-Interface module. Depending on the operational mode, USB-Interface module will alter the enumeration data to be sent to PC. For PC-Connect mode, USB- Interface module will prepare enumeration data in such way, the USB-device port of ME will be enumerated as a USB composite device. All interface request for UICC interfaces shall be forwarded by USB-Interface module to UICC and corresponding replies will be reverted to PC.
  • FIG. 8 shows the bifurcation of NAND (803) storage of the UICC (800) to enable storage of secure Data in accordance to another embodiment of the present invention.
  • the UICC (800) comprises NAND storage unit (803).
  • the NAND storage (803) of UICC (800) is divided into two portions:
  • the un-secure portion (801) of the NAND storage unit (803) have a composite interface device that presents to a user an interface for receiving there-from an authentication key for accessing the secure data stored in the secure portion (802).
  • the UICC (800) have an access control means that receives the authentication key from the user interface and provides access to the secure portion (802) upon authentication.
  • the secure portion (802) of the UICC (800) storing the secure data is accessible by external device.
  • FIG. 9 is a flow diagram that details an example a method for accessing UICC resources, according to another embodiment of the present invention.
  • a request for access of the UICC from external device (ED) is received by the processor of mobile equipment (ME).
  • ME mobile equipment
  • This request may follow a step of authentication, wherein the processor establishes the selectively switchable path between the UICC and the ED after successful completion of the authentication of the ED.
  • a selectively switchable path between the UICC and ED for accessing the resources on the UICC is established. This step may include establishing a path between the UICC and the processor of the ME, the path is non- switchable type and being distinct from the selectively switchable path.
  • FIG 10 shows another embodiment of the present invention.
  • the processor 901 of the mobile equipment comprises a hardware layer and a hardware abstraction layer.
  • the processor 901 further comprises a normal execution environment 905 comprising applications (Appletl, Applet2) and further comprises a trusted execution environment 904 comprising trusted applications (Trustletl, Trustlet2).
  • the hardware abstraction layer as well as the normal execution environment 905 and the trusted execution environment 904 are build as software security modules.
  • the trusted execution environment 904 comprises privileged access to the UICC which is either build as a virtual UICC in form of a trustlet (not shown) or might be a hardware UICC as previously described.
  • the privileged access to the UICC is established through second communication link 906.
  • the trusted execution environment 904 further comprises privileged control over a USB interface via a trusted execution environment 904 controllable switch.
  • the switch selectively switches the communication link 907 to either the normal execution environment for accessing applications (Applet 1, Applet2) or resources of the mobile equipment or to the trusted execution environment 904 for accessing secure applications (trustletl, trustlet2) and exclusively accessing the UICC, which is a virtual UICC or a physical UICC.
  • a pre-loaded package such as secure-media-applet in the UICC is configured for security algorithms and security tokens which eventually on successful authentication will allow the mounting of secure media (partition).
  • a front-end GUI can be preloaded in USB MSD (un-secure partition) so that it would be readily available for user.
  • USB enumeration i.e. detecting, identifying and loading drivers for a USB device
  • USB CCID USB MSD
  • USB MSD-S interfaces USB Host
  • the USB MSD interface will mount only un-secure partition which will be interfaced without any security.
  • the USB MSD-S interface will not mount the media by default. It will show state as media un-mounted.
  • the front end for this interface will be a J2ME or similar application which can run on multiple ME operating systems, and has an ability to "talk" with Java applet (secure-media-applet) running on UICC over USB CCID or ISO 7816.
  • This front end will be stored on USB MSD (un-secured partition) so that it can be executed from ME with any authentication.
  • the secure- media-applets need to be installed on UICC.
  • the Secure-media-applet can be configured for security algorithm and key. To enable secured partition access, front end will provide a GUI so that user can enter key for authentication.
  • the Secure-media-applet needs a onetime installation.
  • the secure-media-applet will be pre-loaded package on the UICC and it would need "native" interface, as it has to deal with NAND memory access / OS based algorithms.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • a general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
  • a processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
  • the steps of a method described in connection with the embodiments disclosed herein may be interchanged, and not all steps need to be reached.
  • the steps of a method described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two.
  • a software module may reside in non-transitory memory, such as RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art, including semiconductor, optical, and/or magnetic storage mediums, including computer-readable storage mediums.
  • An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium.
  • the storage medium may be integral to the processor.
  • the processor and the storage medium may reside in an ASIC.
  • the ASIC may reside in a user terminal.
  • the processor and the storage medium may reside as discrete components in a user terminal.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to an apparatus and method for accessing resources on an security module (103) present in a mobile equipment (100) by an external device (ED) wherein the external device (ED) is electrically coupled to the mobile equipment (100), said method comprising the steps of receiving, by a processor (101) of the mobile equipment (100), a request for access of the security module (103) from the external device (ED) and establishing, by the processor (101) of the mobile equipment (100), a selectively switchable communication link (107) between the security module (103) and the external device (ED) for accessing the resources on the security module (103).

