5 Security functionality in the USAT Interpreter System

31.1123GPPRelease 8TSUniversal Subscriber Identity Module Application Toolkit (USAT) interpreter architecture description

One of the main requirements of the USAT Interpreter is the security functionality. Transport layer security is offered between different USAT Interpreter System components. The end-to-end security is offered between the USAT Interpreter and the Application provider.

5.1 Transport Layer Security

Figure 4 USAT Interpreter Transport Layer Security Model

The transport layer security is provided by three independent point-to-point protocols. On the link between the USAT Interpreter and the Security Node transport security according to TS 31.114 [3] shall be used.

The transport layer security on links number 2 and 3 in the picture are beyond the scope of the present document. On the link between the Security Node and the Gateway, some internal security should be used. On the link between the Gateway and the Application system, some security should be used. For example, SSL may be used on this link.

5.2 End-to-end Security

Figure 5: USAT Interpreter End-to-end Security model

End-to-end security is provided between the USAT Interpreter and the Application system (application layer security). End-to-end infrastructures based on both symmetric and asymmetric cipher algorithms can be supported by the USAT Interpreter system.

Byte codes to manage end-to-end security are specified in TS 31.113 [2]. These byte codes shall provide means for:

 Key identification;

 Certificate management;

 Selection of algorithms and security features;

 Integrity of the content;

 Integrity of message sequence;

 Confidentiality of message contents;

 Authentication / Signing of messages;

 Authentication of the user;

 Mechanisms against replay attacks.

The Application system shall provide means to manage end-to-end security, however this is beyond the scope of the present document.

5.2.1 Symmetric Security

The symmetric end-to-end security on the application layer is specified in TS 31.113 [2].

5.2.2 Asymmetric Security

The asymmetric end-to-end security on the application layer is specified in TS 31.113 [2].