Figure 1: SDR / MExE Download Framework

1
Figure 1 SDR / MExE Download Framework
Repository (Java sandbox)
Download Verification Using MExE
Network
MExE
MExE Applet

• SDR Forum
• Manufacturer

• Header
• Capability
• Regulatory

New radio S/W arrived

• Regulator
• Manufacturer

Server
Gateway
Additional Certification
How to install
INSTALL (via API/VMI)
2
Figure 2 Updating Security Capabilities in a
Terminal
A
B
C
D
Download Process Management
User
Network
Authentication
Download
Software
Data
Status
Data
Status
Integrity Test
Integrity Test Results
Integrity Test Response
Software Module Authentication
Request
Software Module Authentication
Status
Response
Prepare Installation of the Software Downloaded
Module
Installation
Status
Software Downloaded Module Installation Status
Billing Licensing Negotiation Request
Accept Billing Licensing Negotiation ?
Request
Billing Licensing Negotiation User Acceptance
Billing Licensing Negotiation Acceptance
Software Downloaded Module Key License
Software Downloaded Module Key
Usable Software Downloaded Module
Software Downloaded Module Installation
Status
A
B
C
D
Test of the Terminal
Status
Terminal Tests Results
Signal Successful Installation
Terminal Configuration Update
Status
3
Figure 3 The Public Key Infrastructure (PKI)

• PKI is generally viewed as an essential
  technology for E-business. It should be amenable
  to wireless as well as wired transactions
• PKI signs and seals an electronic transaction
  identifies, authenticates the parties involved,
  and protects their information from compromise
• Each PKI user has a registered identity stored in
  a digital certificate
• PKI provides i) confidentiality through
  encryption ii) authentication, data integrity
  nonrepudiation through digital certificate
  signatures
• PKI acts in a consistent manner across a wide
  variety of applications

4
Figure 4 Elements of a PKI

• Manages key and certificate lifecycle on behalf
  of users and applications
• Partial list of PKI functions
• Certification Authority (CA, issues digital
  certificates)
• Certificate repository and revocation system
• Key management (issuance, update, backup,
  recovery, etc.)
• Cross-certification (extend 3rd-party trust
  between CA domains)
• Support for legacy applications
• All users have registered identity thru a PK
  certificate (via CA)
• Users corresponding secret key must be protected
  in the terminal (e.g., tamper-proof SmartCard or
  encrypted storage)
• Standard protocol for application interface is
  PKI X.509

5
Figure 5 Extended Wireless Security Framework
Administrator (MoU,treaty body etc.
International certification agency
Security Entities
Root netwk operator certificate
Root manufactr certificate
Root TTP1 certificate
Root TTP2 certificate
National authority 1 certificate
National authority 2 certificate
Regulator 1 certificate
Regulator 2 certificate
Financial institution certificate
Service provider certificate
Test house 1 certificate
Test house 2 certificate
Software supplier certificate
Manufacturers