Description

SIM USB INTERFACE TO EXTERNAL WORLD
Field of Invention
The present invention relates to a security module and particularly, it relates to accessing secure applications on a security module by external devices.
Background of the Invention
Security modules, such as UICC are widely used today. E.g. a subscriber identity module (SIM) as UICC is widely used in a mobile communication terminal in the form of a removable SIM card or in form of an embedded module, non-removable installed in the mobile equipment. A Subscriber Identity Module (SIM) in general includes a memory which stores information for identification or authentication of subscribers at a specific communication network. Moreover, the SIM also include microprocessor which provide for an increased level of security over the information stored in the memory. SIM generally contain a variety of information related to the subscriber, including, for example, authentication algorithms and authentication keys for attaching the subscribed mobile network, a unique subscriber identity (IMSI) a unique phone number (MSISDN) and also personal data such as address books, text messages, voice messages, and other data. The use of security modules that provide information specific to an individual is becoming more prevalent in a number of different types of applications. Each system or equipment which employs security modules contains two fundamental components, namely the secure memory of the security module and an interface device, commonly known as a reader for establishing a communication o the security module.
Generally, SIM are designed to interact with and be accessed by only one device at a time. Because a SIM has its own processor, and because the GSM standard generally requires a relatively elaborate scheme for communicating with a SIM, interacting with and accessing data from the SIM is more complicated than just reading data out from a common memory device. Instead, the requesting device and the SIM are exchanging data and information according to standardized commands and responses via a strict master and slave relationship. However, the SIM processor is relatively simple, slow and very limited in its resources. Therefore it is not designed to switch back and forth between commands received from different master devices. Other devices external to the mobile equipment may interact with and access information on a given SIM, but such external devices typically access the SIM indirectly by being linked to the SIM through the processor of the mobile equipment in which the SIM is housed. Accessing the SIM through the processor of the mobile equipment is slow in data rates, since the processor of the mobile equipment has to establish the communication link on basis of ISO/IEC standard 7816. Furthermore the processor needs to interact between the external device and the SIM which causes additional delays. Since a normal processor of a mobile equipment might be infected by a virus, a trojan and other spy-software, such a communication link might not be secure, if sensitive data have to be transmitted from the external device to the SIM and backwards.
Due to the need to comply with the published standards, conventional security module readers turn out to be expensive equipment. Another limitation associated with conventional security module readers is that it provides relatively slow exchange of data between the security module and the reader or other peripheral devices leading to being not appropriate for graphical user interface, bulk data and internet applications.
Another drawback of existing standards is the inoperability with the security module in case the mobile equipments battery is low or the mobile equipments battery needs to be saved. Due to the forced communication link via the mobile equipments processor, a communication link from the external device to the security module can not be established in battery-down scenarios or consumes battery energy of the mobile equipment. Since the user might want to save battery energy of his mobile equipments no exhaustive communication link between the security module and the mobile equipment should be established. In case secure data - stored in the security module - are needed, e.g. for authentication/ identification purposes or data exchange, those data can not be reached, leading to inflexible use of the security module.
It is apparent that numerous innovations for security modules have been provided in the prior art. Many security module readers and interfaces are available and well known, but none of these meet the requirement of being cost effective, providing high speed at high data rates and secure routing through processor of mobile equipment. Thus, there exists a need to provide a method and apparatus that enables an external device to interact with security modules and access secure applications executing on thee security modules thereon by overcoming the above mentioned disadvantages.
Object of the Invention
An object of the present invention is to provide a security module interface for accessing security module resources by external devices.
Another object of the present invention is to provide mobile equipment for accessing security module resources by external devices.
Yet another object of the present invention is to provide a method for accessing security module resources by external devices.
Yet another object of the present invention is to provide a secure UICC.
Yet another object of the present invention is to bifurcate NAND storage of UICC.
Yet another object of the present invention is to provide access to a security module present in a mobile equipment in case the mobile equipment is in a power saving mode or in low battery mode or switched off.
Summary of the Invention
Accordingly, the present invention provides a method of accessing resources on a security module present in a mobile equipment by an external device, wherein the external device is electrically coupled to the mobile equipment , said method comprising the steps of: receiving, by a processor of the mobile equipment, a request for access of the security module from the external device and establishing, by the processor of the mobile equipment, a selectively switchable communication link between the security module and the external device for accessing the resources on the security module. The communication link is preferably a high data rate communication link, e.g. universal serial bus according to existing USB 1.0; USB 2.0 or USB 3.0 standards.
According to the invention the security module is a module reduced in size and resources comprising a central processing unit, at least one data interface for communication with the device and a storage area. This storage area might comprise secret data. The security module obtains features to prohibit manipulation and/or abuse attempts to read out the secret data. The secret data in the security module are for identification and / or authentication of a user at the device, a terminal or a network system.
The security module is for example a smart card, such as a UICC, a SIM, U-SIM, R- UIM or ISIM-card, an electronic identity document such as elD or ePassport, an electronic driver's license, electronic vehicle registration or a payment card, such as a credit or debit card.
In particular, the security module is a subscriber identity module for authentication / identification of a subscriber in a mobile radio network environment. Such subscriber identity modules are operated using a card reader units in a terminal and can be removed in principle from the terminal to be either exchanged for other smart cards or operated in a different terminal. Alternatively, the security module is an integral part within a terminal such as a hard-wired electronic module. Such security modules are also embedded as UICC, eUICC, or embedded secure element, ESE refers. In this configuration, these modules are not provided for security of supply from the terminal and cannot in principle be easily replaced.
