mexemexe. 2 outline 2g and 3g services what is mexe ? example mexe services mexe functionality mexe...
TRANSCRIPT
MEXEMEXEMEXEMEXE
2
Outline
•2G and 3G Services•What is MExE ?•Example MExE services•MExE functionality•MExE security•MExE secure transfer•MExE timetable and summary
3
2G mobile services
• core network supplementary services (e.g. call forwarding, call barring, call diversion etc.)
• limited, expensive to develop, difficult to deploy
• all operators with same bland standardised services
• little scope for operators to differentiate
• tariffs are principle differentiators
4
3G mobile multimedia
mobile phones fully internet integrated
–internet and multimedia services, on the move
– by 2005 more people will be interacting with the WWW via wireless devices than traditional computers
• operator and third party multimedia services
• generally no services standardised, but enabled using 3GPP services toolkits (e.g. services toolkits (e.g. MExE MExE, CAMEL, USAT, OSA) and IP/IT toolkits)
• new personalised multimedia services rapidly developed to differentiate from competitors
5
Services toolkits in 3G networks
6
MExE Overview
•standardised execution environments in a mobile phone
WAP PersonalJava CLDC/MIDP Java
Applicable to 3G, non-3G, cordless and fixed environments•IT/IP multimedia services running on mobile phones
write once, execute on many mobile phones
• transfer of multimedia services up/downloading, network/3rd party, MExE-to-MExE services
•standardised negotiation of capabilities with servers i.e. device type, screen size, memory, bearers etc.
7
MExE Service Scenarios
8
MExE Architecture
9
Example MExE Device
10
Example MExE services
11
Example MExE services
12
Example MExE Services
13
Example MExE Services
14
Example MExE Services
15
Example MExE Services
s
16
MExE Functionality
17
MExE Functionality
18
MExE Functionality
19
MExE Functionality
20
MExE Functionality
21
MExE Summary
Reconfigurability Reconfigurability Reconfigurability Reconfigurability
23
Outline
Why Reconfigurabillity? Reconfigurability Perspective Road-map Main challenges for
Reconfigurability implementation Synthesis
24
Why Reconfigurabillity?
Various user profiles
Various terminal profiles
Network
Various access and network capabilities
Reconfigurability/adaptability Reconfigurability/adaptability management Ubiquitous Service management Ubiquitous Service
provisionprovision
Complexity for profile interpretation, policy enforcement, protocol
download etc.
ServiceSP
SP
Various service profiles
Various service
providers
Service Provider
25
Reconfigurability & Adaptability- Key Enablers of systems integration and advanced service provision for 3G/4G
2G2G 3G3G 4G4G
Internet
26
Service provision in 2G networks has been mainly based on voice services
“Closed” business model support
Limited operator differentiation
Limited set of offered services
Mobile service provision is facing important advancements
“Re-configurability is a concept that embraces advanced new capabilities in service provision and support and extends them to cover more challenging possibilities including the reconfiguration of mobile terminal capabilities, the dynamic adaptation of the communication protocol stacks or even the re-definition of the physical layer of the PLNM”
Current Status
Reconfigurability Perspective
27
Support for flexible business models with novel dynamic servicesConvergence towards an IP-based core network and ubiquitous,
seamless access between 2G, 3G, broadband and broadcast wireless access schemes, augmented by self-organizing network schemes and short range connectivity between intelligent communication appliances
Dynamic service registration, deployment and update by Service Providers (SPs)
Dynamic user registrationSupport for QoS, flexible security schemesSupport for flexible charging/accounting modelsAdvanced profile management
(user/service/network/terminal/charging/security)Context aware and adaptable service deploymentAdvanced Service discovery - based on various parameters, e.g.:
Terminal capabilitiesUser profileService profileLocation etc.
