Remote provisioning of a soft credential

It’s about time for me to follow up on my previous post (by the way, thanks Paul and Robin for welcoming me to this corner of the Internet). While many people are currently preparing for their May bank holiday weekend I thought I’d take the opportunity to mention a couple of things regarding ‘Software SIMs’ and the Advanced Client specification of Liberty Alliance.

The whole idea of a software SIM comes from the following two points:

• First of all, SIM cards are an extremely convenient way to do authentication as they require minimal user interaction during the process of authentication; only a PIN suffices in most cases. We only use SIM cards to authenticate us to a network provider though.
• A SIM is basically an authentication application that is implemented in silicon during manufacturing. Because of this, the SIM’s functionality in under control by the manufacturers and the mobile operators. These parties have traditionally been very protective about their technology.

You’d say it makes a lot of sense to leverage its user friendliness for other purposes (e.g. online payment). In order to do that however we have to find ways of opening up or bypassing the manufacturing process. The big question is: how can we do that?

The answer is actually quite simple: delay the implementation of a SIM application in silicon until it is under the customer’s control.

To make this work we need a silicon-based (or similar) security environment that is customizable at any time. At the RSA conference Liberty Alliance workshop in February Intel, HP and two of my managers at BT demonstrated a proof-of-concept where a software credential was provisioned over the Internet to a user’s device. More importantly, the user device made use of a technology from Intel called Identity Capable Platform (ICP) that enabled the software credential to be protected by a silicon environment..

The provisioned software credential was ultimately used to access BT’s Wi-Fi network. The provisioning protocols are implemented by Intel and HP and are based on Liberty Alliance’s Advanced Client specifications. A technology like Intel’s ICP, coupled with secure provisioning protocols, enables an open SIM solution described before while sticking to the strict security requirements necessary.

More information on this and the demo can be found at:

• You can find BT’s (and Intel’s ICP) RSA conference slideset at the bottom of this Liberty Alliance page.
• Conor Cahill (Intel) frequently blogs about this.
• Telco2.0 with an interesting article.
• MWD Advisors with a post on Advanced Client.
  
• Network World coverage of Liberty Alliance’s Advanced Client and the RSA demo.