Alternatively, the security module is a machine-to-machine module. These modules are used for remote monitoring, control and maintenance of devices or equipment such as machinery, equipment and systems. Alternatively those modules are used for counting units such as electric meters, water meters, so-called smart meters.
Alternatively, the security module as a software component in a trusted part of an operating system, called a Trusted Execution Environment (TEE) of a device. The security module is then designed, for example within a secure runtime environment. The security module is operable by means of the mobile equipment. The mobile equipment according to the present invention comprises means for communicating with a communication network. The mobile equipment might be a mobile device, like a smart phone, a tablet PC, a notebook, a PDA, a smartlet, a netbook and so on.
Alternatively the mobile equipment is a multimedia device such as digital picture frame, audio equipment, a TV, a set top box, e-book reader and so on. By way of example, the term mobile equipment also includes any kind of machinery, like automats, vehicles, smart-meters and so on.
The mobile equipment is configured to communicating over a communications network. In particular, for obtaining services - such as speech or data transmission services - from the communications network the equipment has to identify and/or authenticate itself on the network. In particular, this invention belongs to the field of wireless communication networks such as the "Global System for Mobile Communications," GSM, representing the second generation or the "General Packet Radio Service", GPRS or "Universal Mobile Telecommunications System," UMTS represents the third generation or "Long term Evolution", LTE, representing the fourth generation of cellular based mobile networks as well as other cellular communications systems using Code Division Multiple Access, CDMA or Customised Applications for Mobile network Enhanced Logic, CAMEL.
A communication link according to the invention is defined as the means of connecting one entity to another for the purpose of transmitting and receiving information. It can also refer to a set of electronic assemblies, consisting of a transmitter and a receiver and the interconnecting data communication circuit. The communication link is either a physical communication path, build of electrical coupled connections or is either governed by a communication link protocol enabling digital data to be transferred from one entity to the other.
The term selectively switchable communication link refers to a communication link which can be switched by a switching means. The switching means selects, whether the link between the security module and the external device is to be established or not. Resources of the security modules in the sense of the invention are for instance data interfaces for data input and output data, one or more central processing units CPU, a volatile memory as RAM and non-volatile memory areas in particular, ROM EEPROM or FLASH of the security module. Applications and Files on the security module or remote from external devices need to be access those system resources during their execution. These system resources are mainly managed by the firmware of the security module. The firmware therefore is an interface between applications of the security module and the system resources of the security module.
In an embodiment of the present invention, said method further comprising the steps of establishing (and/or providing) a second communication link between the security module and the processor of the mobile equipment , said second communication link being distinct from the selectively switchable communication link. In particular the second communication link is based on an ISO/IEC 7816 standardized communication between processor and security module.
In an alternative embodiment of the present invention, a method of accessing resources on a security module present in a mobile equipment by an external device is proposed, wherein the external device is electrically coupled to the mobile equipment and wherein the processor of the mobile equipment is inactive, said method comprising the steps of: receiving, by a processor of the external device, a request for access of the security module and establishing, by the processor of the external device, a selectively switchable communication link between the security module and the external device for accessing the resources on the security module.
An inactive processor of the mobile equipment herein means, that the processor is not responding to a request or communication signal from the external device. An inactive processor of the mobile equipment can occur in a power saving mode of the mobile equipment. An inactive processor of the mobile equipment can occur in a low battery mode of the mobile equipment. An inactive processor of the mobile equipment can occur in a power down or switch-off mode of the mobile equipment.
In another embodiment of the present invention, applications and/or resources of the mobile equipment operatively communicate with the security module through the communication link between the security module and the processor of the mobile equipment.
In another embodiment of the present invention, said method further comprising a step of authentication, wherein the processor of the mobile equipment establishes the selectively switchable communication link between the security module and the external device after successful completion of the authentication of the external device.
In another embodiment of the present invention, access of the security module resources by the external device via the selectively switchable communication link is independent of the resources of the mobile equipment.
In another embodiment of the present invention, the selectively switchable communication link by-passes the processor of the mobile equipment.
According to another embodiment of the present invention, a mobile equipment, comprising an security module, allowing access to resources on the security module by an external device, wherein the external device is electrically coupled to the mobile equipment, said mobile equipment comprising a processor comprising: a receiving unit configured to receiving a request for accessing resources on the security module from the external device and an establishing unit configured to establishing within the mobile equipment a selectively switchable communication link between the security module and the external device for accessing the resources on the security module.
In an embodiment of the present invention, the mobile equipment further comprising a second communication link between the security module and the processor of the mobile equipment, said second communication link being distinct from the selectively switchable communication link. In particular the second communication link is non- switchable for the external device and a communication link for data transmission between the security module and the processor of the mobile equipment only. It is in particular an ISO/IEC 7816 standardized communication link. In another embodiment of the present invention, the mobile equipment further comprises applications and/or resources, wherein these applications and/or resources are configured to operatively communicate with the security module through the second communication link between the security module and the processor of the mobile equipment.
In another embodiment of the present invention, the establishing unit of the processor of the mobile equipment is configured to establishing the selectively switchable communication link between the security module and the external device after successful authentication of the external device.