Beyond 3G
Reconfigurability Perspective
28
Terminal, networks, services and regulation evolutions
Road-map
Circuit Switched
PacketSwitched
Convergent, reconfigurable
Self Organising
1-Mode(Multiband)
2G/3G DualMode
Composite Multimode
Fully Software Definable
Static Spectrum Allocation
Limited SpectrumSharing
Dynamic and Flexible Spectrum Allocation
201020052000
Limited, static Flexible, reconfigurable service provision
Adaptable, ubiquitous service provision
29
Main challenges for Reconfigurability implementation
Flexible service provision:
• Reconfigurability management
• Policy provision
• Profile management
• Protocol/software download
• Adaptable service deployment
• Open APIs
• Reconfigurable charging models
• Flexible QoS and security schemes
30
Main challenges for Reconfigurability implementation
Radio resource management:
• Handover management procedures
• Mobility management
• Dynamic and flexible spectrum managementUser perspective:
• User requirements
• User interactions with the SDR terminal
• User anonymity and profile management
• Re-configurable and value added service provision
31
System level issues:
• Generic architectures for flexible service provision and
reconfigurability management
• Network reconfiguration mechanisms and applications
• Hierarchical and decentralized network architectures
• Terminal re-configuration procedures
• Interactions between terminal and network
• Novel signaling mechanisms
• Distributed processing
• Adaptive protocols
• SW downloading and impact on traffic
Main challenges for Reconfigurability implementation
32
Enabling technologies: • Adaptable service provision environments• Reconfigurability control middleware • Software download and repository techniques• APIs definition• Applications enabling network recofiguration features • Re-configurable baseband SW architecture• Re-configurable signal processing algorithms• Adaptive air-interfaces• Novel HW-SW co-design methodologies• Resource management
Main challenges for Reconfigurability implementation
33
Requirements analysis from user/operator/service provider/regulator points of view
Identification of generic architectures and middleware for the support of flexible service provision and reconfiguration management
Identification of protocol adaptability mechanisms
Identification of protocol/software downloading procedures
Identification of supporting network/terminal reconfiguration mechanisms
Research integration on enabling technologies and identification of solutions to all bottlenecks
Identification of technology concepts applicable to reconfigurable environments, e.g., CORBA (Wireless CORBA), JAVA-RMI, JINI, (Mobile) Agents etc.
Issues for Reconfigurability
34
Reconfigurability business model
• Independent software vendors – Develops implementations for a
particular functionality as defined by a specification
• Standardisation bodies– Publishes functional specifications
• Authoritative bodies– Ascertains conformance of
implementations
• Reconfigurability providers– Orchestrates the reconfigurability
process
• Reconfigurability users– End users– Network operators– etc Reconfigurability User
Specification Provider Implementation ProviderReconfigurability Provider
1..n1..n 1..n1..n 0..n0..n 0..n0..n
0..n
1
0..n
1
Conformance Provider
1
1..n
1
1..n
1..n
1..n
1
1..n
1
1..n
1..n
1..n
35
The reconfigurability process
• Identification of context– Spatially scope the technological surrounding of the requesting entity by
identifying affected elements in the communication and computing infrastructure
• Identification of feasible alternative solutions– Capability exchange and negotiation procedure under a specific policy (e.g.,
maximise system features)
• Decision on solution and respective implementation– Take into account generic (e.g. user) preferences alongside with strictly
technical considerations (type-checking)
• Physical deployment of solution– Reserve necessary resources then download and install solution
• Activation of solution
36
SDR Forum – Architecture of CCL/ITRI SDR software framework
37
SDR Forum – Use case diagram of SDR core framework
38
Standardisation activities for open service access
Parlay. Parlay is an object-oriented API, developed by the homonymous industry forum, that provides independent software developers access to a selected range of network capabilities, abstracted by the so-called Service Capability Features (SCFs). Currently specified SCFs (in Parlay version 4.0) include interfaces for call control, retrieval of user location and status, terminal capabilities and user presence and availability information, content-based charging, policy-based management and others. Security issues regarding access to these SCFs (e.g., authentication, authorization and access control) are controlled in a unified way by an entity called the Parlay Framework, which acts as the first contact point for Parlay clients. Parlay interfaces are independent of particular hardware platforms, operating systems, programming languages as well as of network technology.
