specification

GlobalPlatform standardises secure OS and firmware loading on secure elements

By Zenobia Hegde

GlobalPlatform, the standard for secure digital services and devices, has published its Open Firmware Loader for Tamper Resistant Elements (OFL). The free specification standardises how secure element (SE) firmware – combining the secure operating system (OS), applications and data – can be remotely loaded and managed onto a SE such as SIM, embedded SE or eUICC / eSIM, or integrated SE even after a device has been issued.

This ensures that the device’s longevity is no longer impacted by the lifecycle of the SE, and opens up a range of new use cases like in-field OS and firmware provisioning, device refurbishment, backup / restoration of the SE and the secure transfer of a customer profile to a new device. With the OFL security scheme, handset manufacturers, service providers and firmware implementers can build a new privacy-by- design ecosystem where services can be securely deployed and updated on connected devices.

“The growth of embedded SEs is driving the development of new solutions as, previously, there has not been a standardised way to load the OS to an eUICC after the smartphone has been produced,” says Gil Bernabeu, technical director of GlobalPlatform.

“With the OFL protocol, the selection of an OS can be delayed until the device reaches its destination. So, if a smartphone is manufactured in one country, for example in China, a country-specific OS can be loaded to the eSIM or integrated SE once it reaches France, or the U.S. What’s great is that this also brings greater flexibility further down the line.

Smartphones, connected cars or any other device with an embedded or integrated SE often have more than one owner during their lifecycle. OFL ensures a new OS can replace an existing one and, importantly, a personalised OS and its services can be securely transferred to a new device.”

The OFL protocol enables the industry to:

Distribute generic and blank (no firmware/operating system) embedded hardware featuring a standardized loading mechanism. This enables firmware from various developers to be loaded, with policy enforcement, after the issuance of the device.
Solve the logistical challenge of distributing devices to fragmented markets with low volume.
Distribute new firmware once the device has been issued to address additional use cases.
Mitigate the challenges of loading firmware containing diversified data into embedded hardware during manufacturing.
Use a standardised loader, shared between multiple silicon makers, allowing firmware implementers to produce loadable OSs.
Ensure perfect forward secrecy and confidentiality between firmware makers easing compliancy with the latest data regulations (GDPR).

The publication of the OFL is the first output of GlobalPlatform’s new Fast Track Process. The initiative enables members to bring forward mature technologies for standardisation via an expedited process to more rapidly answer the needs of the market.

“GlobalPlatform technology gives service providers and device manufacturers the means to interact seamlessly when deploying secure digital services, regardless of market or device type. The resulting collaboration makes the mass marketing of secure digital services possible, while bringing time and cost efficiencies to stakeholders within the ecosystem,” concludes Gil.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

The post GlobalPlatform standardises secure OS and firmware loading on secure elements appeared first on IoT Now – How to run an IoT enabled business.

Read more here:: www.m2mnow.biz/feed/

OSPT Alliance to develop CIPURSE™terminal specifications

By Zenobia Hegde

OSPT Alliance, the global community advancing a non-proprietary standard CIPURSE for secure transit fare collection solutions, has launched a System Integration Sub-Working Group to create a dedicated CIPURSE Specification and guidelines for terminals and readers. The work will enable any terminal, or a reader implementing application logic, to communicate and seamlessly interoperate with any CIPURSE-based card or account using the common language of CIPURSE.

The development of terminal requirements is in direct response to demand from reader and terminal manufacturers who want a secure, non-proprietary, hardware agnostic and globally interoperable messaging standard on which ticketing terminals can be developed. This activity also reflects OSPT Alliance’s efforts to support the full ticketing ecosystem.

OSPT Alliance is inviting reader and terminal manufacturers, and system integrators to join its existing community and ensure their needs are addressed.

Laurent Cremer, executive director of the OSPT Alliance, said: “The ticketing market is evolving to offer new ways to purchase tickets and validate your journey, such as account-based ticketing and a range of different mobile ticketing use cases. A ticketing kernel is no longer necessarily embedded in the terminal or reader, and system partitioning may vary across automatic fare collection systems and evolve over time.”

“OSPT Alliance recognises that as the market continues to innovate, we must ensure that the system is saleable to support new form factors and applications. The System Integration Sub-Working Group will achieve this by specifying a non-proprietary API, which will be managed long-term by an open community, so it can evolve in line with market needs.”

The group will define and publish the minimum requirements for terminals interacting with CIPURSE products in early 2018. The CIPURSE Certification Program will then be updated to incorporate the certification of terminals.

Cremer concludes: “To realise our mission of supporting the full ticketing ecosystem, it is vital that we can independently validate that the communication of a terminal is compliant with the CIPURSE specifications and will perform as intended with CIPURSE certified products.”

To participate in this work initiative, a company must be a Full or Affiliate OSPT Alliance Member. Membership is open to system integrators, as well as reader and terminal manufacturers, active within the contactless market (for example transit, loyalty and access control).

If you would like more information on this or any of the working groups, or are interested in becoming a member please click here.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

The post OSPT Alliance to develop CIPURSE™terminal specifications appeared first on IoT Now – How to run an IoT enabled business.