In another embodiment of the present invention, access of the security module resources by the external devices via the selectively switchable communication link is independent of the resources of the mobile equipment. Therefore the processor of the mobile equipment can be inactive or deactivated for accessing of resources of the security module through the external device.
In another embodiment of the present invention, the selectively switchable communication link by-passes the processor of the mobile equipment.
In another embodiment of the present invention, the selectively switchable communication link further comprises a hub device, wherein the hub device is coupleable in between the external device and to the security module on the other side via a switch, wherein the switch is configured to operatively couple the processor of the mobile equipment to the security module and is further configured to operatively couple the security module to the external device.
In another embodiment of the present invention, the hub device is a composite Universal Serial Bus interface device providing at least a Universal Integrated Circuit Card - Chip Card Interface Device (USB-UICC-CCID) interface, and/or a Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device (USB-UICC- MSD) interface; and/or a Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device Secure (USB-UICC-MSD-S) interface. In another embodiment of the present invention, the processor of the mobile equipment comprises a normal execution environment and a trusted execution environment, wherein the trusted execution environment establishes the selectively switchable communication link for exclusive communication between the security module and the external device.
According to another embodiment of the present invention, a secure Universal Integrated Circuit Card for use with a mobile equipment, said UICC comprising NAND storage unit divided into an un-secure portion for storing of non-secure data and a secure portion for storing of secure data, wherein the un-secure portion of the NAND storage unit further comprises a composite interface device configured to receiving an authentication key for accessing the secure data stored in the secure portion.
In another embodiment of the present invention, the UICC further comprises an access control unit configured to receiving the authentication key from the interface device and configured to providing access to the secure portion upon authentication.
In another embodiment of the present invention, the secure portion of the UICC is configured to storing the secure data accessible by an external device wherein the external device is electrically coupled to the mobile equipment.
Brief description of the drawings
Further aspects and advantages of the present invention will be readily understood from the following detailed description with reference to the accompanying drawings, where like reference numerals refer to identical or functionally similar elements throughout the separate views. The figures together with the detailed description below, are incorporated in and form part of the specification, and serve to further illustrate the aspects and explain various principles and advantages, in accordance with the present invention wherein:
Figures 1 and 2 represent block diagram of an apparatus in accordance with one or more embodiment of the present invention;
Figure 3 represents an apparatus in accordance to another embodiment of the present invention; Figure 4 represents an apparatus in accordance to yet another embodiment of the present invention;
Figure 5 represents a block diagram for data flow path in accordance to yet another embodiment of the present invention;
Figure 6 represents a block diagram for data flow path in accordance to yet another embodiment of the present invention;
Figure 7 represents a block diagram for data flow path in accordance to yet another embodiment of the present invention; and
Figure 8 represents structure of storage device in accordance to yet another embodiment of the present invention.
Figure 9 represents a flow diagram of example method in accordance with another embodiment of the present invention.
Figure 10 represents an apparatus of yet another embodiment of the present invention.
Skilled artisans will appreciate that elements in the drawings are illustrated for simplicity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the drawings may be exaggerated relative to other elements to help to improve understanding of aspects of the present invention.
Detailed description of the invention
While the invention is susceptible to various modifications and alternative forms, specific embodiment thereof has been shown by way of example in the drawings and will be described in detail below. It should be understood, however that it is not intended to limit the invention to the particular forms disclosed, but on the contrary, the invention is to cover all modifications, equivalents, and alternative falling within the spirit and the scope of the invention as defined by the appended claims.
The method steps have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having benefit of the description herein. The terms "comprises", "comprising", or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such process, method. Similarly, one or more elements in a system or apparatus proceeded by "comprises... a" does not, without more constraints, preclude the existence of other elements or additional elements in the system or apparatus.
The features of the present invention are set forth with particularity in the appended claims. The invention itself, together with further features and attended advantages, will become apparent from consideration of the following detailed description, taken in conjunction with the accompanying drawings. One or more embodiments of the present invention are now described, by way of example only, with reference to a specific example of UICC. The invention is by no means bound by this particular example.
The main purpose of the present invention is to provide a physical interface to a security module for an external device and to enable the external device to use secure applications executing on said security module. The present invention introduces a change in present mobile equipment hardware. The additional components are USB hub and an analog switch.
Figures 1 and 2, shows the structure of mobile equipment (100 or 200) in accordance to an embodiment the present invention. The mobile equipment (100 or 200) comprises a processor (101 or 201) and a UICC (103 or 203). The processor (101 or 201) is coupled to the UICC (103 or 203) through a second communication link (106, 208) as standardized in ISO/IEC 7816, an analog switch (104 or 204) and a Contactless Front end (102 or 202) via single wire protocol (SWP). The ME (100 or 200) also includes a USB hub (105 or 205) for establishing a communication link (107, 207) between the UICC (103 or 203) and external devices (ED). The communication link (107, 207) is established as a wired path in the mobile equipment (100 or 200). The processor (101 or 201) of the ME (100 or 200) is configured to receiving a request to access resources on the UICC (103 or 203) by an external device. Also, the processor (101 or 201) establishes within the ME (100 or 200) the selectively switchable communication link (107, 207) between the UICC (103 or 203) and the external device (ED) for accessing the resources on the UICC (103 or 203) after a successful authentication of the ED. The switchable communication link (107, 207) between the UICC (103 or 203) and ED is to provide access of UICC (103 or 203) resources independent of the resources of the ME (100 or 200) by bypassing the processor (101 or 201) of the ME (100 or 200). The selectively switchable communication link (107, 207) comprises the USB hub (105 or 205) coupled to the ED on one side and to the UICC (103 or 203) on the other side via the switch (104 or 204). The switch (104 or 204) is coupled to the processor (101 or 201) of the ME (100 or 200) and is controlled by the processor (100 or 200) for establishing the selectively switchable communication link (107, 207) between the UICC (103 or 203) and the ED. The communication link (107, 207) is different from the second communication link (106, 208) since additional wired paths are necessary to electrically couple the ED to the UICC independent from the processor (101, 201)) of the mobile equipment (100 or 200)