OSA. OSA (Open Service Access) is a 3GPP specification that provides an API for the particular case of 3G mobile networks. OSA was from its origins largely based on Parlay. Since late 2001 both specifications are fully aligned and the future versions of both interfaces are jointly developed by 3GPP and the Parlay group.
JAIN. JAIN (Java APIs for Integrated Networks) is a set of Java APIs that aim to enable the rapid development of next generation telecommunications services on top of the Java platform. The JAIN family of specifications is divided into Protocol APIs¸ which define interfaces to wireline, wireless and IP signalling protocols (e.g., TCAP, ISUP, MAP, SIP) and Application APIs that specify APIs required for creating end-user services. A Java version of the Parlay APIs, called JAIN Service Provider API (SPA) [10] has been included in the latter category, together with other APIs that such as the definitions of a server-side service execution environment, called JSLEE (JAIN Service Logic Execution Environment) as well as of a service creation environment (SCE).
39
OSA
Network
GSM/GPRS/UMTS protocols, CAP/MAP(*)
SC 2 SC 3 SC n
Applications supporting services
Servicecapabilities SC 1
servicecapabilityfeatures
Standardised OSAApplication Interface
SC 4
40
OSA
framework Loc. information Call control
HLR CSE MExEserver
SATserver
Servers
E.g. Location server
Service capability server(s)
Interfaceclass
OSA interface
OpenService
Architecture
discovery Application
Applicationserver
41
OSA - Application Programming Interface
SCS ‘Gateway’
OSA Interface
Non-standardisedInterfaces
CSE ….HLR
Physical entity Functional entity
SCS ‘Gateway’
OSA Interface
Non-standardisedInterfaces
CSE ….HLR
SCS SCS
Option 1A Option 1B
42
OSA - Application Programming Interface (2)
SCSOSA Interface
CSE ….HLR
SCS SCS ‘Gateway’
OSA Interface
Non-standardisedInterfaces
CSE ….HLR
SCS SCS
Option 2 Option 3
43
Open Services Gateway initiative
44
OSGi mission
With OSGi, high-value services may be dynamically loaded over a wide-area network, and accessed through a Services Gateway in a home, office, vehicle, or mobile device. Applications enabled by OSGi include:
Services in the Home: Services in the Car:
•Information/Entertainment •Communication •Energy Management and Metering Appliance •Diagnostics and Servicing •Safety and Security monitoring •Telemedicine and healthcare monitoring
•Vehicle diagnostics •Emergency assistance •Mobile commerce •Navigation •Location-based services •Information/entertainment
45
UMTS Service Architecture
46
Mapping of SCFs to Release 2000 Network Architecture
47
Requirements for Flexible Service Provision in 3G systems and beyond
Flexible business models Dynamic service registration, deployment
and update by Value Added Service Providers (VASPs)
Dynamic user registrationAdvanced Service discovery - based on
various parameters, e.g.: Terminal capabilities User profile and location Service profile
Charging, Accounting and Billing (CAB): Support of flexible charging/accounting
models Provision of single bill to end user for all
consumed VASs
•Profile interpretation:User, Terminal, Service, Security
•Identification of network/terminal capabilities
•Support downloadability
•Support for QoS
•Support for secure service usage
48
Basic Requirements for Reconfigurability in 3G and beyond
Support for flexible business models with novel dynamic services
Dynamic reconfiguration based on profiles (e.g., user, terminal, service), service provision requirements
Dynamic reconfiguration based on MT/access/network capabilities
Dynamic reconfiguration based on policy provision (charging, QoS etc.)
