7.3 Resource SE
7.3.0 Overview
An <SE> resource shall represent information about a Secure Environment available in a node. There could be multiple <SE> resources in one node.
One Secure Environment may be represented in the <CSEbase> resource and multiple <AE> resources of that node. Concurrent accesses to the Secure Environment are resolved in the SE abstraction layer.
Common data types applicable to the Mcs interface are inherited from oneM2M TS-0004 [14].
The data types for the specific resource attributes specified in this clause are listed in the following subclauses and defined in the following file:
SENV-commonTypes-v3_0_0.xsd
Applicable values for resource attributes and for enumerating Mcs resources are detailed in clause 9. Short names for attributes and resource types are provided in clause 10.
The <SE> resource shall contain the child resources specified in table 7.3.0-1.
Table 7.3.0-1: Child resources of <SE> resource
| Child Resources of <SE> | Child Resource Type | Multiplicity | Description |
|---|---|---|---|
| memory | <mgmtObj> as defined in the specialization [memory] | 0..1 | This resource provides the non volatile memory information of the Secure Environment. See clause D.4 of oneM2M TS-0001 [2]. |
| firmware | <mgmtObj> as defined in the specialization [firmware] | 0.. n | This resource describes the information about the firmware of the Secure Environment include name, version etc. See clause D.2 of oneM2M TS-0001 [2]. |
| software | <mgmtObj> as defined in the specialization [software] | 0..n | This resource describes the information about the software of the Secure Environment. See clause D.3 of oneM2M TS-0001 [2]. |
| deviceInfo | <mgmtObj> as defined in the specialization [deviceInfo] | 0..n | The resource contains information about the Secure Environment, like identity, manufacturer and model number, if applicable. See clause D.8 of oneM2M TS-0001 [2]. |
| SEReboot | <mgmtObj> as defined in the specialization [SER_eboot] | 0..n | The resource is the place to reboot the Secure Environment, if it is a rebootable hardware. In the case of secure elements there would be two resources, one for a cold reset and one for a warm reset of the secure element, defined in ISO/IEC 7816-3 [7]. |
| accessControlPolicy | <accessControlPolicy> | 0..n | The Access Control Policies (ACPs) shall be used by the SE to control access to the resources |
| sensitiveDataObject | <sensitiveDataObject> | 0..n | See clause 7.4.1 |
| cipher | <cipher> | 0..n | See clause 7.5.1 |
| rand | <rand> | 0..n | See clause 7.5.2 |
| hash | <hash> | 0..n | See clause 7.5.3 |
| signature | <signature> | 0..n | See clause 7.5.4 |
| secureConnection | <secureConnection> | 0..n | See clause 7.6.1 |
| identity | <identity> | 0..n | See clause 7.7.1 |
The <SE> resource shall contain the attributes specified in table 7.3.0-2.
Table 7.3.0-2: Attributes of <SE> resource
| Attributes of <SE> | Multiplicity | RW/ RO/ WO |
Description |
|---|---|---|---|
| resourceType | 1 | RO | Defines the resource type. |
| resourceID | 1 | RO | Defines an identifier for the resource. This attribute shall be provided by the creator. The creator shall assign a resourceID which is unique within its context. |
| resourceName | 1 | WO | This attribute is the name for the resource that is used for 'hierarchical addressing method' to represent the parent-child relationships of resources. |
| parentID | 1 | RO | This attribute is the resourceID of the parent of this resource. |
| creationTime | 1 | RO | Time/date of creation of the resource. |
| lastModifiedTime | 1 | RO | Last modification time/date of the resource. |
| accessControlPolicyIDs | 0..1 (L) | RW | Is used to control access to the resource. |
| SEType | 0..1 | RO | See table 7.2.1-2. |
| m2mSeID | 1 | WO | See tables 7.2.1-1 and 7.2.1-2. |
| securityLevel | 1 | WO | See clause 6.2. |
| supportedResourceType | 1 (L) | RW | List of the resource types which are supported in the SE. |
| e2eSecInfo | 0..1 (L) | RW | Indicates the end-to-end security capabilities. |
| hostedCSELink | 0..1 | RW | This attribute allows to find the <CSEBase> resource representing the CSE that is residing on the Secure Environment that is represented by this <se> resource. The attribute contains the resource ID of that <CSEBase> resource. |
| hostedAELinks | 0..1 (L) | RW | This attribute allows to find the AEs hosted by this Secure Environment. The attribute contains a list of resource identifiers of <AE> resources representing the AEs residing on the specific Secure Environment that is represented by the current <se> resource. |
Table 7.3.0-3: Data types of <SE> resource specific attributes
| Name |
Request Optionality | Data type |
|
|---|---|---|---|
| Create | Update | ||
| SEType | O | O | senv:SEType |
| securityLevel | M | NP | senv:securityLevel |
| m2mSeID | M | NP | m2m:ID |
| supportedResourceType | O | O | m2m:resourceType |
| e2eSecInfo | O | O | m2m:e2eSecInfo |
| hostedCSELink | O | O | m2m:ID |
| hostedAELinks | O | O | m2m:ID |
7.3.1 Resource SEReboot
The [SEReboot] resource shall be used to reboot a Secure Environment. The [SEReboot] resource is a specialization of the <mgmtObj> resource.