Further, the ME (100 or 200) comprises the second communication link (106, 208) between the UICC (103 or 203) and the processor (101 or 201) of the ME (100 or 200) according to the ISO/IEC 7816 standard. This second communication link (106, 208) is of a non-switchable type and is distinct from the selectively switchable communication link (107, 207). The non-switchable type communication link (106, 208) between UICC (103 or 203) and the processor (101 or 201) of ME (100 or 200) is established to communicate applications / resources of the ME (100 or 200) with the UICC (103 or 203). The communication link (106, 208) between the UICC (103 or 203) and the ME (100 or 200) can be disconnected for a direct data transfer between the ED and the UICC (103, 203) through the selectively configured communication link (107, 207).. Alternatively the ME (100 or 200) would still communicate to UICC through ISO 7816 over the second communication link (106, 208). The USB hub (105 or 205) is a composite interface device providing, by way of non- limiting example, Universal Serial Bus - Universal Integrated Circuit Card - Chip Card Interface Device (USB-UICC-CCID) interface, Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device (USB-UICC-MSD) interface; and Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device Secure (USB-UICC-MSD-S) interface.
This embodiment is focused on the UICC (103 or 203) interface to external world through the USB hub (105 or 205) and the analog switch (104 or 204) realized in hardware. The USB hub (105 or 205) will provide a means by which UICC can be connected to ME or PC or other USB master entity. The interface module works in two modes: ME-connect mode and PC-connect mode.
As can be seen in Figure 2, the communication link (107, 207) further comprises voltage supply. In case the mobile equipments (100, 200) battery is low, and/or the mobile equipment (100, 20) is switched off and/or the mobile equipment (100, 200) is in a power saving mode, configured to not supplying the UICC with supply energy, a data transfer and accessing the resources of the UICC (103, 203) is still possible with the energy supply of the external device (ED). So a bypassing of the mobile equipments (100, 200) processor (101, 201) is achieved which leads to a higher security and a higher data rate communication.
Figure 3 shows the structure of mobile equipment (300) in ME- connect mode in accordance to another embodiment the present invention. The mobile equipment (ME) (300) comprises a processor (301), a UICC (303) and a USB hub (305). The processor (301) is coupled to UICC (303) through second communication link (306) realized in ISO/IEC 7816 standards, analog switch (304) and Contactless Front End (302) via Single Wire Protocol. The switch (304) is coupled to the processor (301) of the ME (100 or 200) and is controlled by the processor (301). The ME (300) comprises a second communication link (306) between the UICC (303) and the processor (301) of the ME (300) the path is of a non-switchable type and is distinct from the selectively switchable communication link (307). The non-switchable type second communication link (306) between UICC (303) and the processor (301) of the ME (300) is established to communicate applications / resources of the ME (300) with the UICC (303).
In ME-connect mode, USB-Interface module (USB HUB and switch) will work as USB compound device but only ME will be detected by external world. UICC USB device will be connected ME processor and will not be connected to USB HUB. Initially USB HUB will be enumerated by external world and later ME may be enumerated as USB composite device.
Figure 4 shows the structure of mobile equipment (400) in accordance to another embodiment the present invention. The mobile equipment (ME) (400) comprises a processor (401) and a UICC (403). The processor (401) is coupled to the UICC (403) through ISO 7816 and Contactless Front end (402) via SWP. The ME (400) also includes a USB hub (405) for establishing a communication link (407) between the UICC (403) and the external device (ED).
The processor (401) of the ME (400) receives a request to access resources on the UICC (403) by the external device. Also, the processor (401) establishes within the ME (400) a selectively switchable communication link (407) between the UICC (403) and the ED for accessing the resources on the UICC (403) after a successful authentication of the ED. The switchable communication link (407) between the UICC (403) and ED is to provide access of UICC (403) resources independent of the resources of the ME (400) by bypassing the processor (401) of the ME (400). The selectively switchable communication link (407) comprises the USB hub (405) coupled to the ED on one side and to the UICC (403) on the other side via a switch (404). The switch (404) is coupled to the processor (401) of the ME (400) and is controlled by the processor (400) for establishing the selectively switchable communication link (407) between the UICC (403) and the ED.
Further, the ME (400) comprises a second communication link (406) between the UICC (403) and the processor (401) of the ME (400) the second communication link (406) is of a non-switchable type and is distinct from the selectively switchable communication link (407). The non-switchable type second communication link (406) between UICC (403) and the processor (401) of ME (400) is established to communicate applications / resources of the ME (400) with the UICC (403). The second communication link (406) between the UICC (403) and the ME (400) can be disconnected and can be connected to USB hub to establish the interface between UICC (403) and the ED. Alternatively the ME (400) can still communicate to UICC through ISO 7816 over the second communication link (406).
The USB hub (405) is a composite interface device providing by way of example, Universal Serial Bus - Universal Integrated Circuit Card - Chip Card Interface Device (USB-UICC-CCID) interface, Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device (USB-UICC-MSD) interface; and Universal Serial Bus - Universal Integrated Circuit Card - Mass Storage Device Secure (USB- UICC-MSD-S) interface.
In PC-connect mode, USB-Interface module (USB HUB and switch) will work as USB compound device, where in ME and UICC may be detected as independent composite USB devices. All enumeration of devices will be handled by individual devices. Initially USB HUB will be enumerated and eventually ME and UICC will be enumerated.
Figures 5 - 7 shows the structure of mobile equipment and the data flow-paths in accordance to another embodiment of the present invention. This embodiment is focused on the UICC interface to external world through an USB hub and an analog switch realized in secure trusted execution environment TEE. The software hub will provide a means by which UICC can be connected to ME or PC or other USB master entity. The figs. 5-7 show the data flow-paths in ME-connect mode and PC-connect mode.
Figure 5 shows a data flow path in between a PC as the external device (500) and UICC (501) through a USB interface module (505). The PC (500) is connected to the USB interface module (505) through a USB device driver (502). The UICC (501) is connected to the USB interface module (505) through a USB host driver (503).
The USB-device-port of ME is used as composite USB device which will have multiple USB interfaces. E.g. Interface 0: ME (Standard ME features like USB MSD, ME PC connect etc.), Interface 1 : UICC Shared Interface 1, Interface 2: UICC Shared Interface 2. All other modules are already present in the ME which are supporting the USB Device and USB Host interfaces. USB-Interface module is a kind of bridge/router between ME application which handles ME-PC and ME-UICC (USB) interface. The USB-interface module works in two modes: ME-connect mode and PC- connect mode.