49
Applications enabling reconfigurability management
Applications supporting reconfigurability and flexible service provision: reconfigurability management/control adaptability enablers
Applications enhancing network functionality/ capabilities/ interoperability/ management
Applications enhancing/optimising terminal functionality/capabilitiesAdaptable Services
50
Business model for flexible service provision through Service Provision and Reconfigurability Middleware
Third Trusted Party/HE-VASP Domain
Retailer(R)
Service Provision and Reconfigurability
Platform Provider
User(U)
User(U)
Service/ApplicationProvider(SAP)
Value-added Application/Service Provider
(VASP)
Provision of portal referencePortal access control
Business level relationshipfor VAS provision
Access Provider(AP)Network Access Provider
(NAP)
Mobile network operator
51
Generic Business model for flexible service provision
VASP
OSA_VASP
OSA_VASP_NonDeleg
Platform_OSA
OSA Operator
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
1..*
1..*
1..*
1..*
NetworkOperator
User
1..*
1..*
1..*
1..*
Subscription
Platform Operator
1..*
1..*
1..*
1..*
VAS provision agreement
1..*
1..*
1..*
1..*VAS Management Delegation
ProfileManagement
VASP
OSA_VASP
OSA_VASP_NonDeleg
Platform_OSA
OSA Operator
0..*
0..*
0..*
0..*OSA client agreement delegation
0..*
0..*
0..*
0..*
1..*
1..*
1..*
1..*OSA client agreement
User
1..*
1..*
1..*
1..*
Subscription
Platform Operator
1..*
1..*
1..*
1..*
VAS provision agreement
1..*
1..*
1..*
1..*VAS Management Delegation
ProfileManagement
OSA client agreement
OSA management interactions delegation
VASP
OSA_VASP
OSA_VASP_NonDeleg
Platform_OSA
OSA Operator
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
1..*
1..*
1..*
1..*
NetworkOperator
User
1..*
1..*
1..*
1..*
Subscription
Platform Operator
1..*
1..*
1..*
1..*
VAS provision agreement
1..*
1..*
1..*
1..*VAS Management Delegation
ProfileManagement
VASP
OSA_VASP
OSA_VASP_NonDeleg
Platform_OSA
OSA Operator
0..*
0..*
0..*
0..*OSA client agreement delegation
0..*
0..*
0..*
0..*
1..*
1..*
1..*
1..*OSA client agreement
User
1..*
1..*
1..*
1..*
Subscription
Platform Operator
1..*
1..*
1..*
1..*
VAS provision agreement
1..*
1..*
1..*
1..*VAS Management Delegation
ProfileManagement
OSA client agreement
OSA management interactions delegation
SP
Subscription
0..*
0..*
52
LCSUMTS Network
Node B
Node B
SGSN
GGSN
SGSN
HSS
CGF
PC
PC
Generic Architecture for Flexible Service Provision and Reconfiguration Management
APIs
Service Provision and Reconfiguration management middleware
VASP VASP VASP
APIs
VASs VASs VASs
53
Software/Protocol Download to support Reconfigurability
AR
R
R
R
R
R
R
MT
Service Plane
Network Features Plane
Physical/Terminal Features Plane Rec
onfi
gura
bilit
y M
anag
emen
t Pla
ne
Sof
twar
e/P
roto
col D
own
load
ing
54OSA Operator
VASP
OSA_VASP
OSA_VASP_NonDeleg
Platform_OSA
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
1..*
1..*
1..*
1..*
Netw orkOperator
User
1..*
1..*
1..*
1..*
Subscription
1..*
1..*
1..*
1..*
VAS provision agreement
1..*
1..*
1..*
1..*VAS Management Delegation
ProfileManagement
VASP
OSA_VASP
OSA_VASP_NonDeleg
Platform_OSA
0..*
0..*
0..*
0..*OSA client agreement delegation
0..*
0..*
0..*
0..*
1..*
1..*
1..*
1..*OSA client agreement
User
1..*
1..*
1..*
1..*
Subscription
1..*
1..*
1..*
1..*
VAS provision agreement
1..*
1..*
1..*
1..*VAS Management Delegation
ProfileManagement
OSA client agreement
OSA management interactions delegation
VASP
OSA_VASP
OSA_VASP_NonDeleg
Platform_OSA
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
1..*
1..*
1..*
1..*
Netw orkOperator
User
1..*
1..*
1..*
1..*
Subscription
1..*
1..*
1..*
1..*
VAS provision agreement
1..*
1..*
1..*
1..*VAS Management Delegation
ProfileManagement
VASP
OSA_VASP
OSA_VASP_NonDeleg
Platform_OSA
0..*
0..*
0..*
0..*OSA client agreement delegation
0..*
0..*
0..*
0..*
1..*
1..*
1..*
1..*OSA client agreement
