SIMalliance Publishes Guidelines to Enhance Interoperability and Ease Deployment of SIM-Based Mobile Connect Authentication Services
05 December, 2016 – SIMalliance has published a set of guidelines which will make it easier for mobile network operators (MNOs), service and solution providers to deploy Mobile Connect services which use an authentication application provisioned on the user’s SIM card.
Mobile Connect is a global solution, provided by the GSMA, for mobile phone based authentication, authorisation, identity and attribute services. It provides a secure, universal log-in process which allows users to be matched to their mobile phones, permitting them to log-in to websites and applications quickly with no need to remember passwords and user names.
One of the authentication mechanisms specified by the GSMA uses a SIM-based authentication application. In this type of Mobile Connect deployment, there are generally four ecosystem components: the SIM; the authentication application; the Over-the-Air (OTA) platform and the Mobile Signature Service Provider (MSSP) platform. As all of these components may be provided by different ecosystem actors, it is essential that the interfaces between them are interoperable.
SIMalliance’s objective in publishing Mobile Connect SIM Applet Interoperability Stepping Stones is to provide essential guidelines which will improve interworking between MNOs, service and solution providers and to simplify the interactions of the various components required for this type of solution. It also offers an analysis of the most relevant card features required to support the Mobile Connect application in order to support the operator in identifying the most suitable combination of functionalities that is compatible with the USIM deployed in the field. It also provides specific suggestions for effective testing.
Commenting on the release of the paper, Bruno Letellier, Member of the Board of SIMalliance said: “Through this latest body of work, SIMalliance has worked closely with the GSMA to offer support which should ease the deployment of SIM-based Mobile Connect services. SIM-based services present distinct advantages over other authenticators, as they benefit from the assurances of secure element technologies, which have been proven secure, stable and fully interoperable over two decades of successful implementations. SIMalliance strongly supports the goal of the Mobile Connect initiative, which is to deliver appropriate security across many different use cases, without compromising user convenience or reach.”
SIMalliance is the global, non-profit industry association which simplifies aspects of hardware-based device security to drive the creation, deployment and management of secure mobile services. The organisation promotes the essential role of a dedicated tamper resistant hardware module in delivering secure mobile applications and services across all devices that can access wireless networks. By identifying and addressing related technical issues, and both clarifying and recommending existing technical standards relevant to the implementation of hardware security, the SIMalliance aims to facilitate and accelerate delivery of secure mobile applications globally.
SIMalliance members represent 88% of the global SIM card market. As such, the SIMalliance’s membership is responsible for delivering the most widely distributed secure application delivery platform in the world (UICC/SIM/USIM).
SIMalliance members are Card Centric Solutions, Eastcompeace, Gemalto, Giesecke & Devrient, Incard, Kona I, Oasis Smart SIM, Oberthur Technologies, Safran Identity & Security, VALID, Watchdata, Wuhan Tianyu and XH Smartcard (Zhuhai) Co. Ltd. SIMalliance Strategic Partners are Comprion, Linxens, Movenda and Simulity Labs.
This License Agreement (Agreement) is a legal agreement between you and SIMalliance. (Licensor), which is the owner of the specification (Specification) you will be downloading when you complete this Agreement. As used in this Agreement, "you" means the company, entity or individual that is acquiring a license under this Agreement.
By clicking on the "ACCEPT" button below, you are agreeing that you will be bound by and are becoming a party to this Agreement. If you are an entity, and an individual is entering into this Agreement on your behalf, then you will be bound by this Agreement when that individual clicks on the "ACCEPT" button. When they do so, it will also constitute a representation by the individual that s/he is authorized to bind you as a party to this Agreement. If you do not agree to all of the terms of this Agreement, click the "DO NOT ACCEPT" button at the end of this Agreement.
1. License Grant.
Licensor hereby grants you the right, without charge, on a perpetual, non- exclusive and worldwide basis, the right to utilize the Specification for the purpose of developing, making, having made, using, marketing, importing, offering to sell or license, and selling or licensing, and to otherwise distribute, products complying with the Specification, in all cases subject to the conditions set forth in this Agreement and any relevant patent and other intellectual property rights of third parties (which may include members of Licensor). This license grant does not include the right to sublicense, modify or create derivative works based upon the Specification. For the avoidance of doubt, products implementing this Specification are not deemed to be derivative works of the Specification.
2. NO WARRANTIES.
THE SPECIFICATION IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL LICENSOR, ITS MEMBERS OR ITS CONTRIBUTORS BE LIABLE FOR ANY CLAIM, OR ANY DIRECT, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THE SPECIFICATION.
3. THIRD PARTY RIGHTS.
Without limiting the generality of Section 2 above, LICENSOR ASSUMES NO RESPONSIBILITY TO COMPILE, CONFIRM, UPDATE OR MAKE PUBLIC ANY THIRD PARTY ASSERTIONS OF PATENT OR OTHER INTELLECTUAL PROPERTY RIGHTS THAT MIGHT NOW OR IN THE FUTURE BE INFRINGED BY AN IMPLEMENTATION OF THE SPECIFICATION IN ITS CURRENT, OR IN ANY FUTURE FORM. IF ANY SUCH RIGHTS ARE DESCRIBED ON THE SPECIFICATION, LICENSOR TAKES NO POSITION AS TO THE VALIDITY OR INVALIDITY OF SUCH ASSERTIONS, OR THAT ALL SUCH ASSERTIONS THAT HAVE OR MAY BE MADE ARE SO LISTED.
4. TERMINATION OF LICENSE.
In the event of a breach of this Agreement by you or any of your employees or members, Licensor shall give you written notice and an opportunity to cure. If the breach is not cured within thirty (30) days after written notice, or if the breach is of a nature that cannot be cured, then Licensor may immediately or thereafter terminate the licenses granted in this Agreement.
All notices required under this Agreement shall be in writing, and shall be deemed effective five days from deposit in the mails. Notices and correspondence to either party shall be sent to its address as it appears below. This Agreement shall be construed and interpreted under the internal laws of the United Kingdom, without giving effect to its principles of conflict of law.