The [SEReboot] resource shall contain the child resources specified in table 7.3.1-1.
Table 7.3.1-1: Child resources of [SEReboot] resource
| Child Resources of [SEReboot] | Child Resource Type | Multiplicity | Description |
|---|---|---|---|
| [variable] | <subscription> | 0..n | See clause 9.6.8 of oneM2M TS-0001 [2] where the type of this resource is described. |
| [variable] | <semanticDescriptor> | 0..n | See clause 9.6.30 of oneM2M TS-0001 [2]. |
The [SEReboot] resource shall contain the attributes specified in table 7.3.1-2.
Table 7.3.1-2: Attributes of [SEReboot] resource
| Attributes of [seReboot] |
Multiplicity | RW/ RO/ WO |
Description |
|---|---|---|---|
| resourceType | 1 | RO | See clause 9.6.1.3 of oneM2M TS-0001 [2]. |
| resourceID | 1 | RO | See clause 9.6.1.3 of oneM2M TS-0001 [2]. |
| resource Name | 1 | WO | See clause 9.6.1.3 of oneM2M TS-0001 [2]. |
| parentID | 1 | RO | See clause 9.6.1.3 of oneM2M TS-0001 [2]. |
| expirationTime | 1 | RW | See clause 9.6.1.3 of oneM2M TS-0001 [2]. |
| accessControlPolicyIDs | 0..1 (L) | RW | See clause 9.6.1.3 of oneM2M TS-0001 [2]. |
| creationTime | 1 | RO | See clause 9.6.1.3 of oneM2M TS-0001 [2]. |
| lastModifiedTime | 1 | RO | See clause 9.6.1.3 of oneM2M TS-0001 [2]. |
| Labels | 0..1(L) | RW | See clause 9.6.1.3 of oneM2M TS-0001 [2]. |
| mgmtDefinition | 1 | WO | See clause 9.6.15 of oneM2M TS-0001 [2]. This attribute shall have the fixed value "seReboot". |
| objectIDs | 0..1 (L) | WO | See clause 9.6.15 of oneM2M TS-0001 [2]. |
| objectPaths | 0..1 (L) | WO | See clause 9.6.15 of oneM2M TS-0001 [2]. |
| Description | 0..1 | RW | See clause 9.6.15 of oneM2M TS-0001 [2]. |
| rebootType | 1 | RO | The type of reboot supported by the Secure Environment. This attribute is a specialization of [objectAttribute] attribute. Type of reboots could be such as Cold Reset or Warm Reset as defined in ISO/IEC 7816-3 [7]. |
| SEReboot | 1 | RW | The action that allows rebooting the device. The action is triggered by assigning value "TRUE" to this attribute. This attribute is a specialization of [objectAttribute] attribute. |
Table 7.3.1-3: Data types of <SEReboot> resource specific attributes
| Name |
Request Optionality | Data type |
|
|---|---|---|---|
| Create | Update | ||
| RebootType | M | NP | senv:RebootType |
| SEReboot | O | O | xs:boolean |