User
1..*
1..*
1..*
1..*
Subscription
SP Platform Operator
1..*
1..*
1..*
1..*
VAS provision agreement
1..*
1..*
1..*
1..*VAS Management Delegation
ProfileManagement
OSA client agreement
OSA management interactions delegation
Reconfiguration actions request
Reconfigurability
Management Platform Operator
Reconfigurability
management
Subscription
0..*
0..*
0..*
0..*
0..*
0..*0..*
Generic Business model for reconfigurability and flexible service provision
55
Service/ application
Interface part
Stationary part
Downloadable part
Service registration management
Adaptability management
Generic Architecture for Downloadable Adaptable VASs
56
LCSUMTS Network
Node B
Node B
SGSN
GGSN
SGSN
HSS
CGF
PC
PC
VASM
CAB
Services and
Users DB
Service provision platform
VASs
VASP1VASs
VASP2
VASs
VASP3
VASP Network
L4+sys
ANAI
Architecture for Flexible Service Provision and Reconfiguration management
L4+sys
57
MS ANAIVAS
ManagerL4+
System VASP
User Registration/Authentication
Service filtering/Lookup service
VAS usage
Basic Value-Added Service Provision Phases
CAB System
VAS selection/activation
VAS download
Charging records
Terminal classification
Service Registration
Configuration
Configuration
Configuration
Protocol Download
58
Generic architecture enabling reconfigurability for flexible service provision
MS3G
Core Networ
k
IP Network
UTRAN
GERAN
WLAN
Network infrastructure
Laptop
VASP VASP
VASP
VASP
Technology independent interfaces
API extensions for reconfigurability (Policy e.g., Charging, QoS)
OSA, Parlay, JAIN APIs
Service Profile Management
Service Discovery User Access Session
Reconfiguration Manager
Reconfiguration Manager
Services
Service Deployment User Profiling
Reconfiguration Control/Service Provision Manager
Open
APIs
59
Service Registration & Deployment
Open intrerface to VASPs to dynamically register and update their services
Service profile Service profile may include:
Dynamic configuration of metering and classification systems (e.g., L4+sys) to monitor IP flows and provide for QoS
Dynamic provisioning of tariffing models and pricing policies to the Charging/Accounting/Billing
service description service specific
parameters for execution location indication estimated service cost
available versions of sameservice
targeting devices’ minimumterminal capabilities
minimum QoS policy required associated tariffing policy
60
Service Discovery
Personalised Service filtering based on– terminal capabilities– user’s service preferences – user location (for local services provisioning)– user instructions/inquiry (category, keyword, description, cost)
Terminal capabilities negotiation– the CC/PP specification– the MExE terminal classification– provision for server-driven negotiation
User profile:– Basic user identification data (possibly derived from NO databases)– List of favorite/subscribed services– Generic service configuration preferences (e.g. language)– Personal “bookmark” list– Information on user interface personalization
61
MTMT VASPVASPCGF/L4CGF/L4 CABCAB VASMVASM
User Login/Authentication
Lookup_Request
Service DB data retrieval
User Preferences retrieval
Service DB content filtering
Lookup_Response
VAS_Selection_Request
VAS_Selection_Response
VAS-specific Interactions
VAS_Usage_Data(CDRs, VASDRs)
Usage data processing
User charging/Profit accounting
User Logoff
VAS Downloading
62
MTMTUIMMUIMM UDBMMUDBMM VASDBMMVASDBMM
Lookup_Request
Terminal Capabilities/Location processing
User Preferences retrieval
Favorite VAS retrieval
Lookup_Response
Filter_VAS_DB_Response
User_Profile_Response
User_Profile_Request
Filter_VAS_DB_Request
VAS records filtering
LookUp formulation
VASM
63
Generic architecture enabling reconfigurability for flexible Charging/Accounting/Billing
MS3G
Core Networ
k
IP Network
UTRAN
GERAN
WLAN
Network infrastructure
Laptop
VASP VASP
VASP
VASP
Technology independent interfaces