Fig. 6 shows data flow path in between PC (600) and UICC (601) through a USB interface module (605) in ME-connect mode. The PC (600) is connected to the USB interface module (605) through a USB device driver (602). The UICC (601) is connected to the USB interface module (605) through a USB host driver (603).
In ME-connect mode, USB-Interface module shall work in a pass-through mode. All data from PC shall be forwarded as-it-is to ME without any alternation. All data from UICC shall be forwarded as-it-is to ME without any alternation. In ME-Connect mode USB-Interface module will by-pass all data to ME.
Fig. 7 shows data flow path in between PC (700) and UICC (701) through a USB interface module (705) in PC-connect mode. The PC (700) is connected to the USB interface module (705) through a USB device driver (702). The UICC (701) is connected to the USB interface module (705) through a USB host driver (703).
In PC-connect mode, USB-Interface module will work in partial pass-through mode. All data from PC for ME-USB port shall be forwarded as-it-is to ME without any alternation (except enumeration). All data to or from UICC shall be handled by USB- Interface module. In PC-Connect mode USB-Interface module will by-pass data selectively to ME rest all data shall be routed to UICC.
All low lever requests like reset; addressing and enumeration shall be handled by USB-Interface module. Depending on the operational mode, USB-Interface module will alter the enumeration data to be sent to PC. For PC-Connect mode, USB- Interface module will prepare enumeration data in such way, the USB-device port of ME will be enumerated as a USB composite device. All interface request for UICC interfaces shall be forwarded by USB-Interface module to UICC and corresponding replies will be reverted to PC.
Figure 8, shows the bifurcation of NAND (803) storage of the UICC (800) to enable storage of secure Data in accordance to another embodiment of the present invention. The UICC (800) comprises NAND storage unit (803). The NAND storage (803) of UICC (800) is divided into two portions:
• an un-secure portion (801) for storing non-secure data and
• a secure portion (802) for storing secure data.
The un-secure portion (801) of the NAND storage unit (803) have a composite interface device that presents to a user an interface for receiving there-from an authentication key for accessing the secure data stored in the secure portion (802). Further, the UICC (800) have an access control means that receives the authentication key from the user interface and provides access to the secure portion (802) upon authentication. The secure portion (802) of the UICC (800) storing the secure data is accessible by external device.
Figure 9 is a flow diagram that details an example a method for accessing UICC resources, according to another embodiment of the present invention. At 901, a request for access of the UICC from external device (ED) is received by the processor of mobile equipment (ME). This request may follow a step of authentication, wherein the processor establishes the selectively switchable path between the UICC and the ED after successful completion of the authentication of the ED. At 902, upon authentication of the ED, a selectively switchable path between the UICC and ED for accessing the resources on the UICC is established. This step may include establishing a path between the UICC and the processor of the ME, the path is non- switchable type and being distinct from the selectively switchable path.
Figure 10 shows another embodiment of the present invention. The processor 901 of the mobile equipment comprises a hardware layer and a hardware abstraction layer. The processor 901 further comprises a normal execution environment 905 comprising applications (Appletl, Applet2) and further comprises a trusted execution environment 904 comprising trusted applications (Trustletl, Trustlet2). The hardware abstraction layer as well as the normal execution environment 905 and the trusted execution environment 904 are build as software security modules. The trusted execution environment 904 comprises privileged access to the UICC which is either build as a virtual UICC in form of a trustlet (not shown) or might be a hardware UICC as previously described. The privileged access to the UICC is established through second communication link 906. The trusted execution environment 904 further comprises privileged control over a USB interface via a trusted execution environment 904 controllable switch. The switch selectively switches the communication link 907 to either the normal execution environment for accessing applications (Applet 1, Applet2) or resources of the mobile equipment or to the trusted execution environment 904 for accessing secure applications (trustletl, trustlet2) and exclusively accessing the UICC, which is a virtual UICC or a physical UICC.
A pre-loaded package such as secure-media-applet in the UICC is configured for security algorithms and security tokens which eventually on successful authentication will allow the mounting of secure media (partition). A front-end GUI can be preloaded in USB MSD (un-secure partition) so that it would be readily available for user.
Assuming UICC is presently able to communicate with Mobile Equipment (ME): After USB enumeration i.e. detecting, identifying and loading drivers for a USB device, USB CCID, USB MSD and USB MSD-S interfaces will be detected by USB Host (ME). The USB MSD interface will mount only un-secure partition which will be interfaced without any security.
The USB MSD-S interface will not mount the media by default. It will show state as media un-mounted. The front end for this interface will be a J2ME or similar application which can run on multiple ME operating systems, and has an ability to "talk" with Java applet (secure-media-applet) running on UICC over USB CCID or ISO 7816. This front end will be stored on USB MSD (un-secured partition) so that it can be executed from ME with any authentication. For the first usage, the secure- media-applets need to be installed on UICC. The Secure-media-applet can be configured for security algorithm and key. To enable secured partition access, front end will provide a GUI so that user can enter key for authentication. The Secure-media-applet needs a onetime installation. During the installation user can provide information about security algorithm and key, which can be passed as installation parameters. The secure-media-applet will be pre-loaded package on the UICC and it would need "native" interface, as it has to deal with NAND memory access / OS based algorithms.
Those of skill would appreciate that the various illustrative logical blocks, components, modules and method steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The various illustrative logical blocks, components, and modules described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. The steps of a method described in connection with the embodiments disclosed herein may be interchanged, and not all steps need to be reached. The steps of a method described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in non-transitory memory, such as RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art, including semiconductor, optical, and/or magnetic storage mediums, including computer-readable storage mediums. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
While the particular preferred embodiments of the present invention have been shown and described, it will be obvious to those skilled in the art that changes and modifications may be made without departing from the teachings of the invention. It is therefore contemplated that the present invention cover any and all modifications, variations or equivalents that fall within the scope of the basic underlying principles disclosed above and claimed herein.