Read more here:: www.m2mnow.biz/feed/

Teledyne LeCroy Inc and Spirent Communications partner for PAM4 generation and analysis

By Zenobia Hegde

Teledyne LeCroy, and Spirent Communications, the global providers in Ethernet and Fibre Channel test and measurement solutions, announced the industry’s first Ethernet generation and test solution for developers of Pulse Amplitude Modulation (PAM4) networks.Spirent and Teledyne LeCroy have created the QSFP28 to SFP56 single w/PTAP adapter, an exclusive PAM4 adapter allowing design and test engineers the ability to source, synchronise, capture, and analyse PAM4 signaling for emerging IEEE 802.3cd-based applications.

PAM4 signaling enables higher throughput Ethernet connections to support the growing need for data storage and communications speeds. These higher signaling rates require increased attention to intricacies of establishing and maintaining robust and healthy link connections. Spirent TestCenter generates IEEE compliant 50GbE traffic for exercising these new Ethernet links. Teledyne LeCroy’s SierraNet analyser captures and decodes the traffic which is ported via the QSFP28 to SFP56 single w/PTAP adapter module.

Early adopters of the IEEE 802.3cd for 50GbE Ethernet transactions need generation and analysis tools to ensure their designs are specification compliant. Spirent and Teledyne LeCroy offer best-in-class solutions to ensure Network Equipment Manufacturers (NEMs) new products meet customer expectations of operation and conformance.

The NEMs reliance on the Test and Measurement community is increasing, as homegrown tools are not up to the task. This relationship allows Teledyne LeCroy and Spirent to focus on their core strengths, keep pace with market needs, and offer leading edge tools, which are paramount to successful Ethernet product deployments.

To learn more about PAM4, download our white paper here.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

The post Teledyne LeCroy Inc and Spirent Communications partner for PAM4 generation and analysis appeared first on IoT Now – How to run an IoT enabled business.

Read more here:: www.m2mnow.biz/feed/

RFC 3232 – Assigned Numbers: RFC 1700 is Replaced by an On-line Database

Network Working Group                                J. Reynolds, Editor
Request for Comments: 3232                                    RFC Editor
Obsoletes: 1700                                             January 2002
Category: Informational


Assigned Numbers: RFC 1700 is Replaced by an On-line Database


Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This memo obsoletes RFC 1700 (STD 2) "Assigned Numbers", which
   contained an October 1994 snapshot of assigned Internet protocol
   parameters.

Description

   From November 1977 through October 1994, the Internet Assigned
   Numbers Authority (IANA) periodically published tables of the
   Internet protocol parameter assignments in RFCs entitled, "Assigned
   Numbers".  The most current of these Assigned Numbers RFCs had
   Standard status and carried the designation: STD 2.  At this time,
   the latest STD 2 is RFC 1700.

   Since 1994, this sequence of RFCs have been replaced by an online
   database accessible through a web page (currently, www.iana.org).
   The purpose of the present RFC is to note this fact and to officially
   obsolete RFC 1700, whose status changes to Historic.  RFC 1700 is
   obsolete, and its values are incomplete and in some cases may be
   wrong.

   We expect this series to be revived in the future by the new IANA
   organization.

Security Considerations

   This memo does not affect the technical security of the Internet.





Reynolds                     Informational                      [Page 1]

RFC 3232         RFC 1700 Replaced by On-line Database      January 2002


Author's Address

   Joyce K. Reynolds
   RFC Editor
   4676 Admiralty Way
   Marina del Rey, CA  90292
   USA

   EMail: rfc-editor@rfc-editor.org

RFC 2464 – Transmission of IPv6 Packets over Ethernet Networks

Network Working Group M. Crawford
Request for Comments: 2464 Fermilab
Obsoletes: 1972 December 1998
Category: Standards Track

Transmission of IPv6 Packets over Ethernet Networks

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

1. Introduction

This document specifies the frame format for transmission of IPv6
packets and the method of forming IPv6 link-local addresses and
statelessly autoconfigured addresses on Ethernet networks. It also
specifies the content of the Source/Target Link-layer Address option
used in Router Solicitation, Router Advertisement, Neighbor
Solicitation, Neighbor Advertisement and Redirect messages when those
messages are transmitted on an Ethernet.

This document replaces RFC 1972, "A Method for the Transmission of
IPv6 Packets over Ethernet Networks", which will become historic.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119].

2. Maximum Transmission Unit

The default MTU size for IPv6 [IPV6] packets on an Ethernet is 1500
octets. This size may be reduced by a Router Advertisement [DISC]
containing an MTU option which specifies a smaller MTU, or by manual
configuration of each node. If a Router Advertisement received on an
Ethernet interface has an MTU option specifying an MTU larger than
1500, or larger than a manually configured value, that MTU option may
be logged to system management but must be otherwise ignored.

For purposes of this document, information received from DHCP is
considered "manually configured" and the term Ethernet includes
CSMA/CD and full-duplex subnetworks based on ISO/IEC 8802-3, with
various data rates.

