7.2 Mcs reference point
7.2.1 Secure Environment Identifier (M2M-SE-ID)
M2M nodes may contain multiple Secure Environments each associated with a corresponding Secure Environment Identifier (M2M-SE-ID). Each SE contains several M2M Security Services, i.e. sensitive functions execution environment and associated sensitive data storage area for code and data. An M2M-SE-ID is assigned to each Secure Environment.
Table 7.2.1-1: Secure Environment Identifier
| Identifier | Assigned by | Assigned to | Assigned during | Lifetime | Uniqueness | Used during |
|---|---|---|---|---|---|---|
| M2M Secure Environment Identifier | M2M SE issuer or delegated stakeholder | Secure Environment |
Pre- or remote Provisioning or during manufacturing | Lifetime of the contract with the stakeholder to whom the SE is assigned | Global per SE and per type of SE | communication establishment with and selection of SE |
M2M-SE-ID is structured as follows:
- Type of SE followed by unique ID, where type of SE is defined as given in table 7.2.1-2 and the unique ID is defined as described in table 7.2.1-1.
Table 7.2.1-2: Type of Secure Environment
| Class of SE | Type of Secure Environment | Coding |
|---|---|---|
| Independent hardware | UICC as per ETSI | 1 |
| Independent hardware | GlobalPlatform Secure Element | 2 |
| Integrated hardware | TEE as per GlobalPlatform | 3 |
| Software | Security Library | 4 |
| NOTE: Other values are RFU. | ||
7.2.2 Differences between Mcs and Mcc/Mca reference points
The Mcs reference point is a simple variant of the Mcc/Mca reference points specifying the interaction of CSEs and AEs with secure environments.
An <SE> resource shall represent information about a Secure Environment available in a node. There could be multiple <SE> resources in one node. Secure Environments are represented in <CSEbase> resources and <AE> resources as <SE> child resources.
The present document has no further impact on the specification oneM2M TS-0001 [2] and has no impact on the specification oneM2M TS-0004 [14]. However, the Mcs reference point uses much of the specification in oneM2M TS0004 [14] and in particular allows use of the WebSocket binding in oneM2M TS0020 [18]. Though the other bindings, i.e. the HTTP binding in oneM2M TS-0008 [15], the CoAP binding in oneM2M TS-0009 [16] and the MQTT binding in oneM2M TS-0010 [17], remain applicable, they are not so relevant in the context of a node implementation.
The Mcs reference point incorporates the following concepts from the Mcc/Mca reference points:
- The concept of operations acting on resources.
- The resource addressing from Mcc/Mca is used.
- The universal attributes and some common attributes of resources.
The Mcs reference point differs from Mcc/Mca in the following ways:
- The CSE/AE can only communicate directly with the secure environment - there are no transited CSEs. Only Blocking Mode communication method is supported.
- The <subscription> resource and NOTIFY operations are not supported.
- The registration is conducted by the creation of the <SE> child resource in the corresponding <CSEbase> resource or <AE> resource, respectively. An AE needs to be registered at the CSE to be able to access the SE.
- The Mcs interface involves AE or CSE located on the same node as the SE abstraction layer, hence Security Association Establishment does not apply as such and can be superseded by implementation dependent mechanisms.
- There are no announced resources.
Common data types are inherited from clause 6.3 of [14]. The present document does not mention optional common attributes that are not used over Mcs.