Claims

WE CLAIM:
1. A method of accessing resources on a security module (103) present in a mobile equipment (100) by an external device (ED), wherein the external device (ED) is electrically coupled to the mobile equipment (100), said method comprising the steps of:
receiving, by a processor (101) of the mobile equipment (100), a request for access of the security module (103) from the external device (ED); and
establishing, by the processor (101) of the mobile equipment (ME), a selectively switchable communication link (107) between the security module (103) and the external device (ED) for accessing the resources on the security module (103).
2. The method as claimed in claim 1, further comprising the step of establishing a second communication link (106)between the security module (103) and the processor (101) of the mobile equipment (100), said second communication link (106) being distinct from the selectively switchable communication link (107). The processor (101) may be a single processor or a group of individual modules which eventually become processing unit of ME(100).
3. The method as claimed in claim 2, wherein applications and/or resources of the mobile equipment (100) operatively communicate with the security module (103) through the second communication link (106) between the security module (103) and the processor (101) of the mobile equipment (100) .
4. The method as claimed in claim 1, further comprising a step of authentication, wherein the processor (101) of the mobile equipment (100) establishes the selectively switchable communication link (107) between the security module (103) and the external device (ED) after successful completion of the authentication of the external device (ED).
5. The method as claimed in claim 1, wherein access of the resources of the security module (103) by the external device (ED) via the selectively switchable communication link (107) is independent of the resources of the mobile equipment (100).
6. A mobile equipment (100), comprising an security module (103), allowing access to resources on the security module (103) by an external device (ED), wherein the external device (ED) is electrically coupled to the mobile equipment (100), said mobile equipment (100) comprising a processor (lOl)comprising:
a receiving unit configured to receiving a request for accessing resources on the security module (103) from the external device (ED); and
an establishing unit, configured to establishing within the mobile equipment (100) a selectively switchable communication link (107) between the security module (103) and the external device (ED) for accessing the resources on the security module (103).
7. The mobile equipment (100) as claimed in claim 6, further comprising a second communication link (106) between the security module (103) and the processor (101) of the mobile equipment (100), said second communication link (106) being distinct from the selectively switchable communication link (107).
8. The mobile equipment (100) as claimed in claim 7, further comprising applications and/or resources wherein these applications and/or resources are configured to operatively communicate with the security module (103) through the second communication link (106) between the security module (103) and the processor (101) of the mobile equipment (100).
9. The mobile equipment (100) as claimed in claim 6, wherein the establishing unit of the processor (101) is further configured to establish the selectively switchable communication link (107) between the security module (103) and external device (ED) after successful authentication of the external device (ED).
10. The mobile equipment (100) as claimed in claim 6, wherein the access of the resources of the security module (103) by the external device (ED) via the selectively switchable communication link (107) is independent of the resources of the mobile equipment (ME).
1 1. The mobile equipment (100) as claimed in claim 6, wherein the selectively switchable communication link (107) by-passes the processor (101) of the mobile equipment (100).
12. The mobile equipment (100) as claimed in claim 11, wherein the selectively switchable communication link (107) comprises a hub device (105), wherein the hub device is coupleable in between the external device (ED) and the security module (103) via a switch (104), wherein the switch (104) is configured to operatively couple the processor (101) of the mobile equipment to the security module and is further configured to operatively couple the security module (103) to the external device (ED).
13. The mobile equipment (100) as claimed in claim 11, wherein the hub device (105) is a generic USB HUB or module which acts like USB HUB..
14. The mobile equipment (100) as claimed in claim 6, wherein the processor (101) comprises a normal execution environment (905) and a trusted execution environment (904) and wherein the trusted execution environment establishes the selectively switchable communication link (907) for exclusive communication between the security module (103) and the external device (ED).
15. A secure Universal Integrated Circuit Card (800) for use with a mobile equipment (100), said UICC (800) comprising NAND storage unit (803) divided into an un-secure portion (801) for storing of non-secure data and a secure portion (802) for storing of secure data, wherein the un-secure portion (801) of the NAND storage unit (803) further comprises a interface device (804) configured to receiving an authentication key for accessing the secure data stored in the secure portion (802).
16. The secure Universal Integrated Circuit Card (800) as claimed in claim 15, wherein the UICC (800) further comprises an access control unit (805) configured to receiving the authentication key from the interface device (804) and configured to providing access to the secure portion (802) upon authentication.
17. The secure Universal Integrated Circuit Card (800) as claimed in claim 15, wherein the secure portion (802) of the UICC (800) is configured to storing the secure data accessible by an external device (ED), wherein the external device (ED) is electrically coupled to the mobile equipment (100).
EP13776418.9A 2012-10-11 2013-10-09 Sim usb interface to external world Ceased EP2907070A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN2984MU2012 2012-10-11
PCT/EP2013/003036 WO2014056611A1 (en) 2012-10-11 2013-10-09 Sim usb interface to external world