API extensions for reconfigurability (Policy e.g., Charging, QoS)
OSA, Parlay, JAIN APIs
Location-based Charging
Pricing Policies & Tariffs Definition
Accounting Indications
Open APIs
Services
64
Separation of charges
Transport plane
Service plane
Content plane
65
Advanced Charging Schemes
66
Separation of charges
Transport charges:
Based on attributes such as:– Volume of transferred data
– QoS
– Duration
– Time of day
– Location
– APN
Provided by CDRs
Service charges:
Based on attributes such as:– Service specific parameters
– Transport protocol
• TCP
• UDP
– QoS params (DSCP code)
– Application protocol• http
• ftp
• rtp
Provided by VASDRs
67
processing CDRs(store imsi and user IP address, production of transport billing
record)
processing CDRs(store imsi and user IP address, production of transport billing
record)
CDRs
Find transport tariffs and pricing model, calculate the charge and store the record
Find transport tariffs and pricing model, calculate the charge and store the record
TRANSPORT_BILLING_RECORD
TRANSPORT _BILLING_RECORD_RESPONSE
ChargingCharging BillingBillingCGFCGF
Transport billing
68
VASDRs
SERVICE_BILLING_RECORD
SERVICE_BILLING_RECORD_RESPONSE
VASDRs_response
ChargingCharging BillingBilling AccountingAccounting
ACCOUNTING_RECORD
ACCOUNTING_RECORD_RESPONSE
L4+sysL4+sys
Find service tariffs and pricing model, calculate the charge and store the record
Find service tariffs and pricing model, calculate the charge and store the record
Processing VASDRs (find imsi, production of
service billing record)
Processing VASDRs (find imsi, production of
service billing record)
Find service tariffs and pricing model and calculate the charge
and store the record
Find service tariffs and pricing model and calculate the charge
and store the record
Service billing and accountingVASMVASM
SERVICE_TARIFFS_REQUEST
SERVICE_TARIFFS_RESPONSE
SERVICE_TARIFFS
Create a SERVICE_ TARIFFS_REQUEST
Create a SERVICE_ TARIFFS_REQUEST
69
Generic Architecture enabling reconfigurability based on Location Awareness
User Notification
Charging/Billing
Network Nodes Reallocation
QoS Policy Provisioning
Media Conversion
Service Provisioning
Terminal Reconfiguration
Mobility Management
Open
APIs
MS3G
Core Networ
k
IP Network
UTRAN
GERAN
WLAN
Network infrastructure
Laptop
VASP VASP
VASP
VASP
Technology independent interfaces
API extensions for reconfigurability (Policy e.g., Charging, QoS)
OSA, Parlay, JAIN APIs
Services
70
L4+ System objectives & characteristics
Application and Content-based QoS traffic control through DiffServ classification and routing On a per VAS and per User basis
Traffic measurement on a per flow basis i.e., specific for each User-Service tuple: Application/Content based Volume based
Collect and edit VAS usage records for the CAB
‘Enhanced IP-Router’ transparent to Service and User
71
L4+System Implementation
72
Reconfigurability related to the access part
Task: Assure QoS for wireless Internet terminals Adapt to application and wireless channel a priori unknown requirements
Use Protocols, which split wireless and wireline of data transmissions: Proxies Boosters Data Link Protocols and middleware adaptation
Task: downloadable protocols on a re-configurable terminalChallenges:
Minimize runtime overhead of execution environments Minimize impact of downloading and re-configuration Automatic deployment of protocols APIs
73
Service Discovery
VASM Security Module
User Profile
DB
Downloading
LookUp
VASP
VAS DB
IHM Management
Service Management
Service Downloading
Profile Management
Certificate
RTE Provisioning
Terminal
Registration & Login
Requirements on Mobile Terminal Functionality
Provision for RTE
Flexible & user-friendly interface for access to VASs,
Interaction with VASM & VASP,
User registration & authentication with VASM,
Profile management,
Capability negotiation with VASM,
Service lookup and Selection,
Secure download
Service execution on terminal.
