As the meeting on May 26 was a private session exclusive to SCA members, this summary pertains to the May 27 session. All conclusions are for reference only.
1. Some experts think hardware is most secure while software is most flexible and that combining the two is optimal.
2. TEE technology's biggest and most mature market is video copyright protection for Hollywood in North America. It is said that these copyright owners are preparing to enter the Chinese market, which will emerge in the next year or two.
3. Certain mobile chip manufacturers already have TrustZone architecture for chips ranging from low- to high-end in Europe and North America.
4. Secure startup is the foundation for both the system and its software. It must be secure to prevent the insertion of illegal software. Otherwise the whole OS will be affected.
5. Mobile chips can now be equipped with a self-learning model to learn to defend against malware attacks.
6. All mobile APPs need security.
7. Copyright protection will be the future trend. Market demand for it will be more and more apparent.
8. To provide a secure phone, phone manufacturers need to provide infrastructure that can provide APP suppliers with basic service for secure APPs. For phone manufacturers, security is the added value that they can provide for their products. For end users, they don’t need to know how secure the APP is. They only need to know whether their APP is endorsed by an APP supplier to ensure the users’ security.
9. In terms of security management needs, first, APPs should be an independent APP; second, Apps should operate in an independent environment, not being interfered or associated with other APPs; third, any process should be manageable and traceable; fourth, results should be reliable. These are the four fundamental needs for security management.
10. Anything related to security must have a key. There must be a key life cycle management platform to manage the generation, distribution, destruction and recycling of the key.
11. TEE complements SE in user UI, computing capability and storage space.
12. The definition for a secure phone depends on application scenarios. There is no absolute security. Different scenarios have different security requirements. Security must be certified by a third party.
13. Only when the biometric technology is combined with traditional cryptology, can there be a balance between security and convenience.
14. While the mobile software security evaluation to be implemented by the end of 2016 is not necessarily a mandatory requirement, the management regulations for the pre-installation and distribution of APPs are mandatory.
15. Some experts estimate the large-scale commercial application of eSIM will start in 2018.
16. At present, the number of 4G eSIM module suppliers is quite small. As a result, those products that seek to use the latest 4G modules still have nothing to use. Another restraint is the standard testing, as some functions of 4G eSIM modules are yet to be tested. These are the bottlenecks that restrain the large-scale commercial application of eSIM.
17. There are several solutions for signing an eSIM service in person. The first is to authenticate your identity by using a device to scan the QR code in operators’ branches. The second is to authenticate online through Alipay or Tmall as they can use their huge real-name system database. The third is only to authenticate the master card on a device if it has a slave card.
18. Some operators also think operators should provide a one-stop service for signing eSIM service in-person, so the solution should include direct writing eSIM data for subscribers and finish the over-the-top phone number delivery on site after registering subscriber’s real name as a fourth one.
19. At present, operators are very cautious about eSIM for individuals. No operator has ever accepted Phase 1 and Phase 2 standards made by GSMA. However, they proposed many appeals which GSMA plans to consider after Phase 3.
20. Some operators think eSIM should be categorized into 2 types. One is the narrow conception of eSIM first initiated by ETSI. eSIM is based on an embedded eUICC and should have 3 features: 1, the dynamic delivery of phone numbers; 2, multiple sets of phone number data for eSIM; 3, phone number data is not limited to one operator. The other is the broader conception of eSIM that includes M2M and multiple eSIMs.
SCA’s next event will be the 2016 Forum on Mobile Security Technology Business Modeling to be held in October. Detailed information will be released in August. Please have a look at it at that time. If you want to get more services and resources from SCA, please contact SCA for premium membership.