3. Frame Format

IPv6 packets are transmitted in standard Ethernet frames. The
Ethernet header contains the Destination and Source Ethernet
addresses and the Ethernet type code, which must contain the value
86DD hexadecimal. The data field contains the IPv6 header followed
immediately by the payload, and possibly padding octets to meet the
minimum frame size for the Ethernet link.

0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination |
+- -+
| Ethernet |
+- -+
| Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source |
+- -+
| Ethernet |
+- -+
| Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0 0 0 1 1 0 1 1 0 1 1 1 0 1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 |
+- -+
| header |
+- -+
| and |
+- -+
/ payload ... /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

(Each tic mark represents one bit.)

4. Stateless Autoconfiguration

The Interface Identifier [AARCH] for an Ethernet interface is based
on the EUI-64 identifier [EUI64] derived from the interface's built-
in 48-bit IEEE 802 address. The EUI-64 is formed as follows.
(Canonical bit order is assumed throughout.)

The OUI of the Ethernet address (the first three octets) becomes the
company_id of the EUI-64 (the first three octets). The fourth and
fifth octets of the EUI are set to the fixed value FFFE hexadecimal.
The last three octets of the Ethernet address become the last three
octets of the EUI-64.

The Interface Identifier is then formed from the EUI-64 by
complementing the "Universal/Local" (U/L) bit, which is the next-to-
lowest order bit of the first octet of the EUI-64. Complementing
this bit will generally change a 0 value to a 1, since an interface's
built-in address is expected to be from a universally administered
address space and hence have a globally unique value. A universally
administered IEEE 802 address or an EUI-64 is signified by a 0 in the
U/L bit position, while a globally unique IPv6 Interface Identifier
is signified by a 1 in the corresponding position. For further
discussion on this point, see [AARCH].

For example, the Interface Identifier for an Ethernet interface whose
built-in address is, in hexadecimal,

34-56-78-9A-BC-DE

would be

36-56-78-FF-FE-9A-BC-DE.

A different MAC address set manually or by software should not be
used to derive the Interface Identifier. If such a MAC address must
be used, its global uniqueness property should be reflected in the
value of the U/L bit.

An IPv6 address prefix used for stateless autoconfiguration [ACONF]
of an Ethernet interface must have a length of 64 bits.

5. Link-Local Addresses

The IPv6 link-local address [AARCH] for an Ethernet interface is
formed by appending the Interface Identifier, as defined above, to
the prefix FE80::/64.

10 bits 54 bits 64 bits
+----------+-----------------------+----------------------------+
|1111111010| (zeros) | Interface Identifier |
+----------+-----------------------+----------------------------+

6. Address Mapping -- Unicast

The procedure for mapping IPv6 unicast addresses into Ethernet link-
layer addresses is described in [DISC]. The Source/Target Link-layer
Address option has the following form when the link layer is
Ethernet.

0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+- Ethernet -+
| |
+- Address -+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Option fields:

Type 1 for Source Link-layer address.
2 for Target Link-layer address.

Length 1 (in units of 8 octets).

Ethernet Address
The 48 bit Ethernet IEEE 802 address, in canonical bit
order. This is the address the interface currently
responds to, and may be different from the built-in
address used to derive the Interface Identifier.

7. Address Mapping -- Multicast

An IPv6 packet with a multicast destination address DST, consisting
of the sixteen octets DST[1] through DST[16], is transmitted to the
Ethernet multicast address whose first two octets are the value 3333
hexadecimal and whose last four octets are the last four octets of
DST.

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 1 1 0 0 1 1|0 0 1 1 0 0 1 1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DST[13] | DST[14] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DST[15] | DST[16] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

8. Differences From RFC 1972

The following are the functional differences between this
specification and RFC 1972.

The Address Token, which was a node's 48-bit MAC address, is
replaced with the Interface Identifier, which is 64 bits in
length and based on the EUI-64 format [EUI64]. An IEEE-defined
mapping exists from 48-bit MAC addresses to EUI-64 form.

A prefix used for stateless autoconfiguration must now be 64 bits
long rather than 80. The link-local prefix is also shortened to
64 bits.

9. Security Considerations

The method of derivation of Interface Identifiers from MAC addresses
is intended to preserve global uniqueness when possible. However,
there is no protection from duplication through accident or forgery.

10. References

[AARCH] Hinden, R. and S. Deering "IP Version 6 Addressing
Architecture", RFC 2373, July 1998.

[ACONF] Thomson, S. and T. Narten, "IPv6 Stateless Address
Autoconfiguration", RFC 2462, December 1998.

[DISC] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery
for IP Version 6 (IPv6)", RFC 2461, December 1998.

[EUI64] "Guidelines For 64-bit Global Identifier (EUI-64)",
http://standards.ieee.org/db/oui/tutorials/EUI64.html

[IPV6] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998.

[RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

11. Author's Address

Matt Crawford
Fermilab MS 368
PO Box 500
Batavia, IL 60510
USA

Phone: +1 630 840-3461
EMail: crawdad@fnal.gov

12. Full Copyright Statement

Copyright (C) The Internet Society (1998). All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.