CP-TP

Certificate Present (in the MExE (U)SIM) - Third Party

Security
Introduced in Rel-4
CP-TP is a security mechanism within the MExE (Mobile Execution Environment) framework, specifically concerning third-party certificates stored on the (U)SIM. It enables secure authentication and authorization for third-party applications and services, ensuring trusted interactions between mobile devices and external entities. This is crucial for enabling secure value-added services and protecting against unauthorized access.

Description

CP-TP, or Certificate Present (in the MExE (U)SIM) - Third Party, is a security concept defined within the 3GPP Mobile Execution Environment (MExE) specifications. MExE provides a standardized execution environment on mobile devices, allowing for the secure download and execution of applications. CP-TP specifically addresses the storage and management of digital certificates from third-party entities (i.e., not the mobile network operator or the device manufacturer) on the Universal Subscriber Identity Module (USIM) or SIM card. These certificates are used to establish trust between the mobile device and external service providers, such as banking applications, corporate VPNs, or content providers.

The architecture involves the (U)SIM as a secure element, which is a tamper-resistant hardware component. The (U)SIM contains a dedicated file system and security domains. Third-party certificates are stored within a protected area of the (U)SIM's file system, often associated with a specific security domain or application. When a third-party MExE service provider (SP) needs to authenticate itself to the device or vice versa, the relevant certificate is retrieved from the (U)SIM. The MExE client on the device then uses this certificate in cryptographic protocols, such as TLS/SSL, to verify the SP's identity or to sign/encrypt data.

Key components include the MExE User Agent (the client software on the device), the MExE Service Provider, the (U)SIM with its secure file system, and the Certificate Authority (CA) that issued the third-party certificate. The process works by the SP presenting its certificate during a handshake. The MExE User Agent checks if a corresponding trusted certificate is present in the (U)SIM's CP-TP storage. If present and valid (not expired, properly signed by a trusted CA), the agent can authenticate the SP. This mechanism is integral to the MExE security classmark system, which defines device capabilities and security levels.

CP-TP's role in the network is to extend the trust model beyond the operator's domain. While the (U)SIM inherently contains operator credentials for network access, CP-TP allows it to also serve as a trust anchor for external services. This enables secure, device-based authentication for a wide range of applications without requiring separate hardware security tokens. It forms part of the broader MExE security framework, which includes other classmarks for device integrity, user authentication, and secure communication channels.

Purpose & Motivation

CP-TP was created to address the need for secure third-party service provisioning on mobile devices within the MExE framework. As mobile phones evolved beyond voice communication to support downloadable applications and services (like early mobile banking, email, and corporate access), a standardized method for establishing trust between the device and non-operator service providers became essential. Prior to such standardization, service-specific security solutions were fragmented, often relying on less secure software-based storage of credentials or proprietary hardware, which hindered interoperability and scalability.

The primary problem CP-TP solves is the secure storage and management of third-party authentication credentials. Without a secure, standardized location like the (U)SIM, certificates could be stored in device memory, making them vulnerable to theft, cloning, or tampering. The (U)SIM, as a widely deployed, physically secure component, provides a trusted environment. CP-TP leverages this to enable a common, high-assurance method for services to authenticate to devices and for devices to prove their identity to services, facilitating the growth of a secure mobile application ecosystem.

Historically, MExE was introduced to create a Java-like environment for mobile devices (akin to early J2ME). Security was a paramount concern for operators and service providers to protect sensitive transactions and data. CP-TP, as part of the MExE security architecture defined in 3GPP Release 4, provided a clear specification for how third-party trust credentials should be handled, encouraging adoption by giving service providers confidence in the authentication mechanism. It addressed limitations of ad-hoc approaches by providing a standardized, hardware-backed solution integrated with the subscriber identity module.

Key Features

  • Secure storage of third-party X.509 digital certificates on the (U)SIM
  • Enables authentication of MExE Service Providers to the mobile device
  • Facilitates device authentication towards third-party services using certificate-based credentials
  • Integrates with the MExE security classmark system for capability negotiation
  • Leverages the tamper-resistant hardware of the (U)SIM for key protection
  • Supports the establishment of secure communication channels (e.g., TLS) for application data

Evolution Across Releases

Rel-4 Initial

Introduced CP-TP as part of the initial MExE specifications. Defined the fundamental architecture where third-party certificates could be stored and managed on the (U)SIM. Established its role within the MExE security framework, linking it to service provider authentication and the overall trust model for downloadable applications.

TS 21.905TS 23.057

Defining Specifications

SpecificationTitle
TS 21.905 3GPP TS 21.905
TS 23.057 3GPP TS 23.057