Publications (1)

Publication Number Publication Date
EP2907070A1 true EP2907070A1 (en) 2015-08-19

Family

ID=49354623

Family Applications (1)

Application Number Title Priority Date Filing Date
EP13776418.9A Ceased EP2907070A1 (en) 2012-10-11 2013-10-09 Sim usb interface to external world

Country Status (2)

Country Link
EP (1) EP2907070A1 (en)
WO (1) WO2014056611A1 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1329787B1 (en) * 2002-01-16 2019-08-28 Texas Instruments Incorporated Secure mode indicator for smart phone or PDA
US8150452B2 (en) * 2007-11-16 2012-04-03 Standard Microsystems Corporation Providing a connection between a memory medium of a mobile device and an external device
KR101329014B1 (en) * 2008-10-30 2013-11-12 삼성전자주식회사 Apparatus and method for controlling mode of switching ic in a portable device
US20100312926A1 (en) * 2009-06-03 2010-12-09 Silicon Storage Technology, Inc. Switch for a two way connection between a removable card, a mobile wireless communication device, or a computer
KR20100133184A (en) * 2009-06-11 2010-12-21 삼성전자주식회사 Solid state drive device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None *
See also references of WO2014056611A1 *

Also Published As

Publication number Publication date
WO2014056611A1 (en) 2014-04-17

Similar Documents

Publication Publication Date Title
US11212674B2 (en) Control method of secure module connected to a plurality of processors and electronic device for implementing the same
US9609458B2 (en) Mobile radio communication devices, servers, methods for controlling a mobile radio communication device, and methods for controlling a server
CN107533621B (en) Mobile payment device and method
EP2731381B1 (en) Method for changing the mobile network operator in an embedded sim on basis of special privilege
US10194318B2 (en) Systems and methods for NFC access control in a secure element centric NFC architecture
US11963004B2 (en) Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit
US10311246B1 (en) System and method for secure USIM wireless network access
US8745187B2 (en) System and method for installing smart card applet
US20160269891A1 (en) System and Method for Multi-SIM Profiles or Embedded SIM
US9635549B2 (en) Providing subscriber identity module function
CN108476223B (en) Method and apparatus for SIM-based authentication of non-SIM devices
US10880739B2 (en) Protection of a communication channel between a security module and an NFC circuit
US10387219B2 (en) Enabling multiple secure elements in a card computing device
JP2019504553A (en) Embedded subscriber identification module including communication profile
EP3286934B1 (en) System and method for managing logical channels for accessing several virtual profiles in a secure element
EP4152791A1 (en) Electronic device and method for electronic device to provide ranging-based service
CN111404706A (en) Application downloading method, secure element, client device and service management device
US20200296573A1 (en) Electronic device and method for managing an ic card with multiple sim profiles
EP3210403B1 (en) Method of sending data from a secure token to a distant server
US20210120423A1 (en) Method for Improved Memory Utilization of NB-IoT UE with Integrated Subscriber Identity Module During Provisioning
WO2014056611A1 (en) Sim usb interface to external world
US11934329B2 (en) NFC and UWB communications
EP2950556A1 (en) Application controlled security element selection
US9495548B2 (en) Method for routing a message
JP6907411B2 (en) How to manage anti-tamper devices with multiple software containers

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20150511

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: GIESECKE+DEVRIENT MOBILE SECURITY GMBH

17Q First examination report despatched

Effective date: 20180726

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20180929