74
Adaptation Component (QoS monitoring, Adaptive
protocol downloading)
Service Management Support Component
Application Support Programming Interface
(MExE APIs, MAs APIs, Java Standard APIs)
Layered architecture of EUT-Platform
Functional modules of Service Management Support Component
GUI Manager
Authentication Manager
Service Lookup Manager
Service Download Manager
Service Management
Service Management Support Component
Security Manager
End User Terminal Platform (EUT)
Application Support Contains the necessary APIs for service
execution
Service Management Support Component Controls and manages service provision
procedures
Adaptation Component Deals with low level issues concerning QoS
and protocol downloading
Profile Manager Manages the access and modification of
Profiles
Authentication and Registration Manager
Ensures registration and authentication processes
Service Look-Up Manager Manages the Look_Up table
formulation
Software Downloading Responsible for the software
downloading process
Service Management Manages the service once recovered
in the terminal component
75
Security requirements
VASP : Restricted access Client authentication
User : Protection of mobile terminal resources Protection of his/her private life e.g. “Anonymity” when accessing
VAS
VAS (mobile code) : Intellectual property rights protection Conditions of use Run-time tuning and control
76
Mobile code security
Secure software packaging Classes ciphering Rules insertion Electronic signature
Use of a secure SIM card to store security parameters provided during service download
Secure Run-Time machine Able to open and check the secure software package Then run the java classes deciphering them on the fly
Server Side
Original software
Packaging
Packaged software
Secret Key Generated
Client Side
Download
Write on SIM card
77
Technology used for the implementation of Security components
VASP side Java (Servlets) Web server (Tomcat) Symmetric Ciphering
algorithm (DES) Electronic signing SSL- like Protocol Linux
VASM side Java (Servlets) Web server (Tomcat) Certificate generation Electronic signing Linux
End-user side Java application RSA based signature
– Code authentication– Code integrity check
DES– On the fly classes
deciphering
Linux
78
Downloading Mobile Code
Packaged software
Secret Key Stored
Interrupt
Application
Load Functions
Rules System Deciphering module
Mobivas Software Loader
Decrease counters Check SIM card
Rightexpires
79
Mobivas security architecture
Java programsrepository
HTTPInternet
Transmitting Rules& DES key to SIM card
+Transmitting mobile code
MobivasPackage
MobivasPackage
VASM
Signature Module
RulesProduction
CipherModule SIM Card
MobivasClass Loader
VAS Registration User Registration
& Login + VAS selection
UsersDatabase
VASPEnd-User
Rules Engine
Implementation of SPKI in MOBIVAS :MT VASM : SPKI certificate delivery in the Registration procedure Authentication with SPKI certificate in the login procedureMT VASP : Check the user access rights with SPKI certificate during the VAS selection procedureMT MT : SPKI certificate delegation